From 997c26cfe709d907c4e79b31620dd6c53b5641d6 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 25 Feb 2025 09:53:50 -0500 Subject: [PATCH 001/468] add `mdlint_fix` target to Makefile --- Makefile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Makefile b/Makefile index 40f8e7f0..1345e143 100644 --- a/Makefile +++ b/Makefile @@ -17,6 +17,10 @@ DOCS_IMAGE = $(PFX)_docs all: help +mdlint_fix: + @echo "Running markdownlint..." + markdownlint --config .markdownlint.yml --fix . + dockerbuild_test: @echo "Building the test Docker image..." $(DOCKER_BUILD) --target $(TEST_DOCKER_TARGET) --tag $(TEST_IMAGE) . @@ -46,6 +50,7 @@ help: @echo "" @echo "Targets:" @echo " all - Display this help message" + @echo " mdlint_fix - Run markdownlint with --fix" @echo " docs - Build and run the docs Docker image" @echo " docker_test - Build and run the test Docker image" @echo "" From a096d15d5f968cbf8bd87fe22bdc35f6260af018 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 25 Feb 2025 10:43:37 -0500 Subject: [PATCH 002/468] add `__str__()` method to `SsvcDecisionPointValue` --- src/ssvc/decision_points/base.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index 869e3263..1dd4b2ce 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -60,6 +60,9 @@ class SsvcDecisionPointValue(_Base, _Keyed, BaseModel): Models a single value option for a decision point. """ + def __str__(self): + return self.name + class SsvcDecisionPoint(_Base, _Keyed, _Versioned, _Namespaced, BaseModel): """ From b753aedc4142e2cd5abc7c988d4cf43865cced31 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 25 Feb 2025 10:45:54 -0500 Subject: [PATCH 003/468] add `combinations` and `combo_strings` methods to `SsvcDecisionPointGroup` make it easier to build decision frameworks --- src/ssvc/dp_groups/base.py | 28 ++++++++++++- src/test/test_dp_groups.py | 86 ++++++++++++++++++++++++++++++++++---- 2 files changed, 104 insertions(+), 10 deletions(-) diff --git a/src/ssvc/dp_groups/base.py b/src/ssvc/dp_groups/base.py index d198a0df..47ca6b68 100644 --- a/src/ssvc/dp_groups/base.py +++ b/src/ssvc/dp_groups/base.py @@ -17,10 +17,13 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University +from itertools import product +from typing import Generator + from pydantic import BaseModel from ssvc._mixins import _Base, _Versioned -from ssvc.decision_points.base import SsvcDecisionPoint +from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue class SsvcDecisionPointGroup(_Base, _Versioned, BaseModel): @@ -44,6 +47,29 @@ def __len__(self): l = len(dplist) return l + def combinations( + self, + ) -> Generator[tuple[SsvcDecisionPointValue, ...], None, None]: + # Generator[yield_type, send_type, return_type] + """ + Produce all possible combinations of decision point values in the group. + """ + # for each decision point, get the values + # then take the product of all the values + # and yield each combination + values_list: list[list[SsvcDecisionPointValue]] = [ + dp.values for dp in self.decision_points + ] + for combination in product(*values_list): + yield combination + + def combo_strings(self) -> Generator[tuple[str, ...], None, None]: + """ + Produce all possible combinations of decision point values in the group as strings. + """ + for combo in self.combinations(): + yield tuple(str(v) for v in combo) + def get_all_decision_points_from( *groups: list[SsvcDecisionPointGroup], diff --git a/src/test/test_dp_groups.py b/src/test/test_dp_groups.py index e4c2397e..46fec87f 100644 --- a/src/test/test_dp_groups.py +++ b/src/test/test_dp_groups.py @@ -27,15 +27,9 @@ def setUp(self) -> None: description=f"Description of Decision Point {i}", version="1.0.0", values=( - SsvcDecisionPointValue( - name="foo", key="FOO", description="foo" - ), - SsvcDecisionPointValue( - name="bar", key="BAR", description="bar" - ), - SsvcDecisionPointValue( - name="baz", key="BAZ", description="baz" - ), + SsvcDecisionPointValue(name="foo", key="FOO", description="foo"), + SsvcDecisionPointValue(name="bar", key="BAR", description="bar"), + SsvcDecisionPointValue(name="baz", key="BAZ", description="baz"), ), ) self.dps.append(dp) @@ -69,6 +63,80 @@ def test_len(self): self.assertEqual(len(self.dps), len(list(g.decision_points))) self.assertEqual(len(self.dps), len(g)) + def test_combinations(self): + # add them to a decision point group + g = dpg.SsvcDecisionPointGroup( + name="Test Group", + description="Test Group", + decision_points=self.dps, + ) + + # get all the combinations + combos = list(g.combinations()) + + # assert that the number of combinations is the product of the number of values + # for each decision point + n_combos = 1 + for dp in self.dps: + n_combos *= len(dp.values) + self.assertEqual(n_combos, len(combos)) + + # assert that each combination is a tuple + for combo in combos: + self.assertIsInstance(combo, tuple) + # assert that each value in the combination is a decision point value + for value in combo: + self.assertIsInstance(value, SsvcDecisionPointValue) + + # foo, bar, and baz should be in each combination to some degree + foo_count = sum(1 for v in combo if v.name == "foo") + bar_count = sum(1 for v in combo if v.name == "bar") + baz_count = sum(1 for v in combo if v.name == "baz") + for count in (foo_count, bar_count, baz_count): + # each count should be greater than or equal to 0 + self.assertGreaterEqual(count, 0) + # the total count of foo, bar, and baz should be the same as the length of the combination + # indicating that no other values are present + total = sum((foo_count, bar_count, baz_count)) + self.assertEqual(len(combo), total) + + def test_combo_strings(self): + # add them to a decision point group + g = dpg.SsvcDecisionPointGroup( + name="Test Group", + description="Test Group", + decision_points=self.dps, + ) + + # get all the combinations + combos = list(g.combo_strings()) + + # assert that the number of combinations is the product of the number of values + # for each decision point + n_combos = 1 + for dp in self.dps: + n_combos *= len(dp.values) + self.assertEqual(n_combos, len(combos)) + + # assert that each combination is a tuple + for combo in combos: + self.assertEqual(len(self.dps), len(combo)) + self.assertIsInstance(combo, tuple) + # assert that each value in the combination is a string + for value in combo: + self.assertIsInstance(value, str) + # foo, bar, and baz should be in each combination to some degree + foo_count = sum(1 for v in combo if v == "foo") + bar_count = sum(1 for v in combo if v == "bar") + baz_count = sum(1 for v in combo if v == "baz") + for count in (foo_count, bar_count, baz_count): + # each count should be greater than or equal to 0 + self.assertGreaterEqual(count, 0) + # the total count of foo, bar, and baz should be the same as the length of the combination + # indicating that no other values are present + total = sum((foo_count, bar_count, baz_count)) + self.assertEqual(len(combo), total) + def test_json_roundtrip(self): # add them to a decision point group g = dpg.SsvcDecisionPointGroup( From 5a50e8a2ac304117ddbdf579f1f2e55f4f199638 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 27 Feb 2025 11:48:16 -0500 Subject: [PATCH 004/468] wip commit --- src/ssvc/framework/__init__.py | 28 ++++++ src/ssvc/framework/decision_framework.py | 105 +++++++++++++++++++++++ src/ssvc/policy_generator.py | 20 ++--- src/test/test_decision_framework.py | 73 ++++++++++++++++ 4 files changed, 212 insertions(+), 14 deletions(-) create mode 100644 src/ssvc/framework/__init__.py create mode 100644 src/ssvc/framework/decision_framework.py create mode 100644 src/test/test_decision_framework.py diff --git a/src/ssvc/framework/__init__.py b/src/ssvc/framework/__init__.py new file mode 100644 index 00000000..ae6a8836 --- /dev/null +++ b/src/ssvc/framework/__init__.py @@ -0,0 +1,28 @@ +#!/usr/bin/env python +""" +file: __init__.py +author: adh +created_at: 2/25/25 10:00 AM +""" + + +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University + + +def main(): + pass + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/framework/decision_framework.py b/src/ssvc/framework/decision_framework.py new file mode 100644 index 00000000..4d4ffa18 --- /dev/null +++ b/src/ssvc/framework/decision_framework.py @@ -0,0 +1,105 @@ +#!/usr/bin/env python + +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides a Decision Framework class that can be used to model decisions in SSVC +""" +import pandas as pd +from pydantic import BaseModel + +from ssvc._mixins import _Base, _Namespaced, _Versioned +from ssvc.dp_groups.base import SsvcDecisionPointGroup +from ssvc.outcomes.base import OutcomeGroup, OutcomeValue +from ssvc.policy_generator import PolicyGenerator + + +class DecisionFramework(_Versioned, _Namespaced, _Base, BaseModel): + """ + The DecisionFramework class is a model for decisions in SSVC. + + It is a collection of decision points and outcomes, and a mapping of decision points to outcomes. + + The mapping is generated by the PolicyGenerator class, and stored as a dictionary. + The mapping dict keys are tuples of decision points and decision point values. + The mapping dict values are outcomes. + """ + + decision_point_group: SsvcDecisionPointGroup + outcome_group: OutcomeGroup + mapping: dict[tuple[tuple[str, str], ...], OutcomeValue] + + def populate_mapping(self): + """ + Populate the mapping with all possible combinations of decision points. + """ + dp_lookup = { + dp.name.lower(): dp for dp in self.decision_point_group.decision_points + } + outcome_lookup = { + outcome.name.lower(): outcome for outcome in self.outcome_group.outcomes + } + + dp_value_lookup = {} + for dp in self.decision_point_group.decision_points: + key1 = dp.name.lower() + dp_value_lookup[key1] = {} + for dp_value in dp.values: + key2 = dp_value.name.lower() + dp_value_lookup[key1][key2] = dp_value + + with PolicyGenerator( + dp_group=self.decision_point_group, + outcomes=self.outcome_group, + ) as policy: + table: pd.DataFrame = policy.clean_policy() + + # the table is a pandas DataFrame + # the columns are the decision points, with the last column being the outcome + # the rows are the possible combinations of decision points + # we need to convert this back to specific decision points and outcomes + for row in table.itertuples(): + outcome_name = row[-1].lower() + outcome = outcome_lookup[outcome_name] + + dp_value_names = row[1:-1] + dp_value_names = [dp_name.lower() for dp_name in dp_value_names] + + columns = [col.lower() for col in table.columns] + + # construct the key for the mapping + dp_values = [] + for col, val in zip(columns, dp_value_names): + value_lookup = dp_value_lookup[col] + dp = dp_lookup[col] + val = value_lookup[val] + + k = (f"{dp.name}:{dp.version}", f"{val.name}") + dp_values.append(k) + + key = tuple(dp_values) + self.mapping[key] = outcome + + return self.mapping + + +# convenience alias +Policy = DecisionFramework + + +def main(): + pass + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/policy_generator.py b/src/ssvc/policy_generator.py index 38e75f01..6cce2921 100644 --- a/src/ssvc/policy_generator.py +++ b/src/ssvc/policy_generator.py @@ -45,8 +45,8 @@ class PolicyGenerator: def __init__( self, - dp_group: SsvcDecisionPointGroup = None, - outcomes: OutcomeGroup = None, + dp_group: SsvcDecisionPointGroup, + outcomes: OutcomeGroup, outcome_weights: list[float] = None, validate: bool = False, ): @@ -86,9 +86,7 @@ def __init__( # validate that the outcome weights sum to 1.0 total = sum(outcome_weights) if not math.isclose(total, 1.0): - raise ValueError( - f"Outcome weights must sum to 1.0, but sum to {total}" - ) + raise ValueError(f"Outcome weights must sum to 1.0, but sum to {total}") self.outcome_weights = outcome_weights logger.debug(f"Outcome weights: {self.outcome_weights}") @@ -204,9 +202,7 @@ def _assign_outcomes(self): logger.debug(f"Layer count: {len(layers)}") logger.debug(f"Layer sizes: {[len(layer) for layer in layers]}") - outcome_counts = [ - round(node_count * weight) for weight in self.outcome_weights - ] + outcome_counts = [round(node_count * weight) for weight in self.outcome_weights] toposort = list(nx.topological_sort(self.G)) logger.debug(f"Toposort: {toposort[:4]}...{toposort[-4:]}") @@ -295,15 +291,11 @@ def _confirm_topological_order(self, node_order: list) -> None: # all nodes must be in the graph for node in node_order: if node not in self.G.nodes: - raise ValueError( - f"Node order contains node {node} not in the graph" - ) + raise ValueError(f"Node order contains node {node} not in the graph") for node in self.G.nodes: if node not in node_order: - raise ValueError( - f"Graph contains node {node} not in the node order" - ) + raise ValueError(f"Graph contains node {node} not in the node order") node_idx = {node: i for i, node in enumerate(node_order)} diff --git a/src/test/test_decision_framework.py b/src/test/test_decision_framework.py new file mode 100644 index 00000000..1551d6b2 --- /dev/null +++ b/src/test/test_decision_framework.py @@ -0,0 +1,73 @@ +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University + +import unittest + +from ssvc.decision_points.exploitation import LATEST as exploitation_dp +from ssvc.decision_points.safety_impact import LATEST as safety_dp +from ssvc.decision_points.system_exposure import LATEST as exposure_dp +from ssvc.dp_groups.base import SsvcDecisionPointGroup +from ssvc.framework.decision_framework import DecisionFramework +from ssvc.outcomes.base import OutcomeGroup +from ssvc.outcomes.groups import DSOI as dsoi_og + + +class MyTestCase(unittest.TestCase): + def setUp(self): + self.framework = DecisionFramework( + name="Test Decision Framework", + description="Test Decision Framework Description", + version="1.0.0", + decision_point_group=SsvcDecisionPointGroup( + name="Test Decision Point Group", + description="Test Decision Point Group Description", + decision_points=[exploitation_dp, exposure_dp, safety_dp], + ), + outcome_group=OutcomeGroup( + name="Test Outcome Group", + description="Test Outcome Group Description", + outcomes=dsoi_og, + ), + mapping={}, + ) + + pass + + def tearDown(self): + pass + + def test_create(self): + self.assertEqual(self.framework.name, "Test Decision Framework") + self.assertEqual(3, len(self.framework.decision_point_group)) + + def test_populate_mapping(self): + result = self.framework.populate_mapping() + + # there should be one row in result for each combination of decision points + combo_count = len(list(self.framework.decision_point_group.combinations())) + self.assertEqual(len(result), combo_count) + + # the length of each key should be the number of decision points + for key in result.keys(): + self.assertEqual(len(key), 3) + for i, (dp_name_version, dp_value_name) in enumerate(key): + dp = self.framework.decision_point_group.decision_points[i] + name_version = f"{dp.name}:{dp.version}" + self.assertEqual(name_version, dp_name_version) + + value_names = [v.name for v in dp.values] + self.assertIn(dp_value_name, value_names) + + +if __name__ == "__main__": + unittest.main() From e1de818b238baa8a3cc0d441bc6af0a39cf4f86a Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 3 Mar 2025 14:37:10 -0500 Subject: [PATCH 005/468] fix type hint on SsvcDecisionPointGroup object --- src/ssvc/dp_groups/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssvc/dp_groups/base.py b/src/ssvc/dp_groups/base.py index 47ca6b68..ffbbec8b 100644 --- a/src/ssvc/dp_groups/base.py +++ b/src/ssvc/dp_groups/base.py @@ -31,7 +31,7 @@ class SsvcDecisionPointGroup(_Base, _Versioned, BaseModel): Models a group of decision points. """ - decision_points: list[SsvcDecisionPoint] + decision_points: tuple[SsvcDecisionPoint, ...] def __iter__(self): """ From 6f9fae7e708d4256399c13526d15a0d181924a1b Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 3 Mar 2025 14:37:43 -0500 Subject: [PATCH 006/468] add `VERSIONS` and `LATEST` pattern to decision point groups --- src/ssvc/dp_groups/ssvc/collections.py | 6 ++++-- src/ssvc/dp_groups/ssvc/coordinator_publication.py | 8 +++++++- src/ssvc/dp_groups/ssvc/coordinator_triage.py | 7 ++++++- src/ssvc/dp_groups/ssvc/deployer.py | 7 ++++--- src/ssvc/dp_groups/ssvc/supplier.py | 6 ++++-- 5 files changed, 25 insertions(+), 9 deletions(-) diff --git a/src/ssvc/dp_groups/ssvc/collections.py b/src/ssvc/dp_groups/ssvc/collections.py index c7b2b527..e106ff5a 100644 --- a/src/ssvc/dp_groups/ssvc/collections.py +++ b/src/ssvc/dp_groups/ssvc/collections.py @@ -57,10 +57,12 @@ ), ) +VERSIONS = (SSVCv1, SSVCv2, SSVCv2_1) +LATEST = VERSIONS[-1] def main(): - for dpg in [SSVCv1, SSVCv2, SSVCv2_1]: - print(dpg.model_dump_json(indent=2)) + for version in VERSIONS: + print(version.model_dump_json(indent=2)) if __name__ == "__main__": diff --git a/src/ssvc/dp_groups/ssvc/coordinator_publication.py b/src/ssvc/dp_groups/ssvc/coordinator_publication.py index 35423fd9..cd731cd6 100644 --- a/src/ssvc/dp_groups/ssvc/coordinator_publication.py +++ b/src/ssvc/dp_groups/ssvc/coordinator_publication.py @@ -43,9 +43,15 @@ - Public Value Added v1.0.0 """ +VERSIONS = ( + COORDINATOR_PUBLICATION_1, +) +LATEST = VERSIONS[-1] + def main(): - print(COORDINATOR_PUBLICATION_1.model_dump_json(indent=2)) + for version in VERSIONS: + print(version.model_dump_json(indent=2)) if __name__ == "__main__": diff --git a/src/ssvc/dp_groups/ssvc/coordinator_triage.py b/src/ssvc/dp_groups/ssvc/coordinator_triage.py index 2fedb785..2d08fe7a 100644 --- a/src/ssvc/dp_groups/ssvc/coordinator_triage.py +++ b/src/ssvc/dp_groups/ssvc/coordinator_triage.py @@ -64,9 +64,14 @@ - Safety Impact v1.0.0 """ +VERSIONS = ( + COORDINATOR_TRIAGE_1, +) +LATEST = VERSIONS[-1] def main(): - print(COORDINATOR_TRIAGE_1.model_dump_json(indent=2)) + for version in VERSIONS: + print(version.model_dump_json(indent=2)) if __name__ == "__main__": diff --git a/src/ssvc/dp_groups/ssvc/deployer.py b/src/ssvc/dp_groups/ssvc/deployer.py index 76218acd..2c5b111a 100644 --- a/src/ssvc/dp_groups/ssvc/deployer.py +++ b/src/ssvc/dp_groups/ssvc/deployer.py @@ -122,11 +122,12 @@ - Mission Impact v1.0.0 -> v2.0.0 """ +VERSIONS = (PATCH_APPLIER_1, DEPLOYER_2, DEPLOYER_3) +LATEST = VERSIONS[-1] def main(): - print(PATCH_APPLIER_1.model_dump_json(indent=2)) - print(DEPLOYER_2.model_dump_json(indent=2)) - print(DEPLOYER_3.model_dump_json(indent=2)) + for version in VERSIONS: + print(version.model_dump_json(indent=2)) if __name__ == "__main__": diff --git a/src/ssvc/dp_groups/ssvc/supplier.py b/src/ssvc/dp_groups/ssvc/supplier.py index 05fb092c..18dca35f 100644 --- a/src/ssvc/dp_groups/ssvc/supplier.py +++ b/src/ssvc/dp_groups/ssvc/supplier.py @@ -89,10 +89,12 @@ - Public Safety Impact v1.0.0 added, which subsumes Safety Impact v1.0.0 """ +VERSIONS = (PATCH_DEVELOPER_1, SUPPLIER_2) +LATEST = VERSIONS[-1] def main(): - print(PATCH_DEVELOPER_1.model_dump_json(indent=2)) - print(SUPPLIER_2.model_dump_json(indent=2)) + for version in VERSIONS: + print(version.model_dump_json(indent=2)) if __name__ == "__main__": From d953c6a9c48662035a1913afda3700ef0117591f Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 3 Mar 2025 14:38:17 -0500 Subject: [PATCH 007/468] add keys to outcome groups --- src/ssvc/outcomes/base.py | 4 ++-- src/ssvc/outcomes/groups.py | 22 +++++++++++++--------- src/test/test_outcomes.py | 8 ++++++-- src/test/test_policy_generator.py | 12 ++++-------- 4 files changed, 25 insertions(+), 21 deletions(-) diff --git a/src/ssvc/outcomes/base.py b/src/ssvc/outcomes/base.py index 11eaf873..414b1364 100644 --- a/src/ssvc/outcomes/base.py +++ b/src/ssvc/outcomes/base.py @@ -26,12 +26,12 @@ class OutcomeValue(_Base, _Keyed, BaseModel): """ -class OutcomeGroup(_Base, _Versioned, BaseModel): +class OutcomeGroup(_Base, _Keyed, _Versioned, BaseModel): """ Models an outcome group. """ - outcomes: list[OutcomeValue] + outcomes: tuple[OutcomeValue, ...] def __iter__(self): """ diff --git a/src/ssvc/outcomes/groups.py b/src/ssvc/outcomes/groups.py index 5326b6d9..0d2aa387 100644 --- a/src/ssvc/outcomes/groups.py +++ b/src/ssvc/outcomes/groups.py @@ -22,6 +22,7 @@ DSOI = OutcomeGroup( name="Defer, Scheduled, Out-of-Cycle, Immediate", + key="DSOI", description="The original SSVC outcome group.", version="1.0.0", outcomes=( @@ -37,12 +38,11 @@ PUBLISH = OutcomeGroup( name="Publish, Do Not Publish", + key="PUBLISH", description="The publish outcome group.", version="1.0.0", outcomes=( - OutcomeValue( - name="Do Not Publish", key="N", description="Do Not Publish" - ), + OutcomeValue(name="Do Not Publish", key="N", description="Do Not Publish"), OutcomeValue(name="Publish", key="P", description="Publish"), ), ) @@ -52,6 +52,7 @@ COORDINATE = OutcomeGroup( name="Decline, Track, Coordinate", + key="COORDINATE", description="The coordinate outcome group.", version="1.0.0", outcomes=( @@ -66,6 +67,7 @@ MOSCOW = OutcomeGroup( name="Must, Should, Could, Won't", + key="MOSCOW", description="The Moscow outcome group.", version="1.0.0", outcomes=( @@ -81,6 +83,7 @@ EISENHOWER = OutcomeGroup( name="Do, Schedule, Delegate, Delete", + key="EISENHOWER", description="The Eisenhower outcome group.", version="1.0.0", outcomes=( @@ -96,6 +99,7 @@ CVSS = OutcomeGroup( name="CVSS Levels", + key="CVSS", description="The CVSS outcome group.", version="1.0.0", outcomes=( @@ -111,6 +115,7 @@ CISA = OutcomeGroup( name="CISA Levels", + key="CISA", description="The CISA outcome group. " "CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", version="1.0.0", @@ -152,6 +157,7 @@ YES_NO = OutcomeGroup( name="Yes, No", + key="YES_NO", description="The Yes/No outcome group.", version="1.0.0", outcomes=( @@ -165,14 +171,13 @@ VALUE_COMPLEXITY = OutcomeGroup( name="Value, Complexity", + key="VALUE_COMPLEXITY", description="The Value/Complexity outcome group.", version="1.0.0", outcomes=( # drop, reconsider later, easy win, do first OutcomeValue(name="Drop", key="D", description="Drop"), - OutcomeValue( - name="Reconsider Later", key="R", description="Reconsider Later" - ), + OutcomeValue(name="Reconsider Later", key="R", description="Reconsider Later"), OutcomeValue(name="Easy Win", key="E", description="Easy Win"), OutcomeValue(name="Do First", key="F", description="Do First"), ), @@ -183,13 +188,12 @@ THE_PARANOIDS = OutcomeGroup( name="theParanoids", + key="PARANOIDS", description="PrioritizedRiskRemediation outcome group based on TheParanoids.", version="1.0.0", outcomes=( OutcomeValue(name="Track 5", key="5", description="Track"), - OutcomeValue( - name="Track Closely 4", key="4", description="Track Closely" - ), + OutcomeValue(name="Track Closely 4", key="4", description="Track Closely"), OutcomeValue(name="Attend 3", key="3", description="Attend"), OutcomeValue(name="Attend 2", key="2", description="Attend"), OutcomeValue(name="Act 1", key="1", description="Act"), diff --git a/src/test/test_outcomes.py b/src/test/test_outcomes.py index 4f5738e9..0095c676 100644 --- a/src/test/test_outcomes.py +++ b/src/test/test_outcomes.py @@ -32,10 +32,14 @@ def test_outcome_group(self): values.append(OutcomeValue(key=x, name=x, description=x)) og = OutcomeGroup( - name="og", description="an outcome group", outcomes=tuple(values) + name="Outcome Group", + key="OG", + description="an outcome group", + outcomes=tuple(values), ) - self.assertEqual(og.name, "og") + self.assertEqual(og.name, "Outcome Group") + self.assertEqual(og.key, "OG") self.assertEqual(og.description, "an outcome group") self.assertEqual(len(og), len(ALPHABET)) diff --git a/src/test/test_policy_generator.py b/src/test/test_policy_generator.py index 18162550..65132436 100644 --- a/src/test/test_policy_generator.py +++ b/src/test/test_policy_generator.py @@ -33,9 +33,9 @@ def setUp(self) -> None: self.og = OutcomeGroup( name="test", description="test", + key="TEST", outcomes=[ - OutcomeValue(key=c, name=c, description=c) - for c in self.og_names + OutcomeValue(key=c, name=c, description=c) for c in self.og_names ], ) self.dpg = SsvcDecisionPointGroup( @@ -318,12 +318,8 @@ def test_confirm_topological_order(self): self.assertIsNone(pg._confirm_topological_order([0, 1, 2, 3, 4, 5])) self.assertIsNone(pg._confirm_topological_order([0, 1, 3, 2, 4, 5])) - self.assertRaises( - ValueError, pg._confirm_topological_order, [0, 1, 2, 4, 3, 5] - ) - self.assertRaises( - ValueError, pg._confirm_topological_order, [0, 1, 2, 3, 5] - ) + self.assertRaises(ValueError, pg._confirm_topological_order, [0, 1, 2, 4, 3, 5]) + self.assertRaises(ValueError, pg._confirm_topological_order, [0, 1, 2, 3, 5]) if __name__ == "__main__": From e8c94dd70131e2ee9aa528e082abcca7887c24d1 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 3 Mar 2025 14:39:41 -0500 Subject: [PATCH 008/468] refactor DecisionFramework for testability --- src/ssvc/framework/decision_framework.py | 39 +++++++++++++++++++----- src/test/test_decision_framework.py | 27 ++++++++-------- 2 files changed, 45 insertions(+), 21 deletions(-) diff --git a/src/ssvc/framework/decision_framework.py b/src/ssvc/framework/decision_framework.py index 4d4ffa18..2a318f05 100644 --- a/src/ssvc/framework/decision_framework.py +++ b/src/ssvc/framework/decision_framework.py @@ -20,7 +20,7 @@ from ssvc._mixins import _Base, _Namespaced, _Versioned from ssvc.dp_groups.base import SsvcDecisionPointGroup -from ssvc.outcomes.base import OutcomeGroup, OutcomeValue +from ssvc.outcomes.base import OutcomeGroup from ssvc.policy_generator import PolicyGenerator @@ -37,12 +37,19 @@ class DecisionFramework(_Versioned, _Namespaced, _Base, BaseModel): decision_point_group: SsvcDecisionPointGroup outcome_group: OutcomeGroup - mapping: dict[tuple[tuple[str, str], ...], OutcomeValue] + mapping: dict[str, str] - def populate_mapping(self): + def __init__(self, **data): + super().__init__(**data) + + if not self.mapping: + self.mapping = self.generate_mapping() + + def generate_mapping(self) -> dict[str, str]: """ Populate the mapping with all possible combinations of decision points. """ + mapping = {} dp_lookup = { dp.name.lower(): dp for dp in self.decision_point_group.decision_points } @@ -84,13 +91,18 @@ def populate_mapping(self): dp = dp_lookup[col] val = value_lookup[val] - k = (f"{dp.name}:{dp.version}", f"{val.name}") + key_delim = ":" + k = key_delim.join([dp.namespace, dp.key, val.key]) dp_values.append(k) - key = tuple(dp_values) - self.mapping[key] = outcome + key = ",".join([str(k) for k in dp_values]) + + outcome_group = self.outcome_group + outcome_str = ":".join([outcome_group.key, outcome.key]) + + mapping[key] = outcome_str - return self.mapping + return mapping # convenience alias @@ -98,7 +110,18 @@ def populate_mapping(self): def main(): - pass + from ssvc.dp_groups.ssvc.supplier import LATEST as dpg + from ssvc.outcomes.groups import MOSCOW as og + + dfw = DecisionFramework( + name="Example Decision Framework", + description="The description for an Example Decision Framework", + version="1.0.0", + decision_point_group=dpg, + outcome_group=og, + mapping={}, + ) + print(dfw.model_dump_json(indent=2)) if __name__ == "__main__": diff --git a/src/test/test_decision_framework.py b/src/test/test_decision_framework.py index 1551d6b2..23e336c0 100644 --- a/src/test/test_decision_framework.py +++ b/src/test/test_decision_framework.py @@ -18,7 +18,6 @@ from ssvc.decision_points.system_exposure import LATEST as exposure_dp from ssvc.dp_groups.base import SsvcDecisionPointGroup from ssvc.framework.decision_framework import DecisionFramework -from ssvc.outcomes.base import OutcomeGroup from ssvc.outcomes.groups import DSOI as dsoi_og @@ -33,11 +32,7 @@ def setUp(self): description="Test Decision Point Group Description", decision_points=[exploitation_dp, exposure_dp, safety_dp], ), - outcome_group=OutcomeGroup( - name="Test Outcome Group", - description="Test Outcome Group Description", - outcomes=dsoi_og, - ), + outcome_group=dsoi_og, mapping={}, ) @@ -51,7 +46,7 @@ def test_create(self): self.assertEqual(3, len(self.framework.decision_point_group)) def test_populate_mapping(self): - result = self.framework.populate_mapping() + result = self.framework.generate_mapping() # there should be one row in result for each combination of decision points combo_count = len(list(self.framework.decision_point_group.combinations())) @@ -59,14 +54,20 @@ def test_populate_mapping(self): # the length of each key should be the number of decision points for key in result.keys(): - self.assertEqual(len(key), 3) - for i, (dp_name_version, dp_value_name) in enumerate(key): + parts = key.split(",") + self.assertEqual(len(parts), 3) + for i, keypart in enumerate(parts): + dp_namespace, dp_key, dp_value_key = keypart.split(":") + dp = self.framework.decision_point_group.decision_points[i] - name_version = f"{dp.name}:{dp.version}" - self.assertEqual(name_version, dp_name_version) + self.assertEqual(dp_namespace, dp.namespace) + self.assertEqual(dp_key, dp.key) + value_keys = [v.key for v in dp.values] + self.assertIn(dp_value_key, value_keys) - value_names = [v.name for v in dp.values] - self.assertIn(dp_value_name, value_names) + print() + print() + print(self.framework.model_dump_json(indent=2)) if __name__ == "__main__": From e0af9c27fb604947d7d273905781c5e108e69a43 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 3 Mar 2025 15:15:10 -0500 Subject: [PATCH 009/468] replace list with tuple to match type hint --- src/ssvc/policy_generator.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ssvc/policy_generator.py b/src/ssvc/policy_generator.py index 6cce2921..c7f58b77 100644 --- a/src/ssvc/policy_generator.py +++ b/src/ssvc/policy_generator.py @@ -343,12 +343,12 @@ def main(): name="Dummy Decision Point Group", description="Dummy decision point group", version="1.0.0", - decision_points=[ + decision_points=( EXPLOITATION_1, SYSTEM_EXPOSURE_1_0_1, AUTOMATABLE_2, HUMAN_IMPACT_2, - ], + ), ) with PolicyGenerator( From 85af2096c6d9eb8f0c158773bc9beaf2cd82b7c2 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 3 Mar 2025 15:15:30 -0500 Subject: [PATCH 010/468] black reformat --- src/ssvc/csv_analyzer.py | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/src/ssvc/csv_analyzer.py b/src/ssvc/csv_analyzer.py index 159d43dc..239309ab 100644 --- a/src/ssvc/csv_analyzer.py +++ b/src/ssvc/csv_analyzer.py @@ -67,6 +67,9 @@ logger = logging.getLogger(__name__) +# set an option to avoid a deprecation warning +pd.set_option("future.no_silent_downcasting", True) + def _col_norm(c: str) -> str: """ @@ -95,9 +98,7 @@ def _imp_df(column_names: list, importances: list) -> pd.DataFrame: a dataframe of feature importances """ df = ( - pd.DataFrame( - {"feature": column_names, "feature_importance": importances} - ) + pd.DataFrame({"feature": column_names, "feature_importance": importances}) .sort_values("feature_importance", ascending=False) .reset_index(drop=True) ) @@ -186,9 +187,7 @@ def _perm_feat_imp(model, x, y): def _parse_args(args) -> argparse.Namespace: # parse command line - parser = argparse.ArgumentParser( - description="Analyze an SSVC tree csv file" - ) + parser = argparse.ArgumentParser(description="Analyze an SSVC tree csv file") parser.add_argument( "csvfile", metavar="csvfile", type=str, help="the csv file to analyze" ) @@ -375,12 +374,8 @@ def check_topological_order(df, target): for u in H.nodes: H.nodes[u]["outcome"] = G.nodes[u]["outcome"] - logger.debug( - f"Original graph: {len(G.nodes)} nodes with {len(G.edges)} edges" - ) - logger.debug( - f"Reduced graph: {len(H.nodes)} nodes with {len(H.edges)} edges" - ) + logger.debug(f"Original graph: {len(G.nodes)} nodes with {len(G.edges)} edges") + logger.debug(f"Reduced graph: {len(H.nodes)} nodes with {len(H.edges)} edges") problems = [] # check if the outcome is topologically sorted From 1139ca0651b26bcf60720526266012831887c926 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 3 Mar 2025 15:15:59 -0500 Subject: [PATCH 011/468] add validator method to check mapping --- src/ssvc/framework/decision_framework.py | 59 +++++++++++++++++++++++- 1 file changed, 57 insertions(+), 2 deletions(-) diff --git a/src/ssvc/framework/decision_framework.py b/src/ssvc/framework/decision_framework.py index 2a318f05..7c974e88 100644 --- a/src/ssvc/framework/decision_framework.py +++ b/src/ssvc/framework/decision_framework.py @@ -15,14 +15,19 @@ """ Provides a Decision Framework class that can be used to model decisions in SSVC """ +import logging + import pandas as pd -from pydantic import BaseModel +from pydantic import BaseModel, field_validator from ssvc._mixins import _Base, _Namespaced, _Versioned +from ssvc.csv_analyzer import check_topological_order from ssvc.dp_groups.base import SsvcDecisionPointGroup from ssvc.outcomes.base import OutcomeGroup from ssvc.policy_generator import PolicyGenerator +logger = logging.getLogger(__name__) + class DecisionFramework(_Versioned, _Namespaced, _Base, BaseModel): """ @@ -43,7 +48,53 @@ def __init__(self, **data): super().__init__(**data) if not self.mapping: - self.mapping = self.generate_mapping() + mapping = self.generate_mapping() + self.__class__.validate_mapping(mapping) + self.mapping = mapping + + # stub for validating mapping + @field_validator("mapping", mode="before") + @classmethod + def validate_mapping(cls, data): + """ + Placeholder for validating the mapping. + """ + if len(data) == 0: + return data + + # extract column names from keys + values = {} + target = None + + for key, value in data.items(): + key = key.lower() + value = value.lower() + + parts = key.split(",") + for part in parts: + (ns, dp, val) = part.split(":") + if dp not in values: + values[dp] = [] + values[dp].append(val) + + (og_key, og_valkey) = value.split(":") + if og_key not in values: + values[og_key] = [] + + values[og_key].append(og_valkey) + target = og_key + + # now values is a dict of columnar data + df = pd.DataFrame(values) + + problems: list = check_topological_order(df, target) + + if problems: + raise ValueError(f"Mapping has problems: {problems}") + else: + logger.debug("Mapping passes topological order check") + + return data def generate_mapping(self) -> dict[str, str]: """ @@ -113,6 +164,10 @@ def main(): from ssvc.dp_groups.ssvc.supplier import LATEST as dpg from ssvc.outcomes.groups import MOSCOW as og + logger = logging.getLogger() + logger.setLevel(logging.DEBUG) + logger.addHandler(logging.StreamHandler()) + dfw = DecisionFramework( name="Example Decision Framework", description="The description for an Example Decision Framework", From f51b3f291d89b865e5d990084d3f5b8d62146bb1 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 3 Mar 2025 15:29:07 -0500 Subject: [PATCH 012/468] refactor --- src/ssvc/framework/decision_framework.py | 48 +++++++++++++++++------- src/test/test_decision_framework.py | 8 ++-- 2 files changed, 37 insertions(+), 19 deletions(-) diff --git a/src/ssvc/framework/decision_framework.py b/src/ssvc/framework/decision_framework.py index 7c974e88..d3fedb4b 100644 --- a/src/ssvc/framework/decision_framework.py +++ b/src/ssvc/framework/decision_framework.py @@ -52,19 +52,30 @@ def __init__(self, **data): self.__class__.validate_mapping(mapping) self.mapping = mapping - # stub for validating mapping - @field_validator("mapping", mode="before") @classmethod - def validate_mapping(cls, data): + def mapping_to_table(cls, data: dict) -> pd.DataFrame: """ - Placeholder for validating the mapping. + Convert the mapping to a pandas DataFrame. """ - if len(data) == 0: - return data - # extract column names from keys values = {} - target = None + + cols = [] + for key in data.keys(): + parts = key.split(",") + for part in parts: + (_, dp, _) = part.split(":") + cols.append(dp) + + # add the outcome column + first_value = list(data.values())[0] + (okey, _) = first_value.split(":") + cols.append(okey) + + # set up the lists for the columns + for col in cols: + col = col.lower() + values[col] = [] for key, value in data.items(): key = key.lower() @@ -73,19 +84,28 @@ def validate_mapping(cls, data): parts = key.split(",") for part in parts: (ns, dp, val) = part.split(":") - if dp not in values: - values[dp] = [] values[dp].append(val) (og_key, og_valkey) = value.split(":") - if og_key not in values: - values[og_key] = [] - values[og_key].append(og_valkey) - target = og_key # now values is a dict of columnar data df = pd.DataFrame(values) + # the last column is the outcome + return df + + # stub for validating mapping + @field_validator("mapping", mode="before") + @classmethod + def validate_mapping(cls, data): + """ + Placeholder for validating the mapping. + """ + if len(data) == 0: + return data + + df = cls.mapping_to_table(data) + target = df.columns[-1] problems: list = check_topological_order(df, target) diff --git a/src/test/test_decision_framework.py b/src/test/test_decision_framework.py index 23e336c0..b11b00b7 100644 --- a/src/test/test_decision_framework.py +++ b/src/test/test_decision_framework.py @@ -44,8 +44,10 @@ def tearDown(self): def test_create(self): self.assertEqual(self.framework.name, "Test Decision Framework") self.assertEqual(3, len(self.framework.decision_point_group)) + # mapping should not be empty + self.assertGreater(len(self.framework.mapping), 0) - def test_populate_mapping(self): + def test_generate_mapping(self): result = self.framework.generate_mapping() # there should be one row in result for each combination of decision points @@ -65,10 +67,6 @@ def test_populate_mapping(self): value_keys = [v.key for v in dp.values] self.assertIn(dp_value_key, value_keys) - print() - print() - print(self.framework.model_dump_json(indent=2)) - if __name__ == "__main__": unittest.main() From 3cc382c514e1e8785578fbd826638e5f5b485cbc Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 3 Mar 2025 15:36:25 -0500 Subject: [PATCH 013/468] fixup type hints --- src/ssvc/dp_groups/base.py | 4 ++-- src/ssvc/dp_groups/ssvc/deployer.py | 9 +++++---- src/ssvc/dp_groups/ssvc/supplier.py | 5 +++-- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/src/ssvc/dp_groups/base.py b/src/ssvc/dp_groups/base.py index ffbbec8b..a2546635 100644 --- a/src/ssvc/dp_groups/base.py +++ b/src/ssvc/dp_groups/base.py @@ -73,7 +73,7 @@ def combo_strings(self) -> Generator[tuple[str, ...], None, None]: def get_all_decision_points_from( *groups: list[SsvcDecisionPointGroup], -) -> list[SsvcDecisionPoint]: +) -> tuple[SsvcDecisionPoint, ...]: """ Given a list of SsvcDecisionPointGroup objects, return a list of all the unique SsvcDecisionPoint objects contained in those groups. @@ -100,7 +100,7 @@ def get_all_decision_points_from( dps.append(dp) seen.add(key) - return list(dps) + return tuple(dps) def main(): diff --git a/src/ssvc/dp_groups/ssvc/deployer.py b/src/ssvc/dp_groups/ssvc/deployer.py index 2c5b111a..7f937479 100644 --- a/src/ssvc/dp_groups/ssvc/deployer.py +++ b/src/ssvc/dp_groups/ssvc/deployer.py @@ -38,12 +38,12 @@ name="SSVC Patch Applier", description="The decision points used by the patch applier.", version="1.0.0", - decision_points=[ + decision_points=( EXPLOITATION_1, SYSTEM_EXPOSURE_1, MISSION_IMPACT_1, SAFETY_IMPACT_1, - ], + ), ) """ In SSVC v1, Patch Applier v1 represents the decision points used by the patch applier. @@ -64,7 +64,7 @@ name="SSVC Deployer", description="The decision points used by the deployer.", version="2.0.0", - decision_points=[ + decision_points=( EXPLOITATION_1, SYSTEM_EXPOSURE_1_0_1, MISSION_IMPACT_1, @@ -73,7 +73,7 @@ AUTOMATABLE_2, VALUE_DENSITY_1, HUMAN_IMPACT_2, - ], + ), ) """ Deployer v2.0.0 is renamed from Patch Applier v1.0.0. @@ -125,6 +125,7 @@ VERSIONS = (PATCH_APPLIER_1, DEPLOYER_2, DEPLOYER_3) LATEST = VERSIONS[-1] + def main(): for version in VERSIONS: print(version.model_dump_json(indent=2)) diff --git a/src/ssvc/dp_groups/ssvc/supplier.py b/src/ssvc/dp_groups/ssvc/supplier.py index 18dca35f..b9e42ebb 100644 --- a/src/ssvc/dp_groups/ssvc/supplier.py +++ b/src/ssvc/dp_groups/ssvc/supplier.py @@ -60,14 +60,14 @@ name="SSVC Supplier", description="The decision points used by the supplier.", version="2.0.0", - decision_points=[ + decision_points=( EXPLOITATION_1, UTILITY_1_0_1, TECHNICAL_IMPACT_1, AUTOMATABLE_2, VALUE_DENSITY_1, SAFETY_IMPACT_1, - ], + ), ) """ In SSVC v2, Supplier v2 represents the decision points used by the supplier. @@ -92,6 +92,7 @@ VERSIONS = (PATCH_DEVELOPER_1, SUPPLIER_2) LATEST = VERSIONS[-1] + def main(): for version in VERSIONS: print(version.model_dump_json(indent=2)) From af28a08772f917c4f66dc3cd3a88e26378f70eb1 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 3 Mar 2025 15:59:38 -0500 Subject: [PATCH 014/468] add test --- src/test/test_decision_framework.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/src/test/test_decision_framework.py b/src/test/test_decision_framework.py index b11b00b7..531b40d9 100644 --- a/src/test/test_decision_framework.py +++ b/src/test/test_decision_framework.py @@ -13,6 +13,8 @@ import unittest +import pandas as pd + from ssvc.decision_points.exploitation import LATEST as exploitation_dp from ssvc.decision_points.safety_impact import LATEST as safety_dp from ssvc.decision_points.system_exposure import LATEST as exposure_dp @@ -67,6 +69,30 @@ def test_generate_mapping(self): value_keys = [v.key for v in dp.values] self.assertIn(dp_value_key, value_keys) + def test_mapping_to_table(self): + d = { + "ssvc:One:A,ssvc:Two:B,ssvc:Three:C": "og:One", + "ssvc:One:A,ssvc:Two:B,ssvc:Three:D": "og:Two", + } + table = self.framework.mapping_to_table(d) + + # is it a DataFrame? + self.assertIsInstance(table, pd.DataFrame) + self.assertEqual(2, len(table)) + self.assertEqual(4, len(table.columns)) + + # does it have the right columns? + self.assertEqual(["one", "two", "three", "og"], list(table.columns)) + # does it have the right values? + for i, (k, v) in enumerate(d.items()): + k = k.lower() + v = v.lower() + + parts = k.split(",") + for part in parts: + (ns, dp, val) = part.split(":") + self.assertEqual(val, table.iloc[i][dp]) + if __name__ == "__main__": unittest.main() From 34632e8f42f1ccd7fa48fb72eaab97fbd525540b Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 6 Mar 2025 12:00:31 -0500 Subject: [PATCH 015/468] rename DecisionFramework to PrioritizationFramework --- ...amework.py => prioritization_framework.py} | 20 ++++++++++++------- ...rk.py => test_prioritization_framework.py} | 10 +++++----- 2 files changed, 18 insertions(+), 12 deletions(-) rename src/ssvc/framework/{decision_framework.py => prioritization_framework.py} (91%) rename src/test/{test_decision_framework.py => test_prioritization_framework.py} (91%) diff --git a/src/ssvc/framework/decision_framework.py b/src/ssvc/framework/prioritization_framework.py similarity index 91% rename from src/ssvc/framework/decision_framework.py rename to src/ssvc/framework/prioritization_framework.py index d3fedb4b..c5e8ab5f 100644 --- a/src/ssvc/framework/decision_framework.py +++ b/src/ssvc/framework/prioritization_framework.py @@ -13,7 +13,7 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University """ -Provides a Decision Framework class that can be used to model decisions in SSVC +Provides a Prioritization Framework class that can be used to model decisions in SSVC """ import logging @@ -29,9 +29,9 @@ logger = logging.getLogger(__name__) -class DecisionFramework(_Versioned, _Namespaced, _Base, BaseModel): +class PrioritizationFramework(_Versioned, _Namespaced, _Base, BaseModel): """ - The DecisionFramework class is a model for decisions in SSVC. + The PrioritizationFramework class is a model for decisions in SSVC. It is a collection of decision points and outcomes, and a mapping of decision points to outcomes. @@ -177,7 +177,7 @@ def generate_mapping(self) -> dict[str, str]: # convenience alias -Policy = DecisionFramework +Policy = PrioritizationFramework def main(): @@ -188,15 +188,21 @@ def main(): logger.setLevel(logging.DEBUG) logger.addHandler(logging.StreamHandler()) - dfw = DecisionFramework( - name="Example Decision Framework", - description="The description for an Example Decision Framework", + dfw = PrioritizationFramework( + name="Example Prioritization Framework", + description="The description for an Example Prioritization Framework", version="1.0.0", decision_point_group=dpg, outcome_group=og, mapping={}, ) print(dfw.model_dump_json(indent=2)) + print() + print() + print("### JSON SCHEMA ###") + import json + + print(json.dumps(PrioritizationFramework.model_json_schema(), indent=2)) if __name__ == "__main__": diff --git a/src/test/test_decision_framework.py b/src/test/test_prioritization_framework.py similarity index 91% rename from src/test/test_decision_framework.py rename to src/test/test_prioritization_framework.py index 531b40d9..d041f795 100644 --- a/src/test/test_decision_framework.py +++ b/src/test/test_prioritization_framework.py @@ -19,15 +19,15 @@ from ssvc.decision_points.safety_impact import LATEST as safety_dp from ssvc.decision_points.system_exposure import LATEST as exposure_dp from ssvc.dp_groups.base import SsvcDecisionPointGroup -from ssvc.framework.decision_framework import DecisionFramework +from ssvc.framework.prioritization_framework import PrioritizationFramework from ssvc.outcomes.groups import DSOI as dsoi_og class MyTestCase(unittest.TestCase): def setUp(self): - self.framework = DecisionFramework( - name="Test Decision Framework", - description="Test Decision Framework Description", + self.framework = PrioritizationFramework( + name="Test Prioritization Framework", + description="Test Prioritization Framework Description", version="1.0.0", decision_point_group=SsvcDecisionPointGroup( name="Test Decision Point Group", @@ -44,7 +44,7 @@ def tearDown(self): pass def test_create(self): - self.assertEqual(self.framework.name, "Test Decision Framework") + self.assertEqual(self.framework.name, "Test Prioritization Framework") self.assertEqual(3, len(self.framework.decision_point_group)) # mapping should not be empty self.assertGreater(len(self.framework.mapping), 0) From 57fb8a666418a54922b5061384ce1b97bc2d8da5 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 10 Mar 2025 16:11:35 -0400 Subject: [PATCH 016/468] rename new class to DecisionTable --- src/ssvc/{framework => decision_tables}/__init__.py | 0 .../base.py} | 12 ++++++------ src/test/test_prioritization_framework.py | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) rename src/ssvc/{framework => decision_tables}/__init__.py (100%) rename src/ssvc/{framework/prioritization_framework.py => decision_tables/base.py} (94%) diff --git a/src/ssvc/framework/__init__.py b/src/ssvc/decision_tables/__init__.py similarity index 100% rename from src/ssvc/framework/__init__.py rename to src/ssvc/decision_tables/__init__.py diff --git a/src/ssvc/framework/prioritization_framework.py b/src/ssvc/decision_tables/base.py similarity index 94% rename from src/ssvc/framework/prioritization_framework.py rename to src/ssvc/decision_tables/base.py index c5e8ab5f..edfc5ad8 100644 --- a/src/ssvc/framework/prioritization_framework.py +++ b/src/ssvc/decision_tables/base.py @@ -13,7 +13,7 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University """ -Provides a Prioritization Framework class that can be used to model decisions in SSVC +Provides a DecisionTable class that can be used to model decisions in SSVC """ import logging @@ -29,9 +29,9 @@ logger = logging.getLogger(__name__) -class PrioritizationFramework(_Versioned, _Namespaced, _Base, BaseModel): +class DecisionTable(_Versioned, _Namespaced, _Base, BaseModel): """ - The PrioritizationFramework class is a model for decisions in SSVC. + The DecisionTable class is a model for decisions in SSVC. It is a collection of decision points and outcomes, and a mapping of decision points to outcomes. @@ -177,7 +177,7 @@ def generate_mapping(self) -> dict[str, str]: # convenience alias -Policy = PrioritizationFramework +Policy = DecisionTable def main(): @@ -188,7 +188,7 @@ def main(): logger.setLevel(logging.DEBUG) logger.addHandler(logging.StreamHandler()) - dfw = PrioritizationFramework( + dfw = DecisionTable( name="Example Prioritization Framework", description="The description for an Example Prioritization Framework", version="1.0.0", @@ -202,7 +202,7 @@ def main(): print("### JSON SCHEMA ###") import json - print(json.dumps(PrioritizationFramework.model_json_schema(), indent=2)) + print(json.dumps(DecisionTable.model_json_schema(), indent=2)) if __name__ == "__main__": diff --git a/src/test/test_prioritization_framework.py b/src/test/test_prioritization_framework.py index d041f795..83f7f046 100644 --- a/src/test/test_prioritization_framework.py +++ b/src/test/test_prioritization_framework.py @@ -18,14 +18,14 @@ from ssvc.decision_points.exploitation import LATEST as exploitation_dp from ssvc.decision_points.safety_impact import LATEST as safety_dp from ssvc.decision_points.system_exposure import LATEST as exposure_dp +from ssvc.decision_tables.base import DecisionTable from ssvc.dp_groups.base import SsvcDecisionPointGroup -from ssvc.framework.prioritization_framework import PrioritizationFramework from ssvc.outcomes.groups import DSOI as dsoi_og class MyTestCase(unittest.TestCase): def setUp(self): - self.framework = PrioritizationFramework( + self.framework = DecisionTable( name="Test Prioritization Framework", description="Test Prioritization Framework Description", version="1.0.0", From aa5040fc74caaa03493f6b5226d68d73d125ab35 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 13 Mar 2025 09:46:08 -0400 Subject: [PATCH 017/468] create a `_Valued` mixin --- src/ssvc/_mixins.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index 414c99e1..10b19973 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -65,6 +65,20 @@ class _Keyed(BaseModel): key: str +class _Valued(BaseModel): + """ + Mixin class for valued SSVC objects. + """ + + values: tuple + + def __iter__(self): + """ + Allow iteration over the values in the object. + """ + return iter(self.values) + + def exclude_if_none(value): return value is None From f46b42010bc5a44cf91c714dc8c52cef381da567 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 13 Mar 2025 09:47:25 -0400 Subject: [PATCH 018/468] add `_Valued` mixin to base decision point class. Also reorder mixins to adjust default json output key order --- src/ssvc/decision_points/base.py | 12 +++--------- src/test/test_doctools.py | 11 ++++++++--- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index 869e3263..af511c91 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -20,7 +20,7 @@ from pydantic import BaseModel -from ssvc._mixins import _Base, _Keyed, _Namespaced, _Versioned +from ssvc._mixins import _Base, _Keyed, _Namespaced, _Valued, _Versioned logger = logging.getLogger(__name__) @@ -61,18 +61,12 @@ class SsvcDecisionPointValue(_Base, _Keyed, BaseModel): """ -class SsvcDecisionPoint(_Base, _Keyed, _Versioned, _Namespaced, BaseModel): +class SsvcDecisionPoint(_Valued, _Keyed, _Versioned, _Namespaced, _Base, BaseModel): """ Models a single decision point as a list of values. """ - values: list[SsvcDecisionPointValue] = [] - - def __iter__(self): - """ - Allow iteration over the decision points in the group. - """ - return iter(self.values) + values: tuple[SsvcDecisionPointValue, ...] def __init__(self, **data): super().__init__(**data) diff --git a/src/test/test_doctools.py b/src/test/test_doctools.py index c59226a5..70fba2f9 100644 --- a/src/test/test_doctools.py +++ b/src/test/test_doctools.py @@ -31,10 +31,10 @@ "key": "DPT", "name": "Decision Point Test", "description": "This is a test decision point.", - "values": [ + "values": ( {"key": "N", "name": "No", "description": "No means no"}, {"key": "Y", "name": "Yes", "description": "Yes means yes"}, - ], + ), } @@ -122,7 +122,12 @@ def test_dump_json(self): # file is loadable json d = json.load(open(json_file)) for k, v in dp.model_dump().items(): - self.assertEqual(v, d[k]) + # on reload, the tuples are lists, but they should be the same + reloaded_value = d[k] + if isinstance(reloaded_value, list): + reloaded_value = tuple(reloaded_value) + + self.assertEqual(v, reloaded_value) # should not overwrite the file overwrite = False From 03d103a32fe75c58ccbe612bb98b5dbb1835cbc8 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 13 Mar 2025 09:47:51 -0400 Subject: [PATCH 019/468] update json examples to reflect new base class mixin ordering --- data/json/decision_points/automatable_2_0_0.json | 4 ++-- data/json/decision_points/cvss/access_complexity_1_0_0.json | 4 ++-- data/json/decision_points/cvss/access_complexity_2_0_0.json | 4 ++-- data/json/decision_points/cvss/access_vector_1_0_0.json | 4 ++-- data/json/decision_points/cvss/access_vector_2_0_0.json | 4 ++-- data/json/decision_points/cvss/attack_complexity_3_0_0.json | 4 ++-- data/json/decision_points/cvss/attack_complexity_3_0_1.json | 4 ++-- data/json/decision_points/cvss/attack_requirements_1_0_0.json | 4 ++-- data/json/decision_points/cvss/attack_vector_3_0_0.json | 4 ++-- data/json/decision_points/cvss/attack_vector_3_0_1.json | 4 ++-- data/json/decision_points/cvss/authentication_1_0_0.json | 4 ++-- data/json/decision_points/cvss/authentication_2_0_0.json | 4 ++-- data/json/decision_points/cvss/automatable_1_0_0.json | 4 ++-- data/json/decision_points/cvss/availability_impact_1_0_0.json | 4 ++-- data/json/decision_points/cvss/availability_impact_2_0_0.json | 4 ++-- .../availability_impact_to_the_subsequent_system_1_0_0.json | 4 ++-- .../availability_impact_to_the_vulnerable_system_3_0_0.json | 4 ++-- .../decision_points/cvss/availability_requirement_1_0_0.json | 4 ++-- .../decision_points/cvss/availability_requirement_1_1_0.json | 4 ++-- .../decision_points/cvss/availability_requirement_1_1_1.json | 4 ++-- .../cvss/collateral_damage_potential_1_0_0.json | 4 ++-- .../cvss/collateral_damage_potential_2_0_0.json | 4 ++-- .../decision_points/cvss/confidentiality_impact_1_0_0.json | 4 ++-- .../decision_points/cvss/confidentiality_impact_2_0_0.json | 4 ++-- ...confidentiality_impact_to_the_subsequent_system_1_0_0.json | 4 ++-- ...confidentiality_impact_to_the_vulnerable_system_3_0_0.json | 4 ++-- .../cvss/confidentiality_requirement_1_0_0.json | 4 ++-- .../cvss/confidentiality_requirement_1_1_0.json | 4 ++-- .../cvss/confidentiality_requirement_1_1_1.json | 4 ++-- data/json/decision_points/cvss/equivalence_set_1_1_0_0.json | 4 ++-- data/json/decision_points/cvss/equivalence_set_2_1_0_0.json | 4 ++-- data/json/decision_points/cvss/equivalence_set_3_1_0_0.json | 4 ++-- data/json/decision_points/cvss/equivalence_set_4_1_0_0.json | 4 ++-- data/json/decision_points/cvss/equivalence_set_5_1_0_0.json | 4 ++-- data/json/decision_points/cvss/equivalence_set_6_1_0_0.json | 4 ++-- .../decision_points/cvss/exploit_code_maturity_1_2_0.json | 4 ++-- data/json/decision_points/cvss/exploit_maturity_2_0_0.json | 4 ++-- data/json/decision_points/cvss/exploitability_1_0_0.json | 4 ++-- data/json/decision_points/cvss/exploitability_1_1_0.json | 4 ++-- data/json/decision_points/cvss/impact_bias_1_0_0.json | 4 ++-- data/json/decision_points/cvss/integrity_impact_1_0_0.json | 4 ++-- data/json/decision_points/cvss/integrity_impact_2_0_0.json | 4 ++-- .../cvss/integrity_impact_to_the_subsequent_system_1_0_0.json | 4 ++-- .../cvss/integrity_impact_to_the_vulnerable_system_3_0_0.json | 4 ++-- .../decision_points/cvss/integrity_requirement_1_0_0.json | 4 ++-- .../decision_points/cvss/integrity_requirement_1_1_0.json | 4 ++-- .../decision_points/cvss/integrity_requirement_1_1_1.json | 4 ++-- .../cvss/modified_attack_complexity_3_0_0.json | 4 ++-- .../cvss/modified_attack_complexity_3_0_1.json | 4 ++-- .../cvss/modified_attack_requirements_1_0_0.json | 4 ++-- .../decision_points/cvss/modified_attack_vector_3_0_0.json | 4 ++-- .../decision_points/cvss/modified_attack_vector_3_0_1.json | 4 ++-- .../cvss/modified_availability_impact_2_0_0.json | 4 ++-- ...ed_availability_impact_to_the_subsequent_system_1_0_0.json | 4 ++-- ...ed_availability_impact_to_the_vulnerable_system_3_0_0.json | 4 ++-- .../cvss/modified_confidentiality_impact_2_0_0.json | 4 ++-- ...confidentiality_impact_to_the_subsequent_system_1_0_0.json | 4 ++-- ...confidentiality_impact_to_the_vulnerable_system_3_0_0.json | 4 ++-- .../decision_points/cvss/modified_integrity_impact_2_0_0.json | 4 ++-- ...ified_integrity_impact_to_the_subsequent_system_1_0_0.json | 4 ++-- ...ified_integrity_impact_to_the_vulnerable_system_3_0_0.json | 4 ++-- .../cvss/modified_privileges_required_1_0_0.json | 4 ++-- .../cvss/modified_privileges_required_1_0_1.json | 4 ++-- data/json/decision_points/cvss/modified_scope_1_0_0.json | 4 ++-- .../decision_points/cvss/modified_user_interaction_1_0_0.json | 4 ++-- .../decision_points/cvss/modified_user_interaction_2_0_0.json | 4 ++-- data/json/decision_points/cvss/privileges_required_1_0_0.json | 4 ++-- data/json/decision_points/cvss/privileges_required_1_0_1.json | 4 ++-- data/json/decision_points/cvss/provider_urgency_1_0_0.json | 4 ++-- data/json/decision_points/cvss/recovery_1_0_0.json | 4 ++-- data/json/decision_points/cvss/remediation_level_1_0_0.json | 4 ++-- data/json/decision_points/cvss/remediation_level_1_1_0.json | 4 ++-- data/json/decision_points/cvss/report_confidence_1_0_0.json | 4 ++-- data/json/decision_points/cvss/report_confidence_1_1_0.json | 4 ++-- data/json/decision_points/cvss/report_confidence_2_0_0.json | 4 ++-- data/json/decision_points/cvss/safety_1_0_0.json | 4 ++-- data/json/decision_points/cvss/scope_1_0_0.json | 4 ++-- data/json/decision_points/cvss/target_distribution_1_0_0.json | 4 ++-- data/json/decision_points/cvss/target_distribution_1_1_0.json | 4 ++-- data/json/decision_points/cvss/user_interaction_1_0_0.json | 4 ++-- data/json/decision_points/cvss/user_interaction_2_0_0.json | 4 ++-- data/json/decision_points/cvss/value_density_1_0_0.json | 4 ++-- .../cvss/vulnerability_response_effort_1_0_0.json | 4 ++-- data/json/decision_points/exploitation_1_0_0.json | 4 ++-- data/json/decision_points/exploitation_1_1_0.json | 4 ++-- data/json/decision_points/human_impact_2_0_0.json | 4 ++-- data/json/decision_points/human_impact_2_0_1.json | 4 ++-- .../decision_points/mission_and_well-being_impact_1_0_0.json | 4 ++-- data/json/decision_points/mission_impact_1_0_0.json | 4 ++-- data/json/decision_points/mission_impact_2_0_0.json | 4 ++-- data/json/decision_points/public_safety_impact_2_0_0.json | 4 ++-- data/json/decision_points/public_safety_impact_2_0_1.json | 4 ++-- data/json/decision_points/public_value_added_1_0_0.json | 4 ++-- data/json/decision_points/public_well-being_impact_1_0_0.json | 4 ++-- data/json/decision_points/report_credibility_1_0_0.json | 4 ++-- data/json/decision_points/report_public_1_0_0.json | 4 ++-- data/json/decision_points/safety_impact_1_0_0.json | 4 ++-- data/json/decision_points/safety_impact_2_0_0.json | 4 ++-- data/json/decision_points/supplier_cardinality_1_0_0.json | 4 ++-- data/json/decision_points/supplier_contacted_1_0_0.json | 4 ++-- data/json/decision_points/supplier_engagement_1_0_0.json | 4 ++-- data/json/decision_points/supplier_involvement_1_0_0.json | 4 ++-- data/json/decision_points/system_exposure_1_0_0.json | 4 ++-- data/json/decision_points/system_exposure_1_0_1.json | 4 ++-- data/json/decision_points/technical_impact_1_0_0.json | 4 ++-- data/json/decision_points/utility_1_0_0.json | 4 ++-- data/json/decision_points/utility_1_0_1.json | 4 ++-- data/json/decision_points/value_density_1_0_0.json | 4 ++-- data/json/decision_points/virulence_1_0_0.json | 4 ++-- 109 files changed, 218 insertions(+), 218 deletions(-) diff --git a/data/json/decision_points/automatable_2_0_0.json b/data/json/decision_points/automatable_2_0_0.json index a44086f9..5a0528d8 100644 --- a/data/json/decision_points/automatable_2_0_0.json +++ b/data/json/decision_points/automatable_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Automatable", + "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", "namespace": "ssvc", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "A", - "name": "Automatable", - "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/access_complexity_1_0_0.json b/data/json/decision_points/cvss/access_complexity_1_0_0.json index 30e88f11..b07e7595 100644 --- a/data/json/decision_points/cvss/access_complexity_1_0_0.json +++ b/data/json/decision_points/cvss/access_complexity_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Access Complexity", + "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "AC", - "name": "Access Complexity", - "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/access_complexity_2_0_0.json b/data/json/decision_points/cvss/access_complexity_2_0_0.json index 09c795fc..15fec7b8 100644 --- a/data/json/decision_points/cvss/access_complexity_2_0_0.json +++ b/data/json/decision_points/cvss/access_complexity_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Access Complexity", + "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "AC", - "name": "Access Complexity", - "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/access_vector_1_0_0.json b/data/json/decision_points/cvss/access_vector_1_0_0.json index beee709d..55d6d8c6 100644 --- a/data/json/decision_points/cvss/access_vector_1_0_0.json +++ b/data/json/decision_points/cvss/access_vector_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Access Vector", + "description": "This metric measures whether or not the vulnerability is exploitable locally or remotely.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "AV", - "name": "Access Vector", - "description": "This metric measures whether or not the vulnerability is exploitable locally or remotely.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/access_vector_2_0_0.json b/data/json/decision_points/cvss/access_vector_2_0_0.json index 9f68fb5a..14918e5c 100644 --- a/data/json/decision_points/cvss/access_vector_2_0_0.json +++ b/data/json/decision_points/cvss/access_vector_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Access Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "AV", - "name": "Access Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/attack_complexity_3_0_0.json b/data/json/decision_points/cvss/attack_complexity_3_0_0.json index b9dd8584..e2ef4655 100644 --- a/data/json/decision_points/cvss/attack_complexity_3_0_0.json +++ b/data/json/decision_points/cvss/attack_complexity_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Attack Complexity", + "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "AC", - "name": "Attack Complexity", - "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/attack_complexity_3_0_1.json b/data/json/decision_points/cvss/attack_complexity_3_0_1.json index 7f49cf1d..a3469f1b 100644 --- a/data/json/decision_points/cvss/attack_complexity_3_0_1.json +++ b/data/json/decision_points/cvss/attack_complexity_3_0_1.json @@ -1,10 +1,10 @@ { + "name": "Attack Complexity", + "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "namespace": "cvss", "version": "3.0.1", "schemaVersion": "1-0-1", "key": "AC", - "name": "Attack Complexity", - "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/attack_requirements_1_0_0.json b/data/json/decision_points/cvss/attack_requirements_1_0_0.json index 4232fa7b..eaff05de 100644 --- a/data/json/decision_points/cvss/attack_requirements_1_0_0.json +++ b/data/json/decision_points/cvss/attack_requirements_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Attack Requirements", + "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "AT", - "name": "Attack Requirements", - "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/attack_vector_3_0_0.json b/data/json/decision_points/cvss/attack_vector_3_0_0.json index 612e5c72..3db17af6 100644 --- a/data/json/decision_points/cvss/attack_vector_3_0_0.json +++ b/data/json/decision_points/cvss/attack_vector_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. ", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "AV", - "name": "Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. ", "values": [ { "key": "P", diff --git a/data/json/decision_points/cvss/attack_vector_3_0_1.json b/data/json/decision_points/cvss/attack_vector_3_0_1.json index fbf31693..fe2baea6 100644 --- a/data/json/decision_points/cvss/attack_vector_3_0_1.json +++ b/data/json/decision_points/cvss/attack_vector_3_0_1.json @@ -1,10 +1,10 @@ { + "name": "Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", "namespace": "cvss", "version": "3.0.1", "schemaVersion": "1-0-1", "key": "AV", - "name": "Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", "values": [ { "key": "P", diff --git a/data/json/decision_points/cvss/authentication_1_0_0.json b/data/json/decision_points/cvss/authentication_1_0_0.json index 0e2f41e7..a2bedd42 100644 --- a/data/json/decision_points/cvss/authentication_1_0_0.json +++ b/data/json/decision_points/cvss/authentication_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Authentication", + "description": "This metric measures whether or not an attacker needs to be authenticated to the target system in order to exploit the vulnerability.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "Au", - "name": "Authentication", - "description": "This metric measures whether or not an attacker needs to be authenticated to the target system in order to exploit the vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/authentication_2_0_0.json b/data/json/decision_points/cvss/authentication_2_0_0.json index 98a1037b..f618747f 100644 --- a/data/json/decision_points/cvss/authentication_2_0_0.json +++ b/data/json/decision_points/cvss/authentication_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Authentication", + "description": "This metric measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability. This metric does not gauge the strength or complexity of the authentication process, only that an attacker is required to provide credentials before an exploit may occur. The possible values for this metric are listed in Table 3. The fewer authentication instances that are required, the higher the vulnerability score.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "Au", - "name": "Authentication", - "description": "This metric measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability. This metric does not gauge the strength or complexity of the authentication process, only that an attacker is required to provide credentials before an exploit may occur. The possible values for this metric are listed in Table 3. The fewer authentication instances that are required, the higher the vulnerability score.", "values": [ { "key": "M", diff --git a/data/json/decision_points/cvss/automatable_1_0_0.json b/data/json/decision_points/cvss/automatable_1_0_0.json index 1963318c..03956092 100644 --- a/data/json/decision_points/cvss/automatable_1_0_0.json +++ b/data/json/decision_points/cvss/automatable_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Automatable", + "description": "The \"Automatable\" metric captures the answer to the question \"Can an attacker automate exploitation events for this vulnerability across multiple targets?\" based on steps 1-4 of the kill chain.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "AU", - "name": "Automatable", - "description": "The \"Automatable\" metric captures the answer to the question \"Can an attacker automate exploitation events for this vulnerability across multiple targets?\" based on steps 1-4 of the kill chain.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/availability_impact_1_0_0.json b/data/json/decision_points/cvss/availability_impact_1_0_0.json index 4c2b59e3..ad667d01 100644 --- a/data/json/decision_points/cvss/availability_impact_1_0_0.json +++ b/data/json/decision_points/cvss/availability_impact_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Availability Impact", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the target system.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "A", - "name": "Availability Impact", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the target system.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/availability_impact_2_0_0.json b/data/json/decision_points/cvss/availability_impact_2_0_0.json index f3b37b02..7fd162ed 100644 --- a/data/json/decision_points/cvss/availability_impact_2_0_0.json +++ b/data/json/decision_points/cvss/availability_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Availability Impact", + "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "A", - "name": "Availability Impact", - "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/availability_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/availability_impact_to_the_subsequent_system_1_0_0.json index be7cedbe..79369891 100644 --- a/data/json/decision_points/cvss/availability_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/availability_impact_to_the_subsequent_system_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Availability Impact to the Subsequent System", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "SA", - "name": "Availability Impact to the Subsequent System", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/availability_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/availability_impact_to_the_vulnerable_system_3_0_0.json index ebef410c..4e999e21 100644 --- a/data/json/decision_points/cvss/availability_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/availability_impact_to_the_vulnerable_system_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Availability Impact to the Vulnerable System", + "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "VA", - "name": "Availability Impact to the Vulnerable System", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/availability_requirement_1_0_0.json b/data/json/decision_points/cvss/availability_requirement_1_0_0.json index cbffe72a..01bd1da6 100644 --- a/data/json/decision_points/cvss/availability_requirement_1_0_0.json +++ b/data/json/decision_points/cvss/availability_requirement_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Availability Requirement", + "description": "This metric measures the impact to the availability of a successfully exploited vulnerability.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "AR", - "name": "Availability Requirement", - "description": "This metric measures the impact to the availability of a successfully exploited vulnerability.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/availability_requirement_1_1_0.json b/data/json/decision_points/cvss/availability_requirement_1_1_0.json index 66dec4d4..28045aa0 100644 --- a/data/json/decision_points/cvss/availability_requirement_1_1_0.json +++ b/data/json/decision_points/cvss/availability_requirement_1_1_0.json @@ -1,10 +1,10 @@ { + "name": "Availability Requirement", + "description": "This metric measures the impact to the availability of a successfully exploited vulnerability.", "namespace": "cvss", "version": "1.1.0", "schemaVersion": "1-0-1", "key": "AR", - "name": "Availability Requirement", - "description": "This metric measures the impact to the availability of a successfully exploited vulnerability.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/availability_requirement_1_1_1.json b/data/json/decision_points/cvss/availability_requirement_1_1_1.json index 9e4a94fe..cb041336 100644 --- a/data/json/decision_points/cvss/availability_requirement_1_1_1.json +++ b/data/json/decision_points/cvss/availability_requirement_1_1_1.json @@ -1,10 +1,10 @@ { + "name": "Availability Requirement", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability.", "namespace": "cvss", "version": "1.1.1", "schemaVersion": "1-0-1", "key": "AR", - "name": "Availability Requirement", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/collateral_damage_potential_1_0_0.json b/data/json/decision_points/cvss/collateral_damage_potential_1_0_0.json index b650ad2f..19666f0f 100644 --- a/data/json/decision_points/cvss/collateral_damage_potential_1_0_0.json +++ b/data/json/decision_points/cvss/collateral_damage_potential_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Collateral Damage Potential", + "description": "This metric measures the potential for a loss in physical equipment, property damage or loss of life or limb.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "CDP", - "name": "Collateral Damage Potential", - "description": "This metric measures the potential for a loss in physical equipment, property damage or loss of life or limb.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/collateral_damage_potential_2_0_0.json b/data/json/decision_points/cvss/collateral_damage_potential_2_0_0.json index c08f0fe8..00206e66 100644 --- a/data/json/decision_points/cvss/collateral_damage_potential_2_0_0.json +++ b/data/json/decision_points/cvss/collateral_damage_potential_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Collateral Damage Potential", + "description": "This metric measures the potential for loss of life or physical assets.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "CDP", - "name": "Collateral Damage Potential", - "description": "This metric measures the potential for loss of life or physical assets.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/confidentiality_impact_1_0_0.json b/data/json/decision_points/cvss/confidentiality_impact_1_0_0.json index f8e633e6..8f9ad138 100644 --- a/data/json/decision_points/cvss/confidentiality_impact_1_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_impact_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Confidentiality Impact", + "description": "This metric measures the impact on confidentiality of a successful exploit of the vulnerability on the target system.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "C", - "name": "Confidentiality Impact", - "description": "This metric measures the impact on confidentiality of a successful exploit of the vulnerability on the target system.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/confidentiality_impact_2_0_0.json b/data/json/decision_points/cvss/confidentiality_impact_2_0_0.json index 5d8f0826..6f8c6c64 100644 --- a/data/json/decision_points/cvss/confidentiality_impact_2_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Confidentiality Impact", + "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "C", - "name": "Confidentiality Impact", - "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/confidentiality_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/confidentiality_impact_to_the_subsequent_system_1_0_0.json index 741722cd..1b2041aa 100644 --- a/data/json/decision_points/cvss/confidentiality_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_impact_to_the_subsequent_system_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Confidentiality Impact to the Subsequent System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "SC", - "name": "Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/confidentiality_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/confidentiality_impact_to_the_vulnerable_system_3_0_0.json index ceea5568..6fc61ef9 100644 --- a/data/json/decision_points/cvss/confidentiality_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_impact_to_the_vulnerable_system_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Confidentiality Impact to the Vulnerable System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "VC", - "name": "Confidentiality Impact to the Vulnerable System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/confidentiality_requirement_1_0_0.json b/data/json/decision_points/cvss/confidentiality_requirement_1_0_0.json index 988ee409..04b9e92d 100644 --- a/data/json/decision_points/cvss/confidentiality_requirement_1_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_requirement_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Confidentiality Requirement", + "description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "CR", - "name": "Confidentiality Requirement", - "description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/confidentiality_requirement_1_1_0.json b/data/json/decision_points/cvss/confidentiality_requirement_1_1_0.json index 2c508587..87453bab 100644 --- a/data/json/decision_points/cvss/confidentiality_requirement_1_1_0.json +++ b/data/json/decision_points/cvss/confidentiality_requirement_1_1_0.json @@ -1,10 +1,10 @@ { + "name": "Confidentiality Requirement", + "description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", "namespace": "cvss", "version": "1.1.0", "schemaVersion": "1-0-1", "key": "CR", - "name": "Confidentiality Requirement", - "description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/confidentiality_requirement_1_1_1.json b/data/json/decision_points/cvss/confidentiality_requirement_1_1_1.json index 2e1ef437..1c71ed0d 100644 --- a/data/json/decision_points/cvss/confidentiality_requirement_1_1_1.json +++ b/data/json/decision_points/cvss/confidentiality_requirement_1_1_1.json @@ -1,10 +1,10 @@ { + "name": "Confidentiality Requirement", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", "namespace": "cvss", "version": "1.1.1", "schemaVersion": "1-0-1", "key": "CR", - "name": "Confidentiality Requirement", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/equivalence_set_1_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_1_1_0_0.json index 9046163e..e4563635 100644 --- a/data/json/decision_points/cvss/equivalence_set_1_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_1_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Equivalence Set 1", + "description": "AV/PR/UI with 3 levels specified in Table 24", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "EQ1", - "name": "Equivalence Set 1", - "description": "AV/PR/UI with 3 levels specified in Table 24", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/equivalence_set_2_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_2_1_0_0.json index f9fa06e5..db8745ce 100644 --- a/data/json/decision_points/cvss/equivalence_set_2_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_2_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Equivalence Set 2", + "description": "AC/AT with 2 levels specified in Table 25", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "EQ2", - "name": "Equivalence Set 2", - "description": "AC/AT with 2 levels specified in Table 25", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/equivalence_set_3_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_3_1_0_0.json index a617a8f4..4b1aaf2b 100644 --- a/data/json/decision_points/cvss/equivalence_set_3_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_3_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Equivalence Set 3", + "description": "VC/VI/VA with 3 levels specified in Table 26", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "EQ3", - "name": "Equivalence Set 3", - "description": "VC/VI/VA with 3 levels specified in Table 26", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/equivalence_set_4_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_4_1_0_0.json index 761d6ec8..d732ec5b 100644 --- a/data/json/decision_points/cvss/equivalence_set_4_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_4_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Equivalence Set 4", + "description": "SC/SI/SA with 3 levels specified in Table 27", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "EQ4", - "name": "Equivalence Set 4", - "description": "SC/SI/SA with 3 levels specified in Table 27", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/equivalence_set_5_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_5_1_0_0.json index 1f1b7eec..f79d20a7 100644 --- a/data/json/decision_points/cvss/equivalence_set_5_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_5_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Equivalence Set 5", + "description": "E with 3 levels specified in Table 28", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "EQ5", - "name": "Equivalence Set 5", - "description": "E with 3 levels specified in Table 28", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/equivalence_set_6_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_6_1_0_0.json index 599ec3b1..631acd7b 100644 --- a/data/json/decision_points/cvss/equivalence_set_6_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_6_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Equivalence Set 6", + "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "EQ6", - "name": "Equivalence Set 6", - "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/exploit_code_maturity_1_2_0.json b/data/json/decision_points/cvss/exploit_code_maturity_1_2_0.json index a900808a..a4e59e23 100644 --- a/data/json/decision_points/cvss/exploit_code_maturity_1_2_0.json +++ b/data/json/decision_points/cvss/exploit_code_maturity_1_2_0.json @@ -1,10 +1,10 @@ { + "name": "Exploit Code Maturity", + "description": "measures the likelihood of the vulnerability being attacked, and is typically based on the current state of exploit techniques, exploit code availability, or active, 'in-the-wild' exploitation", "namespace": "cvss", "version": "1.2.0", "schemaVersion": "1-0-1", "key": "E", - "name": "Exploit Code Maturity", - "description": "measures the likelihood of the vulnerability being attacked, and is typically based on the current state of exploit techniques, exploit code availability, or active, 'in-the-wild' exploitation", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/exploit_maturity_2_0_0.json b/data/json/decision_points/cvss/exploit_maturity_2_0_0.json index 879891f6..28eeebd3 100644 --- a/data/json/decision_points/cvss/exploit_maturity_2_0_0.json +++ b/data/json/decision_points/cvss/exploit_maturity_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Exploit Maturity", + "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "E", - "name": "Exploit Maturity", - "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation.", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/exploitability_1_0_0.json b/data/json/decision_points/cvss/exploitability_1_0_0.json index be804085..707f297d 100644 --- a/data/json/decision_points/cvss/exploitability_1_0_0.json +++ b/data/json/decision_points/cvss/exploitability_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Exploitability", + "description": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "E", - "name": "Exploitability", - "description": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/exploitability_1_1_0.json b/data/json/decision_points/cvss/exploitability_1_1_0.json index f2d07e9d..add3fd28 100644 --- a/data/json/decision_points/cvss/exploitability_1_1_0.json +++ b/data/json/decision_points/cvss/exploitability_1_1_0.json @@ -1,10 +1,10 @@ { + "name": "Exploitability", + "description": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", "namespace": "cvss", "version": "1.1.0", "schemaVersion": "1-0-1", "key": "E", - "name": "Exploitability", - "description": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/impact_bias_1_0_0.json b/data/json/decision_points/cvss/impact_bias_1_0_0.json index 97039be4..fc7316eb 100644 --- a/data/json/decision_points/cvss/impact_bias_1_0_0.json +++ b/data/json/decision_points/cvss/impact_bias_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Impact Bias", + "description": "This metric measures the impact bias of the vulnerability.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "IB", - "name": "Impact Bias", - "description": "This metric measures the impact bias of the vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/integrity_impact_1_0_0.json b/data/json/decision_points/cvss/integrity_impact_1_0_0.json index cf1dcc9b..5880fcf4 100644 --- a/data/json/decision_points/cvss/integrity_impact_1_0_0.json +++ b/data/json/decision_points/cvss/integrity_impact_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Integrity Impact", + "description": "This metric measures the impact on integrity a successful exploit of the vulnerability will have on the target system.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "I", - "name": "Integrity Impact", - "description": "This metric measures the impact on integrity a successful exploit of the vulnerability will have on the target system.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/integrity_impact_2_0_0.json b/data/json/decision_points/cvss/integrity_impact_2_0_0.json index 48102023..ecb0fd66 100644 --- a/data/json/decision_points/cvss/integrity_impact_2_0_0.json +++ b/data/json/decision_points/cvss/integrity_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Integrity Impact", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "I", - "name": "Integrity Impact", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/integrity_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/integrity_impact_to_the_subsequent_system_1_0_0.json index ab4089b3..80c99790 100644 --- a/data/json/decision_points/cvss/integrity_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/integrity_impact_to_the_subsequent_system_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Integrity Impact to the Subsequent System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "SI", - "name": "Integrity Impact to the Subsequent System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/integrity_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/integrity_impact_to_the_vulnerable_system_3_0_0.json index ad055d84..745ee9e1 100644 --- a/data/json/decision_points/cvss/integrity_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/integrity_impact_to_the_vulnerable_system_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Integrity Impact to the Vulnerable System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "VI", - "name": "Integrity Impact to the Vulnerable System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/integrity_requirement_1_0_0.json b/data/json/decision_points/cvss/integrity_requirement_1_0_0.json index 73d07de1..f49d6438 100644 --- a/data/json/decision_points/cvss/integrity_requirement_1_0_0.json +++ b/data/json/decision_points/cvss/integrity_requirement_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Integrity Requirement", + "description": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "IR", - "name": "Integrity Requirement", - "description": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/integrity_requirement_1_1_0.json b/data/json/decision_points/cvss/integrity_requirement_1_1_0.json index 5515b3b4..7378845f 100644 --- a/data/json/decision_points/cvss/integrity_requirement_1_1_0.json +++ b/data/json/decision_points/cvss/integrity_requirement_1_1_0.json @@ -1,10 +1,10 @@ { + "name": "Integrity Requirement", + "description": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", "namespace": "cvss", "version": "1.1.0", "schemaVersion": "1-0-1", "key": "IR", - "name": "Integrity Requirement", - "description": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/integrity_requirement_1_1_1.json b/data/json/decision_points/cvss/integrity_requirement_1_1_1.json index 4a99083a..05fd2858 100644 --- a/data/json/decision_points/cvss/integrity_requirement_1_1_1.json +++ b/data/json/decision_points/cvss/integrity_requirement_1_1_1.json @@ -1,10 +1,10 @@ { + "name": "Integrity Requirement", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", "namespace": "cvss", "version": "1.1.1", "schemaVersion": "1-0-1", "key": "IR", - "name": "Integrity Requirement", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json b/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json index 09fa2cab..6e8df236 100644 --- a/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json +++ b/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Attack Complexity", + "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "MAC", - "name": "Modified Attack Complexity", - "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json b/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json index 9ddd5581..a8bee010 100644 --- a/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json +++ b/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json @@ -1,10 +1,10 @@ { + "name": "Modified Attack Complexity", + "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "namespace": "cvss", "version": "3.0.1", "schemaVersion": "1-0-1", "key": "MAC", - "name": "Modified Attack Complexity", - "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json b/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json index be523348..4f446155 100644 --- a/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json +++ b/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Attack Requirements", + "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "MAT", - "name": "Modified Attack Requirements", - "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_attack_vector_3_0_0.json b/data/json/decision_points/cvss/modified_attack_vector_3_0_0.json index afb49892..cd8261e7 100644 --- a/data/json/decision_points/cvss/modified_attack_vector_3_0_0.json +++ b/data/json/decision_points/cvss/modified_attack_vector_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. ", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "MAV", - "name": "Modified Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. ", "values": [ { "key": "P", diff --git a/data/json/decision_points/cvss/modified_attack_vector_3_0_1.json b/data/json/decision_points/cvss/modified_attack_vector_3_0_1.json index 32f378f7..35995809 100644 --- a/data/json/decision_points/cvss/modified_attack_vector_3_0_1.json +++ b/data/json/decision_points/cvss/modified_attack_vector_3_0_1.json @@ -1,10 +1,10 @@ { + "name": "Modified Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", "namespace": "cvss", "version": "3.0.1", "schemaVersion": "1-0-1", "key": "MAV", - "name": "Modified Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", "values": [ { "key": "P", diff --git a/data/json/decision_points/cvss/modified_availability_impact_2_0_0.json b/data/json/decision_points/cvss/modified_availability_impact_2_0_0.json index 861be583..efea9be1 100644 --- a/data/json/decision_points/cvss/modified_availability_impact_2_0_0.json +++ b/data/json/decision_points/cvss/modified_availability_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Availability Impact", + "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "MA", - "name": "Modified Availability Impact", - "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json index e1e91459..786f0390 100644 --- a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Availability Impact to the Subsequent System", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "MSA", - "name": "Modified Availability Impact to the Subsequent System", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_availability_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/modified_availability_impact_to_the_vulnerable_system_3_0_0.json index 7003a551..689120d5 100644 --- a/data/json/decision_points/cvss/modified_availability_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/modified_availability_impact_to_the_vulnerable_system_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Availability Impact to the Vulnerable System", + "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "MVA", - "name": "Modified Availability Impact to the Vulnerable System", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_confidentiality_impact_2_0_0.json b/data/json/decision_points/cvss/modified_confidentiality_impact_2_0_0.json index 5920006a..ef523bac 100644 --- a/data/json/decision_points/cvss/modified_confidentiality_impact_2_0_0.json +++ b/data/json/decision_points/cvss/modified_confidentiality_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Confidentiality Impact", + "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "MC", - "name": "Modified Confidentiality Impact", - "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json index 1abda292..ea677a2a 100644 --- a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Confidentiality Impact to the Subsequent System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "MSC", - "name": "Modified Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_vulnerable_system_3_0_0.json index aba1fa8b..b3f09692 100644 --- a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_vulnerable_system_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Confidentiality Impact to the Vulnerable System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "MVC", - "name": "Modified Confidentiality Impact to the Vulnerable System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_integrity_impact_2_0_0.json b/data/json/decision_points/cvss/modified_integrity_impact_2_0_0.json index 359fb804..0e010de0 100644 --- a/data/json/decision_points/cvss/modified_integrity_impact_2_0_0.json +++ b/data/json/decision_points/cvss/modified_integrity_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Integrity Impact", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "MI", - "name": "Modified Integrity Impact", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json index ec3d57b3..719e36b4 100644 --- a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Integrity Impact to the Subsequent System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "MSI", - "name": "Modified Integrity Impact to the Subsequent System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_integrity_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/modified_integrity_impact_to_the_vulnerable_system_3_0_0.json index 5a3c69e0..76f318a2 100644 --- a/data/json/decision_points/cvss/modified_integrity_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/modified_integrity_impact_to_the_vulnerable_system_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Integrity Impact to the Vulnerable System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "MVI", - "name": "Modified Integrity Impact to the Vulnerable System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_privileges_required_1_0_0.json b/data/json/decision_points/cvss/modified_privileges_required_1_0_0.json index b31ad194..4aa2e7fe 100644 --- a/data/json/decision_points/cvss/modified_privileges_required_1_0_0.json +++ b/data/json/decision_points/cvss/modified_privileges_required_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "MPR", - "name": "Modified Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "values": [ { "key": "H", diff --git a/data/json/decision_points/cvss/modified_privileges_required_1_0_1.json b/data/json/decision_points/cvss/modified_privileges_required_1_0_1.json index 92297091..9edb12a4 100644 --- a/data/json/decision_points/cvss/modified_privileges_required_1_0_1.json +++ b/data/json/decision_points/cvss/modified_privileges_required_1_0_1.json @@ -1,10 +1,10 @@ { + "name": "Modified Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "namespace": "cvss", "version": "1.0.1", "schemaVersion": "1-0-1", "key": "MPR", - "name": "Modified Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "values": [ { "key": "H", diff --git a/data/json/decision_points/cvss/modified_scope_1_0_0.json b/data/json/decision_points/cvss/modified_scope_1_0_0.json index 21d82cba..7eb01d1c 100644 --- a/data/json/decision_points/cvss/modified_scope_1_0_0.json +++ b/data/json/decision_points/cvss/modified_scope_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Scope", + "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "MS", - "name": "Modified Scope", - "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/modified_user_interaction_1_0_0.json b/data/json/decision_points/cvss/modified_user_interaction_1_0_0.json index cea0d0c0..dab50cf5 100644 --- a/data/json/decision_points/cvss/modified_user_interaction_1_0_0.json +++ b/data/json/decision_points/cvss/modified_user_interaction_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified User Interaction", + "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "MUI", - "name": "Modified User Interaction", - "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", "values": [ { "key": "R", diff --git a/data/json/decision_points/cvss/modified_user_interaction_2_0_0.json b/data/json/decision_points/cvss/modified_user_interaction_2_0_0.json index a4242ca6..2fbfe36b 100644 --- a/data/json/decision_points/cvss/modified_user_interaction_2_0_0.json +++ b/data/json/decision_points/cvss/modified_user_interaction_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified User Interaction", + "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "MUI", - "name": "Modified User Interaction", - "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "values": [ { "key": "A", diff --git a/data/json/decision_points/cvss/privileges_required_1_0_0.json b/data/json/decision_points/cvss/privileges_required_1_0_0.json index e7a14402..0f918c46 100644 --- a/data/json/decision_points/cvss/privileges_required_1_0_0.json +++ b/data/json/decision_points/cvss/privileges_required_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "PR", - "name": "Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "values": [ { "key": "H", diff --git a/data/json/decision_points/cvss/privileges_required_1_0_1.json b/data/json/decision_points/cvss/privileges_required_1_0_1.json index 79c6c94a..698e4dc3 100644 --- a/data/json/decision_points/cvss/privileges_required_1_0_1.json +++ b/data/json/decision_points/cvss/privileges_required_1_0_1.json @@ -1,10 +1,10 @@ { + "name": "Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "namespace": "cvss", "version": "1.0.1", "schemaVersion": "1-0-1", "key": "PR", - "name": "Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "values": [ { "key": "H", diff --git a/data/json/decision_points/cvss/provider_urgency_1_0_0.json b/data/json/decision_points/cvss/provider_urgency_1_0_0.json index 0e277cca..6a319c77 100644 --- a/data/json/decision_points/cvss/provider_urgency_1_0_0.json +++ b/data/json/decision_points/cvss/provider_urgency_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Provider Urgency", + "description": "Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional \"pass-through\" Supplemental Metric called Provider Urgency is available.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "U", - "name": "Provider Urgency", - "description": "Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional \"pass-through\" Supplemental Metric called Provider Urgency is available.", "values": [ { "key": "X", diff --git a/data/json/decision_points/cvss/recovery_1_0_0.json b/data/json/decision_points/cvss/recovery_1_0_0.json index 8a4beda9..b8597662 100644 --- a/data/json/decision_points/cvss/recovery_1_0_0.json +++ b/data/json/decision_points/cvss/recovery_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Recovery", + "description": "The Recovery metric describes the resilience of a system to recover services, in terms of performance and availability, after an attack has been performed.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "R", - "name": "Recovery", - "description": "The Recovery metric describes the resilience of a system to recover services, in terms of performance and availability, after an attack has been performed.", "values": [ { "key": "X", diff --git a/data/json/decision_points/cvss/remediation_level_1_0_0.json b/data/json/decision_points/cvss/remediation_level_1_0_0.json index 11f9384f..cc5a3866 100644 --- a/data/json/decision_points/cvss/remediation_level_1_0_0.json +++ b/data/json/decision_points/cvss/remediation_level_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Remediation Level", + "description": "This metric measures the remediation status of a vulnerability.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "RL", - "name": "Remediation Level", - "description": "This metric measures the remediation status of a vulnerability.", "values": [ { "key": "OF", diff --git a/data/json/decision_points/cvss/remediation_level_1_1_0.json b/data/json/decision_points/cvss/remediation_level_1_1_0.json index ccaa439c..eda1100a 100644 --- a/data/json/decision_points/cvss/remediation_level_1_1_0.json +++ b/data/json/decision_points/cvss/remediation_level_1_1_0.json @@ -1,10 +1,10 @@ { + "name": "Remediation Level", + "description": "This metric measures the remediation status of a vulnerability.", "namespace": "cvss", "version": "1.1.0", "schemaVersion": "1-0-1", "key": "RL", - "name": "Remediation Level", - "description": "This metric measures the remediation status of a vulnerability.", "values": [ { "key": "OF", diff --git a/data/json/decision_points/cvss/report_confidence_1_0_0.json b/data/json/decision_points/cvss/report_confidence_1_0_0.json index 85940cf0..0dc24b8b 100644 --- a/data/json/decision_points/cvss/report_confidence_1_0_0.json +++ b/data/json/decision_points/cvss/report_confidence_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Report Confidence", + "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "RC", - "name": "Report Confidence", - "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "values": [ { "key": "UC", diff --git a/data/json/decision_points/cvss/report_confidence_1_1_0.json b/data/json/decision_points/cvss/report_confidence_1_1_0.json index 691f1e87..c3c2b7aa 100644 --- a/data/json/decision_points/cvss/report_confidence_1_1_0.json +++ b/data/json/decision_points/cvss/report_confidence_1_1_0.json @@ -1,10 +1,10 @@ { + "name": "Report Confidence", + "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "namespace": "cvss", "version": "1.1.0", "schemaVersion": "1-0-1", "key": "RC", - "name": "Report Confidence", - "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "values": [ { "key": "UC", diff --git a/data/json/decision_points/cvss/report_confidence_2_0_0.json b/data/json/decision_points/cvss/report_confidence_2_0_0.json index 502e1291..cf6cf0ca 100644 --- a/data/json/decision_points/cvss/report_confidence_2_0_0.json +++ b/data/json/decision_points/cvss/report_confidence_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Report Confidence", + "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "RC", - "name": "Report Confidence", - "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/safety_1_0_0.json b/data/json/decision_points/cvss/safety_1_0_0.json index a72a7cd6..987de4d0 100644 --- a/data/json/decision_points/cvss/safety_1_0_0.json +++ b/data/json/decision_points/cvss/safety_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Safety", + "description": "The Safety decision point is a measure of the potential for harm to humans or the environment.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "S", - "name": "Safety", - "description": "The Safety decision point is a measure of the potential for harm to humans or the environment.", "values": [ { "key": "X", diff --git a/data/json/decision_points/cvss/scope_1_0_0.json b/data/json/decision_points/cvss/scope_1_0_0.json index 2ed72c80..0025ac97 100644 --- a/data/json/decision_points/cvss/scope_1_0_0.json +++ b/data/json/decision_points/cvss/scope_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Scope", + "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "S", - "name": "Scope", - "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/target_distribution_1_0_0.json b/data/json/decision_points/cvss/target_distribution_1_0_0.json index 1d86b7ca..97b94297 100644 --- a/data/json/decision_points/cvss/target_distribution_1_0_0.json +++ b/data/json/decision_points/cvss/target_distribution_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Target Distribution", + "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "TD", - "name": "Target Distribution", - "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/target_distribution_1_1_0.json b/data/json/decision_points/cvss/target_distribution_1_1_0.json index bc126152..5e0d93f0 100644 --- a/data/json/decision_points/cvss/target_distribution_1_1_0.json +++ b/data/json/decision_points/cvss/target_distribution_1_1_0.json @@ -1,10 +1,10 @@ { + "name": "Target Distribution", + "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", "namespace": "cvss", "version": "1.1.0", "schemaVersion": "1-0-1", "key": "TD", - "name": "Target Distribution", - "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/user_interaction_1_0_0.json b/data/json/decision_points/cvss/user_interaction_1_0_0.json index 84f623ba..eb4e9bfb 100644 --- a/data/json/decision_points/cvss/user_interaction_1_0_0.json +++ b/data/json/decision_points/cvss/user_interaction_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "User Interaction", + "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "UI", - "name": "User Interaction", - "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", "values": [ { "key": "R", diff --git a/data/json/decision_points/cvss/user_interaction_2_0_0.json b/data/json/decision_points/cvss/user_interaction_2_0_0.json index 7794cc14..160107aa 100644 --- a/data/json/decision_points/cvss/user_interaction_2_0_0.json +++ b/data/json/decision_points/cvss/user_interaction_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "User Interaction", + "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "UI", - "name": "User Interaction", - "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "values": [ { "key": "A", diff --git a/data/json/decision_points/cvss/value_density_1_0_0.json b/data/json/decision_points/cvss/value_density_1_0_0.json index a4f06724..1ca1a355 100644 --- a/data/json/decision_points/cvss/value_density_1_0_0.json +++ b/data/json/decision_points/cvss/value_density_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Value Density", + "description": "Value Density describes the resources that the attacker will gain control over with a single exploitation event. It has two possible values, diffuse and concentrated.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "V", - "name": "Value Density", - "description": "Value Density describes the resources that the attacker will gain control over with a single exploitation event. It has two possible values, diffuse and concentrated.", "values": [ { "key": "X", diff --git a/data/json/decision_points/cvss/vulnerability_response_effort_1_0_0.json b/data/json/decision_points/cvss/vulnerability_response_effort_1_0_0.json index 71e2f3cc..bb334844 100644 --- a/data/json/decision_points/cvss/vulnerability_response_effort_1_0_0.json +++ b/data/json/decision_points/cvss/vulnerability_response_effort_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Vulnerability Response Effort", + "description": "The intention of the Vulnerability Response Effort metric is to provide supplemental information on how difficult it is for consumers to provide an initial response to the impact of vulnerabilities for deployed products and services in their infrastructure. The consumer can then take this additional information on effort required into consideration when applying mitigations and/or scheduling remediation.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "RE", - "name": "Vulnerability Response Effort", - "description": "The intention of the Vulnerability Response Effort metric is to provide supplemental information on how difficult it is for consumers to provide an initial response to the impact of vulnerabilities for deployed products and services in their infrastructure. The consumer can then take this additional information on effort required into consideration when applying mitigations and/or scheduling remediation.", "values": [ { "key": "X", diff --git a/data/json/decision_points/exploitation_1_0_0.json b/data/json/decision_points/exploitation_1_0_0.json index 42242c30..d1cf71b2 100644 --- a/data/json/decision_points/exploitation_1_0_0.json +++ b/data/json/decision_points/exploitation_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "E", - "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/exploitation_1_1_0.json b/data/json/decision_points/exploitation_1_1_0.json index f436738a..e54d2ace 100644 --- a/data/json/decision_points/exploitation_1_1_0.json +++ b/data/json/decision_points/exploitation_1_1_0.json @@ -1,10 +1,10 @@ { + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", "namespace": "ssvc", "version": "1.1.0", "schemaVersion": "1-0-1", "key": "E", - "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/human_impact_2_0_0.json b/data/json/decision_points/human_impact_2_0_0.json index b9fec592..80af1b78 100644 --- a/data/json/decision_points/human_impact_2_0_0.json +++ b/data/json/decision_points/human_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", "namespace": "ssvc", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "HI", - "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", "values": [ { "key": "L", diff --git a/data/json/decision_points/human_impact_2_0_1.json b/data/json/decision_points/human_impact_2_0_1.json index 9fd6ba91..3942e93a 100644 --- a/data/json/decision_points/human_impact_2_0_1.json +++ b/data/json/decision_points/human_impact_2_0_1.json @@ -1,10 +1,10 @@ { + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", "namespace": "ssvc", "version": "2.0.1", "schemaVersion": "1-0-1", "key": "HI", - "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", "values": [ { "key": "L", diff --git a/data/json/decision_points/mission_and_well-being_impact_1_0_0.json b/data/json/decision_points/mission_and_well-being_impact_1_0_0.json index 20c2ad3a..95de41e6 100644 --- a/data/json/decision_points/mission_and_well-being_impact_1_0_0.json +++ b/data/json/decision_points/mission_and_well-being_impact_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Mission and Well-Being Impact", + "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "MWI", - "name": "Mission and Well-Being Impact", - "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", "values": [ { "key": "L", diff --git a/data/json/decision_points/mission_impact_1_0_0.json b/data/json/decision_points/mission_impact_1_0_0.json index 3dd1a4ba..ac6b2915 100644 --- a/data/json/decision_points/mission_impact_1_0_0.json +++ b/data/json/decision_points/mission_impact_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Mission Impact", + "description": "Impact on Mission Essential Functions of the Organization", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "MI", - "name": "Mission Impact", - "description": "Impact on Mission Essential Functions of the Organization", "values": [ { "key": "N", diff --git a/data/json/decision_points/mission_impact_2_0_0.json b/data/json/decision_points/mission_impact_2_0_0.json index 51f392e9..b0a3fc77 100644 --- a/data/json/decision_points/mission_impact_2_0_0.json +++ b/data/json/decision_points/mission_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Mission Impact", + "description": "Impact on Mission Essential Functions of the Organization", "namespace": "ssvc", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "MI", - "name": "Mission Impact", - "description": "Impact on Mission Essential Functions of the Organization", "values": [ { "key": "D", diff --git a/data/json/decision_points/public_safety_impact_2_0_0.json b/data/json/decision_points/public_safety_impact_2_0_0.json index 03eaa0d8..74b06423 100644 --- a/data/json/decision_points/public_safety_impact_2_0_0.json +++ b/data/json/decision_points/public_safety_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Public Safety Impact", + "description": "A coarse-grained representation of impact to public safety.", "namespace": "ssvc", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "PSI", - "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", "values": [ { "key": "M", diff --git a/data/json/decision_points/public_safety_impact_2_0_1.json b/data/json/decision_points/public_safety_impact_2_0_1.json index e61afe04..7c60c4ef 100644 --- a/data/json/decision_points/public_safety_impact_2_0_1.json +++ b/data/json/decision_points/public_safety_impact_2_0_1.json @@ -1,10 +1,10 @@ { + "name": "Public Safety Impact", + "description": "A coarse-grained representation of impact to public safety.", "namespace": "ssvc", "version": "2.0.1", "schemaVersion": "1-0-1", "key": "PSI", - "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", "values": [ { "key": "M", diff --git a/data/json/decision_points/public_value_added_1_0_0.json b/data/json/decision_points/public_value_added_1_0_0.json index a376f8bb..ae508569 100644 --- a/data/json/decision_points/public_value_added_1_0_0.json +++ b/data/json/decision_points/public_value_added_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Public Value Added", + "description": "How much value would a publication from the coordinator benefit the broader community?", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "PVA", - "name": "Public Value Added", - "description": "How much value would a publication from the coordinator benefit the broader community?", "values": [ { "key": "L", diff --git a/data/json/decision_points/public_well-being_impact_1_0_0.json b/data/json/decision_points/public_well-being_impact_1_0_0.json index 2b1c02bd..7994e948 100644 --- a/data/json/decision_points/public_well-being_impact_1_0_0.json +++ b/data/json/decision_points/public_well-being_impact_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Public Well-Being Impact", + "description": "A coarse-grained representation of impact to public well-being.", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "PWI", - "name": "Public Well-Being Impact", - "description": "A coarse-grained representation of impact to public well-being.", "values": [ { "key": "M", diff --git a/data/json/decision_points/report_credibility_1_0_0.json b/data/json/decision_points/report_credibility_1_0_0.json index 06f2d323..8cf756bd 100644 --- a/data/json/decision_points/report_credibility_1_0_0.json +++ b/data/json/decision_points/report_credibility_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Report Credibility", + "description": "Is the report credible?", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "RC", - "name": "Report Credibility", - "description": "Is the report credible?", "values": [ { "key": "NC", diff --git a/data/json/decision_points/report_public_1_0_0.json b/data/json/decision_points/report_public_1_0_0.json index ba36050a..5c4d19d8 100644 --- a/data/json/decision_points/report_public_1_0_0.json +++ b/data/json/decision_points/report_public_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Report Public", + "description": "Is a viable report of the details of the vulnerability already publicly available?", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "RP", - "name": "Report Public", - "description": "Is a viable report of the details of the vulnerability already publicly available?", "values": [ { "key": "Y", diff --git a/data/json/decision_points/safety_impact_1_0_0.json b/data/json/decision_points/safety_impact_1_0_0.json index 7aadf352..fe240916 100644 --- a/data/json/decision_points/safety_impact_1_0_0.json +++ b/data/json/decision_points/safety_impact_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Safety Impact", + "description": "The safety impact of the vulnerability.", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "SI", - "name": "Safety Impact", - "description": "The safety impact of the vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/safety_impact_2_0_0.json b/data/json/decision_points/safety_impact_2_0_0.json index 19d74d6b..4f839fb8 100644 --- a/data/json/decision_points/safety_impact_2_0_0.json +++ b/data/json/decision_points/safety_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Safety Impact", + "description": "The safety impact of the vulnerability. (based on IEC 61508)", "namespace": "ssvc", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "SI", - "name": "Safety Impact", - "description": "The safety impact of the vulnerability. (based on IEC 61508)", "values": [ { "key": "N", diff --git a/data/json/decision_points/supplier_cardinality_1_0_0.json b/data/json/decision_points/supplier_cardinality_1_0_0.json index 0adc8300..ec1df5a8 100644 --- a/data/json/decision_points/supplier_cardinality_1_0_0.json +++ b/data/json/decision_points/supplier_cardinality_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Supplier Cardinality", + "description": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "SC", - "name": "Supplier Cardinality", - "description": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", "values": [ { "key": "O", diff --git a/data/json/decision_points/supplier_contacted_1_0_0.json b/data/json/decision_points/supplier_contacted_1_0_0.json index 2cceb5ed..c32d5755 100644 --- a/data/json/decision_points/supplier_contacted_1_0_0.json +++ b/data/json/decision_points/supplier_contacted_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Supplier Contacted", + "description": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "SC", - "name": "Supplier Contacted", - "description": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", "values": [ { "key": "N", diff --git a/data/json/decision_points/supplier_engagement_1_0_0.json b/data/json/decision_points/supplier_engagement_1_0_0.json index ffd69c94..d9f704b0 100644 --- a/data/json/decision_points/supplier_engagement_1_0_0.json +++ b/data/json/decision_points/supplier_engagement_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Supplier Engagement", + "description": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "SE", - "name": "Supplier Engagement", - "description": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", "values": [ { "key": "A", diff --git a/data/json/decision_points/supplier_involvement_1_0_0.json b/data/json/decision_points/supplier_involvement_1_0_0.json index d9c5b433..15d014e5 100644 --- a/data/json/decision_points/supplier_involvement_1_0_0.json +++ b/data/json/decision_points/supplier_involvement_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Supplier Involvement", + "description": "What is the state of the supplier’s work on addressing the vulnerability?", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "SI", - "name": "Supplier Involvement", - "description": "What is the state of the supplier’s work on addressing the vulnerability?", "values": [ { "key": "FR", diff --git a/data/json/decision_points/system_exposure_1_0_0.json b/data/json/decision_points/system_exposure_1_0_0.json index 45671101..c72411b5 100644 --- a/data/json/decision_points/system_exposure_1_0_0.json +++ b/data/json/decision_points/system_exposure_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "System Exposure", + "description": "The Accessible Attack Surface of the Affected System or Service", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "EXP", - "name": "System Exposure", - "description": "The Accessible Attack Surface of the Affected System or Service", "values": [ { "key": "S", diff --git a/data/json/decision_points/system_exposure_1_0_1.json b/data/json/decision_points/system_exposure_1_0_1.json index a6b713d4..4babf60e 100644 --- a/data/json/decision_points/system_exposure_1_0_1.json +++ b/data/json/decision_points/system_exposure_1_0_1.json @@ -1,10 +1,10 @@ { + "name": "System Exposure", + "description": "The Accessible Attack Surface of the Affected System or Service", "namespace": "ssvc", "version": "1.0.1", "schemaVersion": "1-0-1", "key": "EXP", - "name": "System Exposure", - "description": "The Accessible Attack Surface of the Affected System or Service", "values": [ { "key": "S", diff --git a/data/json/decision_points/technical_impact_1_0_0.json b/data/json/decision_points/technical_impact_1_0_0.json index 5f3c7375..92ecdb4e 100644 --- a/data/json/decision_points/technical_impact_1_0_0.json +++ b/data/json/decision_points/technical_impact_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Technical Impact", + "description": "The technical impact of the vulnerability.", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "TI", - "name": "Technical Impact", - "description": "The technical impact of the vulnerability.", "values": [ { "key": "P", diff --git a/data/json/decision_points/utility_1_0_0.json b/data/json/decision_points/utility_1_0_0.json index 033b00a3..71d0ca5f 100644 --- a/data/json/decision_points/utility_1_0_0.json +++ b/data/json/decision_points/utility_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Utility", + "description": "The Usefulness of the Exploit to the Adversary", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "U", - "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", "values": [ { "key": "L", diff --git a/data/json/decision_points/utility_1_0_1.json b/data/json/decision_points/utility_1_0_1.json index 79091345..5c22b7fe 100644 --- a/data/json/decision_points/utility_1_0_1.json +++ b/data/json/decision_points/utility_1_0_1.json @@ -1,10 +1,10 @@ { + "name": "Utility", + "description": "The Usefulness of the Exploit to the Adversary", "namespace": "ssvc", "version": "1.0.1", "schemaVersion": "1-0-1", "key": "U", - "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", "values": [ { "key": "L", diff --git a/data/json/decision_points/value_density_1_0_0.json b/data/json/decision_points/value_density_1_0_0.json index 725b53fe..4658a012 100644 --- a/data/json/decision_points/value_density_1_0_0.json +++ b/data/json/decision_points/value_density_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Value Density", + "description": "The concentration of value in the target", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "VD", - "name": "Value Density", - "description": "The concentration of value in the target", "values": [ { "key": "D", diff --git a/data/json/decision_points/virulence_1_0_0.json b/data/json/decision_points/virulence_1_0_0.json index 5d2200d9..b08d9539 100644 --- a/data/json/decision_points/virulence_1_0_0.json +++ b/data/json/decision_points/virulence_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Virulence", + "description": "The speed at which the vulnerability can be exploited.", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "V", - "name": "Virulence", - "description": "The speed at which the vulnerability can be exploited.", "values": [ { "key": "S", From 7fe39a3d6ef405f4b8e4242808174a48d25c9a13 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 13 Mar 2025 11:24:01 -0400 Subject: [PATCH 020/468] empty the ssvc/decision_tables/__init__.py --- src/ssvc/decision_tables/__init__.py | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/src/ssvc/decision_tables/__init__.py b/src/ssvc/decision_tables/__init__.py index ae6a8836..b9c0e1cc 100644 --- a/src/ssvc/decision_tables/__init__.py +++ b/src/ssvc/decision_tables/__init__.py @@ -1,11 +1,3 @@ -#!/usr/bin/env python -""" -file: __init__.py -author: adh -created_at: 2/25/25 10:00 AM -""" - - # Copyright (c) 2025 Carnegie Mellon University and Contributors. # - see Contributors.md for a full list of Contributors # - see ContributionInstructions.md for information on how you can Contribute to this project @@ -18,11 +10,3 @@ # (“Third Party Software”). See LICENSE.md for more details. # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University - - -def main(): - pass - - -if __name__ == "__main__": - main() From b31e7d7955360fad02dbbce5747da2be52ceafcc Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 13 Mar 2025 11:35:48 -0400 Subject: [PATCH 021/468] rename OutcomeGroup.outcomes to OutcomeGroup.values Prepares for future ability to convert from OutcomeGroup to DecisionPoint --- src/ssvc/decision_tables/base.py | 2 +- src/ssvc/outcomes/base.py | 6 +++--- src/ssvc/outcomes/groups.py | 20 ++++++++++---------- src/ssvc/policy_generator.py | 6 +++--- src/test/test_outcomes.py | 4 ++-- src/test/test_policy_generator.py | 8 +++----- 6 files changed, 22 insertions(+), 24 deletions(-) diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index edfc5ad8..49ac51f4 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -125,7 +125,7 @@ def generate_mapping(self) -> dict[str, str]: dp.name.lower(): dp for dp in self.decision_point_group.decision_points } outcome_lookup = { - outcome.name.lower(): outcome for outcome in self.outcome_group.outcomes + outcome.name.lower(): outcome for outcome in self.outcome_group.values } dp_value_lookup = {} diff --git a/src/ssvc/outcomes/base.py b/src/ssvc/outcomes/base.py index 414b1364..39fdcd31 100644 --- a/src/ssvc/outcomes/base.py +++ b/src/ssvc/outcomes/base.py @@ -31,19 +31,19 @@ class OutcomeGroup(_Base, _Keyed, _Versioned, BaseModel): Models an outcome group. """ - outcomes: tuple[OutcomeValue, ...] + values: tuple[OutcomeValue, ...] def __iter__(self): """ Allow iteration over the outcomes in the group. """ - return iter(self.outcomes) + return iter(self.values) def __len__(self): """ Allow len() to be called on the group. """ - olist = list(self.outcomes) + olist = list(self.values) l = len(olist) return l diff --git a/src/ssvc/outcomes/groups.py b/src/ssvc/outcomes/groups.py index 0d2aa387..2bf0223e 100644 --- a/src/ssvc/outcomes/groups.py +++ b/src/ssvc/outcomes/groups.py @@ -25,7 +25,7 @@ key="DSOI", description="The original SSVC outcome group.", version="1.0.0", - outcomes=( + values=( OutcomeValue(name="Defer", key="D", description="Defer"), OutcomeValue(name="Scheduled", key="S", description="Scheduled"), OutcomeValue(name="Out-of-Cycle", key="O", description="Out-of-Cycle"), @@ -41,7 +41,7 @@ key="PUBLISH", description="The publish outcome group.", version="1.0.0", - outcomes=( + values=( OutcomeValue(name="Do Not Publish", key="N", description="Do Not Publish"), OutcomeValue(name="Publish", key="P", description="Publish"), ), @@ -55,7 +55,7 @@ key="COORDINATE", description="The coordinate outcome group.", version="1.0.0", - outcomes=( + values=( OutcomeValue(name="Decline", key="D", description="Decline"), OutcomeValue(name="Track", key="T", description="Track"), OutcomeValue(name="Coordinate", key="C", description="Coordinate"), @@ -70,7 +70,7 @@ key="MOSCOW", description="The Moscow outcome group.", version="1.0.0", - outcomes=( + values=( OutcomeValue(name="Won't", key="W", description="Won't"), OutcomeValue(name="Could", key="C", description="Could"), OutcomeValue(name="Should", key="S", description="Should"), @@ -86,7 +86,7 @@ key="EISENHOWER", description="The Eisenhower outcome group.", version="1.0.0", - outcomes=( + values=( OutcomeValue(name="Delete", key="D", description="Delete"), OutcomeValue(name="Delegate", key="G", description="Delegate"), OutcomeValue(name="Schedule", key="S", description="Schedule"), @@ -102,7 +102,7 @@ key="CVSS", description="The CVSS outcome group.", version="1.0.0", - outcomes=( + values=( OutcomeValue(name="Low", key="L", description="Low"), OutcomeValue(name="Medium", key="M", description="Medium"), OutcomeValue(name="High", key="H", description="High"), @@ -119,7 +119,7 @@ description="The CISA outcome group. " "CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", version="1.0.0", - outcomes=( + values=( OutcomeValue( name="Track", key="T", @@ -160,7 +160,7 @@ key="YES_NO", description="The Yes/No outcome group.", version="1.0.0", - outcomes=( + values=( OutcomeValue(name="No", key="N", description="No"), OutcomeValue(name="Yes", key="Y", description="Yes"), ), @@ -174,7 +174,7 @@ key="VALUE_COMPLEXITY", description="The Value/Complexity outcome group.", version="1.0.0", - outcomes=( + values=( # drop, reconsider later, easy win, do first OutcomeValue(name="Drop", key="D", description="Drop"), OutcomeValue(name="Reconsider Later", key="R", description="Reconsider Later"), @@ -191,7 +191,7 @@ key="PARANOIDS", description="PrioritizedRiskRemediation outcome group based on TheParanoids.", version="1.0.0", - outcomes=( + values=( OutcomeValue(name="Track 5", key="5", description="Track"), OutcomeValue(name="Track Closely 4", key="4", description="Track Closely"), OutcomeValue(name="Attend 3", key="3", description="Attend"), diff --git a/src/ssvc/policy_generator.py b/src/ssvc/policy_generator.py index c7f58b77..776abe76 100644 --- a/src/ssvc/policy_generator.py +++ b/src/ssvc/policy_generator.py @@ -170,7 +170,7 @@ def _create_policy(self): row[col2] = node[i] oc_idx = self.G.nodes[node]["outcome"] - row["outcome"] = self.outcomes.outcomes[oc_idx].name + row["outcome"] = self.outcomes.values[oc_idx].name row["idx_outcome"] = oc_idx rows.append(row) @@ -195,7 +195,7 @@ def emit_policy(self) -> None: def _assign_outcomes(self): node_count = len(self.G.nodes) - outcomes = [outcome.name for outcome in self.outcomes.outcomes] + outcomes = [outcome.name for outcome in self.outcomes.values] logger.debug(f"Outcomes: {outcomes}") layers = list(nx.topological_generations(self.G)) @@ -208,7 +208,7 @@ def _assign_outcomes(self): logger.debug(f"Toposort: {toposort[:4]}...{toposort[-4:]}") outcome_idx = 0 - assigned_counts = [0 for _ in self.outcomes.outcomes] + assigned_counts = [0 for _ in self.outcomes.values] for node in toposort: # step through the nodes in topological order # and assign outcomes to each node diff --git a/src/test/test_outcomes.py b/src/test/test_outcomes.py index 0095c676..85bdece2 100644 --- a/src/test/test_outcomes.py +++ b/src/test/test_outcomes.py @@ -35,7 +35,7 @@ def test_outcome_group(self): name="Outcome Group", key="OG", description="an outcome group", - outcomes=tuple(values), + values=tuple(values), ) self.assertEqual(og.name, "Outcome Group") @@ -44,7 +44,7 @@ def test_outcome_group(self): self.assertEqual(len(og), len(ALPHABET)) - og_outcomes = list(og.outcomes) + og_outcomes = list(og.values) for i, letter in enumerate(ALPHABET): self.assertEqual(og_outcomes[i].key, letter) self.assertEqual(og_outcomes[i].name, letter) diff --git a/src/test/test_policy_generator.py b/src/test/test_policy_generator.py index 65132436..12233c91 100644 --- a/src/test/test_policy_generator.py +++ b/src/test/test_policy_generator.py @@ -34,9 +34,7 @@ def setUp(self) -> None: name="test", description="test", key="TEST", - outcomes=[ - OutcomeValue(key=c, name=c, description=c) for c in self.og_names - ], + values=[OutcomeValue(key=c, name=c, description=c) for c in self.og_names], ) self.dpg = SsvcDecisionPointGroup( name="test", @@ -57,7 +55,7 @@ def setUp(self) -> None: def test_pg_init(self): self.assertEqual(4, len(self.dpg.decision_points)) - self.assertEqual(4, len(self.og.outcomes)) + self.assertEqual(4, len(self.og.values)) pg = PolicyGenerator(dp_group=self.dpg, outcomes=self.og) for w in pg.outcome_weights: @@ -234,7 +232,7 @@ def test_emit_policy(self): for dpg in pg.dpg.decision_points: self.assertIn(dpg.name, stdout) - for og in pg.outcomes.outcomes: + for og in pg.outcomes.values: self.assertIn(og.name.lower(), stdout) def test_create_policy(self): From b720435851c470887dfd321382fa38d8e978a7f5 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 13 Mar 2025 11:41:10 -0400 Subject: [PATCH 022/468] add len() to _Valued mixin --- src/ssvc/_mixins.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index 10b19973..0fd2649e 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -78,6 +78,12 @@ def __iter__(self): """ return iter(self.values) + def __len__(self): + """ + Allow len() to be called on the object. + """ + return len(self.values) + def exclude_if_none(value): return value is None From 71c900384db9bebe0986621e5bb0351110175e76 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 13 Mar 2025 11:41:26 -0400 Subject: [PATCH 023/468] use _Valued mixin --- src/ssvc/outcomes/base.py | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/src/ssvc/outcomes/base.py b/src/ssvc/outcomes/base.py index 39fdcd31..f4316359 100644 --- a/src/ssvc/outcomes/base.py +++ b/src/ssvc/outcomes/base.py @@ -17,7 +17,7 @@ from pydantic import BaseModel -from ssvc._mixins import _Base, _Keyed, _Versioned +from ssvc._mixins import _Base, _Keyed, _Valued, _Versioned class OutcomeValue(_Base, _Keyed, BaseModel): @@ -26,25 +26,11 @@ class OutcomeValue(_Base, _Keyed, BaseModel): """ -class OutcomeGroup(_Base, _Keyed, _Versioned, BaseModel): +class OutcomeGroup(_Valued, _Base, _Keyed, _Versioned, BaseModel): """ Models an outcome group. """ values: tuple[OutcomeValue, ...] - def __iter__(self): - """ - Allow iteration over the outcomes in the group. - """ - return iter(self.values) - - def __len__(self): - """ - Allow len() to be called on the group. - """ - olist = list(self.values) - l = len(olist) - return l - # register all instances From 5b03c6a765ee7f4127678e706862d868fe0f4bb0 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 13 Mar 2025 11:41:10 -0400 Subject: [PATCH 024/468] add len() to _Valued mixin --- src/ssvc/_mixins.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index 10b19973..0fd2649e 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -78,6 +78,12 @@ def __iter__(self): """ return iter(self.values) + def __len__(self): + """ + Allow len() to be called on the object. + """ + return len(self.values) + def exclude_if_none(value): return value is None From 66e8410a8f07151adb8ee4e8062e7b957ded1b71 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 13 Mar 2025 12:01:30 -0400 Subject: [PATCH 025/468] add tests --- src/test/test_dp_base.py | 8 ++++++++ src/test/test_mixins.py | 22 ++++++++++++++++++---- 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/src/test/test_dp_base.py b/src/test/test_dp_base.py index c6b580e6..58f3e3ed 100644 --- a/src/test/test_dp_base.py +++ b/src/test/test_dp_base.py @@ -42,6 +42,14 @@ def tearDown(self) -> None: # restore the original registry base._reset_registered() + def test_decision_point_basics(self): + from ssvc._mixins import _Base, _Keyed, _Namespaced, _Valued, _Versioned + + # inherits from mixins + mixins = [_Valued, _Base, _Keyed, _Versioned, _Namespaced] + for mixin in mixins: + self.assertIsInstance(self.dp, mixin) + def test_registry(self): # just by creating the objects, they should be registered self.assertIn(self.dp, base.REGISTERED_DECISION_POINTS) diff --git a/src/test/test_mixins.py b/src/test/test_mixins.py index f86ae5c1..cf049d7a 100644 --- a/src/test/test_mixins.py +++ b/src/test/test_mixins.py @@ -15,7 +15,7 @@ from pydantic import BaseModel, ValidationError -from ssvc._mixins import _Base, _Keyed, _Namespaced, _Versioned +from ssvc._mixins import _Base, _Keyed, _Namespaced, _Valued, _Versioned class TestMixins(unittest.TestCase): @@ -88,6 +88,22 @@ def test_keyed_create(self): self.assertRaises(ValidationError, _Keyed) + def test_valued_create(self): + values = ("foo", "bar", "baz", "quux") + obj = _Valued(values=values) + + # length + self.assertEqual(len(obj), len(values)) + + # iteration + for i, v in enumerate(obj): + self.assertEqual(v, values[i]) + + # values + self.assertEqual(obj.values, values) + + self.assertRaises(ValidationError, _Valued) + def test_mixin_combos(self): # We need to test all the combinations mixins = [ @@ -103,9 +119,7 @@ def test_mixin_combos(self): "has_default": True, }, ] - keys_with_defaults = [ - x["args"].keys() for x in mixins if x["has_default"] - ] + keys_with_defaults = [x["args"].keys() for x in mixins if x["has_default"]] # flatten the list keys_with_defaults = [ item for sublist in keys_with_defaults for item in sublist From c496db4a8d7c12bfe2e00a5dc57196e44cfa2ab8 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 13 Mar 2025 12:01:30 -0400 Subject: [PATCH 026/468] add tests --- src/test/test_dp_base.py | 8 ++++++++ src/test/test_mixins.py | 22 ++++++++++++++++++---- 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/src/test/test_dp_base.py b/src/test/test_dp_base.py index c6b580e6..58f3e3ed 100644 --- a/src/test/test_dp_base.py +++ b/src/test/test_dp_base.py @@ -42,6 +42,14 @@ def tearDown(self) -> None: # restore the original registry base._reset_registered() + def test_decision_point_basics(self): + from ssvc._mixins import _Base, _Keyed, _Namespaced, _Valued, _Versioned + + # inherits from mixins + mixins = [_Valued, _Base, _Keyed, _Versioned, _Namespaced] + for mixin in mixins: + self.assertIsInstance(self.dp, mixin) + def test_registry(self): # just by creating the objects, they should be registered self.assertIn(self.dp, base.REGISTERED_DECISION_POINTS) diff --git a/src/test/test_mixins.py b/src/test/test_mixins.py index f86ae5c1..cf049d7a 100644 --- a/src/test/test_mixins.py +++ b/src/test/test_mixins.py @@ -15,7 +15,7 @@ from pydantic import BaseModel, ValidationError -from ssvc._mixins import _Base, _Keyed, _Namespaced, _Versioned +from ssvc._mixins import _Base, _Keyed, _Namespaced, _Valued, _Versioned class TestMixins(unittest.TestCase): @@ -88,6 +88,22 @@ def test_keyed_create(self): self.assertRaises(ValidationError, _Keyed) + def test_valued_create(self): + values = ("foo", "bar", "baz", "quux") + obj = _Valued(values=values) + + # length + self.assertEqual(len(obj), len(values)) + + # iteration + for i, v in enumerate(obj): + self.assertEqual(v, values[i]) + + # values + self.assertEqual(obj.values, values) + + self.assertRaises(ValidationError, _Valued) + def test_mixin_combos(self): # We need to test all the combinations mixins = [ @@ -103,9 +119,7 @@ def test_mixin_combos(self): "has_default": True, }, ] - keys_with_defaults = [ - x["args"].keys() for x in mixins if x["has_default"] - ] + keys_with_defaults = [x["args"].keys() for x in mixins if x["has_default"]] # flatten the list keys_with_defaults = [ item for sublist in keys_with_defaults for item in sublist From fb2bc28aa821b9531622698a3af1b8b7146ea656 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 13 Mar 2025 14:50:12 -0400 Subject: [PATCH 027/468] fix return to match type hint --- src/ssvc/doctools.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/ssvc/doctools.py b/src/ssvc/doctools.py index 93b4591c..59c4b2b5 100644 --- a/src/ssvc/doctools.py +++ b/src/ssvc/doctools.py @@ -92,8 +92,7 @@ def remove_if_exists(file): logger.debug(f"File {file} does not exist, nothing to remove") -def dump_decision_point(jsondir: str, dp: SsvcDecisionPoint, overwrite: bool -) -> None: +def dump_decision_point(jsondir: str, dp: SsvcDecisionPoint, overwrite: bool) -> None: """ Generate the markdown table, json example, and markdown table file for a decision point. @@ -152,7 +151,7 @@ def dump_json( logger.warning( f"File {json_file} already exists, use --overwrite to replace" ) - return json_file + return str(json_file) def main(): From 91ab73bd44dc4f835d3acd977814614d85713c2d Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 13 Mar 2025 14:51:49 -0400 Subject: [PATCH 028/468] refactor registration and validation --- src/ssvc/decision_points/base.py | 21 +++++++------ src/ssvc/decision_points/cvss/helpers.py | 39 ++++++++++++------------ 2 files changed, 32 insertions(+), 28 deletions(-) diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index 79716427..5dd0d656 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -18,9 +18,9 @@ import logging -from pydantic import BaseModel +from pydantic import BaseModel, model_validator -from ssvc._mixins import _Base, _Keyed, _Namespaced, _Valued, _Versioned +from ssvc._mixins import _Base, _Commented, _Keyed, _Namespaced, _Valued, _Versioned logger = logging.getLogger(__name__) @@ -55,7 +55,7 @@ def _reset_registered(): REGISTERED_DECISION_POINTS = [] -class SsvcDecisionPointValue(_Base, _Keyed, BaseModel): +class SsvcDecisionPointValue(_Base, _Keyed, _Commented, BaseModel): """ Models a single value option for a decision point. """ @@ -64,19 +64,22 @@ def __str__(self): return self.name -class SsvcDecisionPoint(_Valued, _Keyed, _Versioned, _Namespaced, _Base, BaseModel): +class SsvcDecisionPoint( + _Valued, _Keyed, _Versioned, _Namespaced, _Base, _Commented, BaseModel +): """ Models a single decision point as a list of values. """ values: tuple[SsvcDecisionPointValue, ...] - def __init__(self, **data): - super().__init__(**data) - register(self) - - def __post_init__(self): + @model_validator(mode="after") + def _register(self): + """ + Register the decision point. + """ register(self) + return self def main(): diff --git a/src/ssvc/decision_points/cvss/helpers.py b/src/ssvc/decision_points/cvss/helpers.py index 25782192..c0527ec7 100644 --- a/src/ssvc/decision_points/cvss/helpers.py +++ b/src/ssvc/decision_points/cvss/helpers.py @@ -22,19 +22,20 @@ def _modify_3(dp: SsvcDecisionPoint): - _dp = deepcopy(dp) - _dp.name = "Modified " + _dp.name - _dp.key = "M" + _dp.key + _dp_dict = deepcopy(dp.model_dump()) + _dp_dict["name"] = "Modified " + _dp_dict["name"] + _dp_dict["key"] = "M" + _dp_dict["key"] # if there is no value named "Not Defined" value, add it nd = NOT_DEFINED_X - values = list(_dp.values) - - names = [v.name for v in values] + values = list(_dp_dict["values"]) + names = [v["name"] for v in values] if nd.name not in names: values.append(nd) - _dp.values = list(values) + _dp_dict["values"] = tuple(values) + + _dp = SsvcDecisionPoint(**_dp_dict) return _dp @@ -51,7 +52,6 @@ def modify_3(dp: SsvcDecisionPoint): """ _dp = _modify_3(dp) - _dp.__post_init__() # call post-init to update the key & register return _dp @@ -68,7 +68,6 @@ def modify_4(dp: SsvcDecisionPoint): _dp = _modify_3(dp) _dp = _modify_4(_dp) - _dp.__post_init__() # call post-init to update the key & register return _dp @@ -78,27 +77,29 @@ def _modify_4(dp: SsvcDecisionPoint): # this method was split out for testing purposes # assumes you've already done the 3.0 modifications - _dp = deepcopy(dp) - # Note: For MSC, MSI, and MSA, the lowest metric value is “Negligible” (N), not “None” (N). - if _dp.key in ["MSC", "MSI", "MSA"]: - for v in _dp.values: - if v.key == "N": - v.name = "Negligible" - v.description.replace(" no ", " negligible ") + _dp_dict = deepcopy(dp.model_dump()) + key = _dp_dict["key"] + if key in ["MSC", "MSI", "MSA"]: + for v in _dp_dict["values"]: + if v["key"] == "N": + v["name"] = "Negligible" + v["description"] = v["description"].replace(" no ", " negligible ") break # Note: For MSI, There is also a highest severity level, Safety (S), in addition to the same values as the # corresponding Base Metric (High, Medium, Low). - if _dp.key == "MSI": + if key == "MSI": _SAFETY = SsvcDecisionPointValue( name="Safety", key="S", description="The Safety metric value measures the impact regarding the Safety of a human actor or " "participant that can be predictably injured as a result of the vulnerability being exploited.", ) - values = list(_dp.values) + values = list(_dp_dict["values"]) values.append(_SAFETY) - _dp.values = list(values) + _dp_dict["values"] = tuple(values) + + _dp = SsvcDecisionPoint(**_dp_dict) return _dp From 5447c62553a1a1968ac4ee3a2b6c39560d3a1eca Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 13 Mar 2025 14:52:22 -0400 Subject: [PATCH 029/468] updated cvss description text --- ...fied_availability_impact_to_the_subsequent_system_1_0_0.json | 2 +- ...d_confidentiality_impact_to_the_subsequent_system_1_0_0.json | 2 +- ...odified_integrity_impact_to_the_subsequent_system_1_0_0.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json index 786f0390..b36e78ae 100644 --- a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json @@ -9,7 +9,7 @@ { "key": "N", "name": "Negligible", - "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { "key": "L", diff --git a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json index ea677a2a..03e23cf7 100644 --- a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json @@ -9,7 +9,7 @@ { "key": "N", "name": "Negligible", - "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "description": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, { "key": "L", diff --git a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json index 719e36b4..ab2207f7 100644 --- a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json @@ -9,7 +9,7 @@ { "key": "N", "name": "Negligible", - "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { "key": "L", From 3d7ebcf79f53927c67ce6e9463048b08ec13d121 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 13 Mar 2025 15:02:38 -0400 Subject: [PATCH 030/468] allow comments --- src/ssvc/decision_tables/base.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index 49ac51f4..5ceef527 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -20,7 +20,7 @@ import pandas as pd from pydantic import BaseModel, field_validator -from ssvc._mixins import _Base, _Namespaced, _Versioned +from ssvc._mixins import _Base, _Commented, _Namespaced, _Versioned from ssvc.csv_analyzer import check_topological_order from ssvc.dp_groups.base import SsvcDecisionPointGroup from ssvc.outcomes.base import OutcomeGroup @@ -29,7 +29,7 @@ logger = logging.getLogger(__name__) -class DecisionTable(_Versioned, _Namespaced, _Base, BaseModel): +class DecisionTable(_Versioned, _Namespaced, _Base, _Commented, BaseModel): """ The DecisionTable class is a model for decisions in SSVC. From 208b1b34f0e60c8a2d342b49352c3014db3ff1cd Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 18 Mar 2025 14:53:57 -0400 Subject: [PATCH 031/468] wip commit --- src/ssvc/decision_points/base.py | 8 + src/ssvc/decision_points/cvss/helpers.py | 2 +- src/ssvc/decision_tables/base.py | 230 +++++++++++----------- src/ssvc/outcomes/groups.py | 2 +- src/ssvc/policy_generator.py | 3 + src/test/test_cvss_helpers.py | 10 +- src/test/test_decision_table.py | 146 ++++++++++++++ src/test/test_dp_base.py | 2 +- src/test/test_prioritization_framework.py | 2 +- 9 files changed, 287 insertions(+), 118 deletions(-) create mode 100644 src/test/test_decision_table.py diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index 5dd0d656..432e85f9 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -73,6 +73,14 @@ class SsvcDecisionPoint( values: tuple[SsvcDecisionPointValue, ...] + @model_validator(mode="after") + def _prepend_value_keys(self): + delim = ":" + for value in self.values: + if delim not in value.key: + value.key = delim.join((self.namespace, self.key, value.key)) + return self + @model_validator(mode="after") def _register(self): """ diff --git a/src/ssvc/decision_points/cvss/helpers.py b/src/ssvc/decision_points/cvss/helpers.py index c0527ec7..a3aba975 100644 --- a/src/ssvc/decision_points/cvss/helpers.py +++ b/src/ssvc/decision_points/cvss/helpers.py @@ -81,7 +81,7 @@ def _modify_4(dp: SsvcDecisionPoint): key = _dp_dict["key"] if key in ["MSC", "MSI", "MSA"]: for v in _dp_dict["values"]: - if v["key"] == "N": + if v["key"].endswith(":N"): v["name"] = "Negligible" v["description"] = v["description"].replace(" no ", " negligible ") break diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index 5ceef527..ae2b37eb 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -16,19 +16,28 @@ Provides a DecisionTable class that can be used to model decisions in SSVC """ import logging +from typing import Self import pandas as pd -from pydantic import BaseModel, field_validator +from pydantic import BaseModel, model_validator from ssvc._mixins import _Base, _Commented, _Namespaced, _Versioned from ssvc.csv_analyzer import check_topological_order +from ssvc.decision_points import SsvcDecisionPoint, SsvcDecisionPointValue from ssvc.dp_groups.base import SsvcDecisionPointGroup -from ssvc.outcomes.base import OutcomeGroup +from ssvc.outcomes.base import OutcomeGroup, OutcomeValue from ssvc.policy_generator import PolicyGenerator logger = logging.getLogger(__name__) +def name_to_key(name: str) -> str: + """ + Convert a name to a key by converting to lowercase and replacing spaces with underscores. + """ + return name.lower().replace(" ", "_") + + class DecisionTable(_Versioned, _Namespaced, _Base, _Commented, BaseModel): """ The DecisionTable class is a model for decisions in SSVC. @@ -42,70 +51,62 @@ class DecisionTable(_Versioned, _Namespaced, _Base, _Commented, BaseModel): decision_point_group: SsvcDecisionPointGroup outcome_group: OutcomeGroup - mapping: dict[str, str] + mapping: list = None + _df: pd.DataFrame = None - def __init__(self, **data): - super().__init__(**data) + @property + def outcome_lookup(self) -> dict[str, OutcomeValue]: + """ + Return a lookup table for outcomes. - if not self.mapping: - mapping = self.generate_mapping() - self.__class__.validate_mapping(mapping) - self.mapping = mapping + Returns: + dict: A dictionary of outcomes keyed by outcome value name + """ + return { + name_to_key(outcome.name): outcome for outcome in self.outcome_group.values + } - @classmethod - def mapping_to_table(cls, data: dict) -> pd.DataFrame: + @property + def dp_lookup(self) -> dict[str, SsvcDecisionPoint]: """ - Convert the mapping to a pandas DataFrame. + Return a lookup table for decision points. + + Returns: + dict: A dictionary of decision points keyed by decision point name """ - # extract column names from keys - values = {} - - cols = [] - for key in data.keys(): - parts = key.split(",") - for part in parts: - (_, dp, _) = part.split(":") - cols.append(dp) - - # add the outcome column - first_value = list(data.values())[0] - (okey, _) = first_value.split(":") - cols.append(okey) - - # set up the lists for the columns - for col in cols: - col = col.lower() - values[col] = [] - - for key, value in data.items(): - key = key.lower() - value = value.lower() - - parts = key.split(",") - for part in parts: - (ns, dp, val) = part.split(":") - values[dp].append(val) - - (og_key, og_valkey) = value.split(":") - values[og_key].append(og_valkey) - - # now values is a dict of columnar data - df = pd.DataFrame(values) - # the last column is the outcome - return df + return { + name_to_key(dp.name): dp for dp in self.decision_point_group.decision_points + } - # stub for validating mapping - @field_validator("mapping", mode="before") - @classmethod - def validate_mapping(cls, data): + @property + def dp_value_lookup(self) -> dict[str, dict[str, SsvcDecisionPointValue]]: """ - Placeholder for validating the mapping. + Return a lookup table for decision point values. + Returns: + dict: A dictionary of decision point values keyed by decision point name and value name """ - if len(data) == 0: - return data + dp_value_lookup = {} + for dp in self.decision_point_group.decision_points: + key1 = name_to_key(dp.name) + dp_value_lookup[key1] = {} + for dp_value in dp.values: + key2 = name_to_key(dp_value.name) + dp_value_lookup[key1][key2] = dp_value + return dp_value_lookup + + @model_validator(mode="after") + def _populate_df(self) -> Self: + if self._df is None: + self._df = self.generate_df() + return self - df = cls.mapping_to_table(data) - target = df.columns[-1] + @model_validator(mode="after") + def validate_mapping(self): + """ + Placeholder for validating the mapping. + """ + df = self._df + target = df.columns[-1].lower().replace(" ", "_") problems: list = check_topological_order(df, target) @@ -114,66 +115,76 @@ def validate_mapping(cls, data): else: logger.debug("Mapping passes topological order check") - return data + return self - def generate_mapping(self) -> dict[str, str]: + @model_validator(mode="after") + def _populate_mapping(self) -> Self: """ - Populate the mapping with all possible combinations of decision points. + Populate the mapping if it is not provided. + Args: + data: + + Returns: + """ - mapping = {} - dp_lookup = { - dp.name.lower(): dp for dp in self.decision_point_group.decision_points - } - outcome_lookup = { - outcome.name.lower(): outcome for outcome in self.outcome_group.values - } + if not self.mapping: + mapping = self.table_to_mapping(self._df) + self.mapping = mapping + return self - dp_value_lookup = {} - for dp in self.decision_point_group.decision_points: - key1 = dp.name.lower() - dp_value_lookup[key1] = {} - for dp_value in dp.values: - key2 = dp_value.name.lower() - dp_value_lookup[key1][key2] = dp_value + def as_csv(self) -> str: + """ + Convert the mapping to a CSV string. + """ + raise NotImplementedError + + def as_df(self) -> pd.DataFrame: + """ + Convert the mapping to a pandas DataFrame. + """ + return self.generate_df() + # stub for validating mapping + def generate_df(self) -> pd.DataFrame: + """ + Populate the mapping with all possible combinations of decision points. + """ with PolicyGenerator( dp_group=self.decision_point_group, outcomes=self.outcome_group, ) as policy: - table: pd.DataFrame = policy.clean_policy() - - # the table is a pandas DataFrame - # the columns are the decision points, with the last column being the outcome - # the rows are the possible combinations of decision points - # we need to convert this back to specific decision points and outcomes - for row in table.itertuples(): - outcome_name = row[-1].lower() - outcome = outcome_lookup[outcome_name] - - dp_value_names = row[1:-1] - dp_value_names = [dp_name.lower() for dp_name in dp_value_names] + df: pd.DataFrame = policy.clean_policy() - columns = [col.lower() for col in table.columns] - - # construct the key for the mapping - dp_values = [] - for col, val in zip(columns, dp_value_names): - value_lookup = dp_value_lookup[col] - dp = dp_lookup[col] - val = value_lookup[val] - - key_delim = ":" - k = key_delim.join([dp.namespace, dp.key, val.key]) - dp_values.append(k) - - key = ",".join([str(k) for k in dp_values]) - - outcome_group = self.outcome_group - outcome_str = ":".join([outcome_group.key, outcome.key]) - - mapping[key] = outcome_str + return df - return mapping + def table_to_mapping(self, df: pd.DataFrame) -> list[tuple[str, ...]]: + # copy dataframe + df = pd.DataFrame(df) + + columns = [name_to_key(col) for col in df.columns] + df.columns = columns + data = [] + for index, row in df.iterrows(): + row_data = [] + for column in columns: + value = None + ovalue = None + value_name = name_to_key(row[column]) + try: + value = self.dp_value_lookup[column][value_name] + except KeyError: + ovalue = self.outcome_lookup[value_name] + + if value is not None: + row_data.append(value.key) + + if ovalue is None: + raise ValueError("Outcome value not found") + row_data = tuple(row_data) + t = tuple([row_data, ovalue.key]) + + data.append(t) + return data # convenience alias @@ -194,15 +205,10 @@ def main(): version="1.0.0", decision_point_group=dpg, outcome_group=og, - mapping={}, ) print(dfw.model_dump_json(indent=2)) - print() - print() - print("### JSON SCHEMA ###") - import json - print(json.dumps(DecisionTable.model_json_schema(), indent=2)) + print(dfw._df) if __name__ == "__main__": diff --git a/src/ssvc/outcomes/groups.py b/src/ssvc/outcomes/groups.py index 2bf0223e..73c6c91c 100644 --- a/src/ssvc/outcomes/groups.py +++ b/src/ssvc/outcomes/groups.py @@ -66,7 +66,7 @@ """ MOSCOW = OutcomeGroup( - name="Must, Should, Could, Won't", + name="MoSCoW", key="MOSCOW", description="The Moscow outcome group.", version="1.0.0", diff --git a/src/ssvc/policy_generator.py b/src/ssvc/policy_generator.py index 776abe76..8d119b51 100644 --- a/src/ssvc/policy_generator.py +++ b/src/ssvc/policy_generator.py @@ -179,7 +179,10 @@ def _create_policy(self): def clean_policy(self) -> pd.DataFrame: df = self.policy.copy() + # rename "outcome" column to outcome group name + df = df.rename(columns={"outcome": self.outcomes.name}) print_cols = [c for c in df.columns if not c.startswith("idx_")] + for c in print_cols: df[c] = df[c].str.lower() diff --git a/src/test/test_cvss_helpers.py b/src/test/test_cvss_helpers.py index a5dd413e..1eaf10e8 100644 --- a/src/test/test_cvss_helpers.py +++ b/src/test/test_cvss_helpers.py @@ -48,7 +48,7 @@ def fake_ms_impacts() -> list[CvssDecisionPoint]: return dps -class MyTestCase(unittest.TestCase): +class TestCvssHelpers(unittest.TestCase): def setUp(self) -> None: self.dps = [] for i in range(3): @@ -81,7 +81,13 @@ def test_modify_3(self): self.assertTrue(modified.name.startswith("Modified")) self.assertIn("Not Defined", [v.name for v in modified.values]) - self.assertIn("X", [v.key for v in modified.values]) + + found = False + for v in modified.values: + if v.key.endswith(":X"): + found = True + break + self.assertTrue(found) def test_modify_4(self): # _modify 4 assumes you've already done the Modify 3 step diff --git a/src/test/test_decision_table.py b/src/test/test_decision_table.py new file mode 100644 index 00000000..44f743c5 --- /dev/null +++ b/src/test/test_decision_table.py @@ -0,0 +1,146 @@ +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +import tempfile +import unittest +from itertools import product + +import pandas as pd + +from ssvc.decision_tables import base +from ssvc.decision_tables.base import name_to_key +from ssvc.dp_groups.base import SsvcDecisionPointGroup +from ssvc.outcomes.base import OutcomeGroup, OutcomeValue + + +class MyTestCase(unittest.TestCase): + def setUp(self): + self.tempdir = tempfile.TemporaryDirectory() + self.tempdir_path = self.tempdir.name + + dps = [] + for i in range(3): + dpvs = [] + for j in range(3): + dpv = base.SsvcDecisionPointValue( + name=f"Value {i}{j}", + key=f"DP{i}V{j}", + description=f"Decision Point {i} Value {j} Description", + ) + dpvs.append(dpv) + + dp = base.SsvcDecisionPoint( + name=f"Decision Point {i}", + key=f"DP{i}", + description=f"Decision Point {i} Description", + version="1.0.0", + namespace="name1", + values=tuple(dpvs), + ) + dps.append(dp) + + self.dpg = SsvcDecisionPointGroup( + name="Decision Point Group", + description="Decision Point Group description", + decision_points=tuple(dps), + ) + + ogvs = [] + for i in range(3): + ogv = OutcomeValue( + name=f"Outcome Value {i}", + key=f"ov{i}", + description=f"Outcome Value {i} description", + ) + ogvs.append(ogv) + + self.og = OutcomeGroup( + name="Outcome Group", + key="OG", + description="Outcome Group description", + values=tuple(ogvs), + ) + + self.dt = base.DecisionTable( + name="foo", + description="foo description", + decision_point_group=self.dpg, + outcome_group=self.og, + ) + + def tearDown(self): + self.tempdir.cleanup() + + def test_outcome_lookup(self): + d = self.dt.outcome_lookup + self.assertEqual(len(d), len(self.og.values)) + + for i, v in enumerate(self.og.values): + vname = name_to_key(v.name) + self.assertEqual(d[vname], v) + + def test_dp_lookup(self): + d = self.dt.dp_lookup + self.assertEqual(len(d), len(self.dpg.decision_points)) + + for i, dp in enumerate(self.dpg.decision_points): + dpname = name_to_key(dp.name) + self.assertEqual(d[dpname], dp) + + def test_dp_value_lookup(self): + d = self.dt.dp_value_lookup + for dp in self.dpg.decision_points: + dpname = name_to_key(dp.name) + self.assertEqual(len(d[dpname]), len(dp.values)) + + for i, v in enumerate(dp.values): + vname = name_to_key(v.name) + self.assertEqual(d[dpname][vname], v) + + def test_populate_df(self): + with self.subTest("df is set, no change"): + data = { + "a": [1, 2, 3], + "b": [4, 5, 6], + "c": [7, 8, 9], + } + df = pd.DataFrame(data) + self.dt._df = df + self.dt._populate_df() + self.assertTrue(df.equals(self.dt._df)) + + with self.subTest("df is None, populate"): + self.dt._df = None + self.dt._populate_df() + self.assertFalse(df.equals(self.dt._df)) + self.assertIsNotNone(self.dt._df) + self.assertIsInstance(self.dt._df, pd.DataFrame) + + with self.subTest("check df contents"): + nrows = len(list(product(*[dp.values for dp in self.dpg.decision_points]))) + self.assertEqual(len(self.dt._df), nrows) + ncols = len(self.dpg.decision_points) + 1 + self.assertEqual(len(self.dt._df.columns), ncols) + + def test_validate_mapping(self): + with self.subTest("no problems"): + self.dt.validate_mapping() + + with self.subTest("problems"): + # set one of the outcomes out of order + self.dt._df.iloc[0, -1] = "ov2" + with self.assertRaises(ValueError): + self.dt.validate_mapping() + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/test_dp_base.py b/src/test/test_dp_base.py index 58f3e3ed..15a807d6 100644 --- a/src/test/test_dp_base.py +++ b/src/test/test_dp_base.py @@ -84,7 +84,7 @@ def test_ssvc_value(self): for i, obj in enumerate(self.values): # should have name, key, description self.assertEqual(obj.name, f"foo{i}") - self.assertEqual(obj.key, f"bar{i}") + self.assertTrue(obj.key.endswith(f"_bar{i}")) self.assertEqual(obj.description, f"baz{i}") # should not have namespace, version diff --git a/src/test/test_prioritization_framework.py b/src/test/test_prioritization_framework.py index 83f7f046..7cd7b1c9 100644 --- a/src/test/test_prioritization_framework.py +++ b/src/test/test_prioritization_framework.py @@ -50,7 +50,7 @@ def test_create(self): self.assertGreater(len(self.framework.mapping), 0) def test_generate_mapping(self): - result = self.framework.generate_mapping() + result = self.framework.generate_df() # there should be one row in result for each combination of decision points combo_count = len(list(self.framework.decision_point_group.combinations())) From 3c983c9df64c8d5a4e7178c11d49b39835b38300 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 18 Mar 2025 15:52:54 -0400 Subject: [PATCH 032/468] add a namespace Enum along with a pydantic dataclass validator to enforce it Valid = str in enum OR str.startswith("x_") --- src/ssvc/namespaces.py | 55 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 src/ssvc/namespaces.py diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py new file mode 100644 index 00000000..0dc30fbc --- /dev/null +++ b/src/ssvc/namespaces.py @@ -0,0 +1,55 @@ +#!/usr/bin/env python +""" +Provides a namespace enum +""" +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University + +from enum import StrEnum, auto + +# extensions / experimental namespaces should start with the following prefix +# this is to avoid conflicts with official namespaces +X_PFX = "x_" + + +class NameSpace(StrEnum): + # auto() is used to automatically assign values to the members. + # when used in a StrEnum, auto() assigns the lowercase name of the member as the value + SSVC = auto() + CVSS = auto() + + +class NamespaceValidator: + """Custom type for validating namespaces.""" + + @classmethod + def validate(cls, value: str) -> str: + if value in NameSpace.__members__.values(): + return value + if value.startswith(X_PFX): + return value + raise ValueError( + f"Invalid namespace: {value}. Must be one of {[ns.value for ns in NameSpace]} or start with '{X_PFX}'." + ) + + def __get_validators__(cls): + yield cls.validate + + +def main(): + for ns in NameSpace: + print(ns) + + +if __name__ == "__main__": + main() From 3a44a447e2bf911d182ef0e86e33e9741843a42d Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 18 Mar 2025 15:53:25 -0400 Subject: [PATCH 033/468] add validator to _Namespaced mixin class --- src/ssvc/_mixins.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index 414c99e1..446ee5c7 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -20,6 +20,7 @@ from pydantic import BaseModel, ConfigDict, field_validator from semver import Version +from ssvc.namespaces import NamespaceValidator from . import _schemaVersion @@ -54,7 +55,12 @@ class _Namespaced(BaseModel): Mixin class for namespaced SSVC objects. """ - namespace: str = "ssvc" + namespace: str + + @field_validator("namespace", mode="before") + @classmethod + def validate_namespace(cls, value): + return NamespaceValidator.validate(value) class _Keyed(BaseModel): From 34ead88a254bf2cb5e5d4eefeeb6faaf1e43ddf9 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 18 Mar 2025 15:54:05 -0400 Subject: [PATCH 034/468] refactor base classes to use NameSpace enum values --- src/ssvc/decision_points/base.py | 2 ++ src/ssvc/decision_points/cvss/base.py | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index 869e3263..dd79f041 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -21,6 +21,7 @@ from pydantic import BaseModel from ssvc._mixins import _Base, _Keyed, _Namespaced, _Versioned +from ssvc.namespaces import NameSpace logger = logging.getLogger(__name__) @@ -66,6 +67,7 @@ class SsvcDecisionPoint(_Base, _Keyed, _Versioned, _Namespaced, BaseModel): Models a single decision point as a list of values. """ + namespace: str = NameSpace.SSVC values: list[SsvcDecisionPointValue] = [] def __iter__(self): diff --git a/src/ssvc/decision_points/cvss/base.py b/src/ssvc/decision_points/cvss/base.py index 9a935991..1fc721ac 100644 --- a/src/ssvc/decision_points/cvss/base.py +++ b/src/ssvc/decision_points/cvss/base.py @@ -18,6 +18,7 @@ from pydantic import BaseModel from ssvc.decision_points.base import SsvcDecisionPoint +from ssvc.namespaces import NameSpace class CvssDecisionPoint(SsvcDecisionPoint, BaseModel): @@ -25,4 +26,4 @@ class CvssDecisionPoint(SsvcDecisionPoint, BaseModel): Models a single CVSS decision point as a list of values. """ - namespace: str = "cvss" + namespace: NameSpace = NameSpace.CVSS From 8acba47e070adb8b2bdba6f229a154a0996d5c44 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 18 Mar 2025 15:54:46 -0400 Subject: [PATCH 035/468] add optional "x_" prefix as valid namespace pattern --- data/schema/v1/Decision_Point-1-0-1.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/schema/v1/Decision_Point-1-0-1.schema.json b/data/schema/v1/Decision_Point-1-0-1.schema.json index 019accee..30849621 100644 --- a/data/schema/v1/Decision_Point-1-0-1.schema.json +++ b/data/schema/v1/Decision_Point-1-0-1.schema.json @@ -48,7 +48,7 @@ "namespace": { "type": "string", "description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point. See SSVC Documentation for details.", - "pattern": "^[a-z0-9-]{3,4}[a-z0-9/\\.-]*$", + "pattern": "^(x_)?[a-z0-9-]{3,4}[a-z0-9/\\.-]*$", "examples": ["ssvc", "cvss", "ssvc-jp", "ssvc/acme", "ssvc/example.com"] }, "version": { From 5208b696773675a9e2ddc490a2907adb86fec39f Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 18 Mar 2025 15:55:16 -0400 Subject: [PATCH 036/468] update unit tests --- src/test/test_doc_helpers.py | 10 +++------- src/test/test_dp_base.py | 6 +++--- src/test/test_mixins.py | 36 ++++++++++++++++++++++++++---------- 3 files changed, 32 insertions(+), 20 deletions(-) diff --git a/src/test/test_doc_helpers.py b/src/test/test_doc_helpers.py index 76b217f4..fbbb7f45 100644 --- a/src/test/test_doc_helpers.py +++ b/src/test/test_doc_helpers.py @@ -20,18 +20,14 @@ class MyTestCase(unittest.TestCase): def setUp(self): self.dp = SsvcDecisionPoint( - namespace="test", + namespace="x_test", name="test name", description="test description", key="TK", version="1.0.0", values=( - SsvcDecisionPointValue( - name="A", key="A", description="A Definition" - ), - SsvcDecisionPointValue( - name="B", key="B", description="B Definition" - ), + SsvcDecisionPointValue(name="A", key="A", description="A Definition"), + SsvcDecisionPointValue(name="B", key="B", description="B Definition"), ), ) diff --git a/src/test/test_dp_base.py b/src/test/test_dp_base.py index c6b580e6..a386b94c 100644 --- a/src/test/test_dp_base.py +++ b/src/test/test_dp_base.py @@ -34,7 +34,7 @@ def setUp(self) -> None: key="bar", description="baz", version="1.0.0", - namespace="name1", + namespace="x_test", values=tuple(self.values), ) @@ -64,7 +64,7 @@ def test_registry(self): key="asdfasdf", description="asdfasdf", version="1.33.1", - namespace="asdfasdf", + namespace="x_test", values=self.values, ) @@ -90,7 +90,7 @@ def test_ssvc_decision_point(self): self.assertEqual(obj.key, "bar") self.assertEqual(obj.description, "baz") self.assertEqual(obj.version, "1.0.0") - self.assertEqual(obj.namespace, "name1") + self.assertEqual(obj.namespace, "x_test") self.assertEqual(len(self.values), len(obj.values)) def test_ssvc_value_json_roundtrip(self): diff --git a/src/test/test_mixins.py b/src/test/test_mixins.py index f86ae5c1..19261599 100644 --- a/src/test/test_mixins.py +++ b/src/test/test_mixins.py @@ -12,10 +12,12 @@ # U.S. Patent and Trademark Office by Carnegie Mellon University import unittest +from random import randint from pydantic import BaseModel, ValidationError from ssvc._mixins import _Base, _Keyed, _Namespaced, _Versioned +from ssvc.namespaces import NameSpace class TestMixins(unittest.TestCase): @@ -69,11 +71,27 @@ def test_asdict_roundtrip(self): self.assertEqual(obj2.description, "baz") def test_namespaced_create(self): - obj = _Namespaced() - self.assertEqual(obj.namespace, "ssvc") - - obj = _Namespaced(namespace="quux") - self.assertEqual(obj.namespace, "quux") + # error if no namespace given + with self.assertRaises(ValidationError): + _Namespaced() + + # use the official namespace values + for ns in NameSpace: + obj = _Namespaced(namespace=ns) + self.assertEqual(obj.namespace, ns) + + # error if namespace is not in the enum + # and it doesn't start with x_ + self.assertNotIn("quux", NameSpace) + with self.assertRaises(ValidationError): + _Namespaced(namespace="quux") + + # custom namespaces are allowed as long as they start with x_ + for _ in range(100): + # we're just fuzzing some random strings here + ns = f"x_{randint(1000,1000000)}" + obj = _Namespaced(namespace=ns) + self.assertEqual(obj.namespace, ns) def test_versioned_create(self): obj = _Versioned() @@ -94,8 +112,8 @@ def test_mixin_combos(self): {"class": _Keyed, "args": {"key": "fizz"}, "has_default": False}, { "class": _Namespaced, - "args": {"namespace": "buzz"}, - "has_default": True, + "args": {"namespace": "x_test"}, + "has_default": False, }, { "class": _Versioned, @@ -103,9 +121,7 @@ def test_mixin_combos(self): "has_default": True, }, ] - keys_with_defaults = [ - x["args"].keys() for x in mixins if x["has_default"] - ] + keys_with_defaults = [x["args"].keys() for x in mixins if x["has_default"]] # flatten the list keys_with_defaults = [ item for sublist in keys_with_defaults for item in sublist From 9c36947648fab524825751c276d5d46ffa65962a Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 18 Mar 2025 16:00:34 -0400 Subject: [PATCH 037/468] add docstrings --- src/ssvc/namespaces.py | 17 +++++++++++++++++ src/test/test_mixins.py | 13 +++++++------ 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 0dc30fbc..058d711e 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -23,6 +23,10 @@ class NameSpace(StrEnum): + """ + Defines the official namespaces for SSVC. + """ + # auto() is used to automatically assign values to the members. # when used in a StrEnum, auto() assigns the lowercase name of the member as the value SSVC = auto() @@ -34,6 +38,19 @@ class NamespaceValidator: @classmethod def validate(cls, value: str) -> str: + """ + Validate the namespace value. The value must be one of the official namespaces or start with 'x_'. + + Args: + value: a string representing a namespace + + Returns: + the validated namespace value + + Raises: + ValueError: if the value is not a valid namespace + + """ if value in NameSpace.__members__.values(): return value if value.startswith(X_PFX): diff --git a/src/test/test_mixins.py b/src/test/test_mixins.py index 19261599..864e78f5 100644 --- a/src/test/test_mixins.py +++ b/src/test/test_mixins.py @@ -70,22 +70,23 @@ def test_asdict_roundtrip(self): self.assertEqual(obj2.name, "quux") self.assertEqual(obj2.description, "baz") - def test_namespaced_create(self): + def test_namespaced_create_errors(self): # error if no namespace given with self.assertRaises(ValidationError): _Namespaced() - # use the official namespace values - for ns in NameSpace: - obj = _Namespaced(namespace=ns) - self.assertEqual(obj.namespace, ns) - # error if namespace is not in the enum # and it doesn't start with x_ self.assertNotIn("quux", NameSpace) with self.assertRaises(ValidationError): _Namespaced(namespace="quux") + def test_namespaced_create(self): + # use the official namespace values + for ns in NameSpace: + obj = _Namespaced(namespace=ns) + self.assertEqual(obj.namespace, ns) + # custom namespaces are allowed as long as they start with x_ for _ in range(100): # we're just fuzzing some random strings here From d49afbf5316f401fad430aad3feb9cabb8548897 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 18 Mar 2025 16:18:52 -0400 Subject: [PATCH 038/468] bump python test version to 3.12 --- .github/workflows/python-app.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index ecbe9b4c..eda4f001 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -21,10 +21,10 @@ jobs: - uses: actions/checkout@v4 with: fetch-tags: true - - name: Set up Python 3.10 + - name: Set up Python 3.12 uses: actions/setup-python@v5 with: - python-version: "3.10" + python-version: "3.12" - name: Install dependencies run: | python -m pip install --upgrade pip From da21986dd6cd56063b83dc297b449dac1810366a Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 19 Mar 2025 11:18:20 -0400 Subject: [PATCH 039/468] update the regex pattern for namespaces, add validation to pydantic field --- data/schema/v1/Decision_Point-1-0-1.schema.json | 2 +- src/ssvc/_mixins.py | 6 ++++-- src/ssvc/namespaces.py | 12 ++++++++++++ 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/data/schema/v1/Decision_Point-1-0-1.schema.json b/data/schema/v1/Decision_Point-1-0-1.schema.json index 30849621..0d7a8809 100644 --- a/data/schema/v1/Decision_Point-1-0-1.schema.json +++ b/data/schema/v1/Decision_Point-1-0-1.schema.json @@ -48,7 +48,7 @@ "namespace": { "type": "string", "description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point. See SSVC Documentation for details.", - "pattern": "^(x_)?[a-z0-9-]{3,4}[a-z0-9/\\.-]*$", + "pattern": "^(x_)?[a-z0-9]{3,4}([a-z0-9]*[/.-]?[a-z0-9]*[a-z0-9])*$", "examples": ["ssvc", "cvss", "ssvc-jp", "ssvc/acme", "ssvc/example.com"] }, "version": { diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index 446ee5c7..71bf1f66 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -17,7 +17,7 @@ from typing import Optional -from pydantic import BaseModel, ConfigDict, field_validator +from pydantic import BaseModel, ConfigDict, Field, field_validator from semver import Version from ssvc.namespaces import NamespaceValidator @@ -55,7 +55,9 @@ class _Namespaced(BaseModel): Mixin class for namespaced SSVC objects. """ - namespace: str + # the field definition enforces the pattern for namespaces + # additional validation is performed in the field_validator immediately after the pattern check + namespace: str = Field(pattern=NS_PATTERN) @field_validator("namespace", mode="before") @classmethod diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 058d711e..208e69e6 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -15,12 +15,24 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University +import re from enum import StrEnum, auto # extensions / experimental namespaces should start with the following prefix # this is to avoid conflicts with official namespaces X_PFX = "x_" +# pattern to match +# `^(x_)`: `x_` prefix is optional +# `[a-z0-9]{3,4}`: must start with 3-4 alphanumeric characters +# `([a-z0-9]+[/.-]?[a-z0-9]*)*[a-z0-9]`: remainder can contain alphanumeric characters, +# periods, hyphens, and forward slashes +# `[/.-]?`: only one punctuation character is allowed between alphanumeric characters +# `[a-z0-9]*`: but an arbitrary number of alphanumeric characters can be between punctuation characters +# `([a-z0-9]+[/.-]?[a-z0-9]*)*` and the total number of punctuation characters is not limited +# `[a-z0-9]$`: the string must end with an alphanumeric character +NS_PATTERN = re.compile(r"^(x_)?[a-z0-9]{3,4}([a-z0-9]*[/.-]?[a-z0-9]*[a-z0-9])*$") + class NameSpace(StrEnum): """ From b57c735f06ca9dd262f80f113cde7260f57e35fc Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 19 Mar 2025 11:18:44 -0400 Subject: [PATCH 040/468] refactor namespace validation methods --- src/ssvc/_mixins.py | 19 +++++++++++++++++-- src/ssvc/namespaces.py | 19 ++++++------------- 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index 71bf1f66..de117379 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -20,7 +20,7 @@ from pydantic import BaseModel, ConfigDict, Field, field_validator from semver import Version -from ssvc.namespaces import NamespaceValidator +from ssvc.namespaces import NS_PATTERN, NameSpace from . import _schemaVersion @@ -62,7 +62,22 @@ class _Namespaced(BaseModel): @field_validator("namespace", mode="before") @classmethod def validate_namespace(cls, value): - return NamespaceValidator.validate(value) + """ + Validate the namespace field. + The value will have already been checked against the pattern in the field definition. + The value must be one of the official namespaces or start with 'x_'. + + Args: + value: a string representing a namespace + + Returns: + the validated namespace value + + Raises: + ValueError: if the value is not a valid namespace + """ + + return NameSpace.validate(value) class _Keyed(BaseModel): diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 208e69e6..135c3b24 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -44,17 +44,13 @@ class NameSpace(StrEnum): SSVC = auto() CVSS = auto() - -class NamespaceValidator: - """Custom type for validating namespaces.""" - @classmethod - def validate(cls, value: str) -> str: + def validate(cls, value): """ - Validate the namespace value. The value must be one of the official namespaces or start with 'x_'. + Validate the namespace value. Args: - value: a string representing a namespace + value: the namespace value to validate Returns: the validated namespace value @@ -63,17 +59,14 @@ def validate(cls, value: str) -> str: ValueError: if the value is not a valid namespace """ - if value in NameSpace.__members__.values(): + if value in cls.__members__.values(): return value - if value.startswith(X_PFX): + if value.startswith(X_PFX) and NS_PATTERN.match(value): return value raise ValueError( - f"Invalid namespace: {value}. Must be one of {[ns.value for ns in NameSpace]} or start with '{X_PFX}'." + f"Invalid namespace: {value}. Must be one of {[ns.value for ns in cls]} or start with '{X_PFX}'." ) - def __get_validators__(cls): - yield cls.validate - def main(): for ns in NameSpace: From 4c5e9cde4539a1a064e7d393fad987aabb369da0 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 19 Mar 2025 11:18:55 -0400 Subject: [PATCH 041/468] add unit tests --- src/test/test_namespaces.py | 79 +++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 src/test/test_namespaces.py diff --git a/src/test/test_namespaces.py b/src/test/test_namespaces.py new file mode 100644 index 00000000..3866c8cc --- /dev/null +++ b/src/test/test_namespaces.py @@ -0,0 +1,79 @@ +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University + +import unittest + +from ssvc.namespaces import NS_PATTERN, NameSpace + + +class MyTestCase(unittest.TestCase): + def setUp(self): + pass + + def tearDown(self): + pass + + def test_ns_pattern(self): + should_match = [ + "foo", + "foo.bar", + "foo.bar.baz", + "foo/bar/baz/quux", + "foo.bar/baz.quux", + ] + should_match.extend([f"x_{ns}" for ns in should_match]) + + for ns in should_match: + with self.subTest(ns=ns): + self.assertTrue(NS_PATTERN.match(ns), ns) + + should_not_match = [ + "", + "ab", + ".foo", + "foo..bar", + "foo/bar//baz", + "foo/bar/baz/", + "(&(&" "foo\\bar", + "foo|bar|baz", + ] + + should_not_match.extend([f"_{ns}" for ns in should_not_match]) + + for ns in should_not_match: + with self.subTest(ns=ns): + self.assertFalse(NS_PATTERN.match(ns)) + + def test_namspace_enum(self): + for ns in NameSpace: + self.assertEqual(ns.name.lower(), ns.value) + + # make sure we have an SSVC namespace with the correct value + self.assertIn("SSVC", NameSpace.__members__) + values = [ns.value for ns in NameSpace] + self.assertIn("ssvc", values) + + def test_namespace_validator(self): + for ns in NameSpace: + self.assertTrue(NameSpace.validate(ns.value)) + + for ns in ["foo", "bar", "baz", "quux"]: + with self.assertRaises(ValueError): + NameSpace.validate(ns) + + for ns in ["x_foo", "x_bar", "x_baz", "x_quux"]: + self.assertEqual(ns, NameSpace.validate(ns)) + + +if __name__ == "__main__": + unittest.main() From d8f5a88df96d4c857e4b68e93005a3ddaa922332 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 19 Mar 2025 12:41:57 -0400 Subject: [PATCH 042/468] simplify regex to avoid inefficiencies --- data/schema/v1/Decision_Point-1-0-1.schema.json | 2 +- src/ssvc/namespaces.py | 11 +++++------ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/data/schema/v1/Decision_Point-1-0-1.schema.json b/data/schema/v1/Decision_Point-1-0-1.schema.json index 0d7a8809..43fd8bfc 100644 --- a/data/schema/v1/Decision_Point-1-0-1.schema.json +++ b/data/schema/v1/Decision_Point-1-0-1.schema.json @@ -48,7 +48,7 @@ "namespace": { "type": "string", "description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point. See SSVC Documentation for details.", - "pattern": "^(x_)?[a-z0-9]{3,4}([a-z0-9]*[/.-]?[a-z0-9]*[a-z0-9])*$", + "pattern": "^(x_)?[a-z0-9]{3,4}([/.-]?[a-z0-9]+)*$", "examples": ["ssvc", "cvss", "ssvc-jp", "ssvc/acme", "ssvc/example.com"] }, "version": { diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 135c3b24..725ec00e 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -25,13 +25,12 @@ # pattern to match # `^(x_)`: `x_` prefix is optional # `[a-z0-9]{3,4}`: must start with 3-4 alphanumeric characters -# `([a-z0-9]+[/.-]?[a-z0-9]*)*[a-z0-9]`: remainder can contain alphanumeric characters, -# periods, hyphens, and forward slashes # `[/.-]?`: only one punctuation character is allowed between alphanumeric characters -# `[a-z0-9]*`: but an arbitrary number of alphanumeric characters can be between punctuation characters -# `([a-z0-9]+[/.-]?[a-z0-9]*)*` and the total number of punctuation characters is not limited -# `[a-z0-9]$`: the string must end with an alphanumeric character -NS_PATTERN = re.compile(r"^(x_)?[a-z0-9]{3,4}([a-z0-9]*[/.-]?[a-z0-9]*[a-z0-9])*$") +# `[a-z0-9]+`: at least one alphanumeric character is required after the punctuation character +# `([/.-]?[a-z0-9]+)*`: zero or more occurrences of the punctuation character followed by at least one alphanumeric character +# `$`: end of the string +# last character must be alphanumeric +NS_PATTERN = re.compile(r"^(x_)?[a-z0-9]{3,4}([/.-]?[a-z0-9]+)*$") class NameSpace(StrEnum): From e5fe103a5306585eeba082bc5060179adc271c93 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 19 Mar 2025 14:08:19 -0400 Subject: [PATCH 043/468] add length requirements to namespace patterns and fields --- .../schema/v1/Decision_Point-1-0-1.schema.json | 2 +- src/ssvc/_mixins.py | 2 +- src/ssvc/namespaces.py | 3 ++- src/test/test_mixins.py | 18 ++++++++++++++++++ 4 files changed, 22 insertions(+), 3 deletions(-) diff --git a/data/schema/v1/Decision_Point-1-0-1.schema.json b/data/schema/v1/Decision_Point-1-0-1.schema.json index 43fd8bfc..eddfe163 100644 --- a/data/schema/v1/Decision_Point-1-0-1.schema.json +++ b/data/schema/v1/Decision_Point-1-0-1.schema.json @@ -48,7 +48,7 @@ "namespace": { "type": "string", "description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point. See SSVC Documentation for details.", - "pattern": "^(x_)?[a-z0-9]{3,4}([/.-]?[a-z0-9]+)*$", + "pattern": "^(?=.{3,25}$)(x_)?[a-z0-9]{3,4}([/.-]?[a-z0-9]+)*$", "examples": ["ssvc", "cvss", "ssvc-jp", "ssvc/acme", "ssvc/example.com"] }, "version": { diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index de117379..1c8a4a24 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -57,7 +57,7 @@ class _Namespaced(BaseModel): # the field definition enforces the pattern for namespaces # additional validation is performed in the field_validator immediately after the pattern check - namespace: str = Field(pattern=NS_PATTERN) + namespace: str = Field(pattern=NS_PATTERN, min_length=3, max_length=25) @field_validator("namespace", mode="before") @classmethod diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 725ec00e..fcb48c80 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -23,6 +23,7 @@ X_PFX = "x_" # pattern to match +# `(?=.{3,25}$)`: 3-25 characters long # `^(x_)`: `x_` prefix is optional # `[a-z0-9]{3,4}`: must start with 3-4 alphanumeric characters # `[/.-]?`: only one punctuation character is allowed between alphanumeric characters @@ -30,7 +31,7 @@ # `([/.-]?[a-z0-9]+)*`: zero or more occurrences of the punctuation character followed by at least one alphanumeric character # `$`: end of the string # last character must be alphanumeric -NS_PATTERN = re.compile(r"^(x_)?[a-z0-9]{3,4}([/.-]?[a-z0-9]+)*$") +NS_PATTERN = re.compile(r"^(?=.{3,25}$)(x_)?[a-z0-9]{3,4}([/.-]?[a-z0-9]+)*$") class NameSpace(StrEnum): diff --git a/src/test/test_mixins.py b/src/test/test_mixins.py index 864e78f5..4db76959 100644 --- a/src/test/test_mixins.py +++ b/src/test/test_mixins.py @@ -81,6 +81,24 @@ def test_namespaced_create_errors(self): with self.assertRaises(ValidationError): _Namespaced(namespace="quux") + # error if namespace starts with x_ but is too short + with self.assertRaises(ValidationError): + _Namespaced(namespace="x_") + + # error if namespace starts with x_ but is too long + for i in range(100): + shortest = "x_aaa" + ns = shortest + "a" * i + with self.subTest(ns=ns): + # length limit set in the NS_PATTERN regex + if len(ns) <= 25: + # expect success on shorter than limit + _Namespaced(namespace=ns) + else: + # expect failure on longer than limit + with self.assertRaises(ValidationError): + _Namespaced(namespace=ns) + def test_namespaced_create(self): # use the official namespace values for ns in NameSpace: From dd7efec9a8423a99c0283816bb21dbac35eee5cf Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 19 Mar 2025 14:34:26 -0400 Subject: [PATCH 044/468] refactor regex again --- data/schema/v1/Decision_Point-1-0-1.schema.json | 2 +- src/ssvc/namespaces.py | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/data/schema/v1/Decision_Point-1-0-1.schema.json b/data/schema/v1/Decision_Point-1-0-1.schema.json index eddfe163..98ab1f4c 100644 --- a/data/schema/v1/Decision_Point-1-0-1.schema.json +++ b/data/schema/v1/Decision_Point-1-0-1.schema.json @@ -48,7 +48,7 @@ "namespace": { "type": "string", "description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point. See SSVC Documentation for details.", - "pattern": "^(?=.{3,25}$)(x_)?[a-z0-9]{3,4}([/.-]?[a-z0-9]+)*$", + "pattern": "^(?=.{3,25}$)(x_)?[a-z0-9]{3,4}([/.-]?[a-z0-9]+){0,22}$", "examples": ["ssvc", "cvss", "ssvc-jp", "ssvc/acme", "ssvc/example.com"] }, "version": { diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index fcb48c80..64dcf2f7 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -22,16 +22,17 @@ # this is to avoid conflicts with official namespaces X_PFX = "x_" + # pattern to match # `(?=.{3,25}$)`: 3-25 characters long # `^(x_)`: `x_` prefix is optional # `[a-z0-9]{3,4}`: must start with 3-4 alphanumeric characters # `[/.-]?`: only one punctuation character is allowed between alphanumeric characters # `[a-z0-9]+`: at least one alphanumeric character is required after the punctuation character -# `([/.-]?[a-z0-9]+)*`: zero or more occurrences of the punctuation character followed by at least one alphanumeric character +# `([/.-]?[a-z0-9]+){0,22}`: zero to 22 occurrences of the punctuation character followed by at least one alphanumeric character +# (note that the total limit will kick in at or before this point) # `$`: end of the string -# last character must be alphanumeric -NS_PATTERN = re.compile(r"^(?=.{3,25}$)(x_)?[a-z0-9]{3,4}([/.-]?[a-z0-9]+)*$") +NS_PATTERN = re.compile(r"^(?=.{3,25}$)(x_)?[a-z0-9]{3,4}([/.-]?[a-z0-9]+){0,22}$") class NameSpace(StrEnum): From 3b7f34a8ef133242eadeca34a88955d42df1f7f6 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 19 Mar 2025 14:45:03 -0400 Subject: [PATCH 045/468] add docstrings --- src/ssvc/namespaces.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 64dcf2f7..f931a7ac 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -38,6 +38,21 @@ class NameSpace(StrEnum): """ Defines the official namespaces for SSVC. + + The namespace value must be one of the members of this enum or start with the prefix specified in X_PFX. + Namespaces must be 3-25 lowercase characters long and must start with 3-4 alphanumeric characters after the optional prefix. + Limited punctuation characters (/.-) are allowed between alphanumeric characters, but only one at a time. + + Examples: + + - `ssvc` is *valid* because it is present in the enum + - `custom` is *invalid* because it does not start with the experimental prefix and is not in the enum + - `x_custom` is *valid* because it starts with the experimental prefix and meets the pattern requirements + - `x_custom/extension` is *valid* because it starts with the experimental prefix and meets the pattern requirements + - `x_custom/extension/with/multiple/segments` is *invalid* because it exceeds the maximum length + - `x_custom//extension` is *invalid* because it has multiple punctuation characters in a row + - `x_custom.extension.` is *invalid* because it does not end with an alphanumeric character + - `x_custom.extension.9` is *valid* because it meets the pattern requirements """ # auto() is used to automatically assign values to the members. From 643f193008fe3deff2d24451997bb84a0910467b Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 19 Mar 2025 15:10:30 -0400 Subject: [PATCH 046/468] add docs, update docstrings --- .../v1/Decision_Point-1-0-1.schema.json | 2 +- docs/reference/code/index.md | 1 + docs/reference/code/namespaces.md | 3 ++ mkdocs.yml | 1 + src/ssvc/_mixins.py | 4 +-- src/ssvc/namespaces.py | 31 ++++++++++++++----- 6 files changed, 31 insertions(+), 11 deletions(-) create mode 100644 docs/reference/code/namespaces.md diff --git a/data/schema/v1/Decision_Point-1-0-1.schema.json b/data/schema/v1/Decision_Point-1-0-1.schema.json index 98ab1f4c..54aeaa29 100644 --- a/data/schema/v1/Decision_Point-1-0-1.schema.json +++ b/data/schema/v1/Decision_Point-1-0-1.schema.json @@ -48,7 +48,7 @@ "namespace": { "type": "string", "description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point. See SSVC Documentation for details.", - "pattern": "^(?=.{3,25}$)(x_)?[a-z0-9]{3,4}([/.-]?[a-z0-9]+){0,22}$", + "pattern": "^(?=.{3,25}$)(x_)?[a-z0-9]{3}([/.-]?[a-z0-9]+){0,22}$", "examples": ["ssvc", "cvss", "ssvc-jp", "ssvc/acme", "ssvc/example.com"] }, "version": { diff --git a/docs/reference/code/index.md b/docs/reference/code/index.md index 8f2f47ad..0d36bea8 100644 --- a/docs/reference/code/index.md +++ b/docs/reference/code/index.md @@ -6,4 +6,5 @@ These include: - [CSV Analyzer](analyze_csv.md) - [Policy Generator](policy_generator.md) - [Outcomes](outcomes.md) +- [Namespaces](namespaces.md) - [Doctools](doctools.md) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md new file mode 100644 index 00000000..bc7ed7b4 --- /dev/null +++ b/docs/reference/code/namespaces.md @@ -0,0 +1,3 @@ +# SSVC Namespaces + +::: ssvc.namespaces diff --git a/mkdocs.yml b/mkdocs.yml index 2e47540c..b7f686c3 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -112,6 +112,7 @@ nav: - CSV Analyzer: 'reference/code/analyze_csv.md' - Policy Generator: 'reference/code/policy_generator.md' - Outcomes: 'reference/code/outcomes.md' + - Namespaces: 'reference/code/namespaces.md' - Doctools: 'reference/code/doctools.md' - Calculator: 'ssvc-calc/index.md' - About: diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index 1c8a4a24..2e7edfb2 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -34,7 +34,7 @@ class _Versioned(BaseModel): @field_validator("version") @classmethod - def validate_version(cls, value): + def validate_version(cls, value: str) -> str: """ Validate the version field. Args: @@ -61,7 +61,7 @@ class _Namespaced(BaseModel): @field_validator("namespace", mode="before") @classmethod - def validate_namespace(cls, value): + def validate_namespace(cls, value: str) -> str: """ Validate the namespace field. The value will have already been checked against the pattern in the field definition. diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index f931a7ac..74fc921b 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -1,6 +1,8 @@ #!/usr/bin/env python """ -Provides a namespace enum +SSVC objects use namespaces to distinguish between objects that arise from different +stakeholders or analytical category sources. This module defines the official namespaces +for SSVC and provides a method to validate namespace values. """ # Copyright (c) 2025 Carnegie Mellon University and Contributors. # - see Contributors.md for a full list of Contributors @@ -18,10 +20,8 @@ import re from enum import StrEnum, auto -# extensions / experimental namespaces should start with the following prefix -# this is to avoid conflicts with official namespaces X_PFX = "x_" - +"""The prefix for extension namespaces. Extension namespaces must start with this prefix.""" # pattern to match # `(?=.{3,25}$)`: 3-25 characters long @@ -32,7 +32,20 @@ # `([/.-]?[a-z0-9]+){0,22}`: zero to 22 occurrences of the punctuation character followed by at least one alphanumeric character # (note that the total limit will kick in at or before this point) # `$`: end of the string -NS_PATTERN = re.compile(r"^(?=.{3,25}$)(x_)?[a-z0-9]{3,4}([/.-]?[a-z0-9]+){0,22}$") +NS_PATTERN = re.compile(r"^(?=.{3,25}$)(x_)?[a-z0-9]{3}([/.-]?[a-z0-9]+){0,22}$") +"""The regular expression pattern for validating namespaces. + +Note: + Namespace values must + + - be 3-25 characters long + - contain only lowercase alphanumeric characters and limited punctuation characters (`/`,`.` and `-`) + - have only one punctuation character in a row + - start with 3-4 alphanumeric characters after the optional extension prefix + - end with an alphanumeric character + + See examples in the `NameSpace` enum. +""" class NameSpace(StrEnum): @@ -43,7 +56,8 @@ class NameSpace(StrEnum): Namespaces must be 3-25 lowercase characters long and must start with 3-4 alphanumeric characters after the optional prefix. Limited punctuation characters (/.-) are allowed between alphanumeric characters, but only one at a time. - Examples: + Example: + Following are examples of valid and invalid namespace values: - `ssvc` is *valid* because it is present in the enum - `custom` is *invalid* because it does not start with the experimental prefix and is not in the enum @@ -61,9 +75,10 @@ class NameSpace(StrEnum): CVSS = auto() @classmethod - def validate(cls, value): + def validate(cls, value: str) -> str: """ - Validate the namespace value. + Validate the namespace value. Valid values are members of the enum or start with the experimental prefix and + meet the specified pattern requirements. Args: value: the namespace value to validate From b02d228e4566753cea6d1683eb9b13ff2324ad2c Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli Date: Wed, 19 Mar 2025 15:39:16 -0400 Subject: [PATCH 047/468] Update Decision_Point-1-0-1.schema.json Modify Namespace information and examples as wel.. --- data/schema/v1/Decision_Point-1-0-1.schema.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/schema/v1/Decision_Point-1-0-1.schema.json b/data/schema/v1/Decision_Point-1-0-1.schema.json index 54aeaa29..9a864ed0 100644 --- a/data/schema/v1/Decision_Point-1-0-1.schema.json +++ b/data/schema/v1/Decision_Point-1-0-1.schema.json @@ -47,9 +47,9 @@ }, "namespace": { "type": "string", - "description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point. See SSVC Documentation for details.", + "description": "Namespace (a short, unique string): The value must be one of the official namespaces, currenlty \"ssvc\", \"cvss\", \"nciss\" OR can start with 'x_' for private namespaces. See SSVC Documentation for details.", "pattern": "^(?=.{3,25}$)(x_)?[a-z0-9]{3}([/.-]?[a-z0-9]+){0,22}$", - "examples": ["ssvc", "cvss", "ssvc-jp", "ssvc/acme", "ssvc/example.com"] + "examples": ["ssvc", "cvss", "nciss", "x_text"] }, "version": { "type": "string", From 02bf023ec31ee3932489e4b06ce628b9e40a3926 Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli Date: Wed, 19 Mar 2025 15:42:53 -0400 Subject: [PATCH 048/468] Update Decision_Point-1-0-1.schema.json Matching x_custom/extension as examples for schema docs. --- data/schema/v1/Decision_Point-1-0-1.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/schema/v1/Decision_Point-1-0-1.schema.json b/data/schema/v1/Decision_Point-1-0-1.schema.json index 9a864ed0..8e4d1732 100644 --- a/data/schema/v1/Decision_Point-1-0-1.schema.json +++ b/data/schema/v1/Decision_Point-1-0-1.schema.json @@ -49,7 +49,7 @@ "type": "string", "description": "Namespace (a short, unique string): The value must be one of the official namespaces, currenlty \"ssvc\", \"cvss\", \"nciss\" OR can start with 'x_' for private namespaces. See SSVC Documentation for details.", "pattern": "^(?=.{3,25}$)(x_)?[a-z0-9]{3}([/.-]?[a-z0-9]+){0,22}$", - "examples": ["ssvc", "cvss", "nciss", "x_text"] + "examples": ["ssvc", "cvss", "nciss", "x_custom","x_custom/extension"] }, "version": { "type": "string", From 8b482752cfe7fce6731ad9b32bcda4657ea31cef Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 19 Mar 2025 15:47:58 -0400 Subject: [PATCH 049/468] we shouldn't mention nciss yet as it's still a draft PR --- data/schema/v1/Decision_Point-1-0-1.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/schema/v1/Decision_Point-1-0-1.schema.json b/data/schema/v1/Decision_Point-1-0-1.schema.json index 8e4d1732..549c9458 100644 --- a/data/schema/v1/Decision_Point-1-0-1.schema.json +++ b/data/schema/v1/Decision_Point-1-0-1.schema.json @@ -49,7 +49,7 @@ "type": "string", "description": "Namespace (a short, unique string): The value must be one of the official namespaces, currenlty \"ssvc\", \"cvss\", \"nciss\" OR can start with 'x_' for private namespaces. See SSVC Documentation for details.", "pattern": "^(?=.{3,25}$)(x_)?[a-z0-9]{3}([/.-]?[a-z0-9]+){0,22}$", - "examples": ["ssvc", "cvss", "nciss", "x_custom","x_custom/extension"] + "examples": ["ssvc", "cvss", "x_custom","x_custom/extension"] }, "version": { "type": "string", From 2e229b26641f5422e9c423ad04fbe81a599bdfc6 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 19 Mar 2025 15:48:48 -0400 Subject: [PATCH 050/468] missed an nciss --- data/schema/v1/Decision_Point-1-0-1.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/schema/v1/Decision_Point-1-0-1.schema.json b/data/schema/v1/Decision_Point-1-0-1.schema.json index 549c9458..0d1faf9c 100644 --- a/data/schema/v1/Decision_Point-1-0-1.schema.json +++ b/data/schema/v1/Decision_Point-1-0-1.schema.json @@ -47,7 +47,7 @@ }, "namespace": { "type": "string", - "description": "Namespace (a short, unique string): The value must be one of the official namespaces, currenlty \"ssvc\", \"cvss\", \"nciss\" OR can start with 'x_' for private namespaces. See SSVC Documentation for details.", + "description": "Namespace (a short, unique string): The value must be one of the official namespaces, currenlty \"ssvc\", \"cvss\" OR can start with 'x_' for private namespaces. See SSVC Documentation for details.", "pattern": "^(?=.{3,25}$)(x_)?[a-z0-9]{3}([/.-]?[a-z0-9]+){0,22}$", "examples": ["ssvc", "cvss", "x_custom","x_custom/extension"] }, From 5b42e12a5d8de142c37d1110401431c2c5607857 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 20 Mar 2025 11:18:35 -0400 Subject: [PATCH 051/468] revert wip changes --- src/ssvc/decision_points/base.py | 9 +++++---- src/ssvc/decision_points/cvss/helpers.py | 2 +- src/test/test_cvss_helpers.py | 8 +------- src/test/test_dp_base.py | 2 +- 4 files changed, 8 insertions(+), 13 deletions(-) diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index d7a1d59e..8a5077ee 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -18,7 +18,7 @@ import logging -from pydantic import BaseModel, model_validator +from pydantic import BaseModel, Field, model_validator from ssvc._mixins import _Base, _Commented, _Keyed, _Namespaced, _Valued, _Versioned from ssvc.namespaces import NameSpace @@ -74,13 +74,14 @@ class SsvcDecisionPoint( namespace: str = NameSpace.SSVC values: tuple[SsvcDecisionPointValue, ...] + value_dict: dict = Field(default_factory=dict, exclude=True) @model_validator(mode="after") - def _prepend_value_keys(self): + def _assign_value_dict(self): delim = ":" for value in self.values: - if delim not in value.key: - value.key = delim.join((self.namespace, self.key, value.key)) + dict_key = delim.join((self.namespace, self.key, value.key)) + self.value_dict[dict_key] = value return self @model_validator(mode="after") diff --git a/src/ssvc/decision_points/cvss/helpers.py b/src/ssvc/decision_points/cvss/helpers.py index a3aba975..c0527ec7 100644 --- a/src/ssvc/decision_points/cvss/helpers.py +++ b/src/ssvc/decision_points/cvss/helpers.py @@ -81,7 +81,7 @@ def _modify_4(dp: SsvcDecisionPoint): key = _dp_dict["key"] if key in ["MSC", "MSI", "MSA"]: for v in _dp_dict["values"]: - if v["key"].endswith(":N"): + if v["key"] == "N": v["name"] = "Negligible" v["description"] = v["description"].replace(" no ", " negligible ") break diff --git a/src/test/test_cvss_helpers.py b/src/test/test_cvss_helpers.py index 1eaf10e8..3101efff 100644 --- a/src/test/test_cvss_helpers.py +++ b/src/test/test_cvss_helpers.py @@ -81,13 +81,7 @@ def test_modify_3(self): self.assertTrue(modified.name.startswith("Modified")) self.assertIn("Not Defined", [v.name for v in modified.values]) - - found = False - for v in modified.values: - if v.key.endswith(":X"): - found = True - break - self.assertTrue(found) + self.assertIn("X", [v.key for v in modified.values]) def test_modify_4(self): # _modify 4 assumes you've already done the Modify 3 step diff --git a/src/test/test_dp_base.py b/src/test/test_dp_base.py index 788faf8b..58b626a6 100644 --- a/src/test/test_dp_base.py +++ b/src/test/test_dp_base.py @@ -84,7 +84,7 @@ def test_ssvc_value(self): for i, obj in enumerate(self.values): # should have name, key, description self.assertEqual(obj.name, f"foo{i}") - self.assertTrue(obj.key.endswith(f"_bar{i}")) + self.assertEqual(obj.key, f"bar{i}") self.assertEqual(obj.description, f"baz{i}") # should not have namespace, version From 62306bf7f7d50e093d3d582099e30de7c88d818e Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 20 Mar 2025 11:18:52 -0400 Subject: [PATCH 052/468] add new test for value_dict --- src/test/test_dp_base.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/test/test_dp_base.py b/src/test/test_dp_base.py index 58b626a6..09412802 100644 --- a/src/test/test_dp_base.py +++ b/src/test/test_dp_base.py @@ -101,6 +101,23 @@ def test_ssvc_decision_point(self): self.assertEqual(obj.namespace, "x_test") self.assertEqual(len(self.values), len(obj.values)) + def test_ssvc_decision_point_value_dict(self): + obj = self.dp + # should have values_dict + self.assertTrue(hasattr(obj, "value_dict")) + self.assertEqual(len(obj.value_dict), len(self.values)) + # keys of value dict should be namespace:key:value.key + for value in self.values: + key = f"{obj.namespace}:{obj.key}:{value.key}" + self.assertIn(key, obj.value_dict) + self.assertEqual(obj.value_dict[key], value) + + # values_dict should NOT appear in serialization + # not in the data structure + self.assertNotIn("value_dict", obj.model_dump()) + # not in the json + self.assertNotIn("value_dict", obj.model_dump_json()) + def test_ssvc_value_json_roundtrip(self): for i, obj in enumerate(self.values): json = obj.model_dump_json() From 4eba0ad250aefe5fd532e18e9f5bf42647334d9e Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 20 Mar 2025 13:46:49 -0400 Subject: [PATCH 053/468] fix unit tests --- src/test/test_decision_table.py | 3 ++- src/test/test_prioritization_framework.py | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/test/test_decision_table.py b/src/test/test_decision_table.py index 44f743c5..f22eb4a1 100644 --- a/src/test/test_decision_table.py +++ b/src/test/test_decision_table.py @@ -43,7 +43,7 @@ def setUp(self): key=f"DP{i}", description=f"Decision Point {i} Description", version="1.0.0", - namespace="name1", + namespace="x_test", values=tuple(dpvs), ) dps.append(dp) @@ -73,6 +73,7 @@ def setUp(self): self.dt = base.DecisionTable( name="foo", description="foo description", + namespace="x_test", decision_point_group=self.dpg, outcome_group=self.og, ) diff --git a/src/test/test_prioritization_framework.py b/src/test/test_prioritization_framework.py index 7cd7b1c9..eccc75b8 100644 --- a/src/test/test_prioritization_framework.py +++ b/src/test/test_prioritization_framework.py @@ -29,13 +29,14 @@ def setUp(self): name="Test Prioritization Framework", description="Test Prioritization Framework Description", version="1.0.0", + namespace="x_test", decision_point_group=SsvcDecisionPointGroup( name="Test Decision Point Group", description="Test Decision Point Group Description", decision_points=[exploitation_dp, exposure_dp, safety_dp], ), outcome_group=dsoi_og, - mapping={}, + mapping=[], ) pass From 2f0263e2f27c4b09a922a1525d397c263b55761e Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 20 Mar 2025 13:47:11 -0400 Subject: [PATCH 054/468] improve name-to-key transformation --- src/ssvc/decision_tables/base.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index ae2b37eb..5073ebb4 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -16,6 +16,7 @@ Provides a DecisionTable class that can be used to model decisions in SSVC """ import logging +import re from typing import Self import pandas as pd @@ -35,7 +36,9 @@ def name_to_key(name: str) -> str: """ Convert a name to a key by converting to lowercase and replacing spaces with underscores. """ - return name.lower().replace(" ", "_") + # replace non-alphanumeric characters with underscores + new_name = re.sub(r"[^a-z0-9]+", "_", name.lower()) + return new_name class DecisionTable(_Versioned, _Namespaced, _Base, _Commented, BaseModel): @@ -106,7 +109,7 @@ def validate_mapping(self): Placeholder for validating the mapping. """ df = self._df - target = df.columns[-1].lower().replace(" ", "_") + target = name_to_key(df.columns[-1]) problems: list = check_topological_order(df, target) From a995c7fcf1843240b0fe405c1016dd0f2cca7548 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 21 Mar 2025 16:23:05 -0400 Subject: [PATCH 055/468] renamed SsvcDecisionPointValue to DecisionPointValue because it's not namepace-specific Also starting to move things around for namespace organization --- src/ssvc/_mixins.py | 11 ++- src/ssvc/decision_points/__init__.py | 25 ++---- src/ssvc/decision_points/automatable.py | 11 +-- src/ssvc/decision_points/base.py | 87 ++++++++++++++----- src/ssvc/decision_points/critical_software.py | 7 +- src/ssvc/decision_points/cvss/_not_defined.py | 6 +- .../decision_points/cvss/attack_complexity.py | 20 ++--- .../cvss/attack_requirements.py | 6 +- .../decision_points/cvss/attack_vector.py | 28 +++--- .../decision_points/cvss/authentication.py | 12 +-- .../cvss/availability_impact.py | 20 ++--- .../cvss/availability_requirement.py | 14 +-- src/ssvc/decision_points/cvss/base.py | 4 +- .../cvss/collateral_damage_potential.py | 16 ++-- .../cvss/confidentiality_impact.py | 20 ++--- .../cvss/confidentiality_requirement.py | 14 +-- .../decision_points/cvss/equivalence_set_1.py | 8 +- .../decision_points/cvss/equivalence_set_2.py | 6 +- .../decision_points/cvss/equivalence_set_3.py | 8 +- .../decision_points/cvss/equivalence_set_4.py | 8 +- .../decision_points/cvss/equivalence_set_5.py | 25 ++++-- .../decision_points/cvss/equivalence_set_6.py | 20 +++-- .../decision_points/cvss/exploit_maturity.py | 24 ++--- src/ssvc/decision_points/cvss/helpers.py | 17 ++-- src/ssvc/decision_points/cvss/impact_bias.py | 10 +-- .../decision_points/cvss/integrity_impact.py | 20 ++--- .../cvss/integrity_requirement.py | 14 +-- .../cvss/privileges_required.py | 14 +-- .../cvss/qualitative_severity.py | 12 +-- .../decision_points/cvss/remediation_level.py | 10 +-- .../decision_points/cvss/report_confidence.py | 14 +-- src/ssvc/decision_points/cvss/scope.py | 6 +- .../cvss/subsequent_availability_impact.py | 8 +- .../cvss/subsequent_confidentiality_impact.py | 8 +- .../cvss/subsequent_integrity_impact.py | 8 +- .../cvss/supplemental/automatable.py | 6 +- .../cvss/supplemental/provider_urgency.py | 10 +-- .../cvss/supplemental/recovery.py | 8 +- .../cvss/supplemental/safety.py | 6 +- .../cvss/supplemental/value_density.py | 6 +- .../vulnerability_response_effort.py | 8 +- .../cvss/target_distribution.py | 10 +-- .../decision_points/cvss/user_interaction.py | 12 +-- src/ssvc/decision_points/exploitation.py | 11 +-- src/ssvc/decision_points/helpers.py | 8 +- src/ssvc/decision_points/high_value_asset.py | 7 +- src/ssvc/decision_points/human_impact.py | 23 ++--- src/ssvc/decision_points/in_kev.py | 7 +- src/ssvc/decision_points/mission_impact.py | 17 ++-- .../decision_points/mission_prevalence.py | 8 +- .../decision_points/public_safety_impact.py | 17 ++-- .../decision_points/public_value_added.py | 9 +- .../decision_points/report_credibility.py | 7 +- src/ssvc/decision_points/report_public.py | 7 +- src/ssvc/decision_points/safety_impact.py | 21 ++--- src/ssvc/decision_points/ssvc_/__init__.py | 15 ++++ src/ssvc/decision_points/ssvc_/base.py | 29 +++++++ .../decision_points/supplier_cardinality.py | 7 +- .../decision_points/supplier_contacted.py | 7 +- .../decision_points/supplier_engagement.py | 7 +- .../decision_points/supplier_involvement.py | 9 +- src/ssvc/decision_points/system_exposure.py | 11 +-- src/ssvc/decision_points/technical_impact.py | 7 +- src/ssvc/decision_points/utility.py | 16 ++-- src/ssvc/decision_points/value_density.py | 7 +- src/ssvc/decision_tables/base.py | 48 +++++----- src/ssvc/doc_helpers.py | 2 +- src/ssvc/doctools.py | 2 +- src/ssvc/dp_groups/base.py | 41 ++++----- src/ssvc/outcomes/base.py | 4 +- src/test/test_cvss_helpers.py | 12 +-- src/test/test_decision_table.py | 7 +- src/test/test_doc_helpers.py | 8 +- src/test/test_doctools.py | 1 - src/test/test_dp_base.py | 32 ++----- src/test/test_dp_groups.py | 58 +++---------- src/test/test_dp_helpers.py | 12 +-- src/test/test_policy_generator.py | 6 +- 78 files changed, 583 insertions(+), 514 deletions(-) create mode 100644 src/ssvc/decision_points/ssvc_/__init__.py create mode 100644 src/ssvc/decision_points/ssvc_/base.py diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index fabbdc8b..420bac5b 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -20,8 +20,8 @@ from pydantic import BaseModel, ConfigDict, Field, field_validator from semver import Version +from ssvc import _schemaVersion from ssvc.namespaces import NS_PATTERN, NameSpace -from . import _schemaVersion class _Versioned(BaseModel): @@ -30,7 +30,6 @@ class _Versioned(BaseModel): """ version: str = "0.0.0" - schemaVersion: str = _schemaVersion @field_validator("version") @classmethod @@ -50,6 +49,14 @@ def validate_version(cls, value: str) -> str: return version.__str__() +class _SchemaVersioned(_Versioned, BaseModel): + """ + Mixin class for version + """ + + schemaVersion: str = _schemaVersion + + class _Namespaced(BaseModel): """ Mixin class for namespaced SSVC objects. diff --git a/src/ssvc/decision_points/__init__.py b/src/ssvc/decision_points/__init__.py index 0ffc1a00..04246c4a 100644 --- a/src/ssvc/decision_points/__init__.py +++ b/src/ssvc/decision_points/__init__.py @@ -1,22 +1,3 @@ -#!/usr/bin/env python -""" -The ssvc.decision_points package provides a set of decision points for use in SSVC decision functions. - -Decision points are the basic building blocks of SSVC decision functions. Individual decision points describe a -single aspect of the input to a decision function. Decision points should have the following characteristics: - -- A name or label -- A description -- A version (a semantic version string) -- A namespace (a short, unique string): For example, "ssvc" or "cvss" to indicate the source of the decision point -- A key (a short, unique string) that can be used to identify the decision point in a shorthand way -- A short enumeration of possible values - -In turn, each value should have the following characteristics: -- A name or label -- A description -- A key (a short, unique string) that can be used to identify the value in a shorthand way -""" # Copyright (c) 2025 Carnegie Mellon University and Contributors. # - see Contributors.md for a full list of Contributors # - see ContributionInstructions.md for information on how you can Contribute to this project @@ -29,5 +10,9 @@ # (“Third Party Software”). See LICENSE.md for more details. # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University +""" +The ssvc.decision_points package provides a set of decision points for use in SSVC decision functions. -from .base import SsvcDecisionPoint, SsvcDecisionPointValue +Decision points are the basic building blocks of SSVC decision functions. Individual decision points describe a +single aspect of the input to a decision function. +""" diff --git a/src/ssvc/decision_points/automatable.py b/src/ssvc/decision_points/automatable.py index 843626b5..0afe0075 100644 --- a/src/ssvc/decision_points/automatable.py +++ b/src/ssvc/decision_points/automatable.py @@ -16,16 +16,17 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -RAPID = SsvcDecisionPointValue( +RAPID = DecisionPointValue( name="Rapid", key="R", description="Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote " "code execution or command injection, the default response should be rapid.", ) -SLOW = SsvcDecisionPointValue( +SLOW = DecisionPointValue( name="Slow", key="S", description="Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. " @@ -44,13 +45,13 @@ ) -AUT_NO = SsvcDecisionPointValue( +AUT_NO = DecisionPointValue( name="No", key="N", description="Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. " "These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation.", ) -AUT_YES = SsvcDecisionPointValue( +AUT_YES = DecisionPointValue( name="Yes", key="Y", description="Attackers can reliably automate steps 1-4 of the kill chain.", diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index 8a5077ee..3d09b215 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -18,10 +18,17 @@ import logging -from pydantic import BaseModel, Field, model_validator - -from ssvc._mixins import _Base, _Commented, _Keyed, _Namespaced, _Valued, _Versioned -from ssvc.namespaces import NameSpace +from pydantic import BaseModel, model_validator + +from ssvc._mixins import ( + _Base, + _Commented, + _Keyed, + _Namespaced, + _SchemaVersioned, + _Valued, + _Versioned, +) logger = logging.getLogger(__name__) @@ -56,33 +63,53 @@ def _reset_registered(): REGISTERED_DECISION_POINTS = [] -class SsvcDecisionPointValue(_Base, _Keyed, _Commented, BaseModel): +class DecisionPointValue(_Base, _Keyed, _Commented, BaseModel): """ Models a single value option for a decision point. + + Each value should have the following attributes: + + - name (str): A name + - description (str): A description + - key (str): A key (a short, unique string) that can be used to identify the value in a shorthand way + - _comment (str): An optional comment that will be included in the object. """ def __str__(self): return self.name -class SsvcDecisionPoint( - _Valued, _Keyed, _Versioned, _Namespaced, _Base, _Commented, BaseModel +class ValueSummary(_Versioned, _Keyed, _Namespaced, BaseModel): + """ + A ValueSummary is a simple object that represents a single value for a decision point. + It includes the parent decision point's key, version, namespace, and the value key. + These can be used to reference a specific value in a decision point. + """ + + value: str + + def __str__(self): + s = ":".join([self.namespace, self.key, self.version, self.value]) + return s + + +class DecisionPoint( + _Valued, _Keyed, _SchemaVersioned, _Namespaced, _Base, _Commented, BaseModel ): """ Models a single decision point as a list of values. - """ - namespace: str = NameSpace.SSVC - values: tuple[SsvcDecisionPointValue, ...] - value_dict: dict = Field(default_factory=dict, exclude=True) + Decision points should have the following attributes: - @model_validator(mode="after") - def _assign_value_dict(self): - delim = ":" - for value in self.values: - dict_key = delim.join((self.namespace, self.key, value.key)) - self.value_dict[dict_key] = value - return self + - name (str): The name of the decision point + - description (str): A description of the decision point + - version (str): A semantic version string for the decision point + - namespace (str): The namespace (a short, unique string): For example, "ssvc" or "cvss" to indicate the source of the decision point + - key (str): A key (a short, unique string within the namespace) that can be used to identify the decision point in a shorthand way + - values (tuple): A tuple of DecisionPointValue objects + """ + + values: tuple[DecisionPointValue, ...] @model_validator(mode="after") def _register(self): @@ -92,20 +119,36 @@ def _register(self): register(self) return self + @property + def value_summaries(self) -> list[ValueSummary]: + """ + Return a list of value summaries. + """ + summaries = [] + for value in self.values: + summary = ValueSummary( + key=self.key, + version=self.version, + namespace=self.namespace, + value=value.key, + ) + summaries.append(summary) + return summaries + def main(): - opt_none = SsvcDecisionPointValue( + opt_none = DecisionPointValue( name="None", key="N", description="No exploit available" ) - opt_poc = SsvcDecisionPointValue( + opt_poc = DecisionPointValue( name="PoC", key="P", description="Proof of concept exploit available" ) - opt_active = SsvcDecisionPointValue( + opt_active = DecisionPointValue( name="Active", key="A", description="Active exploitation observed" ) opts = [opt_none, opt_poc, opt_active] - dp = SsvcDecisionPoint( + dp = DecisionPoint( _comment="This is an optional comment that will be included in the object.", values=opts, name="Exploitation", diff --git a/src/ssvc/decision_points/critical_software.py b/src/ssvc/decision_points/critical_software.py index d9dad7d9..8516f137 100644 --- a/src/ssvc/decision_points/critical_software.py +++ b/src/ssvc/decision_points/critical_software.py @@ -16,16 +16,17 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint -YES = SsvcDecisionPointValue( +YES = DecisionPointValue( name="Yes", key="Y", description="System meets a critical software definition.", ) -NO = SsvcDecisionPointValue( +NO = DecisionPointValue( name="No", key="N", description="System does not meet a critical software definition.", diff --git a/src/ssvc/decision_points/cvss/_not_defined.py b/src/ssvc/decision_points/cvss/_not_defined.py index 8581f2b1..4a3341c1 100644 --- a/src/ssvc/decision_points/cvss/_not_defined.py +++ b/src/ssvc/decision_points/cvss/_not_defined.py @@ -15,16 +15,16 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue -NOT_DEFINED_ND = SsvcDecisionPointValue( +NOT_DEFINED_ND = DecisionPointValue( name="Not Defined", key="ND", description="This metric value is not defined. See CVSS documentation for details.", ) -NOT_DEFINED_X = SsvcDecisionPointValue( +NOT_DEFINED_X = DecisionPointValue( name="Not Defined", key="X", description="This metric value is not defined. See CVSS documentation for details.", diff --git a/src/ssvc/decision_points/cvss/attack_complexity.py b/src/ssvc/decision_points/cvss/attack_complexity.py index 5fa68d59..f5d92d18 100644 --- a/src/ssvc/decision_points/cvss/attack_complexity.py +++ b/src/ssvc/decision_points/cvss/attack_complexity.py @@ -15,17 +15,17 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_HIGH_3 = SsvcDecisionPointValue( +_HIGH_3 = DecisionPointValue( name="High", key="H", description="A successful attack depends on conditions beyond the attacker's control.", ) -_LOW_3 = SsvcDecisionPointValue( +_LOW_3 = DecisionPointValue( name="Low", key="L", description="Specialized access conditions or extenuating circumstances do not exist. An attacker can expect " @@ -33,20 +33,20 @@ ) -_HIGH_2 = SsvcDecisionPointValue( +_HIGH_2 = DecisionPointValue( name="High", key="H", description="Specialized access conditions exist." ) -_MEDIUM = SsvcDecisionPointValue( +_MEDIUM = DecisionPointValue( name="Medium", key="M", description="The access conditions are somewhat specialized.", ) -_LOW_2 = SsvcDecisionPointValue( +_LOW_2 = DecisionPointValue( name="Low", key="L", description="Specialized access conditions or extenuating circumstances do not exist.", ) -_HIGH = SsvcDecisionPointValue( +_HIGH = DecisionPointValue( name="High", key="H", description="Specialized access conditions exist; for example: the system is exploitable during specific windows " @@ -54,7 +54,7 @@ "configurations), or the system is exploitable with victim interaction (vulnerability exploitable " "only if user opens e-mail)", ) -_LOW = SsvcDecisionPointValue( +_LOW = DecisionPointValue( name="Low", key="L", description="Specialized access conditions or extenuating circumstances do not exist; the system is always " @@ -100,7 +100,7 @@ Defines LOW and HIGH values for CVSS Attack Complexity. """ -LOW_4 = SsvcDecisionPointValue( +LOW_4 = DecisionPointValue( name="Low", key="L", description="The attacker must take no measurable action to exploit the vulnerability. The attack requires no " @@ -108,7 +108,7 @@ "success against the vulnerable system. ", ) -HIGH_4 = SsvcDecisionPointValue( +HIGH_4 = DecisionPointValue( name="High", key="H", description="The successful attack depends on the evasion or circumvention of security-enhancing " diff --git a/src/ssvc/decision_points/cvss/attack_requirements.py b/src/ssvc/decision_points/cvss/attack_requirements.py index 8ae4ba7d..48fbc683 100644 --- a/src/ssvc/decision_points/cvss/attack_requirements.py +++ b/src/ssvc/decision_points/cvss/attack_requirements.py @@ -15,11 +15,11 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_AT_NONE = SsvcDecisionPointValue( +_AT_NONE = DecisionPointValue( name="None", key="N", description="The successful attack does not depend on the deployment and execution conditions of the vulnerable " @@ -28,7 +28,7 @@ ) -_PRESENT = SsvcDecisionPointValue( +_PRESENT = DecisionPointValue( name="Present", key="P", description="The successful attack depends on the presence of specific deployment and execution conditions of " diff --git a/src/ssvc/decision_points/cvss/attack_vector.py b/src/ssvc/decision_points/cvss/attack_vector.py index f20a102d..10d1c003 100644 --- a/src/ssvc/decision_points/cvss/attack_vector.py +++ b/src/ssvc/decision_points/cvss/attack_vector.py @@ -15,17 +15,17 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_REMOTE = SsvcDecisionPointValue( +_REMOTE = DecisionPointValue( name="Remote", key="R", description="The vulnerability is exploitable remotely.", ) -_LOCAL = SsvcDecisionPointValue( +_LOCAL = DecisionPointValue( name="Local", key="L", description="The vulnerability is only exploitable locally (i.e., it requires physical access or authenticated " @@ -46,7 +46,7 @@ Defines LOCAL and REMOTE values for CVSS Access Vector. """ -_NETWORK = SsvcDecisionPointValue( +_NETWORK = DecisionPointValue( name="Network", key="N", description="A vulnerability exploitable with network access means the vulnerable software is bound to the " @@ -54,14 +54,14 @@ "vulnerability is often termed 'remotely exploitable'.", ) -_ADJACENT = SsvcDecisionPointValue( +_ADJACENT = DecisionPointValue( name="Adjacent Network", key="A", description="A vulnerability exploitable with adjacent network access requires the attacker to have access to " "either the broadcast or collision domain of the vulnerable software.", ) -_LOCAL_2 = SsvcDecisionPointValue( +_LOCAL_2 = DecisionPointValue( name="Local", key="L", description="A vulnerability exploitable with only local access requires the attacker to have either physical " @@ -85,7 +85,7 @@ """ -_NETWORK_2 = SsvcDecisionPointValue( +_NETWORK_2 = DecisionPointValue( name="Network", key="N", description="A vulnerability exploitable with network access means the vulnerable component is bound to the " @@ -94,7 +94,7 @@ "exploitable one or more network hops away (e.g. across layer 3 boundaries from routers).", ) -_ADJACENT_2 = SsvcDecisionPointValue( +_ADJACENT_2 = DecisionPointValue( name="Adjacent", key="A", description="A vulnerability exploitable with adjacent network access means the vulnerable component is bound to " @@ -103,7 +103,7 @@ "3 boundary (e.g. a router).", ) -_LOCAL_3 = SsvcDecisionPointValue( +_LOCAL_3 = DecisionPointValue( name="Local", key="L", description="A vulnerability exploitable with Local access means that the vulnerable component is not bound to " @@ -112,7 +112,7 @@ "on User Interaction to execute a malicious file.", ) -_PHYSICAL_2 = SsvcDecisionPointValue( +_PHYSICAL_2 = DecisionPointValue( name="Physical", key="P", description="A vulnerability exploitable with Physical access requires the attacker to physically touch or " @@ -138,7 +138,7 @@ # CVSS v4 Attack Vector -_NETWORK_3 = SsvcDecisionPointValue( +_NETWORK_3 = DecisionPointValue( name="Network", key="N", description="The vulnerable system is bound to the network stack and the set of possible attackers extends beyond " @@ -147,7 +147,7 @@ "protocol level one or more network hops away (e.g., across one or more routers).", ) -_ADJACENT_3 = SsvcDecisionPointValue( +_ADJACENT_3 = DecisionPointValue( name="Adjacent", key="A", description="The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level " @@ -157,7 +157,7 @@ "administrative network zone).", ) -_LOCAL_4 = SsvcDecisionPointValue( +_LOCAL_4 = DecisionPointValue( name="Local", key="L", description="The vulnerable system is not bound to the network stack and the attacker’s path is via " @@ -168,7 +168,7 @@ "malicious document).", ) -_PHYSICAL_3 = SsvcDecisionPointValue( +_PHYSICAL_3 = DecisionPointValue( name="Physical", key="P", description="The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical " diff --git a/src/ssvc/decision_points/cvss/authentication.py b/src/ssvc/decision_points/cvss/authentication.py index 516966f1..ea986106 100644 --- a/src/ssvc/decision_points/cvss/authentication.py +++ b/src/ssvc/decision_points/cvss/authentication.py @@ -16,35 +16,35 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_AUTH_NONE = SsvcDecisionPointValue( +_AUTH_NONE = DecisionPointValue( name="None", key="N", description="Authentication is not required to exploit the vulnerability.", ) -_SINGLE = SsvcDecisionPointValue( +_SINGLE = DecisionPointValue( name="Single", key="S", description="The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface).", ) -_MULTIPLE = SsvcDecisionPointValue( +_MULTIPLE = DecisionPointValue( name="Multiple", key="M", description="Exploiting the vulnerability requires that the attacker authenticate two or more times, even if the same credentials are used each time.", ) -_REQUIRED = SsvcDecisionPointValue( +_REQUIRED = DecisionPointValue( name="Required", key="R", description="Authentication is required to access and exploit the vulnerability.", ) -_NOT_REQUIRED = SsvcDecisionPointValue( +_NOT_REQUIRED = DecisionPointValue( name="Not Required", key="N", description="Authentication is not required to access or exploit the vulnerability.", diff --git a/src/ssvc/decision_points/cvss/availability_impact.py b/src/ssvc/decision_points/cvss/availability_impact.py index bc689915..6077b6ab 100644 --- a/src/ssvc/decision_points/cvss/availability_impact.py +++ b/src/ssvc/decision_points/cvss/availability_impact.py @@ -16,11 +16,11 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_HIGH = SsvcDecisionPointValue( +_HIGH = DecisionPointValue( name="High", key="H", description="There is total loss of availability, resulting in the attacker being able to fully deny access to " @@ -28,25 +28,25 @@ "deliver the attack) or persistent (the condition persists even after the attack has completed).", ) -_LOW = SsvcDecisionPointValue( +_LOW = DecisionPointValue( name="Low", key="L", description="There is reduced performance or interruptions in resource availability.", ) -_NONE_2 = SsvcDecisionPointValue( +_NONE_2 = DecisionPointValue( name="None", key="N", description="There is no impact to the availability of the system.", ) -_COMPLETE = SsvcDecisionPointValue( +_COMPLETE = DecisionPointValue( name="Complete", key="C", description="Total shutdown of the affected resource. The attacker can render the resource completely unavailable.", ) -_PARTIAL = SsvcDecisionPointValue( +_PARTIAL = DecisionPointValue( name="Partial", key="P", description="Considerable lag in or interruptions in resource availability. For example, a network-based flood " @@ -54,7 +54,7 @@ "number of connections successfully complete.", ) -_NONE_1 = SsvcDecisionPointValue( +_NONE_1 = DecisionPointValue( name="None", key="N", description="No impact on availability." ) @@ -89,7 +89,7 @@ Updates None. Removes Partial and Complete. Adds Low and High values for CVSS Availability Impact. """ -_HIGH_2 = SsvcDecisionPointValue( +_HIGH_2 = DecisionPointValue( name="High", key="H", description="There is total loss of availability, resulting in the attacker being able to fully deny access to " @@ -97,7 +97,7 @@ "deliver the attack) or persistent (the condition persists even after the attack has completed).", ) -_LOW_2 = SsvcDecisionPointValue( +_LOW_2 = DecisionPointValue( name="Low", key="L", description="There is reduced performance or interruptions in resource availability. Even if repeated " @@ -107,7 +107,7 @@ "serious consequence to the Vulnerable System.", ) -_NONE_3 = SsvcDecisionPointValue( +_NONE_3 = DecisionPointValue( name="None", key="N", description="There is no impact to availability within the Vulnerable System.", diff --git a/src/ssvc/decision_points/cvss/availability_requirement.py b/src/ssvc/decision_points/cvss/availability_requirement.py index 09cd2660..42fbb7d6 100644 --- a/src/ssvc/decision_points/cvss/availability_requirement.py +++ b/src/ssvc/decision_points/cvss/availability_requirement.py @@ -16,7 +16,7 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss._not_defined import ( NOT_DEFINED_ND, NOT_DEFINED_X, @@ -25,21 +25,21 @@ from ssvc.decision_points.helpers import print_versions_and_diffs -_HIGH = SsvcDecisionPointValue( +_HIGH = DecisionPointValue( name="High", key="H", description="Loss of availability is likely to have a catastrophic adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) -_MEDIUM = SsvcDecisionPointValue( +_MEDIUM = DecisionPointValue( name="Medium", key="M", description="Loss of availability is likely to have a serious adverse effect on the organization or individuals " "associated with the organization (e.g., employees, customers).", ) -_LOW = SsvcDecisionPointValue( +_LOW = DecisionPointValue( name="Low", key="L", description="Loss of availability is likely to have only a limited adverse effect on the organization or " @@ -77,21 +77,21 @@ ) -_HIGH_2 = SsvcDecisionPointValue( +_HIGH_2 = DecisionPointValue( name="High", key="H", description="Loss of availability is likely to have a catastrophic adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) -_MEDIUM_2 = SsvcDecisionPointValue( +_MEDIUM_2 = DecisionPointValue( name="Medium", key="M", description="Loss of availability is likely to have a serious adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) -_LOW_2 = SsvcDecisionPointValue( +_LOW_2 = DecisionPointValue( name="Low", key="L", description="Loss of availability is likely to have only a limited adverse effect on the organization or " diff --git a/src/ssvc/decision_points/cvss/base.py b/src/ssvc/decision_points/cvss/base.py index 1fc721ac..aa1ff23b 100644 --- a/src/ssvc/decision_points/cvss/base.py +++ b/src/ssvc/decision_points/cvss/base.py @@ -17,11 +17,11 @@ from pydantic import BaseModel -from ssvc.decision_points.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPoint from ssvc.namespaces import NameSpace -class CvssDecisionPoint(SsvcDecisionPoint, BaseModel): +class CvssDecisionPoint(DecisionPoint, BaseModel): """ Models a single CVSS decision point as a list of values. """ diff --git a/src/ssvc/decision_points/cvss/collateral_damage_potential.py b/src/ssvc/decision_points/cvss/collateral_damage_potential.py index 3c541009..5f348c04 100644 --- a/src/ssvc/decision_points/cvss/collateral_damage_potential.py +++ b/src/ssvc/decision_points/cvss/collateral_damage_potential.py @@ -16,49 +16,49 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss._not_defined import NOT_DEFINED_ND from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_MEDIUM_HIGH = SsvcDecisionPointValue( +_MEDIUM_HIGH = DecisionPointValue( name="Medium-High", key="MH", description="A successful exploit of this vulnerability may result in significant physical or property damage or loss.", ) -_LOW_MEDIUM = SsvcDecisionPointValue( +_LOW_MEDIUM = DecisionPointValue( name="Low-Medium", key="LM", description="A successful exploit of this vulnerability may result in moderate physical or property damage or loss.", ) -_CDP_NONE_2 = SsvcDecisionPointValue( +_CDP_NONE_2 = DecisionPointValue( name="None", key="N", description="There is no potential for loss of life, physical assets, productivity or revenue.", ) -_HIGH = SsvcDecisionPointValue( +_HIGH = DecisionPointValue( name="High", key="H", description="A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area.", ) -_MEDIUM = SsvcDecisionPointValue( +_MEDIUM = DecisionPointValue( name="Medium", key="M", description="A successful exploit of this vulnerability may result in significant physical or property damage or loss.", ) -_LOW = SsvcDecisionPointValue( +_LOW = DecisionPointValue( name="Low", key="L", description="A successful exploit of this vulnerability may result in light physical or property damage or loss. The system itself may be damaged or destroyed.", ) -_CDP_NONE = SsvcDecisionPointValue( +_CDP_NONE = DecisionPointValue( name="None", key="N", description="There is no potential for physical or property damage.", diff --git a/src/ssvc/decision_points/cvss/confidentiality_impact.py b/src/ssvc/decision_points/cvss/confidentiality_impact.py index c56abb6a..6550eda5 100644 --- a/src/ssvc/decision_points/cvss/confidentiality_impact.py +++ b/src/ssvc/decision_points/cvss/confidentiality_impact.py @@ -15,11 +15,11 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_HIGH = SsvcDecisionPointValue( +_HIGH = DecisionPointValue( name="High", key="H", description="There is total loss of confidentiality, resulting in all resources within the impacted component " @@ -28,7 +28,7 @@ "steals the administrator's password, or private encryption keys of a web server.", ) -_LOW = SsvcDecisionPointValue( +_LOW = DecisionPointValue( name="Low", key="L", description="There is some loss of confidentiality. Access to some restricted information is obtained, " @@ -37,13 +37,13 @@ "impacted component.", ) -_CI_NONE_2 = SsvcDecisionPointValue( +_CI_NONE_2 = DecisionPointValue( name="None", key="N", description="There is no loss of confidentiality within the impacted component.", ) -_COMPLETE = SsvcDecisionPointValue( +_COMPLETE = DecisionPointValue( name="Complete", key="C", description="A total compromise of critical system information. A complete loss of system protection resulting in " @@ -51,7 +51,7 @@ "system's data (memory, files, etc).", ) -_PARTIAL = SsvcDecisionPointValue( +_PARTIAL = DecisionPointValue( name="Partial", key="P", description="There is considerable informational disclosure. Access to critical system files is possible. There " @@ -59,7 +59,7 @@ "the scope of the loss is constrained.", ) -_CI_NONE = SsvcDecisionPointValue( +_CI_NONE = DecisionPointValue( name="None", key="N", description="No impact on confidentiality.", @@ -98,7 +98,7 @@ """ -_HIGH_1 = SsvcDecisionPointValue( +_HIGH_1 = DecisionPointValue( name="High", key="H", description="There is total loss of confidentiality, resulting in all resources within the impacted component " @@ -107,7 +107,7 @@ "steals the administrator's password, or private encryption keys of a web server.", ) -_LOW_1 = SsvcDecisionPointValue( +_LOW_1 = DecisionPointValue( name="Low", key="L", description="There is some loss of confidentiality. Access to some restricted information is obtained, " @@ -116,7 +116,7 @@ "impacted component.", ) -_CI_NONE_3 = SsvcDecisionPointValue( +_CI_NONE_3 = DecisionPointValue( name="None", key="N", description="There is no loss of confidentiality within the impacted component.", diff --git a/src/ssvc/decision_points/cvss/confidentiality_requirement.py b/src/ssvc/decision_points/cvss/confidentiality_requirement.py index 288c05c8..05b1a781 100644 --- a/src/ssvc/decision_points/cvss/confidentiality_requirement.py +++ b/src/ssvc/decision_points/cvss/confidentiality_requirement.py @@ -16,7 +16,7 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss._not_defined import ( NOT_DEFINED_ND, NOT_DEFINED_X, @@ -24,21 +24,21 @@ from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_HIGH = SsvcDecisionPointValue( +_HIGH = DecisionPointValue( name="High", key="H", description="Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) -_MEDIUM = SsvcDecisionPointValue( +_MEDIUM = DecisionPointValue( name="Medium", key="M", description="Loss of confidentiality is likely to have a serious adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) -_LOW = SsvcDecisionPointValue( +_LOW = DecisionPointValue( name="Low", key="L", description="Loss of confidentiality is likely to have only a limited adverse effect on the organization or " @@ -75,21 +75,21 @@ ) -_HIGH_2 = SsvcDecisionPointValue( +_HIGH_2 = DecisionPointValue( name="High", key="H", description="Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) -_MEDIUM_2 = SsvcDecisionPointValue( +_MEDIUM_2 = DecisionPointValue( name="Medium", key="M", description="Loss of confidentiality is likely to have a serious adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) -_LOW_2 = SsvcDecisionPointValue( +_LOW_2 = DecisionPointValue( name="Low", key="L", description="Loss of confidentiality is likely to have only a limited adverse effect on the organization or " diff --git a/src/ssvc/decision_points/cvss/equivalence_set_1.py b/src/ssvc/decision_points/cvss/equivalence_set_1.py index 6e832210..c37fd66c 100644 --- a/src/ssvc/decision_points/cvss/equivalence_set_1.py +++ b/src/ssvc/decision_points/cvss/equivalence_set_1.py @@ -15,23 +15,23 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -TWO = SsvcDecisionPointValue( +TWO = DecisionPointValue( name="Low", key="L", description="2: AV:P or not(AV:N or PR:N or UI:N)", ) -ONE = SsvcDecisionPointValue( +ONE = DecisionPointValue( name="Medium", key="M", description="1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P", ) -ZERO = SsvcDecisionPointValue( +ZERO = DecisionPointValue( name="High", key="H", description="0: AV:N and PR:N and UI:N", diff --git a/src/ssvc/decision_points/cvss/equivalence_set_2.py b/src/ssvc/decision_points/cvss/equivalence_set_2.py index b20e1cd1..60a3a2ea 100644 --- a/src/ssvc/decision_points/cvss/equivalence_set_2.py +++ b/src/ssvc/decision_points/cvss/equivalence_set_2.py @@ -15,7 +15,7 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs @@ -23,12 +23,12 @@ # Levels Constraints Highest Severity Vector(s) # 0 AC:L and AT:N AC:L/AT:N # 1 not (AC:L and AT:N) AC:L/AT:P or AC:H/AT:N -ONE = SsvcDecisionPointValue( +ONE = DecisionPointValue( name="Low", key="L", description="1: not (AC:L and AT:N)", ) -ZERO = SsvcDecisionPointValue( +ZERO = DecisionPointValue( name="High", key="H", description="0: AC:L and AT:N", diff --git a/src/ssvc/decision_points/cvss/equivalence_set_3.py b/src/ssvc/decision_points/cvss/equivalence_set_3.py index 5d551b39..56b06191 100644 --- a/src/ssvc/decision_points/cvss/equivalence_set_3.py +++ b/src/ssvc/decision_points/cvss/equivalence_set_3.py @@ -15,7 +15,7 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs @@ -24,17 +24,17 @@ # 0 VC:H and VI:H VC:H/VI:H/VA:H # 1 not (VC:H and VI:H) and (VC:H or VI:H or VA:H) VC:L/VI:H/VA:H or VC:H/VI:L/VA:H # 2 not (VC:H or VI:H or VA:H) VC:L/VI:L/VA:L -TWO = SsvcDecisionPointValue( +TWO = DecisionPointValue( name="Low", key="L", description="2: not (VC:H or VI:H or VA:H)", ) -ONE = SsvcDecisionPointValue( +ONE = DecisionPointValue( name="Medium", key="M", description="1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)", ) -ZERO = SsvcDecisionPointValue( +ZERO = DecisionPointValue( name="High", key="H", description="0: VC:H and VI:H", diff --git a/src/ssvc/decision_points/cvss/equivalence_set_4.py b/src/ssvc/decision_points/cvss/equivalence_set_4.py index c7caf550..ffb099a2 100644 --- a/src/ssvc/decision_points/cvss/equivalence_set_4.py +++ b/src/ssvc/decision_points/cvss/equivalence_set_4.py @@ -15,7 +15,7 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs @@ -23,17 +23,17 @@ # 0 MSI:S or MSA:S SC:H/SI:S/SA:S # 1 not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H) SC:H/SI:H/SA:H # 2 not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H) SC:L/SI:L/SA:L -TWO = SsvcDecisionPointValue( +TWO = DecisionPointValue( name="Low", key="L", description="2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)", ) -ONE = SsvcDecisionPointValue( +ONE = DecisionPointValue( name="Medium", key="M", description="1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)", ) -ZERO = SsvcDecisionPointValue( +ZERO = DecisionPointValue( name="High", key="H", description="0: MSI:S or MSA:S", diff --git a/src/ssvc/decision_points/cvss/equivalence_set_5.py b/src/ssvc/decision_points/cvss/equivalence_set_5.py index 30e3fdba..6895c4e6 100644 --- a/src/ssvc/decision_points/cvss/equivalence_set_5.py +++ b/src/ssvc/decision_points/cvss/equivalence_set_5.py @@ -15,7 +15,7 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs @@ -23,9 +23,21 @@ # 0 E:A E:A # 1 E:P E:P # 2 E:U E:U -TWO = SsvcDecisionPointValue(name="Low", key="L", description="2: E:U", ) -ONE = SsvcDecisionPointValue(name="Medium", key="M", description="1: E:P", ) -ZERO = SsvcDecisionPointValue(name="High", key="H", description="0: E:A", ) +TWO = DecisionPointValue( + name="Low", + key="L", + description="2: E:U", +) +ONE = DecisionPointValue( + name="Medium", + key="M", + description="1: E:P", +) +ZERO = DecisionPointValue( + name="High", + key="H", + description="0: E:A", +) EQ5 = CvssDecisionPoint( name="Equivalence Set 5", key="EQ5", @@ -35,16 +47,17 @@ TWO, ONE, ZERO, -), + ), ) VERSIONS = (EQ5,) LATEST = VERSIONS[-1] + def main(): print_versions_and_diffs(VERSIONS) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/src/ssvc/decision_points/cvss/equivalence_set_6.py b/src/ssvc/decision_points/cvss/equivalence_set_6.py index 4b4887c8..8d99c49d 100644 --- a/src/ssvc/decision_points/cvss/equivalence_set_6.py +++ b/src/ssvc/decision_points/cvss/equivalence_set_6.py @@ -15,17 +15,23 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs # EQ6 → VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29 # 0 (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H) VC:H/VI:H/VA:H/CR:H/IR:H/AR:H # 1 not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H) VC:H/VI:H/VA:H/CR:M/IR:M/AR:M or VC:H/VI:H/VA:L/CR:M/IR:M/AR:H or VC:H/VI:L/VA:H/CR:M/IR:H/AR:M or VC:H/VI:L/VA:L/CR:M/IR:H/AR:H or VC:L/VI:H/VA:H/CR:H/IR:M/AR:M or VC:L/VI:H/VA:L/CR:H/IR:M/AR:H or VC:L/VI:L/VA:H/CR:H/IR:H/AR:M or VC:L/VI:L/VA:L/CR:H/IR:H/AR:H -ONE = SsvcDecisionPointValue(name="Low", key="L", - description="1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)", ) -ZERO = SsvcDecisionPointValue(name="High", key="H", - description="0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)", ) +ONE = DecisionPointValue( + name="Low", + key="L", + description="1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)", +) +ZERO = DecisionPointValue( + name="High", + key="H", + description="0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)", +) EQ6 = CvssDecisionPoint( name="Equivalence Set 6", key="EQ6", @@ -40,10 +46,10 @@ VERSIONS = (EQ6,) LATEST = VERSIONS[-1] + def main(): print_versions_and_diffs(VERSIONS) -if __name__ == '__main__': +if __name__ == "__main__": main() - diff --git a/src/ssvc/decision_points/cvss/exploit_maturity.py b/src/ssvc/decision_points/cvss/exploit_maturity.py index 2a3eee2a..96f9ea15 100644 --- a/src/ssvc/decision_points/cvss/exploit_maturity.py +++ b/src/ssvc/decision_points/cvss/exploit_maturity.py @@ -16,7 +16,7 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss._not_defined import ( NOT_DEFINED_ND, NOT_DEFINED_X, @@ -24,7 +24,7 @@ from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_HIGH_2 = SsvcDecisionPointValue( +_HIGH_2 = DecisionPointValue( name="High", key="H", description="Functional autonomous code exists, or no exploit is required (manual trigger) and details are widely " @@ -34,14 +34,14 @@ "easy-to-use automated tools.", ) -_FUNCTIONAL_2 = SsvcDecisionPointValue( +_FUNCTIONAL_2 = DecisionPointValue( name="Functional", key="F", description="Functional exploit code is available. The code works in most situations where the vulnerability " "exists.", ) -_PROOF_OF_CONCEPT_2 = SsvcDecisionPointValue( +_PROOF_OF_CONCEPT_2 = DecisionPointValue( name="Proof-of-Concept", key="POC", description="Proof-of-concept exploit code is available, or an attack demonstration is not practical for most " @@ -49,13 +49,13 @@ "modification by a skilled attacker.", ) -_UNPROVEN_2 = SsvcDecisionPointValue( +_UNPROVEN_2 = DecisionPointValue( name="Unproven", key="U", description="No exploit code is available, or an exploit is theoretical.", ) -_HIGH = SsvcDecisionPointValue( +_HIGH = DecisionPointValue( name="High", key="H", description="Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is " @@ -64,14 +64,14 @@ "via a mobile autonomous agent (a worm or virus).", ) -_FUNCTIONAL = SsvcDecisionPointValue( +_FUNCTIONAL = DecisionPointValue( name="Functional", key="F", description="Functional exploit code is available. The code works in most situations where the vulnerability is " "exploitable.", ) -_PROOF_OF_CONCEPT = SsvcDecisionPointValue( +_PROOF_OF_CONCEPT = DecisionPointValue( name="Proof of Concept", key="P", description="Proof of concept exploit code or an attack demonstration that is not practically applicable to " @@ -79,7 +79,7 @@ "require substantial hand tuning by a skilled attacker for use against deployed systems.", ) -_UNPROVEN = SsvcDecisionPointValue( +_UNPROVEN = DecisionPointValue( name="Unproven", key="U", description="No exploit code is yet available or an exploit method is entirely theoretical.", @@ -140,7 +140,7 @@ """ -_ATTACKED = SsvcDecisionPointValue( +_ATTACKED = DecisionPointValue( name="Attacked", key="A", description="Based on available threat intelligence either of the following must apply: Attacks targeting " @@ -148,7 +148,7 @@ "to exploit the vulnerability are publicly or privately available (such as exploit toolkits)", ) -_PROOF_OF_CONCEPT_3 = SsvcDecisionPointValue( +_PROOF_OF_CONCEPT_3 = DecisionPointValue( name="Proof-of-Concept", key="P", description="Based on available threat intelligence each of the following must apply: Proof-of-concept exploit " @@ -157,7 +157,7 @@ "(i.e., the “Attacked” value does not apply)", ) -_UNREPORTED = SsvcDecisionPointValue( +_UNREPORTED = DecisionPointValue( name="Unreported", key="U", description="Based on available threat intelligence each of the following must apply: No knowledge of publicly " diff --git a/src/ssvc/decision_points/cvss/helpers.py b/src/ssvc/decision_points/cvss/helpers.py index c0527ec7..457e985b 100644 --- a/src/ssvc/decision_points/cvss/helpers.py +++ b/src/ssvc/decision_points/cvss/helpers.py @@ -17,11 +17,12 @@ from copy import deepcopy -from ssvc.decision_points import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss._not_defined import NOT_DEFINED_X +from ssvc.decision_points.cvss.base import CvssDecisionPoint as DecisionPoint -def _modify_3(dp: SsvcDecisionPoint): +def _modify_3(dp: DecisionPoint): _dp_dict = deepcopy(dp.model_dump()) _dp_dict["name"] = "Modified " + _dp_dict["name"] _dp_dict["key"] = "M" + _dp_dict["key"] @@ -35,12 +36,12 @@ def _modify_3(dp: SsvcDecisionPoint): values.append(nd) _dp_dict["values"] = tuple(values) - _dp = SsvcDecisionPoint(**_dp_dict) + _dp = DecisionPoint(**_dp_dict) return _dp -def modify_3(dp: SsvcDecisionPoint): +def modify_3(dp: DecisionPoint): """ Prepends "Modified " to the name and "M" to the key of the given object. Also adds a value of "Not Defined" to the values list. @@ -55,7 +56,7 @@ def modify_3(dp: SsvcDecisionPoint): return _dp -def modify_4(dp: SsvcDecisionPoint): +def modify_4(dp: DecisionPoint): """ Modifies a CVSS v4 Base Metric decision point object. @@ -72,7 +73,7 @@ def modify_4(dp: SsvcDecisionPoint): return _dp -def _modify_4(dp: SsvcDecisionPoint): +def _modify_4(dp: DecisionPoint): # note: # this method was split out for testing purposes # assumes you've already done the 3.0 modifications @@ -89,7 +90,7 @@ def _modify_4(dp: SsvcDecisionPoint): # Note: For MSI, There is also a highest severity level, Safety (S), in addition to the same values as the # corresponding Base Metric (High, Medium, Low). if key == "MSI": - _SAFETY = SsvcDecisionPointValue( + _SAFETY = DecisionPointValue( name="Safety", key="S", description="The Safety metric value measures the impact regarding the Safety of a human actor or " @@ -99,7 +100,7 @@ def _modify_4(dp: SsvcDecisionPoint): values.append(_SAFETY) _dp_dict["values"] = tuple(values) - _dp = SsvcDecisionPoint(**_dp_dict) + _dp = DecisionPoint(**_dp_dict) return _dp diff --git a/src/ssvc/decision_points/cvss/impact_bias.py b/src/ssvc/decision_points/cvss/impact_bias.py index ad113083..4d79f656 100644 --- a/src/ssvc/decision_points/cvss/impact_bias.py +++ b/src/ssvc/decision_points/cvss/impact_bias.py @@ -15,29 +15,29 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_AVAILABILITY = SsvcDecisionPointValue( +_AVAILABILITY = DecisionPointValue( name="Availability", key="A", description="Availability Impact is assigned greater weight than Confidentiality Impact or Integrity Impact.", ) -_INTEGRITY = SsvcDecisionPointValue( +_INTEGRITY = DecisionPointValue( name="Integrity", key="I", description="Integrity Impact is assigned greater weight than Confidentiality Impact or Availability Impact.", ) -_CONFIDENTIALITY = SsvcDecisionPointValue( +_CONFIDENTIALITY = DecisionPointValue( name="Confidentiality", key="C", description="Confidentiality impact is assigned greater weight than Integrity Impact or Availability Impact.", ) -_NORMAL = SsvcDecisionPointValue( +_NORMAL = DecisionPointValue( name="Normal", key="N", description="Confidentiality Impact, Integrity Impact, and Availability Impact are all assigned the same weight.", diff --git a/src/ssvc/decision_points/cvss/integrity_impact.py b/src/ssvc/decision_points/cvss/integrity_impact.py index 6cc2584c..bddbb576 100644 --- a/src/ssvc/decision_points/cvss/integrity_impact.py +++ b/src/ssvc/decision_points/cvss/integrity_impact.py @@ -16,18 +16,18 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_II_HIGH = SsvcDecisionPointValue( +_II_HIGH = DecisionPointValue( name="High", key="H", description="There is a total loss of integrity, or a complete loss of protection.", ) -_II_LOW = SsvcDecisionPointValue( +_II_LOW = DecisionPointValue( name="Low", key="L", description="Modification of data is possible, but the attacker does not have control over the consequence of a " @@ -35,19 +35,19 @@ "direct, serious impact on the impacted component.", ) -_II_NONE_2 = SsvcDecisionPointValue( +_II_NONE_2 = DecisionPointValue( name="None", key="N", description="There is no impact to the integrity of the system.", ) -_COMPLETE = SsvcDecisionPointValue( +_COMPLETE = DecisionPointValue( name="Complete", key="C", description="A total compromise of system integrity. There is a complete loss of system protection resulting in " "the entire system being compromised. The attacker has sovereign control to modify any system files.", ) -_PARTIAL = SsvcDecisionPointValue( +_PARTIAL = DecisionPointValue( name="Partial", key="P", description="Considerable breach in integrity. Modification of critical system files or information is possible, " @@ -56,7 +56,7 @@ "but at random or in a limited context or scope.", ) -_II_NONE = SsvcDecisionPointValue( +_II_NONE = DecisionPointValue( name="None", key="N", description="No impact on integrity." ) @@ -91,13 +91,13 @@ Updates None. Removes Partial and Complete. Adds Low and High values for CVSS Integrity Impact. """ -_II_HIGH_2 = SsvcDecisionPointValue( +_II_HIGH_2 = DecisionPointValue( name="High", key="H", description="There is a total loss of integrity, or a complete loss of protection.", ) -_II_LOW_2 = SsvcDecisionPointValue( +_II_LOW_2 = DecisionPointValue( name="Low", key="L", description="Modification of data is possible, but the attacker does not have control over the consequence of a " @@ -106,7 +106,7 @@ ) -_II_NONE_3 = SsvcDecisionPointValue( +_II_NONE_3 = DecisionPointValue( name="None", key="N", description="There is no loss of integrity within the Vulnerable System.", diff --git a/src/ssvc/decision_points/cvss/integrity_requirement.py b/src/ssvc/decision_points/cvss/integrity_requirement.py index fed364a6..9d1037af 100644 --- a/src/ssvc/decision_points/cvss/integrity_requirement.py +++ b/src/ssvc/decision_points/cvss/integrity_requirement.py @@ -16,7 +16,7 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss._not_defined import ( NOT_DEFINED_ND, NOT_DEFINED_X, @@ -24,21 +24,21 @@ from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_HIGH = SsvcDecisionPointValue( +_HIGH = DecisionPointValue( name="High", key="H", description="Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals " "associated with the organization (e.g., employees, customers).", ) -_MEDIUM = SsvcDecisionPointValue( +_MEDIUM = DecisionPointValue( name="Medium", key="M", description="Loss of integrity is likely to have a serious adverse effect on the organization or individuals " "associated with the organization (e.g., employees, customers).", ) -_LOW = SsvcDecisionPointValue( +_LOW = DecisionPointValue( name="Low", key="L", description="Loss of integrity is likely to have only a limited adverse effect on the organization or individuals " @@ -75,21 +75,21 @@ ) -_HIGH_2 = SsvcDecisionPointValue( +_HIGH_2 = DecisionPointValue( name="High", key="H", description="Loss of integrity is likely to have a catastrophic adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) -_MEDIUM_2 = SsvcDecisionPointValue( +_MEDIUM_2 = DecisionPointValue( name="Medium", key="M", description="Loss of integrity is likely to have a serious adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) -_LOW_2 = SsvcDecisionPointValue( +_LOW_2 = DecisionPointValue( name="Low", key="L", description="Loss of integrity is likely to have only a limited adverse effect on the organization or " diff --git a/src/ssvc/decision_points/cvss/privileges_required.py b/src/ssvc/decision_points/cvss/privileges_required.py index e9cb0ea5..d6bc27d7 100644 --- a/src/ssvc/decision_points/cvss/privileges_required.py +++ b/src/ssvc/decision_points/cvss/privileges_required.py @@ -15,11 +15,11 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_HIGH = SsvcDecisionPointValue( +_HIGH = DecisionPointValue( name="High", key="H", description="The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. " @@ -27,7 +27,7 @@ "files.", ) -_LOW = SsvcDecisionPointValue( +_LOW = DecisionPointValue( name="Low", key="L", description="The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that " @@ -35,7 +35,7 @@ "privileges may have the ability to cause an impact only to non-sensitive resources.", ) -_PR_NONE = SsvcDecisionPointValue( +_PR_NONE = DecisionPointValue( name="None", key="N", description="The attacker is unauthorized prior to attack, and therefore does not require any access to settings " @@ -62,14 +62,14 @@ """ -_PR_NONE_2 = SsvcDecisionPointValue( +_PR_NONE_2 = DecisionPointValue( name="None", key="N", description="The attacker is unauthorized prior to attack, and therefore does not require any access to settings " "or files to carry out an attack.", ) -_LOW_2 = SsvcDecisionPointValue( +_LOW_2 = DecisionPointValue( name="Low", key="L", description="The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that " @@ -77,7 +77,7 @@ "an attacker with Low privileges has the ability to access only non-sensitive resources.", ) -_HIGH_2 = SsvcDecisionPointValue( +_HIGH_2 = DecisionPointValue( name="High", key="H", description="The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., " diff --git a/src/ssvc/decision_points/cvss/qualitative_severity.py b/src/ssvc/decision_points/cvss/qualitative_severity.py index 23358fe7..64c1ab03 100644 --- a/src/ssvc/decision_points/cvss/qualitative_severity.py +++ b/src/ssvc/decision_points/cvss/qualitative_severity.py @@ -15,32 +15,32 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -QS_NONE = SsvcDecisionPointValue( +QS_NONE = DecisionPointValue( name="None", key="N", description="No severity rating (0.0)", ) -LOW = SsvcDecisionPointValue( +LOW = DecisionPointValue( name="Low", key="L", description="Low (0.1 - 3.9)", ) -MEDIUM = SsvcDecisionPointValue( +MEDIUM = DecisionPointValue( name="Medium", key="M", description="Medium (4.0 - 6.9)", ) -HIGH = SsvcDecisionPointValue( +HIGH = DecisionPointValue( name="High", key="H", description="High (7.0 - 8.9)", ) -CRITICAL = SsvcDecisionPointValue( +CRITICAL = DecisionPointValue( name="Critical", key="C", description="Critical (9.0 - 10.0)", diff --git a/src/ssvc/decision_points/cvss/remediation_level.py b/src/ssvc/decision_points/cvss/remediation_level.py index 73a031ef..ee1a8020 100644 --- a/src/ssvc/decision_points/cvss/remediation_level.py +++ b/src/ssvc/decision_points/cvss/remediation_level.py @@ -16,19 +16,19 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss._not_defined import NOT_DEFINED_X from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_UNAVAILABLE = SsvcDecisionPointValue( +_UNAVAILABLE = DecisionPointValue( name="Unavailable", key="U", description="There is either no solution available or it is impossible to apply.", ) -_WORKAROUND = SsvcDecisionPointValue( +_WORKAROUND = DecisionPointValue( name="Workaround", key="W", description="There is an unofficial, non-vendor solution available. In some cases, users of the affected " @@ -37,14 +37,14 @@ "plugging the hole for the mean time and no official remediation is available, this value can be set.", ) -_TEMPORARY_FIX = SsvcDecisionPointValue( +_TEMPORARY_FIX = DecisionPointValue( name="Temporary Fix", key="TF", description="There is an official but temporary fix available. This includes instances where the vendor issues a " "temporary hotfix, tool or official workaround.", ) -_OFFICIAL_FIX = SsvcDecisionPointValue( +_OFFICIAL_FIX = DecisionPointValue( name="Official Fix", key="OF", description="A complete vendor solution is available. Either the vendor has issued the final, official patch " diff --git a/src/ssvc/decision_points/cvss/report_confidence.py b/src/ssvc/decision_points/cvss/report_confidence.py index 93ea24fc..6145153b 100644 --- a/src/ssvc/decision_points/cvss/report_confidence.py +++ b/src/ssvc/decision_points/cvss/report_confidence.py @@ -16,7 +16,7 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss._not_defined import ( NOT_DEFINED_ND, NOT_DEFINED_X, @@ -24,7 +24,7 @@ from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_CONFIRMED_2 = SsvcDecisionPointValue( +_CONFIRMED_2 = DecisionPointValue( name="Confirmed", key="C", description="Detailed reports exist, or functional reproduction is possible (functional exploits may provide " @@ -32,7 +32,7 @@ "or the author or vendor of the affected code has confirmed the presence of the vulnerability.", ) -_REASONABLE = SsvcDecisionPointValue( +_REASONABLE = DecisionPointValue( name="Reasonable", key="R", description="Significant details are published, but researchers either do not have full confidence in the root " @@ -41,7 +41,7 @@ "impact is able to be verified (proof-of-concept exploits may provide this).", ) -_UNKNOWN = SsvcDecisionPointValue( +_UNKNOWN = DecisionPointValue( name="Unknown", key="U", description="There are reports of impacts that indicate a vulnerability is present. The reports indicate that the " @@ -51,7 +51,7 @@ "differences described.", ) -_CONFIRMED = SsvcDecisionPointValue( +_CONFIRMED = DecisionPointValue( name="Confirmed", key="C", description="Vendor or author of the affected technology has acknowledged that the vulnerability exists. This " @@ -60,7 +60,7 @@ "widespread exploitation.", ) -_UNCORROBORATED = SsvcDecisionPointValue( +_UNCORROBORATED = DecisionPointValue( name="Uncorroborated", key="UR", description="Multiple non-official sources; possibily including independent security companies or research " @@ -68,7 +68,7 @@ "ambiguity.", ) -_UNCONFIRMED = SsvcDecisionPointValue( +_UNCONFIRMED = DecisionPointValue( name="Unconfirmed", key="UC", description="A single unconfirmed source or possibly several conflicting reports. There is little confidence in " diff --git a/src/ssvc/decision_points/cvss/scope.py b/src/ssvc/decision_points/cvss/scope.py index 9eaf0b35..9783aafe 100644 --- a/src/ssvc/decision_points/cvss/scope.py +++ b/src/ssvc/decision_points/cvss/scope.py @@ -16,18 +16,18 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_CHANGED = SsvcDecisionPointValue( +_CHANGED = DecisionPointValue( name="Changed", key="C", description="An exploited vulnerability can affect resources beyond the authorization privileges intended by the " "vulnerable component. In this case the vulnerable component and the impacted component are different.", ) -_UNCHANGED = SsvcDecisionPointValue( +_UNCHANGED = DecisionPointValue( name="Unchanged", key="U", description="An exploited vulnerability can only affect resources managed by the same authority. In this case the " diff --git a/src/ssvc/decision_points/cvss/subsequent_availability_impact.py b/src/ssvc/decision_points/cvss/subsequent_availability_impact.py index 1a4cf449..3d90b15e 100644 --- a/src/ssvc/decision_points/cvss/subsequent_availability_impact.py +++ b/src/ssvc/decision_points/cvss/subsequent_availability_impact.py @@ -15,11 +15,11 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_SA_HIGH = SsvcDecisionPointValue( +_SA_HIGH = DecisionPointValue( name="High", key="H", description="There is a total loss of availability, resulting in the attacker being able to fully deny access to " @@ -27,7 +27,7 @@ "deliver the attack) or persistent (the condition persists even after the attack has completed).", ) -_SA_LOW = SsvcDecisionPointValue( +_SA_LOW = DecisionPointValue( name="Low", key="L", description="Performance is reduced or there are interruptions in resource availability. Even if repeated " @@ -35,7 +35,7 @@ "deny service to legitimate users.", ) -_SA_NONE = SsvcDecisionPointValue( +_SA_NONE = DecisionPointValue( name="None", key="N", description="There is no impact to availability within the Subsequent System or all availability impact is " diff --git a/src/ssvc/decision_points/cvss/subsequent_confidentiality_impact.py b/src/ssvc/decision_points/cvss/subsequent_confidentiality_impact.py index 413dc803..77f0a540 100644 --- a/src/ssvc/decision_points/cvss/subsequent_confidentiality_impact.py +++ b/src/ssvc/decision_points/cvss/subsequent_confidentiality_impact.py @@ -15,18 +15,18 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -NEGLIGIBLE = SsvcDecisionPointValue( +NEGLIGIBLE = DecisionPointValue( name="Negligible", key="N", description="There is no loss of confidentiality within the Subsequent System or all confidentiality impact is " "constrained to the Vulnerable System.", ) -LOW = SsvcDecisionPointValue( +LOW = DecisionPointValue( name="Low", key="L", description="There is some loss of confidentiality. Access to some restricted information is obtained, but the " @@ -34,7 +34,7 @@ "limited. The information disclosure does not cause a direct, serious loss to the Subsequent System.", ) -HIGH = SsvcDecisionPointValue( +HIGH = DecisionPointValue( name="High", key="H", description="There is a total loss of confidentiality, resulting in all resources within the Subsequent System " diff --git a/src/ssvc/decision_points/cvss/subsequent_integrity_impact.py b/src/ssvc/decision_points/cvss/subsequent_integrity_impact.py index 4a2efbf5..ccb02300 100644 --- a/src/ssvc/decision_points/cvss/subsequent_integrity_impact.py +++ b/src/ssvc/decision_points/cvss/subsequent_integrity_impact.py @@ -15,11 +15,11 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -SI_HIGH = SsvcDecisionPointValue( +SI_HIGH = DecisionPointValue( name="High", key="H", description="There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able " @@ -28,7 +28,7 @@ "System.", ) -SI_LOW = SsvcDecisionPointValue( +SI_LOW = DecisionPointValue( name="Low", key="L", description="Modification of data is possible, but the attacker does not have control over the consequence of a " @@ -36,7 +36,7 @@ "serious impact to the Subsequent System.", ) -SI_NONE = SsvcDecisionPointValue( +SI_NONE = DecisionPointValue( name="None", key="N", description="There is no loss of integrity within the Subsequent System or all integrity impact is constrained to " diff --git a/src/ssvc/decision_points/cvss/supplemental/automatable.py b/src/ssvc/decision_points/cvss/supplemental/automatable.py index 38c1ffe2..a54bc0a4 100644 --- a/src/ssvc/decision_points/cvss/supplemental/automatable.py +++ b/src/ssvc/decision_points/cvss/supplemental/automatable.py @@ -15,18 +15,18 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss._not_defined import NOT_DEFINED_X from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -NO = SsvcDecisionPointValue( +NO = DecisionPointValue( name="No", key="N", description="Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for " "some reason. These steps are reconnaissance, weaponization, delivery, and exploitation.", ) -YES = SsvcDecisionPointValue( +YES = DecisionPointValue( name="Yes", key="Y", description="Attackers can reliably automate all 4 steps of the kill chain. These steps are " diff --git a/src/ssvc/decision_points/cvss/supplemental/provider_urgency.py b/src/ssvc/decision_points/cvss/supplemental/provider_urgency.py index 4aaeb452..af34df68 100644 --- a/src/ssvc/decision_points/cvss/supplemental/provider_urgency.py +++ b/src/ssvc/decision_points/cvss/supplemental/provider_urgency.py @@ -15,27 +15,27 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss._not_defined import NOT_DEFINED_X from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -RED = SsvcDecisionPointValue( +RED = DecisionPointValue( name="Red", key="R", description="Provider has assessed the impact of this vulnerability as having the highest urgency.", ) -AMBER = SsvcDecisionPointValue( +AMBER = DecisionPointValue( name="Amber", key="A", description="Provider has assessed the impact of this vulnerability as having a moderate urgency.", ) -GREEN = SsvcDecisionPointValue( +GREEN = DecisionPointValue( name="Green", key="G", description="Provider has assessed the impact of this vulnerability as having a reduced urgency.", ) -CLEAR = SsvcDecisionPointValue( +CLEAR = DecisionPointValue( name="Clear", key="C", description="Provider has assessed the impact of this vulnerability as having no urgency (Informational).", diff --git a/src/ssvc/decision_points/cvss/supplemental/recovery.py b/src/ssvc/decision_points/cvss/supplemental/recovery.py index 14ea6ef8..717c38da 100644 --- a/src/ssvc/decision_points/cvss/supplemental/recovery.py +++ b/src/ssvc/decision_points/cvss/supplemental/recovery.py @@ -15,23 +15,23 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss._not_defined import NOT_DEFINED_X from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -AUTOMATIC = SsvcDecisionPointValue( +AUTOMATIC = DecisionPointValue( name="Automatic", key="A", description="The system recovers services automatically after an attack has been performed.", ) -USER = SsvcDecisionPointValue( +USER = DecisionPointValue( name="User", key="U", description="The system requires manual intervention by the user to recover services, after an attack has " "been performed.", ) -IRRECOVERABLE = SsvcDecisionPointValue( +IRRECOVERABLE = DecisionPointValue( name="Irrecoverable", key="I", description="The system services are irrecoverable by the user, after an attack has been performed.", diff --git a/src/ssvc/decision_points/cvss/supplemental/safety.py b/src/ssvc/decision_points/cvss/supplemental/safety.py index 14152687..c9d0d106 100644 --- a/src/ssvc/decision_points/cvss/supplemental/safety.py +++ b/src/ssvc/decision_points/cvss/supplemental/safety.py @@ -16,18 +16,18 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss._not_defined import NOT_DEFINED_X from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -PRESENT = SsvcDecisionPointValue( +PRESENT = DecisionPointValue( name="Present", key="P", description="Consequences of the vulnerability meet definition of IEC 61508 consequence categories of " '"marginal," "critical," or "catastrophic."', ) -NEGLIGIBLE = SsvcDecisionPointValue( +NEGLIGIBLE = DecisionPointValue( name="Negligible", key="N", description="Consequences of the vulnerability meet definition of IEC 61508 consequence category " diff --git a/src/ssvc/decision_points/cvss/supplemental/value_density.py b/src/ssvc/decision_points/cvss/supplemental/value_density.py index 4e56c1dc..0372d0a9 100644 --- a/src/ssvc/decision_points/cvss/supplemental/value_density.py +++ b/src/ssvc/decision_points/cvss/supplemental/value_density.py @@ -15,18 +15,18 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss._not_defined import NOT_DEFINED_X from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -DIFFUSE = SsvcDecisionPointValue( +DIFFUSE = DecisionPointValue( name="Diffuse", key="D", description="The vulnerable system has limited resources. That is, the resources that the attacker will " "gain control over with a single exploitation event are relatively small.", ) -CONCENTRATED = SsvcDecisionPointValue( +CONCENTRATED = DecisionPointValue( name="Concentrated", key="C", description="The vulnerable system is rich in resources. Heuristically, such systems are often the direct " diff --git a/src/ssvc/decision_points/cvss/supplemental/vulnerability_response_effort.py b/src/ssvc/decision_points/cvss/supplemental/vulnerability_response_effort.py index d69077ee..8688f141 100644 --- a/src/ssvc/decision_points/cvss/supplemental/vulnerability_response_effort.py +++ b/src/ssvc/decision_points/cvss/supplemental/vulnerability_response_effort.py @@ -15,23 +15,23 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss._not_defined import NOT_DEFINED_X from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -LOW = SsvcDecisionPointValue( +LOW = DecisionPointValue( name="Low", key="L", description="The effort required to respond to a vulnerability is low/trivial.", ) -MODERATE = SsvcDecisionPointValue( +MODERATE = DecisionPointValue( name="Moderate", key="M", description="The actions required to respond to a vulnerability require some effort on behalf of the " "consumer and could cause minimal service impact to implement.", ) -HIGH = SsvcDecisionPointValue( +HIGH = DecisionPointValue( name="High", key="H", description="The actions required to respond to a vulnerability are significant and/or difficult, and may " diff --git a/src/ssvc/decision_points/cvss/target_distribution.py b/src/ssvc/decision_points/cvss/target_distribution.py index 2f408e67..981cfadf 100644 --- a/src/ssvc/decision_points/cvss/target_distribution.py +++ b/src/ssvc/decision_points/cvss/target_distribution.py @@ -16,34 +16,34 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss._not_defined import NOT_DEFINED_X from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_HIGH = SsvcDecisionPointValue( +_HIGH = DecisionPointValue( name="High", key="H", description="Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total " "environment is considered at risk.", ) -_MEDIUM = SsvcDecisionPointValue( +_MEDIUM = DecisionPointValue( name="Medium", key="M", description="Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total " "environment is at risk.", ) -_LOW = SsvcDecisionPointValue( +_LOW = DecisionPointValue( name="Low", key="L", description="Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total " "environment is at risk.", ) -_TD_NONE = SsvcDecisionPointValue( +_TD_NONE = DecisionPointValue( name="None", key="N", description="No target systems exist, or targets are so highly specialized that they only exist in a laboratory " diff --git a/src/ssvc/decision_points/cvss/user_interaction.py b/src/ssvc/decision_points/cvss/user_interaction.py index 02e75941..23a22fb5 100644 --- a/src/ssvc/decision_points/cvss/user_interaction.py +++ b/src/ssvc/decision_points/cvss/user_interaction.py @@ -16,18 +16,18 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_REQUIRED = SsvcDecisionPointValue( +_REQUIRED = DecisionPointValue( name="Required", key="R", description="Successful exploitation of this vulnerability requires a user to take some action before the " "vulnerability can be exploited.", ) -_UI_NONE = SsvcDecisionPointValue( +_UI_NONE = DecisionPointValue( name="None", key="N", description="The vulnerable system can be exploited without interaction from any user.", @@ -49,14 +49,14 @@ Defines None and Required values for CVSS User Interaction. """ -_UI_NONE_2 = SsvcDecisionPointValue( +_UI_NONE_2 = DecisionPointValue( name="None", key="N", description="The vulnerable system can be exploited without interaction from any human user, other than the " "attacker.", ) -_PASSIVE = SsvcDecisionPointValue( +_PASSIVE = DecisionPointValue( name="Passive", key="P", description="Successful exploitation of this vulnerability requires limited interaction by the targeted user with " @@ -64,7 +64,7 @@ "and do not require that the user actively subvert protections built into the vulnerable system.", ) -_ACTIVE = SsvcDecisionPointValue( +_ACTIVE = DecisionPointValue( name="Active", key="A", description="Successful exploitation of this vulnerability requires a targeted user to perform specific, " diff --git a/src/ssvc/decision_points/exploitation.py b/src/ssvc/decision_points/exploitation.py index bb1a2a52..a8d0fc73 100644 --- a/src/ssvc/decision_points/exploitation.py +++ b/src/ssvc/decision_points/exploitation.py @@ -15,17 +15,18 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -ACTIVE = SsvcDecisionPointValue( +ACTIVE = DecisionPointValue( name="Active", key="A", description="Shared, observable, reliable evidence that the exploit is being" " used in the wild by real attackers; there is credible public reporting.", ) -POC_1 = SsvcDecisionPointValue( +POC_1 = DecisionPointValue( name="PoC", key="P", description="One of the following cases is true: (1) private evidence of exploitation is attested but not shared; " @@ -33,13 +34,13 @@ " or ExploitDB; or (4) the vulnerability has a well-known method of exploitation.", ) -POC_2 = SsvcDecisionPointValue( +POC_2 = DecisionPointValue( name="Public PoC", key="P", description="One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation.", ) -EXP_NONE = SsvcDecisionPointValue( +EXP_NONE = DecisionPointValue( name="None", key="N", description="There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability.", diff --git a/src/ssvc/decision_points/helpers.py b/src/ssvc/decision_points/helpers.py index 111ec8e1..15949dee 100644 --- a/src/ssvc/decision_points/helpers.py +++ b/src/ssvc/decision_points/helpers.py @@ -20,10 +20,10 @@ import semver -from ssvc.decision_points import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPoint -def dp_diff(dp1: SsvcDecisionPoint, dp2: SsvcDecisionPoint) -> list[str]: +def dp_diff(dp1: DecisionPoint, dp2: DecisionPoint) -> list[str]: """ Compares two decision points and returns a list of differences. @@ -212,7 +212,7 @@ def dp_diff(dp1: SsvcDecisionPoint, dp2: SsvcDecisionPoint) -> list[str]: return diffs -def show_diffs(versions: Sequence[SsvcDecisionPoint]) -> None: +def show_diffs(versions: Sequence[DecisionPoint]) -> None: if len(versions) < 2: print("Not enough versions to compare") return @@ -223,7 +223,7 @@ def show_diffs(versions: Sequence[SsvcDecisionPoint]) -> None: print() -def print_versions_and_diffs(versions: Sequence[SsvcDecisionPoint]) -> None: +def print_versions_and_diffs(versions: Sequence[DecisionPoint]) -> None: """ Prints the json representation of each version and then shows the diffs between each version. diff --git a/src/ssvc/decision_points/high_value_asset.py b/src/ssvc/decision_points/high_value_asset.py index 35d2c9d4..33b19790 100644 --- a/src/ssvc/decision_points/high_value_asset.py +++ b/src/ssvc/decision_points/high_value_asset.py @@ -16,16 +16,17 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint -YES = SsvcDecisionPointValue( +YES = DecisionPointValue( name="Yes", key="Y", description="System meets a high value asset definition.", ) -NO = SsvcDecisionPointValue( +NO = DecisionPointValue( name="No", key="N", description="System does not meet a high value asset definition.", diff --git a/src/ssvc/decision_points/human_impact.py b/src/ssvc/decision_points/human_impact.py index ac2deac0..dbdab943 100644 --- a/src/ssvc/decision_points/human_impact.py +++ b/src/ssvc/decision_points/human_impact.py @@ -16,65 +16,66 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -LOW_1 = SsvcDecisionPointValue( +LOW_1 = DecisionPointValue( name="Low", key="L", description="Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal", ) -LOW_2 = SsvcDecisionPointValue( +LOW_2 = DecisionPointValue( name="Low", key="L", description="Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)", ) -LOW_3 = SsvcDecisionPointValue( +LOW_3 = DecisionPointValue( name="Low", key="L", description="Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)", ) -MEDIUM_1 = SsvcDecisionPointValue( +MEDIUM_1 = DecisionPointValue( name="Medium", key="M", description="Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)", ) -MEDIUM_2 = SsvcDecisionPointValue( +MEDIUM_2 = DecisionPointValue( name="Medium", key="M", description="(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))", ) -MEDIUM_3 = SsvcDecisionPointValue( +MEDIUM_3 = DecisionPointValue( name="Medium", key="M", description="(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))", ) -HIGH_1 = SsvcDecisionPointValue( +HIGH_1 = DecisionPointValue( name="High", key="H", description="Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)", ) -HIGH_2 = SsvcDecisionPointValue( +HIGH_2 = DecisionPointValue( name="High", key="H", description="(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)", ) -HIGH_3 = SsvcDecisionPointValue( +HIGH_3 = DecisionPointValue( name="High", key="H", description="(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)", ) -VERY_HIGH_1 = SsvcDecisionPointValue( +VERY_HIGH_1 = DecisionPointValue( name="Very High", key="VH", description="Safety Impact:Catastrophic OR Mission Impact:Mission Failure", diff --git a/src/ssvc/decision_points/in_kev.py b/src/ssvc/decision_points/in_kev.py index 31466aaa..66464e1a 100644 --- a/src/ssvc/decision_points/in_kev.py +++ b/src/ssvc/decision_points/in_kev.py @@ -15,16 +15,17 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint -YES = SsvcDecisionPointValue( +YES = DecisionPointValue( name="Yes", key="Y", description="Vulnerability is listed in KEV.", ) -NO = SsvcDecisionPointValue( +NO = DecisionPointValue( name="No", key="N", description="Vulnerability is not listed in KEV.", diff --git a/src/ssvc/decision_points/mission_impact.py b/src/ssvc/decision_points/mission_impact.py index d0a3a132..62ffe13e 100644 --- a/src/ssvc/decision_points/mission_impact.py +++ b/src/ssvc/decision_points/mission_impact.py @@ -17,40 +17,39 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -MISSION_FAILURE = SsvcDecisionPointValue( +MISSION_FAILURE = DecisionPointValue( name="Mission Failure", key="MF", description="Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails", ) -MEF_FAILURE = SsvcDecisionPointValue( +MEF_FAILURE = DecisionPointValue( name="MEF Failure", key="MEF", description="Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time", ) -MEF_CRIPPLED = SsvcDecisionPointValue( +MEF_CRIPPLED = DecisionPointValue( name="MEF Support Crippled", key="MSC", description="Activities that directly support essential functions are crippled; essential functions continue for a time", ) -MI_NED = SsvcDecisionPointValue( +MI_NED = DecisionPointValue( name="Non-Essential Degraded", key="NED", description="Degradation of non-essential functions; chronic degradation would eventually harm essential functions", ) -MI_NONE = SsvcDecisionPointValue( - name="None", key="N", description="Little to no impact" -) +MI_NONE = DecisionPointValue(name="None", key="N", description="Little to no impact") # combine MI_NONE and MI_NED into a single value -DEGRADED = SsvcDecisionPointValue( +DEGRADED = DecisionPointValue( name="Degraded", key="D", description="Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions", diff --git a/src/ssvc/decision_points/mission_prevalence.py b/src/ssvc/decision_points/mission_prevalence.py index 8bf55920..9a1cfab2 100644 --- a/src/ssvc/decision_points/mission_prevalence.py +++ b/src/ssvc/decision_points/mission_prevalence.py @@ -17,23 +17,23 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue, SsvcDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -MINIMAL = SsvcDecisionPointValue( +MINIMAL = DecisionPointValue( name="Minimal", key="M", description="Neither Support nor Essential apply. " "The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions.", ) -SUPPORT = SsvcDecisionPointValue( +SUPPORT = DecisionPointValue( name="Support", key="S", description="The vulnerable component only supports MEFs for two or more entities.", ) -ESSENTIAL = SsvcDecisionPointValue( +ESSENTIAL = DecisionPointValue( name="Essential", key="E", description="The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure.", diff --git a/src/ssvc/decision_points/public_safety_impact.py b/src/ssvc/decision_points/public_safety_impact.py index 54df0a8e..d2575532 100644 --- a/src/ssvc/decision_points/public_safety_impact.py +++ b/src/ssvc/decision_points/public_safety_impact.py @@ -17,16 +17,17 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -MINIMAL_1 = SsvcDecisionPointValue( +MINIMAL_1 = DecisionPointValue( name="Minimal", description="The effect is below the threshold for all aspects described in material. ", key="M", ) -MATERIAL = SsvcDecisionPointValue( +MATERIAL = DecisionPointValue( name="Material", description="Any one or more of these conditions hold. " "Physical harm: Does one or more of the following: " @@ -41,7 +42,7 @@ key="M", ) -IRREVERSIBLE = SsvcDecisionPointValue( +IRREVERSIBLE = DecisionPointValue( name="Irreversible", description="Any one or more of these conditions hold. " "Physical harm: One or both of the following are true: (a) Multiple fatalities are likely." @@ -54,23 +55,23 @@ key="I", ) -SIGNIFICANT = SsvcDecisionPointValue( +SIGNIFICANT = DecisionPointValue( name="Significant", description="Safety Impact:(Major OR Hazardous OR Catastrophic)", key="S", ) -MINIMAL_2 = SsvcDecisionPointValue( +MINIMAL_2 = DecisionPointValue( name="Minimal", description="Safety Impact:(None OR Minor)", key="M" ) -SIGNIFICANT_1 = SsvcDecisionPointValue( +SIGNIFICANT_1 = DecisionPointValue( name="Significant", description="Safety Impact:(Marginal OR Critical OR Catastrophic)", key="S", ) -MINIMAL_3 = SsvcDecisionPointValue( +MINIMAL_3 = DecisionPointValue( name="Minimal", description="Safety Impact:Negligible", key="M" ) diff --git a/src/ssvc/decision_points/public_value_added.py b/src/ssvc/decision_points/public_value_added.py index 87b4700a..412c2277 100644 --- a/src/ssvc/decision_points/public_value_added.py +++ b/src/ssvc/decision_points/public_value_added.py @@ -17,22 +17,23 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -LIMITED = SsvcDecisionPointValue( +LIMITED = DecisionPointValue( name="Limited", key="L", description="Minimal value added to the existing public information because existing information is already high quality and in multiple outlets.", ) -AMPLIATIVE = SsvcDecisionPointValue( +AMPLIATIVE = DecisionPointValue( name="Ampliative", key="A", description="Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc.", ) -PRECEDENCE = SsvcDecisionPointValue( +PRECEDENCE = DecisionPointValue( name="Precedence", key="P", description="The publication would be the first publicly available, or be coincident with the first publicly available.", diff --git a/src/ssvc/decision_points/report_credibility.py b/src/ssvc/decision_points/report_credibility.py index 1e4cf105..6aaddc03 100644 --- a/src/ssvc/decision_points/report_credibility.py +++ b/src/ssvc/decision_points/report_credibility.py @@ -17,16 +17,17 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -NOT_CREDIBLE = SsvcDecisionPointValue( +NOT_CREDIBLE = DecisionPointValue( name="Not Credible", key="NC", description="The report is not credible.", ) -CREDIBLE = SsvcDecisionPointValue( +CREDIBLE = DecisionPointValue( name="Credible", key="C", description="The report is credible.", diff --git a/src/ssvc/decision_points/report_public.py b/src/ssvc/decision_points/report_public.py index a072e185..3c308cb4 100644 --- a/src/ssvc/decision_points/report_public.py +++ b/src/ssvc/decision_points/report_public.py @@ -16,16 +16,17 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -YES = SsvcDecisionPointValue( +YES = DecisionPointValue( name="Yes", key="Y", description="A public report of the vulnerability exists.", ) -NO = SsvcDecisionPointValue( +NO = DecisionPointValue( name="No", key="N", description="No public report of the vulnerability exists.", diff --git a/src/ssvc/decision_points/safety_impact.py b/src/ssvc/decision_points/safety_impact.py index 5a5c16ae..72c90e3f 100644 --- a/src/ssvc/decision_points/safety_impact.py +++ b/src/ssvc/decision_points/safety_impact.py @@ -17,10 +17,11 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -CATASTROPHIC = SsvcDecisionPointValue( +CATASTROPHIC = DecisionPointValue( name="Catastrophic", key="C", description="Any one or more of these conditions hold. " @@ -32,7 +33,7 @@ "Psychological: N/A.", ) -HAZARDOUS = SsvcDecisionPointValue( +HAZARDOUS = DecisionPointValue( name="Hazardous", key="H", description="Any one or more of these conditions hold. " @@ -44,7 +45,7 @@ "Psychological: N/A.", ) -MAJOR = SsvcDecisionPointValue( +MAJOR = DecisionPointValue( name="Major", key="J", description="Any one or more of these conditions hold. " @@ -57,7 +58,7 @@ "Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people.", ) -MINOR = SsvcDecisionPointValue( +MINOR = DecisionPointValue( name="Minor", key="M", description="Any one or more of these conditions hold. " @@ -70,7 +71,7 @@ "Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons.", ) -SAF_NONE = SsvcDecisionPointValue( +SAF_NONE = DecisionPointValue( name="None", key="N", description="The effect is below the threshold for all aspects described in Minor.", @@ -79,7 +80,7 @@ ## Based on the IEC 61508 standard ## Catastrophic, Critical, Marginal, Negligible -CATASTROPHIC_2 = SsvcDecisionPointValue( +CATASTROPHIC_2 = DecisionPointValue( name="Catastrophic", key="C", description="Any one or more of these conditions hold.

" @@ -91,7 +92,7 @@ "- *Psychological*: N/A.", ) -CRITICAL = SsvcDecisionPointValue( +CRITICAL = DecisionPointValue( name="Critical", key="R", description="Any one or more of these conditions hold.

" @@ -103,7 +104,7 @@ "- *Psychological*: N/A.", ) -MARGINAL = SsvcDecisionPointValue( +MARGINAL = DecisionPointValue( name="Marginal", key="M", description="Any one or more of these conditions hold.

" @@ -116,7 +117,7 @@ "- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people.", ) -NEGLIGIBLE = SsvcDecisionPointValue( +NEGLIGIBLE = DecisionPointValue( name="Negligible", key="N", description="Any one or more of these conditions hold.

" diff --git a/src/ssvc/decision_points/ssvc_/__init__.py b/src/ssvc/decision_points/ssvc_/__init__.py new file mode 100644 index 00000000..3fa844ad --- /dev/null +++ b/src/ssvc/decision_points/ssvc_/__init__.py @@ -0,0 +1,15 @@ +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +""" +This package contains SSVC decision points belonging to the `ssvc` namespace. +""" diff --git a/src/ssvc/decision_points/ssvc_/base.py b/src/ssvc/decision_points/ssvc_/base.py new file mode 100644 index 00000000..e4fcf0f3 --- /dev/null +++ b/src/ssvc/decision_points/ssvc_/base.py @@ -0,0 +1,29 @@ +""" +Provides the base class for all decision points in the `ssvc` namespace. +""" + +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University + +from pydantic import BaseModel + +from ssvc.decision_points.base import DecisionPoint +from ssvc.namespaces import NameSpace + + +class SsvcDecisionPoint(DecisionPoint, BaseModel): + """ + Models a single decision point as a list of values. + """ + + namespace: str = NameSpace.SSVC diff --git a/src/ssvc/decision_points/supplier_cardinality.py b/src/ssvc/decision_points/supplier_cardinality.py index 934ebfdf..ba315933 100644 --- a/src/ssvc/decision_points/supplier_cardinality.py +++ b/src/ssvc/decision_points/supplier_cardinality.py @@ -16,16 +16,17 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -MULTIPLE = SsvcDecisionPointValue( +MULTIPLE = DecisionPointValue( name="Multiple", key="M", description="There are multiple suppliers of the vulnerable component.", ) -ONE = SsvcDecisionPointValue( +ONE = DecisionPointValue( name="One", key="O", description="There is only one supplier of the vulnerable component.", diff --git a/src/ssvc/decision_points/supplier_contacted.py b/src/ssvc/decision_points/supplier_contacted.py index f3586008..efe57631 100644 --- a/src/ssvc/decision_points/supplier_contacted.py +++ b/src/ssvc/decision_points/supplier_contacted.py @@ -15,16 +15,17 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -YES = SsvcDecisionPointValue( +YES = DecisionPointValue( name="Yes", key="Y", description="The supplier has been contacted.", ) -NO = SsvcDecisionPointValue( +NO = DecisionPointValue( name="No", key="N", description="The supplier has not been contacted.", diff --git a/src/ssvc/decision_points/supplier_engagement.py b/src/ssvc/decision_points/supplier_engagement.py index cb0aef24..163eaec3 100644 --- a/src/ssvc/decision_points/supplier_engagement.py +++ b/src/ssvc/decision_points/supplier_engagement.py @@ -17,16 +17,17 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -UNRESPONSIVE = SsvcDecisionPointValue( +UNRESPONSIVE = DecisionPointValue( name="Unresponsive", key="U", description="The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort.", ) -ACTIVE = SsvcDecisionPointValue( +ACTIVE = DecisionPointValue( name="Active", key="A", description="The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort.", diff --git a/src/ssvc/decision_points/supplier_involvement.py b/src/ssvc/decision_points/supplier_involvement.py index 823afd4d..5fb1f744 100644 --- a/src/ssvc/decision_points/supplier_involvement.py +++ b/src/ssvc/decision_points/supplier_involvement.py @@ -16,22 +16,23 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -UNCOOPERATIVE = SsvcDecisionPointValue( +UNCOOPERATIVE = DecisionPointValue( name="Uncooperative/Unresponsive", key="UU", description="The supplier has not responded, declined to generate a remediation, or no longer exists.", ) -COOPERATIVE = SsvcDecisionPointValue( +COOPERATIVE = DecisionPointValue( name="Cooperative", key="C", description="The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time.", ) -FIX_READY = SsvcDecisionPointValue( +FIX_READY = DecisionPointValue( name="Fix Ready", key="FR", description="The supplier has provided a patch or fix.", diff --git a/src/ssvc/decision_points/system_exposure.py b/src/ssvc/decision_points/system_exposure.py index 9f0c813a..e9e913ce 100644 --- a/src/ssvc/decision_points/system_exposure.py +++ b/src/ssvc/decision_points/system_exposure.py @@ -16,17 +16,18 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -EXP_UNAVOIDABLE = SsvcDecisionPointValue( +EXP_UNAVOIDABLE = DecisionPointValue( name="Unavoidable", key="U", description="Internet or another widely accessible network where access cannot plausibly be restricted or " "controlled (e.g., DNS servers, web servers, VOIP servers, email servers)", ) -EXP_CONTROLLED = SsvcDecisionPointValue( +EXP_CONTROLLED = DecisionPointValue( name="Controlled", key="C", description="Networked service with some access restrictions or mitigations already in place (whether locally or on the network). " @@ -37,7 +38,7 @@ "execute it, then exposure should be small.", ) -EXP_SMALL = SsvcDecisionPointValue( +EXP_SMALL = DecisionPointValue( name="Small", key="S", description="Local service or program; highly controlled network", @@ -57,7 +58,7 @@ ) # EXP_OPEN is just a rename of EXP_UNAVOIDABLE -EXP_OPEN = SsvcDecisionPointValue( +EXP_OPEN = DecisionPointValue( name="Open", key="O", description="Internet or another widely accessible network where access cannot plausibly be restricted or " diff --git a/src/ssvc/decision_points/technical_impact.py b/src/ssvc/decision_points/technical_impact.py index 3fa10eff..87d9a1dc 100644 --- a/src/ssvc/decision_points/technical_impact.py +++ b/src/ssvc/decision_points/technical_impact.py @@ -17,16 +17,17 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -TOTAL = SsvcDecisionPointValue( +TOTAL = DecisionPointValue( name="Total", key="T", description="The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability.", ) -PARTIAL = SsvcDecisionPointValue( +PARTIAL = DecisionPointValue( name="Partial", key="P", description="The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control.", diff --git a/src/ssvc/decision_points/utility.py b/src/ssvc/decision_points/utility.py index 10b43924..db3a6264 100644 --- a/src/ssvc/decision_points/utility.py +++ b/src/ssvc/decision_points/utility.py @@ -5,6 +5,7 @@ """ # Copyright (c) 2024-2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors # - see ContributionInstructions.md for information on how you can Contribute to this project # Stakeholder Specific Vulnerability Categorization (SSVC) is # licensed under a MIT (SEI)-style license, please see LICENSE.md distributed @@ -16,40 +17,41 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -SUPER_EFFECTIVE_2 = SsvcDecisionPointValue( +SUPER_EFFECTIVE_2 = DecisionPointValue( name="Super Effective", key="S", description="Automatable:Yes AND Value Density:Concentrated", ) -EFFICIENT_2 = SsvcDecisionPointValue( +EFFICIENT_2 = DecisionPointValue( name="Efficient", key="E", description="(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)", ) -LABORIOUS_2 = SsvcDecisionPointValue( +LABORIOUS_2 = DecisionPointValue( name="Laborious", key="L", description="Automatable:No AND Value Density:Diffuse", ) -SUPER_EFFECTIVE = SsvcDecisionPointValue( +SUPER_EFFECTIVE = DecisionPointValue( name="Super Effective", key="S", description="Virulence:Rapid and Value Density:Concentrated", ) -EFFICIENT = SsvcDecisionPointValue( +EFFICIENT = DecisionPointValue( name="Efficient", key="E", description="Virulence:Rapid and Value Density:Diffuse OR Virulence:Slow and Value Density:Concentrated", ) -LABORIOUS = SsvcDecisionPointValue( +LABORIOUS = DecisionPointValue( name="Laborious", key="L", description="Virulence:Slow and Value Density:Diffuse", diff --git a/src/ssvc/decision_points/value_density.py b/src/ssvc/decision_points/value_density.py index 81b9fd14..2c8b10ad 100644 --- a/src/ssvc/decision_points/value_density.py +++ b/src/ssvc/decision_points/value_density.py @@ -16,16 +16,17 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -CONCENTRATED = SsvcDecisionPointValue( +CONCENTRATED = DecisionPointValue( name="Concentrated", key="C", description="The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users.", ) -DIFFUSE = SsvcDecisionPointValue( +DIFFUSE = DecisionPointValue( name="Diffuse", key="D", description="The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small.", diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index 5073ebb4..838a5f99 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -22,9 +22,9 @@ import pandas as pd from pydantic import BaseModel, model_validator -from ssvc._mixins import _Base, _Commented, _Namespaced, _Versioned +from ssvc._mixins import _Base, _Commented, _Namespaced, _SchemaVersioned from ssvc.csv_analyzer import check_topological_order -from ssvc.decision_points import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue, SsvcDecisionPoint from ssvc.dp_groups.base import SsvcDecisionPointGroup from ssvc.outcomes.base import OutcomeGroup, OutcomeValue from ssvc.policy_generator import PolicyGenerator @@ -41,7 +41,7 @@ def name_to_key(name: str) -> str: return new_name -class DecisionTable(_Versioned, _Namespaced, _Base, _Commented, BaseModel): +class DecisionTable(_SchemaVersioned, _Namespaced, _Base, _Commented, BaseModel): """ The DecisionTable class is a model for decisions in SSVC. @@ -54,7 +54,8 @@ class DecisionTable(_Versioned, _Namespaced, _Base, _Commented, BaseModel): decision_point_group: SsvcDecisionPointGroup outcome_group: OutcomeGroup - mapping: list = None + mapping: list[dict[str, str]] = None + _df: pd.DataFrame = None @property @@ -82,7 +83,7 @@ def dp_lookup(self) -> dict[str, SsvcDecisionPoint]: } @property - def dp_value_lookup(self) -> dict[str, dict[str, SsvcDecisionPointValue]]: + def dp_value_lookup(self) -> dict[str, dict[str, DecisionPointValue]]: """ Return a lookup table for decision point values. Returns: @@ -145,7 +146,7 @@ def as_df(self) -> pd.DataFrame: """ Convert the mapping to a pandas DataFrame. """ - return self.generate_df() + raise NotImplementedError # stub for validating mapping def generate_df(self) -> pd.DataFrame: @@ -160,33 +161,29 @@ def generate_df(self) -> pd.DataFrame: return df - def table_to_mapping(self, df: pd.DataFrame) -> list[tuple[str, ...]]: + def table_to_mapping(self, df: pd.DataFrame) -> list[dict[str, str]]: # copy dataframe df = pd.DataFrame(df) + columns = [dp.key for dp in self.decision_point_group.decision_points] + columns.append(self.outcome_group.key) - columns = [name_to_key(col) for col in df.columns] df.columns = columns data = [] - for index, row in df.iterrows(): - row_data = [] + for _, row in df.iterrows(): + row_data = {} + outcome_value = None for column in columns: - value = None - ovalue = None - value_name = name_to_key(row[column]) + value_name = row[column] try: value = self.dp_value_lookup[column][value_name] + row_data[column] = value.key except KeyError: - ovalue = self.outcome_lookup[value_name] - - if value is not None: - row_data.append(value.key) - - if ovalue is None: + outcome_value = self.outcome_lookup[value_name] + if outcome_value is None: raise ValueError("Outcome value not found") - row_data = tuple(row_data) - t = tuple([row_data, ovalue.key]) - data.append(t) + row_data["outcome"] = outcome_value.key + data.append(row_data) return data @@ -202,16 +199,17 @@ def main(): logger.setLevel(logging.DEBUG) logger.addHandler(logging.StreamHandler()) - dfw = DecisionTable( + dt = DecisionTable( name="Example Prioritization Framework", description="The description for an Example Prioritization Framework", + namespace="x_test", version="1.0.0", decision_point_group=dpg, outcome_group=og, ) - print(dfw.model_dump_json(indent=2)) + print(dt.model_dump_json(indent=2)) - print(dfw._df) + print(dt._df) if __name__ == "__main__": diff --git a/src/ssvc/doc_helpers.py b/src/ssvc/doc_helpers.py index 16a48bc8..9035db1a 100644 --- a/src/ssvc/doc_helpers.py +++ b/src/ssvc/doc_helpers.py @@ -17,7 +17,7 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import SsvcDecisionPoint +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint MD_TABLE_ROW_TEMPLATE = "| {value.name} | {value.description} |" diff --git a/src/ssvc/doctools.py b/src/ssvc/doctools.py index 59c4b2b5..f16323c6 100644 --- a/src/ssvc/doctools.py +++ b/src/ssvc/doctools.py @@ -33,9 +33,9 @@ import ssvc.dp_groups.cvss.collections # noqa import ssvc.dp_groups.ssvc.collections # noqa +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import ( REGISTERED_DECISION_POINTS, - SsvcDecisionPoint, ) logger = logging.getLogger(__name__) diff --git a/src/ssvc/dp_groups/base.py b/src/ssvc/dp_groups/base.py index a2546635..e43bd063 100644 --- a/src/ssvc/dp_groups/base.py +++ b/src/ssvc/dp_groups/base.py @@ -22,16 +22,19 @@ from pydantic import BaseModel -from ssvc._mixins import _Base, _Versioned -from ssvc.decision_points.base import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc._mixins import _Base, _SchemaVersioned +from ssvc.decision_points.base import ( + DecisionPoint, ValueSummary, +) +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint -class SsvcDecisionPointGroup(_Base, _Versioned, BaseModel): +class SsvcDecisionPointGroup(_Base, _SchemaVersioned, BaseModel): """ Models a group of decision points. """ - decision_points: tuple[SsvcDecisionPoint, ...] + decision_points: tuple[DecisionPoint, ...] def __iter__(self): """ @@ -47,29 +50,27 @@ def __len__(self): l = len(dplist) return l - def combinations( - self, - ) -> Generator[tuple[SsvcDecisionPointValue, ...], None, None]: - # Generator[yield_type, send_type, return_type] - """ - Produce all possible combinations of decision point values in the group. - """ - # for each decision point, get the values - # then take the product of all the values - # and yield each combination - values_list: list[list[SsvcDecisionPointValue]] = [ - dp.values for dp in self.decision_points - ] - for combination in product(*values_list): + def combination_summaries(self) -> Generator[tuple[ValueSummary, ...], None, None]: + # get the value summaries for each decision point + value_summaries = [dp.value_summaries for dp in self.decision_points] + + for combination in product(*value_summaries): yield combination - def combo_strings(self) -> Generator[tuple[str, ...], None, None]: + def combination_strings(self) -> Generator[tuple[str, ...], None, None]: """ Produce all possible combinations of decision point values in the group as strings. """ - for combo in self.combinations(): + for combo in self.combination_summaries(): yield tuple(str(v) for v in combo) + def combination_dicts(self): + """ + Produce all possible combinations of decision point values in the group as a dictionary. + """ + for combo in self.combination_summaries(): + yield tuple(v.model_dump() for v in combo) + def get_all_decision_points_from( *groups: list[SsvcDecisionPointGroup], diff --git a/src/ssvc/outcomes/base.py b/src/ssvc/outcomes/base.py index f4316359..fabc5aca 100644 --- a/src/ssvc/outcomes/base.py +++ b/src/ssvc/outcomes/base.py @@ -17,7 +17,7 @@ from pydantic import BaseModel -from ssvc._mixins import _Base, _Keyed, _Valued, _Versioned +from ssvc._mixins import _Base, _Keyed, _SchemaVersioned, _Valued class OutcomeValue(_Base, _Keyed, BaseModel): @@ -26,7 +26,7 @@ class OutcomeValue(_Base, _Keyed, BaseModel): """ -class OutcomeGroup(_Valued, _Base, _Keyed, _Versioned, BaseModel): +class OutcomeGroup(_Valued, _Base, _Keyed, _SchemaVersioned, BaseModel): """ Models an outcome group. """ diff --git a/src/test/test_cvss_helpers.py b/src/test/test_cvss_helpers.py index 3101efff..4c15d04f 100644 --- a/src/test/test_cvss_helpers.py +++ b/src/test/test_cvss_helpers.py @@ -14,7 +14,7 @@ import unittest import ssvc.decision_points.cvss.helpers as h -from ssvc.decision_points import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint @@ -27,17 +27,17 @@ def fake_ms_impacts() -> list[CvssDecisionPoint]: version="1.0.0", key=key, values=( - SsvcDecisionPointValue( + DecisionPointValue( name="None", key="N", description="No impact", ), - SsvcDecisionPointValue( + DecisionPointValue( name="Low", key="L", description="Low impact", ), - SsvcDecisionPointValue( + DecisionPointValue( name="High", key="H", description="High impact", @@ -58,12 +58,12 @@ def setUp(self) -> None: version="1.0", key=f"TDP{i}", values=( - SsvcDecisionPointValue( + DecisionPointValue( name=f"yes_{i}", description=f"yes_{i}", key=f"Y{i}", ), - SsvcDecisionPointValue( + DecisionPointValue( name=f"no_{i}", description=f"no_{i}", key=f"N{i}", diff --git a/src/test/test_decision_table.py b/src/test/test_decision_table.py index f22eb4a1..841be8eb 100644 --- a/src/test/test_decision_table.py +++ b/src/test/test_decision_table.py @@ -16,6 +16,7 @@ import pandas as pd +import ssvc.decision_points.ssvc_.base from ssvc.decision_tables import base from ssvc.decision_tables.base import name_to_key from ssvc.dp_groups.base import SsvcDecisionPointGroup @@ -31,14 +32,14 @@ def setUp(self): for i in range(3): dpvs = [] for j in range(3): - dpv = base.SsvcDecisionPointValue( + dpv = base.DecisionPointValue( name=f"Value {i}{j}", key=f"DP{i}V{j}", description=f"Decision Point {i} Value {j} Description", ) dpvs.append(dpv) - dp = base.SsvcDecisionPoint( + dp = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( name=f"Decision Point {i}", key=f"DP{i}", description=f"Decision Point {i} Description", @@ -138,7 +139,7 @@ def test_validate_mapping(self): with self.subTest("problems"): # set one of the outcomes out of order - self.dt._df.iloc[0, -1] = "ov2" + self.dt._df.iloc[0, -1] = self.og.values[-1].name with self.assertRaises(ValueError): self.dt.validate_mapping() diff --git a/src/test/test_doc_helpers.py b/src/test/test_doc_helpers.py index fbbb7f45..380244af 100644 --- a/src/test/test_doc_helpers.py +++ b/src/test/test_doc_helpers.py @@ -13,21 +13,21 @@ import unittest -from ssvc.decision_points import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPoint, DecisionPointValue from ssvc.doc_helpers import example_block, markdown_table class MyTestCase(unittest.TestCase): def setUp(self): - self.dp = SsvcDecisionPoint( + self.dp = DecisionPoint( namespace="x_test", name="test name", description="test description", key="TK", version="1.0.0", values=( - SsvcDecisionPointValue(name="A", key="A", description="A Definition"), - SsvcDecisionPointValue(name="B", key="B", description="B Definition"), + DecisionPointValue(name="A", key="A", description="A Definition"), + DecisionPointValue(name="B", key="B", description="B Definition"), ), ) diff --git a/src/test/test_doctools.py b/src/test/test_doctools.py index 70fba2f9..33e2924b 100644 --- a/src/test/test_doctools.py +++ b/src/test/test_doctools.py @@ -16,7 +16,6 @@ import tempfile import unittest -from ssvc.decision_points import SsvcDecisionPoint from ssvc.doctools import ( EnsureDirExists, _filename_friendly, diff --git a/src/test/test_dp_base.py b/src/test/test_dp_base.py index 09412802..79da6013 100644 --- a/src/test/test_dp_base.py +++ b/src/test/test_dp_base.py @@ -14,6 +14,7 @@ import unittest import ssvc.decision_points.base as base +import ssvc.decision_points.ssvc_.base class MyTestCase(unittest.TestCase): @@ -24,12 +25,12 @@ def setUp(self) -> None: self.values = [] for i in range(3): self.values.append( - base.SsvcDecisionPointValue( + base.DecisionPointValue( name=f"foo{i}", key=f"bar{i}", description=f"baz{i}" ) ) - self.dp = base.SsvcDecisionPoint( + self.dp = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( name="foo", key="bar", description="baz", @@ -54,7 +55,7 @@ def test_registry(self): # just by creating the objects, they should be registered self.assertIn(self.dp, base.REGISTERED_DECISION_POINTS) - dp2 = base.SsvcDecisionPoint( + dp2 = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( name="asdfad", key="asdfasdf", description="asdfasdf", @@ -67,7 +68,7 @@ def test_registry(self): # just by creating the objects, they should be registered self.assertIn(self.dp, base.REGISTERED_DECISION_POINTS) - dp2 = base.SsvcDecisionPoint( + dp2 = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( name="asdfad", key="asdfasdf", description="asdfasdf", @@ -101,30 +102,13 @@ def test_ssvc_decision_point(self): self.assertEqual(obj.namespace, "x_test") self.assertEqual(len(self.values), len(obj.values)) - def test_ssvc_decision_point_value_dict(self): - obj = self.dp - # should have values_dict - self.assertTrue(hasattr(obj, "value_dict")) - self.assertEqual(len(obj.value_dict), len(self.values)) - # keys of value dict should be namespace:key:value.key - for value in self.values: - key = f"{obj.namespace}:{obj.key}:{value.key}" - self.assertIn(key, obj.value_dict) - self.assertEqual(obj.value_dict[key], value) - - # values_dict should NOT appear in serialization - # not in the data structure - self.assertNotIn("value_dict", obj.model_dump()) - # not in the json - self.assertNotIn("value_dict", obj.model_dump_json()) - def test_ssvc_value_json_roundtrip(self): for i, obj in enumerate(self.values): json = obj.model_dump_json() self.assertIsInstance(json, str) self.assertGreater(len(json), 0) - obj2 = base.SsvcDecisionPointValue.model_validate_json(json) + obj2 = base.DecisionPointValue.model_validate_json(json) self.assertEqual(obj, obj2) def test_ssvc_decision_point_json_roundtrip(self): @@ -134,7 +118,9 @@ def test_ssvc_decision_point_json_roundtrip(self): self.assertIsInstance(json, str) self.assertGreater(len(json), 0) - obj2 = base.SsvcDecisionPoint.model_validate_json(json) + obj2 = ssvc.decision_points.ssvc.base.SsvcDecisionPoint.model_validate_json( + json + ) # the objects should be equal self.assertEqual(obj, obj2) diff --git a/src/test/test_dp_groups.py b/src/test/test_dp_groups.py index 46fec87f..a02ef25e 100644 --- a/src/test/test_dp_groups.py +++ b/src/test/test_dp_groups.py @@ -13,23 +13,24 @@ import unittest +import ssvc.decision_points.ssvc_.base import ssvc.dp_groups.base as dpg -from ssvc.decision_points import SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPointValue class MyTestCase(unittest.TestCase): def setUp(self) -> None: self.dps = [] for i in range(10): - dp = dpg.SsvcDecisionPoint( + dp = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( name=f"Decision Point {i}", key=f"DP_{i}", description=f"Description of Decision Point {i}", version="1.0.0", values=( - SsvcDecisionPointValue(name="foo", key="FOO", description="foo"), - SsvcDecisionPointValue(name="bar", key="BAR", description="bar"), - SsvcDecisionPointValue(name="baz", key="BAZ", description="baz"), + DecisionPointValue(name="foo", key="FOO", description="foo"), + DecisionPointValue(name="bar", key="BAR", description="bar"), + DecisionPointValue(name="baz", key="BAZ", description="baz"), ), ) self.dps.append(dp) @@ -63,43 +64,6 @@ def test_len(self): self.assertEqual(len(self.dps), len(list(g.decision_points))) self.assertEqual(len(self.dps), len(g)) - def test_combinations(self): - # add them to a decision point group - g = dpg.SsvcDecisionPointGroup( - name="Test Group", - description="Test Group", - decision_points=self.dps, - ) - - # get all the combinations - combos = list(g.combinations()) - - # assert that the number of combinations is the product of the number of values - # for each decision point - n_combos = 1 - for dp in self.dps: - n_combos *= len(dp.values) - self.assertEqual(n_combos, len(combos)) - - # assert that each combination is a tuple - for combo in combos: - self.assertIsInstance(combo, tuple) - # assert that each value in the combination is a decision point value - for value in combo: - self.assertIsInstance(value, SsvcDecisionPointValue) - - # foo, bar, and baz should be in each combination to some degree - foo_count = sum(1 for v in combo if v.name == "foo") - bar_count = sum(1 for v in combo if v.name == "bar") - baz_count = sum(1 for v in combo if v.name == "baz") - for count in (foo_count, bar_count, baz_count): - # each count should be greater than or equal to 0 - self.assertGreaterEqual(count, 0) - # the total count of foo, bar, and baz should be the same as the length of the combination - # indicating that no other values are present - total = sum((foo_count, bar_count, baz_count)) - self.assertEqual(len(combo), total) - def test_combo_strings(self): # add them to a decision point group g = dpg.SsvcDecisionPointGroup( @@ -109,7 +73,7 @@ def test_combo_strings(self): ) # get all the combinations - combos = list(g.combo_strings()) + combos = list(g.combination_strings()) # assert that the number of combinations is the product of the number of values # for each decision point @@ -126,12 +90,14 @@ def test_combo_strings(self): for value in combo: self.assertIsInstance(value, str) # foo, bar, and baz should be in each combination to some degree - foo_count = sum(1 for v in combo if v == "foo") - bar_count = sum(1 for v in combo if v == "bar") - baz_count = sum(1 for v in combo if v == "baz") + foo_count = sum(1 for v in combo if v.endswith("FOO")) + bar_count = sum(1 for v in combo if v.endswith("BAR")) + baz_count = sum(1 for v in combo if v.endswith("BAZ")) for count in (foo_count, bar_count, baz_count): # each count should be greater than or equal to 0 self.assertGreaterEqual(count, 0) + # each count should be less than or equal to the length of the combination + self.assertLessEqual(count, len(combo)) # the total count of foo, bar, and baz should be the same as the length of the combination # indicating that no other values are present total = sum((foo_count, bar_count, baz_count)) diff --git a/src/test/test_dp_helpers.py b/src/test/test_dp_helpers.py index 3502419c..d62811f2 100644 --- a/src/test/test_dp_helpers.py +++ b/src/test/test_dp_helpers.py @@ -14,24 +14,24 @@ import unittest from copy import deepcopy -from ssvc.decision_points import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPoint, DecisionPointValue from ssvc.decision_points.helpers import dp_diff class MyTestCase(unittest.TestCase): def setUp(self) -> None: - self.dp1 = SsvcDecisionPoint( + self.dp1 = DecisionPoint( name="Test DP", key="test_dp", description="This is a test decision point", version="1.0.0", values=[ - SsvcDecisionPointValue( + DecisionPointValue( name="Yes", key="yes", description="Yes", ), - SsvcDecisionPointValue( + DecisionPointValue( name="No", key="no", description="No", @@ -89,7 +89,7 @@ def test_major_version(self): # add one self.dp2.values = list(self.dp1.values) self.dp2.values.append( - SsvcDecisionPointValue( + DecisionPointValue( name="Maybe", key="maybe", description="Maybe", @@ -107,7 +107,7 @@ def test_minor_version_when_new_option_added(self): # add one self.dp2.values = list(self.dp1.values) self.dp2.values.append( - SsvcDecisionPointValue( + DecisionPointValue( name="Maybe", key="maybe", description="Maybe", diff --git a/src/test/test_policy_generator.py b/src/test/test_policy_generator.py index 12233c91..2be16f7b 100644 --- a/src/test/test_policy_generator.py +++ b/src/test/test_policy_generator.py @@ -18,7 +18,7 @@ import networkx as nx import pandas as pd -from ssvc.decision_points import SsvcDecisionPoint, SsvcDecisionPointValue +from ssvc.decision_points.base import DecisionPoint, DecisionPointValue from ssvc.dp_groups.base import SsvcDecisionPointGroup from ssvc.outcomes.base import OutcomeGroup, OutcomeValue from ssvc.policy_generator import PolicyGenerator @@ -40,12 +40,12 @@ def setUp(self) -> None: name="test", description="test", decision_points=[ - SsvcDecisionPoint( + DecisionPoint( name=c, description=c, key=c, values=[ - SsvcDecisionPointValue(name=v, key=v, description=v) + DecisionPointValue(name=v, key=v, description=v) for v in self.dp_values ], ) From 12df1bc35ddd9443e793eff7997043e3ef5bce2b Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 21 Mar 2025 16:25:54 -0400 Subject: [PATCH 056/468] move ssvc decision points into namespace-based directory --- docs/howto/coordination_triage_decision.md | 14 +- docs/howto/deployer_tree.md | 10 +- docs/howto/publication_decision.md | 6 +- docs/howto/supplier_tree.md | 8 +- docs/reference/decision_points/automatable.md | 4 +- .../reference/decision_points/exploitation.md | 4 +- .../reference/decision_points/human_impact.md | 4 +- .../decision_points/mission_impact.md | 4 +- .../decision_points/public_safety_impact.md | 4 +- .../decision_points/public_value_added.md | 2 +- .../decision_points/report_credibility.md | 2 +- .../decision_points/report_public.md | 2 +- .../decision_points/safety_impact.md | 4 +- .../decision_points/supplier_cardinality.md | 2 +- .../decision_points/supplier_contacted.md | 2 +- .../decision_points/supplier_engagement.md | 2 +- .../decision_points/supplier_involvement.md | 2 +- .../decision_points/system_exposure.md | 4 +- .../decision_points/technical_impact.md | 2 +- docs/reference/decision_points/utility.md | 4 +- .../decision_points/value_density.md | 2 +- src/exploratory.ipynb | 165 ++++++++++++++++++ .../{ => ssvc_}/automatable.py | 0 .../{ => ssvc_}/critical_software.py | 0 .../{ => ssvc_}/exploitation.py | 0 .../{ => ssvc_}/high_value_asset.py | 0 .../{ => ssvc_}/human_impact.py | 0 .../decision_points/{ => ssvc_}/in_kev.py | 0 .../{ => ssvc_}/mission_impact.py | 0 .../{ => ssvc_}/mission_prevalence.py | 0 .../{ => ssvc_}/public_safety_impact.py | 0 .../{ => ssvc_}/public_value_added.py | 0 .../{ => ssvc_}/report_credibility.py | 0 .../{ => ssvc_}/report_public.py | 0 .../{ => ssvc_}/safety_impact.py | 0 .../{ => ssvc_}/supplier_cardinality.py | 0 .../{ => ssvc_}/supplier_contacted.py | 0 .../{ => ssvc_}/supplier_engagement.py | 0 .../{ => ssvc_}/supplier_involvement.py | 0 .../{ => ssvc_}/system_exposure.py | 0 .../{ => ssvc_}/technical_impact.py | 0 .../decision_points/{ => ssvc_}/utility.py | 0 .../{ => ssvc_}/value_density.py | 0 .../dp_groups/ssvc/coordinator_publication.py | 6 +- src/ssvc/dp_groups/ssvc/coordinator_triage.py | 21 ++- src/ssvc/dp_groups/ssvc/deployer.py | 16 +- src/ssvc/dp_groups/ssvc/supplier.py | 12 +- src/ssvc/policy_generator.py | 8 +- src/test/test_prioritization_framework.py | 6 +- src/test/test_schema.py | 8 +- 50 files changed, 246 insertions(+), 84 deletions(-) create mode 100644 src/exploratory.ipynb rename src/ssvc/decision_points/{ => ssvc_}/automatable.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/critical_software.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/exploitation.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/high_value_asset.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/human_impact.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/in_kev.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/mission_impact.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/mission_prevalence.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/public_safety_impact.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/public_value_added.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/report_credibility.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/report_public.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/safety_impact.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/supplier_cardinality.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/supplier_contacted.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/supplier_engagement.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/supplier_involvement.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/system_exposure.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/technical_impact.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/utility.py (100%) rename src/ssvc/decision_points/{ => ssvc_}/value_density.py (100%) diff --git a/docs/howto/coordination_triage_decision.md b/docs/howto/coordination_triage_decision.md index 6ad72cdc..240572d3 100644 --- a/docs/howto/coordination_triage_decision.md +++ b/docs/howto/coordination_triage_decision.md @@ -82,13 +82,13 @@ The remaining five decision points are: More detail about each of these decision points is provided at the links above, here we provide a brief summary of each. ```python exec="true" idprefix="" -from ssvc.decision_points.report_public import LATEST as RP -from ssvc.decision_points.supplier_contacted import LATEST as SC -from ssvc.decision_points.report_credibility import LATEST as RC -from ssvc.decision_points.supplier_cardinality import LATEST as SI -from ssvc.decision_points.supplier_engagement import LATEST as SE -from ssvc.decision_points.utility import LATEST as U -from ssvc.decision_points.public_safety_impact import LATEST as PSI +from ssvc.decision_points.ssvc_.report_public import LATEST as RP +from ssvc.decision_points.ssvc_.supplier_contacted import LATEST as SC +from ssvc.decision_points.ssvc_.report_credibility import LATEST as RC +from ssvc.decision_points.ssvc_.supplier_cardinality import LATEST as SI +from ssvc.decision_points.ssvc_.supplier_engagement import LATEST as SE +from ssvc.decision_points.ssvc_.utility import LATEST as U +from ssvc.decision_points.ssvc_.public_safety_impact import LATEST as PSI from ssvc.doc_helpers import example_block for dp in [RP, SC, RC, SI, SE, U, PSI]: diff --git a/docs/howto/deployer_tree.md b/docs/howto/deployer_tree.md index 961a475e..637b3888 100644 --- a/docs/howto/deployer_tree.md +++ b/docs/howto/deployer_tree.md @@ -113,14 +113,14 @@ The Deployer Patch Deployment Priority decision model uses the following decisio More detail about each of these decision points is provided at the links above, here we provide a brief summary of each. ```python exec="true" idprefix="" -from ssvc.decision_points.exploitation import LATEST as EXP -from ssvc.decision_points.system_exposure import LATEST as SE -from ssvc.decision_points.utility import LATEST as U -from ssvc.decision_points.human_impact import LATEST as HI +from ssvc.decision_points.ssvc_.exploitation import LATEST as EXP +from ssvc.decision_points.ssvc_.system_exposure import LATEST as SE +from ssvc.decision_points.ssvc_.utility import LATEST as U +from ssvc.decision_points.ssvc_.human_impact import LATEST as HI from ssvc.doc_helpers import example_block for dp in [EXP, SE, U, HI]: - print(example_block(dp)) + print(example_block(dp)) ``` In the *Human Impact* table above, *MEF* stands for Mission Essential Function. diff --git a/docs/howto/publication_decision.md b/docs/howto/publication_decision.md index 1673302a..e8090709 100644 --- a/docs/howto/publication_decision.md +++ b/docs/howto/publication_decision.md @@ -133,9 +133,9 @@ and adds two new ones ([*Supplier Involvement*](../reference/decision_points/sup More detail about each of these decision points is provided at the links above, here we provide a brief summary of each. ```python exec="true" idprefix="" -from ssvc.decision_points.supplier_involvement import LATEST as SI -from ssvc.decision_points.exploitation import LATEST as EXP -from ssvc.decision_points.public_value_added import LATEST as PVA +from ssvc.decision_points.ssvc_.supplier_involvement import LATEST as SI +from ssvc.decision_points.ssvc_.exploitation import LATEST as EXP +from ssvc.decision_points.ssvc_.public_value_added import LATEST as PVA from ssvc.doc_helpers import example_block diff --git a/docs/howto/supplier_tree.md b/docs/howto/supplier_tree.md index e714e907..aa12d0e6 100644 --- a/docs/howto/supplier_tree.md +++ b/docs/howto/supplier_tree.md @@ -72,10 +72,10 @@ The decision to create a patch is based on the following decision points: More detail about each of these decision points is provided at the links above, here we provide a brief summary of each. ```python exec="true" idprefix="" -from ssvc.decision_points.exploitation import LATEST as EXP -from ssvc.decision_points.utility import LATEST as U -from ssvc.decision_points.technical_impact import LATEST as TI -from ssvc.decision_points.public_safety_impact import LATEST as PSI +from ssvc.decision_points.ssvc_.exploitation import LATEST as EXP +from ssvc.decision_points.ssvc_.utility import LATEST as U +from ssvc.decision_points.ssvc_.technical_impact import LATEST as TI +from ssvc.decision_points.ssvc_.public_safety_impact import LATEST as PSI from ssvc.doc_helpers import example_block diff --git a/docs/reference/decision_points/automatable.md b/docs/reference/decision_points/automatable.md index 69259cfa..44ef71b1 100644 --- a/docs/reference/decision_points/automatable.md +++ b/docs/reference/decision_points/automatable.md @@ -1,7 +1,7 @@ # Automatable (SSVC) ```python exec="true" idprefix="" -from ssvc.decision_points.automatable import LATEST +from ssvc.decision_points.ssvc_.automatable import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -62,7 +62,7 @@ Due to vulnerability chaining, there is some nuance as to whether reconnaissance ## Prior Versions ```python exec="true" idprefix="" -from ssvc.decision_points.automatable import VERSIONS +from ssvc.decision_points.ssvc_.automatable import VERSIONS from ssvc.doc_helpers import prior_version, example_block versions = VERSIONS[:-1] diff --git a/docs/reference/decision_points/exploitation.md b/docs/reference/decision_points/exploitation.md index b4f93bb3..44fa49cb 100644 --- a/docs/reference/decision_points/exploitation.md +++ b/docs/reference/decision_points/exploitation.md @@ -1,7 +1,7 @@ # Exploitation ```python exec="true" idprefix="" -from ssvc.decision_points.exploitation import LATEST +from ssvc.decision_points.ssvc_.exploitation import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -49,7 +49,7 @@ The table below lists CWE-IDs that could be used to mark a vulnerability as *PoC ## Prior Versions ```python exec="true" idprefix="" -from ssvc.decision_points.exploitation import VERSIONS +from ssvc.decision_points.ssvc_.exploitation import VERSIONS from ssvc.doc_helpers import prior_version, example_block versions = VERSIONS[:-1] diff --git a/docs/reference/decision_points/human_impact.md b/docs/reference/decision_points/human_impact.md index 04057d11..dc802e9d 100644 --- a/docs/reference/decision_points/human_impact.md +++ b/docs/reference/decision_points/human_impact.md @@ -1,7 +1,7 @@ # Human Impact ```python exec="true" idprefix="" -from ssvc.decision_points.human_impact import LATEST +from ssvc.decision_points.ssvc_.human_impact import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -47,7 +47,7 @@ see [Guidance on Communicating Results](../../howto/bootstrap/use.md). ## Prior Versions ```python exec="true" idprefix="" -from ssvc.decision_points.human_impact import VERSIONS +from ssvc.decision_points.ssvc_.human_impact import VERSIONS from ssvc.doc_helpers import prior_version, example_block versions = VERSIONS[:-1] diff --git a/docs/reference/decision_points/mission_impact.md b/docs/reference/decision_points/mission_impact.md index f8b80503..617a0327 100644 --- a/docs/reference/decision_points/mission_impact.md +++ b/docs/reference/decision_points/mission_impact.md @@ -1,7 +1,7 @@ # Mission Impact ```python exec="true" idprefix="" -from ssvc.decision_points.mission_impact import LATEST +from ssvc.decision_points.ssvc_.mission_impact import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -42,7 +42,7 @@ It should require the vulnerability management team to interact with more senior ## Prior Versions ```python exec="true" idprefix="" -from ssvc.decision_points.mission_impact import VERSIONS +from ssvc.decision_points.ssvc_.mission_impact import VERSIONS from ssvc.doc_helpers import example_block versions = VERSIONS[:-1] diff --git a/docs/reference/decision_points/public_safety_impact.md b/docs/reference/decision_points/public_safety_impact.md index 44b774b0..4fc7df48 100644 --- a/docs/reference/decision_points/public_safety_impact.md +++ b/docs/reference/decision_points/public_safety_impact.md @@ -1,7 +1,7 @@ # Public Safety Impact ```python exec="true" idprefix="" -from ssvc.decision_points.public_safety_impact import LATEST +from ssvc.decision_points.ssvc_.public_safety_impact import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -21,7 +21,7 @@ Therefore we simplify the above into a binary categorization: ## Prior Versions ```python exec="true" idprefix="" -from ssvc.decision_points.public_safety_impact import VERSIONS +from ssvc.decision_points.ssvc_.public_safety_impact import VERSIONS from ssvc.doc_helpers import example_block versions = VERSIONS[:-1] diff --git a/docs/reference/decision_points/public_value_added.md b/docs/reference/decision_points/public_value_added.md index 0284c0da..4a085f25 100644 --- a/docs/reference/decision_points/public_value_added.md +++ b/docs/reference/decision_points/public_value_added.md @@ -1,7 +1,7 @@ # Public Value Added ```python exec="true" idprefix="" -from ssvc.decision_points.public_value_added import LATEST +from ssvc.decision_points.ssvc_.public_value_added import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/docs/reference/decision_points/report_credibility.md b/docs/reference/decision_points/report_credibility.md index acce744c..fc648de8 100644 --- a/docs/reference/decision_points/report_credibility.md +++ b/docs/reference/decision_points/report_credibility.md @@ -1,7 +1,7 @@ # Report Credibility ```python exec="true" idprefix="" -from ssvc.decision_points.report_credibility import LATEST +from ssvc.decision_points.ssvc_.report_credibility import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/docs/reference/decision_points/report_public.md b/docs/reference/decision_points/report_public.md index aa795f2e..ea60fda9 100644 --- a/docs/reference/decision_points/report_public.md +++ b/docs/reference/decision_points/report_public.md @@ -1,7 +1,7 @@ # Report Public ```python exec="true" idprefix="" -from ssvc.decision_points.report_public import LATEST +from ssvc.decision_points.ssvc_.report_public import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/docs/reference/decision_points/safety_impact.md b/docs/reference/decision_points/safety_impact.md index 2c9418c4..18f25e7d 100644 --- a/docs/reference/decision_points/safety_impact.md +++ b/docs/reference/decision_points/safety_impact.md @@ -1,7 +1,7 @@ # Safety Impact ```python exec="true" idprefix="" -from ssvc.decision_points.safety_impact import LATEST +from ssvc.decision_points.ssvc_.safety_impact import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -217,7 +217,7 @@ We defer this topic for now because we combine it with [*Mission Impact*](missio ## Prior Versions ```python exec="true" idprefix="" -from ssvc.decision_points.safety_impact import VERSIONS +from ssvc.decision_points.ssvc_.safety_impact import VERSIONS from ssvc.doc_helpers import example_block versions = VERSIONS[:-1] diff --git a/docs/reference/decision_points/supplier_cardinality.md b/docs/reference/decision_points/supplier_cardinality.md index ccd088fa..332633ab 100644 --- a/docs/reference/decision_points/supplier_cardinality.md +++ b/docs/reference/decision_points/supplier_cardinality.md @@ -1,7 +1,7 @@ # Supplier Cardinality ```python exec="true" idprefix="" -from ssvc.decision_points.supplier_cardinality import LATEST +from ssvc.decision_points.ssvc_.supplier_cardinality import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/docs/reference/decision_points/supplier_contacted.md b/docs/reference/decision_points/supplier_contacted.md index f75e1615..5a863768 100644 --- a/docs/reference/decision_points/supplier_contacted.md +++ b/docs/reference/decision_points/supplier_contacted.md @@ -1,7 +1,7 @@ # Supplier Contacted ```python exec="true" idprefix="" -from ssvc.decision_points.supplier_contacted import LATEST +from ssvc.decision_points.ssvc_.supplier_contacted import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/docs/reference/decision_points/supplier_engagement.md b/docs/reference/decision_points/supplier_engagement.md index c8a7426b..f97a917f 100644 --- a/docs/reference/decision_points/supplier_engagement.md +++ b/docs/reference/decision_points/supplier_engagement.md @@ -1,7 +1,7 @@ # Supplier Engagement ```python exec="true" idprefix="" -from ssvc.decision_points.supplier_engagement import LATEST +from ssvc.decision_points.ssvc_.supplier_engagement import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/docs/reference/decision_points/supplier_involvement.md b/docs/reference/decision_points/supplier_involvement.md index d4fb9d70..bfc45eab 100644 --- a/docs/reference/decision_points/supplier_involvement.md +++ b/docs/reference/decision_points/supplier_involvement.md @@ -1,7 +1,7 @@ # Supplier Involvement ```python exec="true" idprefix="" -from ssvc.decision_points.supplier_involvement import LATEST +from ssvc.decision_points.ssvc_.supplier_involvement import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/docs/reference/decision_points/system_exposure.md b/docs/reference/decision_points/system_exposure.md index 9a2f52dd..a50c131c 100644 --- a/docs/reference/decision_points/system_exposure.md +++ b/docs/reference/decision_points/system_exposure.md @@ -1,7 +1,7 @@ # System Exposure ```python exec="true" idprefix="" -from ssvc.decision_points.system_exposure import LATEST +from ssvc.decision_points.ssvc_.system_exposure import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -44,7 +44,7 @@ If you have suggestions for further heuristics, or potential counterexamples to ## Prior Versions ```python exec="true" idprefix="" -from ssvc.decision_points.system_exposure import VERSIONS +from ssvc.decision_points.ssvc_.system_exposure import VERSIONS from ssvc.doc_helpers import example_block versions = VERSIONS[:-1] diff --git a/docs/reference/decision_points/technical_impact.md b/docs/reference/decision_points/technical_impact.md index 4b1dcaf6..6bc02a33 100644 --- a/docs/reference/decision_points/technical_impact.md +++ b/docs/reference/decision_points/technical_impact.md @@ -1,7 +1,7 @@ # Technical Impact ```python exec="true" idprefix="" -from ssvc.decision_points.technical_impact import LATEST +from ssvc.decision_points.ssvc_.technical_impact import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/docs/reference/decision_points/utility.md b/docs/reference/decision_points/utility.md index 1c465d41..90ac80ca 100644 --- a/docs/reference/decision_points/utility.md +++ b/docs/reference/decision_points/utility.md @@ -1,7 +1,7 @@ # Utility ```python exec="true" idprefix="" -from ssvc.decision_points.utility import LATEST +from ssvc.decision_points.ssvc_.utility import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -46,7 +46,7 @@ However, future work should look for and prevent large mismatches between the ou ## Previous Versions ```python exec="true" idprefix="" -from ssvc.decision_points.utility import VERSIONS +from ssvc.decision_points.ssvc_.utility import VERSIONS from ssvc.doc_helpers import example_block versions = VERSIONS[:-1] diff --git a/docs/reference/decision_points/value_density.md b/docs/reference/decision_points/value_density.md index 11b02a3b..2cc7bb8c 100644 --- a/docs/reference/decision_points/value_density.md +++ b/docs/reference/decision_points/value_density.md @@ -1,7 +1,7 @@ # Value Density (SSVC) ```python exec="true" idprefix="" -from ssvc.decision_points.value_density import LATEST +from ssvc.decision_points.ssvc_.value_density import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/src/exploratory.ipynb b/src/exploratory.ipynb new file mode 100644 index 00000000..b0099b55 --- /dev/null +++ b/src/exploratory.ipynb @@ -0,0 +1,165 @@ +{ + "cells": [ + { + "cell_type": "code", + "execution_count": 1, + "id": "initial_id", + "metadata": { + "ExecuteTime": { + "end_time": "2025-03-21T13:31:21.532792Z", + "start_time": "2025-03-21T13:31:21.520299Z" + } + }, + "outputs": [ + { + "name": "stderr", + "output_type": "stream", + "text": [ + "Duplicate decision point (, 'Report Public', 'RP', '1.0.0')\n", + "Duplicate decision point (, 'Supplier Contacted', 'SC', '1.0.0')\n", + "Duplicate decision point (, 'Report Credibility', 'RC', '1.0.0')\n", + "Duplicate decision point (, 'Supplier Cardinality', 'SC', '1.0.0')\n", + "Duplicate decision point (, 'Supplier Engagement', 'SE', '1.0.0')\n", + "Duplicate decision point (, 'Utility', 'U', '1.0.1')\n", + "Duplicate decision point (, 'Automatable', 'A', '2.0.0')\n", + "Duplicate decision point (, 'Value Density', 'VD', '1.0.0')\n", + "Duplicate decision point (, 'Public Safety Impact', 'PSI', '2.0.0')\n", + "Duplicate decision point (, 'Safety Impact', 'SI', '1.0.0')\n" + ] + } + ], + "source": [ + "from ssvc.dp_groups.ssvc.coordinator_triage import COORDINATOR_TRIAGE_1 as dpg" + ] + }, + { + "cell_type": "code", + "execution_count": 2, + "id": "72c7764cb46593cc", + "metadata": { + "ExecuteTime": { + "end_time": "2025-03-21T13:33:19.287836Z", + "start_time": "2025-03-21T13:33:19.284542Z" + } + }, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "0 (ValueSummary(namespace='ssvc', key='RP', version='1.0.0', value='Y'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='N'), ValueSummary(namespace='ssvc', key='RC', version='1.0.0', value='NC'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='O'), ValueSummary(namespace='ssvc', key='SE', version='1.0.0', value='A'), ValueSummary(namespace='ssvc', key='U', version='1.0.1', value='L'), ValueSummary(namespace='ssvc', key='A', version='2.0.0', value='N'), ValueSummary(namespace='ssvc', key='VD', version='1.0.0', value='D'), ValueSummary(namespace='ssvc', key='PSI', version='2.0.0', value='M'), ValueSummary(namespace='ssvc', key='SI', version='1.0.0', value='N'))\n", + "1 (ValueSummary(namespace='ssvc', key='RP', version='1.0.0', value='Y'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='N'), ValueSummary(namespace='ssvc', key='RC', version='1.0.0', value='NC'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='O'), ValueSummary(namespace='ssvc', key='SE', version='1.0.0', value='A'), ValueSummary(namespace='ssvc', key='U', version='1.0.1', value='L'), ValueSummary(namespace='ssvc', key='A', version='2.0.0', value='N'), ValueSummary(namespace='ssvc', key='VD', version='1.0.0', value='D'), ValueSummary(namespace='ssvc', key='PSI', version='2.0.0', value='M'), ValueSummary(namespace='ssvc', key='SI', version='1.0.0', value='M'))\n", + "2 (ValueSummary(namespace='ssvc', key='RP', version='1.0.0', value='Y'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='N'), ValueSummary(namespace='ssvc', key='RC', version='1.0.0', value='NC'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='O'), ValueSummary(namespace='ssvc', key='SE', version='1.0.0', value='A'), ValueSummary(namespace='ssvc', key='U', version='1.0.1', value='L'), ValueSummary(namespace='ssvc', key='A', version='2.0.0', value='N'), ValueSummary(namespace='ssvc', key='VD', version='1.0.0', value='D'), ValueSummary(namespace='ssvc', key='PSI', version='2.0.0', value='M'), ValueSummary(namespace='ssvc', key='SI', version='1.0.0', value='J'))\n", + "3 (ValueSummary(namespace='ssvc', key='RP', version='1.0.0', value='Y'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='N'), ValueSummary(namespace='ssvc', key='RC', version='1.0.0', value='NC'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='O'), ValueSummary(namespace='ssvc', key='SE', version='1.0.0', value='A'), ValueSummary(namespace='ssvc', key='U', version='1.0.1', value='L'), ValueSummary(namespace='ssvc', key='A', version='2.0.0', value='N'), ValueSummary(namespace='ssvc', key='VD', version='1.0.0', value='D'), ValueSummary(namespace='ssvc', key='PSI', version='2.0.0', value='M'), ValueSummary(namespace='ssvc', key='SI', version='1.0.0', value='H'))\n", + "4 (ValueSummary(namespace='ssvc', key='RP', version='1.0.0', value='Y'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='N'), ValueSummary(namespace='ssvc', key='RC', version='1.0.0', value='NC'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='O'), ValueSummary(namespace='ssvc', key='SE', version='1.0.0', value='A'), ValueSummary(namespace='ssvc', key='U', version='1.0.1', value='L'), ValueSummary(namespace='ssvc', key='A', version='2.0.0', value='N'), ValueSummary(namespace='ssvc', key='VD', version='1.0.0', value='D'), ValueSummary(namespace='ssvc', key='PSI', version='2.0.0', value='M'), ValueSummary(namespace='ssvc', key='SI', version='1.0.0', value='C'))\n", + "5 (ValueSummary(namespace='ssvc', key='RP', version='1.0.0', value='Y'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='N'), ValueSummary(namespace='ssvc', key='RC', version='1.0.0', value='NC'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='O'), ValueSummary(namespace='ssvc', key='SE', version='1.0.0', value='A'), ValueSummary(namespace='ssvc', key='U', version='1.0.1', value='L'), ValueSummary(namespace='ssvc', key='A', version='2.0.0', value='N'), ValueSummary(namespace='ssvc', key='VD', version='1.0.0', value='D'), ValueSummary(namespace='ssvc', key='PSI', version='2.0.0', value='S'), ValueSummary(namespace='ssvc', key='SI', version='1.0.0', value='N'))\n", + "6 (ValueSummary(namespace='ssvc', key='RP', version='1.0.0', value='Y'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='N'), ValueSummary(namespace='ssvc', key='RC', version='1.0.0', value='NC'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='O'), ValueSummary(namespace='ssvc', key='SE', version='1.0.0', value='A'), ValueSummary(namespace='ssvc', key='U', version='1.0.1', value='L'), ValueSummary(namespace='ssvc', key='A', version='2.0.0', value='N'), ValueSummary(namespace='ssvc', key='VD', version='1.0.0', value='D'), ValueSummary(namespace='ssvc', key='PSI', version='2.0.0', value='S'), ValueSummary(namespace='ssvc', key='SI', version='1.0.0', value='M'))\n" + ] + } + ], + "source": [ + "for i,c in enumerate(dpg.combination_summaries()):\n", + " print(i,c)\n", + " if i>5:\n", + " break" + ] + }, + { + "cell_type": "code", + "execution_count": 3, + "id": "f04f44540b0c9c2b", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "0 ('ssvc:RP:1.0.0:Y', 'ssvc:SC:1.0.0:N', 'ssvc:RC:1.0.0:NC', 'ssvc:SC:1.0.0:O', 'ssvc:SE:1.0.0:A', 'ssvc:U:1.0.1:L', 'ssvc:A:2.0.0:N', 'ssvc:VD:1.0.0:D', 'ssvc:PSI:2.0.0:M', 'ssvc:SI:1.0.0:N')\n", + "1 ('ssvc:RP:1.0.0:Y', 'ssvc:SC:1.0.0:N', 'ssvc:RC:1.0.0:NC', 'ssvc:SC:1.0.0:O', 'ssvc:SE:1.0.0:A', 'ssvc:U:1.0.1:L', 'ssvc:A:2.0.0:N', 'ssvc:VD:1.0.0:D', 'ssvc:PSI:2.0.0:M', 'ssvc:SI:1.0.0:M')\n", + "2 ('ssvc:RP:1.0.0:Y', 'ssvc:SC:1.0.0:N', 'ssvc:RC:1.0.0:NC', 'ssvc:SC:1.0.0:O', 'ssvc:SE:1.0.0:A', 'ssvc:U:1.0.1:L', 'ssvc:A:2.0.0:N', 'ssvc:VD:1.0.0:D', 'ssvc:PSI:2.0.0:M', 'ssvc:SI:1.0.0:J')\n", + "3 ('ssvc:RP:1.0.0:Y', 'ssvc:SC:1.0.0:N', 'ssvc:RC:1.0.0:NC', 'ssvc:SC:1.0.0:O', 'ssvc:SE:1.0.0:A', 'ssvc:U:1.0.1:L', 'ssvc:A:2.0.0:N', 'ssvc:VD:1.0.0:D', 'ssvc:PSI:2.0.0:M', 'ssvc:SI:1.0.0:H')\n", + "4 ('ssvc:RP:1.0.0:Y', 'ssvc:SC:1.0.0:N', 'ssvc:RC:1.0.0:NC', 'ssvc:SC:1.0.0:O', 'ssvc:SE:1.0.0:A', 'ssvc:U:1.0.1:L', 'ssvc:A:2.0.0:N', 'ssvc:VD:1.0.0:D', 'ssvc:PSI:2.0.0:M', 'ssvc:SI:1.0.0:C')\n", + "5 ('ssvc:RP:1.0.0:Y', 'ssvc:SC:1.0.0:N', 'ssvc:RC:1.0.0:NC', 'ssvc:SC:1.0.0:O', 'ssvc:SE:1.0.0:A', 'ssvc:U:1.0.1:L', 'ssvc:A:2.0.0:N', 'ssvc:VD:1.0.0:D', 'ssvc:PSI:2.0.0:S', 'ssvc:SI:1.0.0:N')\n", + "6 ('ssvc:RP:1.0.0:Y', 'ssvc:SC:1.0.0:N', 'ssvc:RC:1.0.0:NC', 'ssvc:SC:1.0.0:O', 'ssvc:SE:1.0.0:A', 'ssvc:U:1.0.1:L', 'ssvc:A:2.0.0:N', 'ssvc:VD:1.0.0:D', 'ssvc:PSI:2.0.0:S', 'ssvc:SI:1.0.0:M')\n" + ] + } + ], + "source": [ + "for i,s in enumerate(dpg.combination_strings()):\n", + " print(i,s)\n", + " if i > 5:\n", + " break" + ] + }, + { + "cell_type": "code", + "execution_count": 4, + "id": "635de87b-52a2-4c5e-9a90-5581448cb28e", + "metadata": {}, + "outputs": [ + { + "name": "stdout", + "output_type": "stream", + "text": [ + "0 ({'namespace': 'ssvc', 'key': 'RP', 'version': '1.0.0', 'value': 'Y'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'RC', 'version': '1.0.0', 'value': 'NC'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'O'}, {'namespace': 'ssvc', 'key': 'SE', 'version': '1.0.0', 'value': 'A'}, {'namespace': 'ssvc', 'key': 'U', 'version': '1.0.1', 'value': 'L'}, {'namespace': 'ssvc', 'key': 'A', 'version': '2.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'VD', 'version': '1.0.0', 'value': 'D'}, {'namespace': 'ssvc', 'key': 'PSI', 'version': '2.0.0', 'value': 'M'}, {'namespace': 'ssvc', 'key': 'SI', 'version': '1.0.0', 'value': 'N'})\n", + "\n", + "\n", + "1 ({'namespace': 'ssvc', 'key': 'RP', 'version': '1.0.0', 'value': 'Y'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'RC', 'version': '1.0.0', 'value': 'NC'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'O'}, {'namespace': 'ssvc', 'key': 'SE', 'version': '1.0.0', 'value': 'A'}, {'namespace': 'ssvc', 'key': 'U', 'version': '1.0.1', 'value': 'L'}, {'namespace': 'ssvc', 'key': 'A', 'version': '2.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'VD', 'version': '1.0.0', 'value': 'D'}, {'namespace': 'ssvc', 'key': 'PSI', 'version': '2.0.0', 'value': 'M'}, {'namespace': 'ssvc', 'key': 'SI', 'version': '1.0.0', 'value': 'M'})\n", + "\n", + "\n", + "2 ({'namespace': 'ssvc', 'key': 'RP', 'version': '1.0.0', 'value': 'Y'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'RC', 'version': '1.0.0', 'value': 'NC'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'O'}, {'namespace': 'ssvc', 'key': 'SE', 'version': '1.0.0', 'value': 'A'}, {'namespace': 'ssvc', 'key': 'U', 'version': '1.0.1', 'value': 'L'}, {'namespace': 'ssvc', 'key': 'A', 'version': '2.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'VD', 'version': '1.0.0', 'value': 'D'}, {'namespace': 'ssvc', 'key': 'PSI', 'version': '2.0.0', 'value': 'M'}, {'namespace': 'ssvc', 'key': 'SI', 'version': '1.0.0', 'value': 'J'})\n", + "\n", + "\n", + "3 ({'namespace': 'ssvc', 'key': 'RP', 'version': '1.0.0', 'value': 'Y'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'RC', 'version': '1.0.0', 'value': 'NC'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'O'}, {'namespace': 'ssvc', 'key': 'SE', 'version': '1.0.0', 'value': 'A'}, {'namespace': 'ssvc', 'key': 'U', 'version': '1.0.1', 'value': 'L'}, {'namespace': 'ssvc', 'key': 'A', 'version': '2.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'VD', 'version': '1.0.0', 'value': 'D'}, {'namespace': 'ssvc', 'key': 'PSI', 'version': '2.0.0', 'value': 'M'}, {'namespace': 'ssvc', 'key': 'SI', 'version': '1.0.0', 'value': 'H'})\n", + "\n", + "\n", + "4 ({'namespace': 'ssvc', 'key': 'RP', 'version': '1.0.0', 'value': 'Y'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'RC', 'version': '1.0.0', 'value': 'NC'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'O'}, {'namespace': 'ssvc', 'key': 'SE', 'version': '1.0.0', 'value': 'A'}, {'namespace': 'ssvc', 'key': 'U', 'version': '1.0.1', 'value': 'L'}, {'namespace': 'ssvc', 'key': 'A', 'version': '2.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'VD', 'version': '1.0.0', 'value': 'D'}, {'namespace': 'ssvc', 'key': 'PSI', 'version': '2.0.0', 'value': 'M'}, {'namespace': 'ssvc', 'key': 'SI', 'version': '1.0.0', 'value': 'C'})\n", + "\n", + "\n", + "5 ({'namespace': 'ssvc', 'key': 'RP', 'version': '1.0.0', 'value': 'Y'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'RC', 'version': '1.0.0', 'value': 'NC'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'O'}, {'namespace': 'ssvc', 'key': 'SE', 'version': '1.0.0', 'value': 'A'}, {'namespace': 'ssvc', 'key': 'U', 'version': '1.0.1', 'value': 'L'}, {'namespace': 'ssvc', 'key': 'A', 'version': '2.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'VD', 'version': '1.0.0', 'value': 'D'}, {'namespace': 'ssvc', 'key': 'PSI', 'version': '2.0.0', 'value': 'S'}, {'namespace': 'ssvc', 'key': 'SI', 'version': '1.0.0', 'value': 'N'})\n", + "\n", + "\n" + ] + } + ], + "source": [ + "for i,t in enumerate(dpg.combination_dicts()):\n", + " if i>5:\n", + " break\n", + " print(i,t)\n", + " print()\n", + " print()\n", + " " + ] + }, + { + "cell_type": "code", + "execution_count": null, + "id": "129afda1-f243-4b09-a0e3-8d9a8c8a9baa", + "metadata": {}, + "outputs": [], + "source": [] + } + ], + "metadata": { + "kernelspec": { + "display_name": "Python 3 (ipykernel)", + "language": "python", + "name": "python3" + }, + "language_info": { + "codemirror_mode": { + "name": "ipython", + "version": 3 + }, + "file_extension": ".py", + "mimetype": "text/x-python", + "name": "python", + "nbconvert_exporter": "python", + "pygments_lexer": "ipython3", + "version": "3.12.4" + } + }, + "nbformat": 4, + "nbformat_minor": 5 +} diff --git a/src/ssvc/decision_points/automatable.py b/src/ssvc/decision_points/ssvc_/automatable.py similarity index 100% rename from src/ssvc/decision_points/automatable.py rename to src/ssvc/decision_points/ssvc_/automatable.py diff --git a/src/ssvc/decision_points/critical_software.py b/src/ssvc/decision_points/ssvc_/critical_software.py similarity index 100% rename from src/ssvc/decision_points/critical_software.py rename to src/ssvc/decision_points/ssvc_/critical_software.py diff --git a/src/ssvc/decision_points/exploitation.py b/src/ssvc/decision_points/ssvc_/exploitation.py similarity index 100% rename from src/ssvc/decision_points/exploitation.py rename to src/ssvc/decision_points/ssvc_/exploitation.py diff --git a/src/ssvc/decision_points/high_value_asset.py b/src/ssvc/decision_points/ssvc_/high_value_asset.py similarity index 100% rename from src/ssvc/decision_points/high_value_asset.py rename to src/ssvc/decision_points/ssvc_/high_value_asset.py diff --git a/src/ssvc/decision_points/human_impact.py b/src/ssvc/decision_points/ssvc_/human_impact.py similarity index 100% rename from src/ssvc/decision_points/human_impact.py rename to src/ssvc/decision_points/ssvc_/human_impact.py diff --git a/src/ssvc/decision_points/in_kev.py b/src/ssvc/decision_points/ssvc_/in_kev.py similarity index 100% rename from src/ssvc/decision_points/in_kev.py rename to src/ssvc/decision_points/ssvc_/in_kev.py diff --git a/src/ssvc/decision_points/mission_impact.py b/src/ssvc/decision_points/ssvc_/mission_impact.py similarity index 100% rename from src/ssvc/decision_points/mission_impact.py rename to src/ssvc/decision_points/ssvc_/mission_impact.py diff --git a/src/ssvc/decision_points/mission_prevalence.py b/src/ssvc/decision_points/ssvc_/mission_prevalence.py similarity index 100% rename from src/ssvc/decision_points/mission_prevalence.py rename to src/ssvc/decision_points/ssvc_/mission_prevalence.py diff --git a/src/ssvc/decision_points/public_safety_impact.py b/src/ssvc/decision_points/ssvc_/public_safety_impact.py similarity index 100% rename from src/ssvc/decision_points/public_safety_impact.py rename to src/ssvc/decision_points/ssvc_/public_safety_impact.py diff --git a/src/ssvc/decision_points/public_value_added.py b/src/ssvc/decision_points/ssvc_/public_value_added.py similarity index 100% rename from src/ssvc/decision_points/public_value_added.py rename to src/ssvc/decision_points/ssvc_/public_value_added.py diff --git a/src/ssvc/decision_points/report_credibility.py b/src/ssvc/decision_points/ssvc_/report_credibility.py similarity index 100% rename from src/ssvc/decision_points/report_credibility.py rename to src/ssvc/decision_points/ssvc_/report_credibility.py diff --git a/src/ssvc/decision_points/report_public.py b/src/ssvc/decision_points/ssvc_/report_public.py similarity index 100% rename from src/ssvc/decision_points/report_public.py rename to src/ssvc/decision_points/ssvc_/report_public.py diff --git a/src/ssvc/decision_points/safety_impact.py b/src/ssvc/decision_points/ssvc_/safety_impact.py similarity index 100% rename from src/ssvc/decision_points/safety_impact.py rename to src/ssvc/decision_points/ssvc_/safety_impact.py diff --git a/src/ssvc/decision_points/supplier_cardinality.py b/src/ssvc/decision_points/ssvc_/supplier_cardinality.py similarity index 100% rename from src/ssvc/decision_points/supplier_cardinality.py rename to src/ssvc/decision_points/ssvc_/supplier_cardinality.py diff --git a/src/ssvc/decision_points/supplier_contacted.py b/src/ssvc/decision_points/ssvc_/supplier_contacted.py similarity index 100% rename from src/ssvc/decision_points/supplier_contacted.py rename to src/ssvc/decision_points/ssvc_/supplier_contacted.py diff --git a/src/ssvc/decision_points/supplier_engagement.py b/src/ssvc/decision_points/ssvc_/supplier_engagement.py similarity index 100% rename from src/ssvc/decision_points/supplier_engagement.py rename to src/ssvc/decision_points/ssvc_/supplier_engagement.py diff --git a/src/ssvc/decision_points/supplier_involvement.py b/src/ssvc/decision_points/ssvc_/supplier_involvement.py similarity index 100% rename from src/ssvc/decision_points/supplier_involvement.py rename to src/ssvc/decision_points/ssvc_/supplier_involvement.py diff --git a/src/ssvc/decision_points/system_exposure.py b/src/ssvc/decision_points/ssvc_/system_exposure.py similarity index 100% rename from src/ssvc/decision_points/system_exposure.py rename to src/ssvc/decision_points/ssvc_/system_exposure.py diff --git a/src/ssvc/decision_points/technical_impact.py b/src/ssvc/decision_points/ssvc_/technical_impact.py similarity index 100% rename from src/ssvc/decision_points/technical_impact.py rename to src/ssvc/decision_points/ssvc_/technical_impact.py diff --git a/src/ssvc/decision_points/utility.py b/src/ssvc/decision_points/ssvc_/utility.py similarity index 100% rename from src/ssvc/decision_points/utility.py rename to src/ssvc/decision_points/ssvc_/utility.py diff --git a/src/ssvc/decision_points/value_density.py b/src/ssvc/decision_points/ssvc_/value_density.py similarity index 100% rename from src/ssvc/decision_points/value_density.py rename to src/ssvc/decision_points/ssvc_/value_density.py diff --git a/src/ssvc/dp_groups/ssvc/coordinator_publication.py b/src/ssvc/dp_groups/ssvc/coordinator_publication.py index cd731cd6..d46eccae 100644 --- a/src/ssvc/dp_groups/ssvc/coordinator_publication.py +++ b/src/ssvc/dp_groups/ssvc/coordinator_publication.py @@ -17,9 +17,9 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.exploitation import EXPLOITATION_1 -from ssvc.decision_points.public_value_added import PUBLIC_VALUE_ADDED_1 -from ssvc.decision_points.supplier_involvement import SUPPLIER_INVOLVEMENT_1 +from ssvc.decision_points.ssvc_.exploitation import EXPLOITATION_1 +from ssvc.decision_points.ssvc_.public_value_added import PUBLIC_VALUE_ADDED_1 +from ssvc.decision_points.ssvc_.supplier_involvement import SUPPLIER_INVOLVEMENT_1 from ssvc.dp_groups.base import SsvcDecisionPointGroup diff --git a/src/ssvc/dp_groups/ssvc/coordinator_triage.py b/src/ssvc/dp_groups/ssvc/coordinator_triage.py index 2d08fe7a..af09a56b 100644 --- a/src/ssvc/dp_groups/ssvc/coordinator_triage.py +++ b/src/ssvc/dp_groups/ssvc/coordinator_triage.py @@ -17,19 +17,18 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.automatable import AUTOMATABLE_2 -from ssvc.decision_points.public_safety_impact import PUBLIC_SAFETY_IMPACT_2 -from ssvc.decision_points.report_credibility import REPORT_CREDIBILITY_1 -from ssvc.decision_points.report_public import REPORT_PUBLIC_1 -from ssvc.decision_points.safety_impact import SAFETY_IMPACT_1 -from ssvc.decision_points.supplier_cardinality import SUPPLIER_CARDINALITY_1 -from ssvc.decision_points.supplier_contacted import SUPPLIER_CONTACTED_1 -from ssvc.decision_points.supplier_engagement import SUPPLIER_ENGAGEMENT_1 -from ssvc.decision_points.utility import UTILITY_1_0_1 -from ssvc.decision_points.value_density import VALUE_DENSITY_1 +from ssvc.decision_points.ssvc_.automatable import AUTOMATABLE_2 +from ssvc.decision_points.ssvc_.public_safety_impact import PUBLIC_SAFETY_IMPACT_2 +from ssvc.decision_points.ssvc_.report_credibility import REPORT_CREDIBILITY_1 +from ssvc.decision_points.ssvc_.report_public import REPORT_PUBLIC_1 +from ssvc.decision_points.ssvc_.safety_impact import SAFETY_IMPACT_1 +from ssvc.decision_points.ssvc_.supplier_cardinality import SUPPLIER_CARDINALITY_1 +from ssvc.decision_points.ssvc_.supplier_contacted import SUPPLIER_CONTACTED_1 +from ssvc.decision_points.ssvc_.supplier_engagement import SUPPLIER_ENGAGEMENT_1 +from ssvc.decision_points.ssvc_.utility import UTILITY_1_0_1 +from ssvc.decision_points.ssvc_.value_density import VALUE_DENSITY_1 from ssvc.dp_groups.base import SsvcDecisionPointGroup - COORDINATOR_TRIAGE_1 = SsvcDecisionPointGroup( name="Coordinator Triage", description="The decision points used by the coordinator during triage.", diff --git a/src/ssvc/dp_groups/ssvc/deployer.py b/src/ssvc/dp_groups/ssvc/deployer.py index 7f937479..341026fa 100644 --- a/src/ssvc/dp_groups/ssvc/deployer.py +++ b/src/ssvc/dp_groups/ssvc/deployer.py @@ -18,20 +18,20 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.automatable import AUTOMATABLE_2 -from ssvc.decision_points.exploitation import EXPLOITATION_1 -from ssvc.decision_points.human_impact import HUMAN_IMPACT_2 -from ssvc.decision_points.mission_impact import ( +from ssvc.decision_points.ssvc_.automatable import AUTOMATABLE_2 +from ssvc.decision_points.ssvc_.exploitation import EXPLOITATION_1 +from ssvc.decision_points.ssvc_.human_impact import HUMAN_IMPACT_2 +from ssvc.decision_points.ssvc_.mission_impact import ( MISSION_IMPACT_1, MISSION_IMPACT_2, ) -from ssvc.decision_points.safety_impact import SAFETY_IMPACT_1 -from ssvc.decision_points.system_exposure import ( +from ssvc.decision_points.ssvc_.safety_impact import SAFETY_IMPACT_1 +from ssvc.decision_points.ssvc_.system_exposure import ( SYSTEM_EXPOSURE_1, SYSTEM_EXPOSURE_1_0_1, ) -from ssvc.decision_points.utility import UTILITY_1_0_1 -from ssvc.decision_points.value_density import VALUE_DENSITY_1 +from ssvc.decision_points.ssvc_.utility import UTILITY_1_0_1 +from ssvc.decision_points.ssvc_.value_density import VALUE_DENSITY_1 from ssvc.dp_groups.base import SsvcDecisionPointGroup PATCH_APPLIER_1 = SsvcDecisionPointGroup( diff --git a/src/ssvc/dp_groups/ssvc/supplier.py b/src/ssvc/dp_groups/ssvc/supplier.py index b9e42ebb..1268fd8f 100644 --- a/src/ssvc/dp_groups/ssvc/supplier.py +++ b/src/ssvc/dp_groups/ssvc/supplier.py @@ -18,12 +18,12 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.automatable import AUTOMATABLE_2, VIRULENCE_1 -from ssvc.decision_points.exploitation import EXPLOITATION_1 -from ssvc.decision_points.safety_impact import SAFETY_IMPACT_1 -from ssvc.decision_points.technical_impact import TECHNICAL_IMPACT_1 -from ssvc.decision_points.utility import UTILITY_1, UTILITY_1_0_1 -from ssvc.decision_points.value_density import VALUE_DENSITY_1 +from ssvc.decision_points.ssvc_.automatable import AUTOMATABLE_2, VIRULENCE_1 +from ssvc.decision_points.ssvc_.exploitation import EXPLOITATION_1 +from ssvc.decision_points.ssvc_.safety_impact import SAFETY_IMPACT_1 +from ssvc.decision_points.ssvc_.technical_impact import TECHNICAL_IMPACT_1 +from ssvc.decision_points.ssvc_.utility import UTILITY_1, UTILITY_1_0_1 +from ssvc.decision_points.ssvc_.value_density import VALUE_DENSITY_1 from ssvc.dp_groups.base import SsvcDecisionPointGroup PATCH_DEVELOPER_1 = SsvcDecisionPointGroup( diff --git a/src/ssvc/policy_generator.py b/src/ssvc/policy_generator.py index 8d119b51..847ab963 100644 --- a/src/ssvc/policy_generator.py +++ b/src/ssvc/policy_generator.py @@ -330,10 +330,10 @@ def _is_topological_order(self, node_order: list) -> bool: def main(): - from ssvc.decision_points.automatable import AUTOMATABLE_2 - from ssvc.decision_points.exploitation import EXPLOITATION_1 - from ssvc.decision_points.human_impact import HUMAN_IMPACT_2 - from ssvc.decision_points.system_exposure import SYSTEM_EXPOSURE_1_0_1 + from ssvc.decision_points.ssvc_.automatable import AUTOMATABLE_2 + from ssvc.decision_points.ssvc_.exploitation import EXPLOITATION_1 + from ssvc.decision_points.ssvc_.human_impact import HUMAN_IMPACT_2 + from ssvc.decision_points.ssvc_.system_exposure import SYSTEM_EXPOSURE_1_0_1 from ssvc.outcomes.groups import DSOI # set up logging diff --git a/src/test/test_prioritization_framework.py b/src/test/test_prioritization_framework.py index eccc75b8..a8ec7dba 100644 --- a/src/test/test_prioritization_framework.py +++ b/src/test/test_prioritization_framework.py @@ -15,9 +15,9 @@ import pandas as pd -from ssvc.decision_points.exploitation import LATEST as exploitation_dp -from ssvc.decision_points.safety_impact import LATEST as safety_dp -from ssvc.decision_points.system_exposure import LATEST as exposure_dp +from ssvc.decision_points.ssvc_.exploitation import LATEST as exploitation_dp +from ssvc.decision_points.ssvc_.safety_impact import LATEST as safety_dp +from ssvc.decision_points.ssvc_.system_exposure import LATEST as exposure_dp from ssvc.decision_tables.base import DecisionTable from ssvc.dp_groups.base import SsvcDecisionPointGroup from ssvc.outcomes.groups import DSOI as dsoi_og diff --git a/src/test/test_schema.py b/src/test/test_schema.py index a8835bf8..5e8fdcdb 100644 --- a/src/test/test_schema.py +++ b/src/test/test_schema.py @@ -22,18 +22,16 @@ import ssvc.decision_points # noqa F401 from ssvc.decision_points.base import REGISTERED_DECISION_POINTS - # importing these causes the decision points to register themselves -from ssvc.decision_points.critical_software import CRITICAL_SOFTWARE_1 # noqa -from ssvc.decision_points.high_value_asset import HIGH_VALUE_ASSET_1 # noqa -from ssvc.decision_points.in_kev import IN_KEV_1 +from ssvc.decision_points.ssvc_.critical_software import CRITICAL_SOFTWARE_1 # noqa +from ssvc.decision_points.ssvc_.high_value_asset import HIGH_VALUE_ASSET_1 # noqa +from ssvc.decision_points.ssvc_.in_kev import IN_KEV_1 from ssvc.dp_groups.cvss.collections import ( CVSSv1, CVSSv2, CVSSv3, CVSSv4, ) # noqa - # importing these causes the decision points to register themselves from ssvc.dp_groups.ssvc.collections import SSVCv1, SSVCv2, SSVCv2_1 # noqa From dc38efc496603239ae0ac1b40fe1f54bf5013756 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 21 Mar 2025 16:27:56 -0400 Subject: [PATCH 057/468] move json examples to namespace dir -- fixes #751 --- data/json/decision_points/{ => ssvc}/automatable_2_0_0.json | 0 data/json/decision_points/{ => ssvc}/exploitation_1_0_0.json | 0 data/json/decision_points/{ => ssvc}/exploitation_1_1_0.json | 0 data/json/decision_points/{ => ssvc}/human_impact_1_0_0.json | 0 data/json/decision_points/{ => ssvc}/human_impact_2_0_0.json | 0 data/json/decision_points/{ => ssvc}/human_impact_2_0_1.json | 0 .../{ => ssvc}/mission_and_well-being_impact_1_0_0.json | 0 .../decision_points/{ => ssvc}/mission_impact_1_0_0.json | 0 .../decision_points/{ => ssvc}/mission_impact_2_0_0.json | 0 .../{ => ssvc}/public_safety_impact_1_0_0.json | 0 .../{ => ssvc}/public_safety_impact_2_0_0.json | 0 .../{ => ssvc}/public_safety_impact_2_0_1.json | 0 .../decision_points/{ => ssvc}/public_value_added_1_0_0.json | 0 .../{ => ssvc}/public_well-being_impact_1_0_0.json | 0 .../decision_points/{ => ssvc}/report_credibility_1_0_0.json | 0 .../json/decision_points/{ => ssvc}/report_public_1_0_0.json | 0 .../json/decision_points/{ => ssvc}/safety_impact_1_0_0.json | 0 .../json/decision_points/{ => ssvc}/safety_impact_2_0_0.json | 0 .../{ => ssvc}/supplier_cardinality_1_0_0.json | 0 .../decision_points/{ => ssvc}/supplier_contacted_1_0_0.json | 0 .../{ => ssvc}/supplier_engagement_1_0_0.json | 0 .../{ => ssvc}/supplier_involvement_1_0_0.json | 0 .../decision_points/{ => ssvc}/system_exposure_1_0_0.json | 0 .../decision_points/{ => ssvc}/system_exposure_1_0_1.json | 0 .../decision_points/{ => ssvc}/technical_impact_1_0_0.json | 0 data/json/decision_points/{ => ssvc}/utility_1_0_0.json | 0 data/json/decision_points/{ => ssvc}/utility_1_0_1.json | 0 .../json/decision_points/{ => ssvc}/value_density_1_0_0.json | 0 data/json/decision_points/{ => ssvc}/virulence_1_0_0.json | 0 src/ssvc/doctools.py | 5 ++--- 30 files changed, 2 insertions(+), 3 deletions(-) rename data/json/decision_points/{ => ssvc}/automatable_2_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/exploitation_1_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/exploitation_1_1_0.json (100%) rename data/json/decision_points/{ => ssvc}/human_impact_1_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/human_impact_2_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/human_impact_2_0_1.json (100%) rename data/json/decision_points/{ => ssvc}/mission_and_well-being_impact_1_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/mission_impact_1_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/mission_impact_2_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/public_safety_impact_1_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/public_safety_impact_2_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/public_safety_impact_2_0_1.json (100%) rename data/json/decision_points/{ => ssvc}/public_value_added_1_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/public_well-being_impact_1_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/report_credibility_1_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/report_public_1_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/safety_impact_1_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/safety_impact_2_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/supplier_cardinality_1_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/supplier_contacted_1_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/supplier_engagement_1_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/supplier_involvement_1_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/system_exposure_1_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/system_exposure_1_0_1.json (100%) rename data/json/decision_points/{ => ssvc}/technical_impact_1_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/utility_1_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/utility_1_0_1.json (100%) rename data/json/decision_points/{ => ssvc}/value_density_1_0_0.json (100%) rename data/json/decision_points/{ => ssvc}/virulence_1_0_0.json (100%) diff --git a/data/json/decision_points/automatable_2_0_0.json b/data/json/decision_points/ssvc/automatable_2_0_0.json similarity index 100% rename from data/json/decision_points/automatable_2_0_0.json rename to data/json/decision_points/ssvc/automatable_2_0_0.json diff --git a/data/json/decision_points/exploitation_1_0_0.json b/data/json/decision_points/ssvc/exploitation_1_0_0.json similarity index 100% rename from data/json/decision_points/exploitation_1_0_0.json rename to data/json/decision_points/ssvc/exploitation_1_0_0.json diff --git a/data/json/decision_points/exploitation_1_1_0.json b/data/json/decision_points/ssvc/exploitation_1_1_0.json similarity index 100% rename from data/json/decision_points/exploitation_1_1_0.json rename to data/json/decision_points/ssvc/exploitation_1_1_0.json diff --git a/data/json/decision_points/human_impact_1_0_0.json b/data/json/decision_points/ssvc/human_impact_1_0_0.json similarity index 100% rename from data/json/decision_points/human_impact_1_0_0.json rename to data/json/decision_points/ssvc/human_impact_1_0_0.json diff --git a/data/json/decision_points/human_impact_2_0_0.json b/data/json/decision_points/ssvc/human_impact_2_0_0.json similarity index 100% rename from data/json/decision_points/human_impact_2_0_0.json rename to data/json/decision_points/ssvc/human_impact_2_0_0.json diff --git a/data/json/decision_points/human_impact_2_0_1.json b/data/json/decision_points/ssvc/human_impact_2_0_1.json similarity index 100% rename from data/json/decision_points/human_impact_2_0_1.json rename to data/json/decision_points/ssvc/human_impact_2_0_1.json diff --git a/data/json/decision_points/mission_and_well-being_impact_1_0_0.json b/data/json/decision_points/ssvc/mission_and_well-being_impact_1_0_0.json similarity index 100% rename from data/json/decision_points/mission_and_well-being_impact_1_0_0.json rename to data/json/decision_points/ssvc/mission_and_well-being_impact_1_0_0.json diff --git a/data/json/decision_points/mission_impact_1_0_0.json b/data/json/decision_points/ssvc/mission_impact_1_0_0.json similarity index 100% rename from data/json/decision_points/mission_impact_1_0_0.json rename to data/json/decision_points/ssvc/mission_impact_1_0_0.json diff --git a/data/json/decision_points/mission_impact_2_0_0.json b/data/json/decision_points/ssvc/mission_impact_2_0_0.json similarity index 100% rename from data/json/decision_points/mission_impact_2_0_0.json rename to data/json/decision_points/ssvc/mission_impact_2_0_0.json diff --git a/data/json/decision_points/public_safety_impact_1_0_0.json b/data/json/decision_points/ssvc/public_safety_impact_1_0_0.json similarity index 100% rename from data/json/decision_points/public_safety_impact_1_0_0.json rename to data/json/decision_points/ssvc/public_safety_impact_1_0_0.json diff --git a/data/json/decision_points/public_safety_impact_2_0_0.json b/data/json/decision_points/ssvc/public_safety_impact_2_0_0.json similarity index 100% rename from data/json/decision_points/public_safety_impact_2_0_0.json rename to data/json/decision_points/ssvc/public_safety_impact_2_0_0.json diff --git a/data/json/decision_points/public_safety_impact_2_0_1.json b/data/json/decision_points/ssvc/public_safety_impact_2_0_1.json similarity index 100% rename from data/json/decision_points/public_safety_impact_2_0_1.json rename to data/json/decision_points/ssvc/public_safety_impact_2_0_1.json diff --git a/data/json/decision_points/public_value_added_1_0_0.json b/data/json/decision_points/ssvc/public_value_added_1_0_0.json similarity index 100% rename from data/json/decision_points/public_value_added_1_0_0.json rename to data/json/decision_points/ssvc/public_value_added_1_0_0.json diff --git a/data/json/decision_points/public_well-being_impact_1_0_0.json b/data/json/decision_points/ssvc/public_well-being_impact_1_0_0.json similarity index 100% rename from data/json/decision_points/public_well-being_impact_1_0_0.json rename to data/json/decision_points/ssvc/public_well-being_impact_1_0_0.json diff --git a/data/json/decision_points/report_credibility_1_0_0.json b/data/json/decision_points/ssvc/report_credibility_1_0_0.json similarity index 100% rename from data/json/decision_points/report_credibility_1_0_0.json rename to data/json/decision_points/ssvc/report_credibility_1_0_0.json diff --git a/data/json/decision_points/report_public_1_0_0.json b/data/json/decision_points/ssvc/report_public_1_0_0.json similarity index 100% rename from data/json/decision_points/report_public_1_0_0.json rename to data/json/decision_points/ssvc/report_public_1_0_0.json diff --git a/data/json/decision_points/safety_impact_1_0_0.json b/data/json/decision_points/ssvc/safety_impact_1_0_0.json similarity index 100% rename from data/json/decision_points/safety_impact_1_0_0.json rename to data/json/decision_points/ssvc/safety_impact_1_0_0.json diff --git a/data/json/decision_points/safety_impact_2_0_0.json b/data/json/decision_points/ssvc/safety_impact_2_0_0.json similarity index 100% rename from data/json/decision_points/safety_impact_2_0_0.json rename to data/json/decision_points/ssvc/safety_impact_2_0_0.json diff --git a/data/json/decision_points/supplier_cardinality_1_0_0.json b/data/json/decision_points/ssvc/supplier_cardinality_1_0_0.json similarity index 100% rename from data/json/decision_points/supplier_cardinality_1_0_0.json rename to data/json/decision_points/ssvc/supplier_cardinality_1_0_0.json diff --git a/data/json/decision_points/supplier_contacted_1_0_0.json b/data/json/decision_points/ssvc/supplier_contacted_1_0_0.json similarity index 100% rename from data/json/decision_points/supplier_contacted_1_0_0.json rename to data/json/decision_points/ssvc/supplier_contacted_1_0_0.json diff --git a/data/json/decision_points/supplier_engagement_1_0_0.json b/data/json/decision_points/ssvc/supplier_engagement_1_0_0.json similarity index 100% rename from data/json/decision_points/supplier_engagement_1_0_0.json rename to data/json/decision_points/ssvc/supplier_engagement_1_0_0.json diff --git a/data/json/decision_points/supplier_involvement_1_0_0.json b/data/json/decision_points/ssvc/supplier_involvement_1_0_0.json similarity index 100% rename from data/json/decision_points/supplier_involvement_1_0_0.json rename to data/json/decision_points/ssvc/supplier_involvement_1_0_0.json diff --git a/data/json/decision_points/system_exposure_1_0_0.json b/data/json/decision_points/ssvc/system_exposure_1_0_0.json similarity index 100% rename from data/json/decision_points/system_exposure_1_0_0.json rename to data/json/decision_points/ssvc/system_exposure_1_0_0.json diff --git a/data/json/decision_points/system_exposure_1_0_1.json b/data/json/decision_points/ssvc/system_exposure_1_0_1.json similarity index 100% rename from data/json/decision_points/system_exposure_1_0_1.json rename to data/json/decision_points/ssvc/system_exposure_1_0_1.json diff --git a/data/json/decision_points/technical_impact_1_0_0.json b/data/json/decision_points/ssvc/technical_impact_1_0_0.json similarity index 100% rename from data/json/decision_points/technical_impact_1_0_0.json rename to data/json/decision_points/ssvc/technical_impact_1_0_0.json diff --git a/data/json/decision_points/utility_1_0_0.json b/data/json/decision_points/ssvc/utility_1_0_0.json similarity index 100% rename from data/json/decision_points/utility_1_0_0.json rename to data/json/decision_points/ssvc/utility_1_0_0.json diff --git a/data/json/decision_points/utility_1_0_1.json b/data/json/decision_points/ssvc/utility_1_0_1.json similarity index 100% rename from data/json/decision_points/utility_1_0_1.json rename to data/json/decision_points/ssvc/utility_1_0_1.json diff --git a/data/json/decision_points/value_density_1_0_0.json b/data/json/decision_points/ssvc/value_density_1_0_0.json similarity index 100% rename from data/json/decision_points/value_density_1_0_0.json rename to data/json/decision_points/ssvc/value_density_1_0_0.json diff --git a/data/json/decision_points/virulence_1_0_0.json b/data/json/decision_points/ssvc/virulence_1_0_0.json similarity index 100% rename from data/json/decision_points/virulence_1_0_0.json rename to data/json/decision_points/ssvc/virulence_1_0_0.json diff --git a/src/ssvc/doctools.py b/src/ssvc/doctools.py index f16323c6..1cdbe8e9 100644 --- a/src/ssvc/doctools.py +++ b/src/ssvc/doctools.py @@ -33,10 +33,10 @@ import ssvc.dp_groups.cvss.collections # noqa import ssvc.dp_groups.ssvc.collections # noqa -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import ( REGISTERED_DECISION_POINTS, ) +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint logger = logging.getLogger(__name__) @@ -134,8 +134,7 @@ def dump_json( parts = [ jsondir, ] - if dp.namespace != "ssvc": - parts.append(_filename_friendly(dp.namespace)) + parts.append(_filename_friendly(dp.namespace)) parts.append(filename) json_file = os.path.join(*parts) From a97d5cafa97bcd79ea70c8f670fe05300e01a443 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 21 Mar 2025 16:42:40 -0400 Subject: [PATCH 058/468] fix tests --- src/ssvc/decision_tables/base.py | 3 ++- src/ssvc/doctools.py | 8 +++++--- src/test/test_decision_table.py | 2 +- src/test/test_doctools.py | 13 ++++++++++--- src/test/test_dp_base.py | 8 ++++---- src/test/test_dp_groups.py | 2 +- src/test/test_dp_helpers.py | 5 +++-- src/test/test_policy_generator.py | 1 + 8 files changed, 27 insertions(+), 15 deletions(-) diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index 838a5f99..15871beb 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -24,7 +24,8 @@ from ssvc._mixins import _Base, _Commented, _Namespaced, _SchemaVersioned from ssvc.csv_analyzer import check_topological_order -from ssvc.decision_points.base import DecisionPointValue, SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.dp_groups.base import SsvcDecisionPointGroup from ssvc.outcomes.base import OutcomeGroup, OutcomeValue from ssvc.policy_generator import PolicyGenerator diff --git a/src/ssvc/doctools.py b/src/ssvc/doctools.py index 1cdbe8e9..7ab79d02 100644 --- a/src/ssvc/doctools.py +++ b/src/ssvc/doctools.py @@ -34,7 +34,7 @@ import ssvc.dp_groups.cvss.collections # noqa import ssvc.dp_groups.ssvc.collections # noqa from ssvc.decision_points.base import ( - REGISTERED_DECISION_POINTS, + DecisionPoint, REGISTERED_DECISION_POINTS, ) from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint @@ -115,7 +115,7 @@ def dump_decision_point(jsondir: str, dp: SsvcDecisionPoint, overwrite: bool) -> def dump_json( - basename: str, dp: SsvcDecisionPoint, jsondir: str, overwrite: bool + basename: str, dp: DecisionPoint, jsondir: str, overwrite: bool ) -> str: """ Generate the json example for a decision point. @@ -135,13 +135,15 @@ def dump_json( jsondir, ] parts.append(_filename_friendly(dp.namespace)) + dirname = os.path.join(*parts) + parts.append(filename) json_file = os.path.join(*parts) if overwrite: remove_if_exists(json_file) - with EnsureDirExists(jsondir): + with EnsureDirExists(dirname): try: with open(json_file, "x") as f: f.write(dp.model_dump_json(indent=2)) diff --git a/src/test/test_decision_table.py b/src/test/test_decision_table.py index 841be8eb..d923a64a 100644 --- a/src/test/test_decision_table.py +++ b/src/test/test_decision_table.py @@ -39,7 +39,7 @@ def setUp(self): ) dpvs.append(dpv) - dp = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( + dp = ssvc.decision_points.ssvc_.base.SsvcDecisionPoint( name=f"Decision Point {i}", key=f"DP{i}", description=f"Decision Point {i} Description", diff --git a/src/test/test_doctools.py b/src/test/test_doctools.py index 33e2924b..0c218805 100644 --- a/src/test/test_doctools.py +++ b/src/test/test_doctools.py @@ -16,6 +16,7 @@ import tempfile import unittest +from ssvc.decision_points.base import DecisionPoint from ssvc.doctools import ( EnsureDirExists, _filename_friendly, @@ -39,7 +40,7 @@ class MyTestCase(unittest.TestCase): def setUp(self) -> None: - self.dp = SsvcDecisionPoint.model_validate(_dp_dict) + self.dp = DecisionPoint.model_validate(_dp_dict) # create a temp working dir self.tempdir = tempfile.TemporaryDirectory() @@ -96,7 +97,11 @@ def test_dump_decision_point(self): self.assertIn("json", os.listdir(self.tempdir.name)) self.assertEqual(1, len(os.listdir(jsondir))) - file_created = os.listdir(jsondir)[0] + nsdir = os.path.join(jsondir, dp.namespace) + self.assertTrue(os.path.exists(nsdir)) + self.assertEqual(1, len(os.listdir(nsdir))) + + file_created = os.listdir(nsdir)[0] for word in dp.name.split(): self.assertIn(word.lower(), file_created) @@ -109,12 +114,14 @@ def test_dump_json(self): dp = self.dp jsondir = self.tempdir.name overwrite = False + nsdir = os.path.join(jsondir, dp.namespace) - _jsonfile = os.path.join(jsondir, f"{basename}.json") + _jsonfile = os.path.join(nsdir, f"{basename}.json") self.assertFalse(os.path.exists(_jsonfile)) # should create the file in the expected place json_file = dump_json(basename, dp, jsondir, overwrite) + self.assertEqual(_jsonfile, json_file) self.assertTrue(os.path.exists(json_file)) diff --git a/src/test/test_dp_base.py b/src/test/test_dp_base.py index 79da6013..175a3d73 100644 --- a/src/test/test_dp_base.py +++ b/src/test/test_dp_base.py @@ -30,7 +30,7 @@ def setUp(self) -> None: ) ) - self.dp = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( + self.dp = ssvc.decision_points.ssvc_.base.SsvcDecisionPoint( name="foo", key="bar", description="baz", @@ -55,7 +55,7 @@ def test_registry(self): # just by creating the objects, they should be registered self.assertIn(self.dp, base.REGISTERED_DECISION_POINTS) - dp2 = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( + dp2 = ssvc.decision_points.ssvc_.base.SsvcDecisionPoint( name="asdfad", key="asdfasdf", description="asdfasdf", @@ -68,7 +68,7 @@ def test_registry(self): # just by creating the objects, they should be registered self.assertIn(self.dp, base.REGISTERED_DECISION_POINTS) - dp2 = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( + dp2 = ssvc.decision_points.ssvc_.base.SsvcDecisionPoint( name="asdfad", key="asdfasdf", description="asdfasdf", @@ -118,7 +118,7 @@ def test_ssvc_decision_point_json_roundtrip(self): self.assertIsInstance(json, str) self.assertGreater(len(json), 0) - obj2 = ssvc.decision_points.ssvc.base.SsvcDecisionPoint.model_validate_json( + obj2 = ssvc.decision_points.ssvc_.base.SsvcDecisionPoint.model_validate_json( json ) diff --git a/src/test/test_dp_groups.py b/src/test/test_dp_groups.py index a02ef25e..ad8b9a73 100644 --- a/src/test/test_dp_groups.py +++ b/src/test/test_dp_groups.py @@ -22,7 +22,7 @@ class MyTestCase(unittest.TestCase): def setUp(self) -> None: self.dps = [] for i in range(10): - dp = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( + dp = ssvc.decision_points.ssvc_.base.SsvcDecisionPoint( name=f"Decision Point {i}", key=f"DP_{i}", description=f"Description of Decision Point {i}", diff --git a/src/test/test_dp_helpers.py b/src/test/test_dp_helpers.py index d62811f2..493bdb81 100644 --- a/src/test/test_dp_helpers.py +++ b/src/test/test_dp_helpers.py @@ -25,7 +25,8 @@ def setUp(self) -> None: key="test_dp", description="This is a test decision point", version="1.0.0", - values=[ + namespace='x_test', + values=( DecisionPointValue( name="Yes", key="yes", @@ -36,7 +37,7 @@ def setUp(self) -> None: key="no", description="No", ), - ], + ), ) self.dp2 = deepcopy(self.dp1) diff --git a/src/test/test_policy_generator.py b/src/test/test_policy_generator.py index 2be16f7b..b68fb757 100644 --- a/src/test/test_policy_generator.py +++ b/src/test/test_policy_generator.py @@ -44,6 +44,7 @@ def setUp(self) -> None: name=c, description=c, key=c, + namespace='x_test', values=[ DecisionPointValue(name=v, key=v, description=v) for v in self.dp_values From d107c586e08fd3ca66bf461eff8cc0f18d2c68a5 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 24 Mar 2025 10:01:12 -0400 Subject: [PATCH 059/468] reorganize test cases to parallel `ssvc` package --- src/test/decision_points/__init__.py | 15 +++ .../test_cvss_helpers.py | 0 .../{ => decision_points}/test_dp_base.py | 0 .../{ => decision_points}/test_dp_helpers.py | 0 src/test/decision_tables/__init__.py | 15 +++ .../test_decision_table.py | 0 src/test/dp_groups/__init__.py | 15 +++ src/test/{ => dp_groups}/test_dp_groups.py | 0 src/test/outcomes/__init__.py | 15 +++ src/test/{ => outcomes}/test_outcomes.py | 0 src/test/test_prioritization_framework.py | 99 ------------------- 11 files changed, 60 insertions(+), 99 deletions(-) create mode 100644 src/test/decision_points/__init__.py rename src/test/{ => decision_points}/test_cvss_helpers.py (100%) rename src/test/{ => decision_points}/test_dp_base.py (100%) rename src/test/{ => decision_points}/test_dp_helpers.py (100%) create mode 100644 src/test/decision_tables/__init__.py rename src/test/{ => decision_tables}/test_decision_table.py (100%) create mode 100644 src/test/dp_groups/__init__.py rename src/test/{ => dp_groups}/test_dp_groups.py (100%) create mode 100644 src/test/outcomes/__init__.py rename src/test/{ => outcomes}/test_outcomes.py (100%) delete mode 100644 src/test/test_prioritization_framework.py diff --git a/src/test/decision_points/__init__.py b/src/test/decision_points/__init__.py new file mode 100644 index 00000000..5c215061 --- /dev/null +++ b/src/test/decision_points/__init__.py @@ -0,0 +1,15 @@ +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides test classes for ssvc.decision_points. +""" diff --git a/src/test/test_cvss_helpers.py b/src/test/decision_points/test_cvss_helpers.py similarity index 100% rename from src/test/test_cvss_helpers.py rename to src/test/decision_points/test_cvss_helpers.py diff --git a/src/test/test_dp_base.py b/src/test/decision_points/test_dp_base.py similarity index 100% rename from src/test/test_dp_base.py rename to src/test/decision_points/test_dp_base.py diff --git a/src/test/test_dp_helpers.py b/src/test/decision_points/test_dp_helpers.py similarity index 100% rename from src/test/test_dp_helpers.py rename to src/test/decision_points/test_dp_helpers.py diff --git a/src/test/decision_tables/__init__.py b/src/test/decision_tables/__init__.py new file mode 100644 index 00000000..3a081023 --- /dev/null +++ b/src/test/decision_tables/__init__.py @@ -0,0 +1,15 @@ +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides test classes for ssvc.decision_tables. +""" diff --git a/src/test/test_decision_table.py b/src/test/decision_tables/test_decision_table.py similarity index 100% rename from src/test/test_decision_table.py rename to src/test/decision_tables/test_decision_table.py diff --git a/src/test/dp_groups/__init__.py b/src/test/dp_groups/__init__.py new file mode 100644 index 00000000..bb9ae345 --- /dev/null +++ b/src/test/dp_groups/__init__.py @@ -0,0 +1,15 @@ +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides test classes for ssvc.dp_groups. +""" diff --git a/src/test/test_dp_groups.py b/src/test/dp_groups/test_dp_groups.py similarity index 100% rename from src/test/test_dp_groups.py rename to src/test/dp_groups/test_dp_groups.py diff --git a/src/test/outcomes/__init__.py b/src/test/outcomes/__init__.py new file mode 100644 index 00000000..3c4a8bfe --- /dev/null +++ b/src/test/outcomes/__init__.py @@ -0,0 +1,15 @@ +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides test classes for ssvc.outcomes. +""" diff --git a/src/test/test_outcomes.py b/src/test/outcomes/test_outcomes.py similarity index 100% rename from src/test/test_outcomes.py rename to src/test/outcomes/test_outcomes.py diff --git a/src/test/test_prioritization_framework.py b/src/test/test_prioritization_framework.py deleted file mode 100644 index a8ec7dba..00000000 --- a/src/test/test_prioritization_framework.py +++ /dev/null @@ -1,99 +0,0 @@ -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University - -import unittest - -import pandas as pd - -from ssvc.decision_points.ssvc_.exploitation import LATEST as exploitation_dp -from ssvc.decision_points.ssvc_.safety_impact import LATEST as safety_dp -from ssvc.decision_points.ssvc_.system_exposure import LATEST as exposure_dp -from ssvc.decision_tables.base import DecisionTable -from ssvc.dp_groups.base import SsvcDecisionPointGroup -from ssvc.outcomes.groups import DSOI as dsoi_og - - -class MyTestCase(unittest.TestCase): - def setUp(self): - self.framework = DecisionTable( - name="Test Prioritization Framework", - description="Test Prioritization Framework Description", - version="1.0.0", - namespace="x_test", - decision_point_group=SsvcDecisionPointGroup( - name="Test Decision Point Group", - description="Test Decision Point Group Description", - decision_points=[exploitation_dp, exposure_dp, safety_dp], - ), - outcome_group=dsoi_og, - mapping=[], - ) - - pass - - def tearDown(self): - pass - - def test_create(self): - self.assertEqual(self.framework.name, "Test Prioritization Framework") - self.assertEqual(3, len(self.framework.decision_point_group)) - # mapping should not be empty - self.assertGreater(len(self.framework.mapping), 0) - - def test_generate_mapping(self): - result = self.framework.generate_df() - - # there should be one row in result for each combination of decision points - combo_count = len(list(self.framework.decision_point_group.combinations())) - self.assertEqual(len(result), combo_count) - - # the length of each key should be the number of decision points - for key in result.keys(): - parts = key.split(",") - self.assertEqual(len(parts), 3) - for i, keypart in enumerate(parts): - dp_namespace, dp_key, dp_value_key = keypart.split(":") - - dp = self.framework.decision_point_group.decision_points[i] - self.assertEqual(dp_namespace, dp.namespace) - self.assertEqual(dp_key, dp.key) - value_keys = [v.key for v in dp.values] - self.assertIn(dp_value_key, value_keys) - - def test_mapping_to_table(self): - d = { - "ssvc:One:A,ssvc:Two:B,ssvc:Three:C": "og:One", - "ssvc:One:A,ssvc:Two:B,ssvc:Three:D": "og:Two", - } - table = self.framework.mapping_to_table(d) - - # is it a DataFrame? - self.assertIsInstance(table, pd.DataFrame) - self.assertEqual(2, len(table)) - self.assertEqual(4, len(table.columns)) - - # does it have the right columns? - self.assertEqual(["one", "two", "three", "og"], list(table.columns)) - # does it have the right values? - for i, (k, v) in enumerate(d.items()): - k = k.lower() - v = v.lower() - - parts = k.split(",") - for part in parts: - (ns, dp, val) = part.split(":") - self.assertEqual(val, table.iloc[i][dp]) - - -if __name__ == "__main__": - unittest.main() From 99f874ca575a8a411093502896cb8143c3107359 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 24 Mar 2025 12:02:26 -0400 Subject: [PATCH 060/468] add str property to both ValueSummary and DecisionPoint for use in lookup tables --- src/ssvc/decision_points/base.py | 52 +++++++++++++++++-- src/test/decision_points/test_dp_base.py | 65 ++++++++++++++++++++++++ 2 files changed, 114 insertions(+), 3 deletions(-) diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index 3d09b215..c1781faa 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -35,6 +35,7 @@ _RDP = {} REGISTERED_DECISION_POINTS = [] +FIELD_DELIMITER = ":" def register(dp): @@ -89,9 +90,20 @@ class ValueSummary(_Versioned, _Keyed, _Namespaced, BaseModel): value: str def __str__(self): - s = ":".join([self.namespace, self.key, self.version, self.value]) + s = FIELD_DELIMITER.join([self.namespace, self.key, self.version, self.value]) return s + @property + def str(self): + """ + Return the ValueSummary as a string. + + Returns: + str: A string representation of the ValueSummary, in the format "namespace:key:version:value". + + """ + return self.__str__() + class DecisionPoint( _Valued, _Keyed, _SchemaVersioned, _Namespaced, _Base, _Commented, BaseModel @@ -111,6 +123,20 @@ class DecisionPoint( values: tuple[DecisionPointValue, ...] + def __str__(self): + return FIELD_DELIMITER.join([self.namespace, self.key, self.version]) + + @property + def str(self) -> str: + """ + Return the DecisionPoint represented as a short string. + + Returns: + str: A string representation of the DecisionPoint, in the format "namespace:key:version". + + """ + return self.__str__() + @model_validator(mode="after") def _register(self): """ @@ -124,7 +150,14 @@ def value_summaries(self) -> list[ValueSummary]: """ Return a list of value summaries. """ - summaries = [] + return list(self.value_summaries_dict.values()) + + @property + def value_summaries_dict(self) -> dict[str, ValueSummary]: + """ + Return a dictionary of value summaries keyed by the value key. + """ + summaries = {} for value in self.values: summary = ValueSummary( key=self.key, @@ -132,9 +165,22 @@ def value_summaries(self) -> list[ValueSummary]: namespace=self.namespace, value=value.key, ) - summaries.append(summary) + key = summary.str + summaries[key] = summary + return summaries + @property + def value_summaries_str(self): + """ + Return a list of value summaries as strings. + + Returns: + list: A list of strings, each representing a value summary in the format "namespace:key:version:value". + + """ + return list(self.value_summaries_dict.keys()) + def main(): opt_none = DecisionPointValue( diff --git a/src/test/decision_points/test_dp_base.py b/src/test/decision_points/test_dp_base.py index 175a3d73..e573d59f 100644 --- a/src/test/decision_points/test_dp_base.py +++ b/src/test/decision_points/test_dp_base.py @@ -126,6 +126,71 @@ def test_ssvc_decision_point_json_roundtrip(self): self.assertEqual(obj, obj2) self.assertEqual(obj.model_dump(), obj2.model_dump()) + def test_value_summaries_dict(self): + obj = self.dp + summaries = obj.value_summaries_dict + + # should be a dictionary + self.assertIsInstance(summaries, dict) + self.assertEqual(len(summaries), len(obj.values)) + + # the summaries dict should have str(ValueSummary) as the key + # and the ValueSummary as the value + for key, summary in summaries.items(): + # confirm the key is the string representation of the ValueSummary + self.assertEqual(key, str(summary)) + + # confirm the attributes of the ValueSummary + # key, version, and namespace come from the decision point + self.assertEqual(summary.key, obj.key) + self.assertEqual(summary.version, obj.version) + self.assertEqual(summary.namespace, obj.namespace) + # value comes from the list of values, and should be a key to one of the values + value_keys = [v.key for v in obj.values] + self.assertIn(summary.value, value_keys) + + def test_value_summaries_str(self): + obj = self.dp + summaries = obj.value_summaries_str + + # should be a list + self.assertIsInstance(summaries, list) + self.assertEqual(len(summaries), len(obj.values)) + + # the summaries list should have str(ValueSummary) as the key + for key in summaries: + # confirm the key is the string representation of the ValueSummary + self.assertIsInstance(key, str) + + # parse the key into its parts + (ns, k, v, val) = key.split(":") + # ns, k, v should come from the decision point + self.assertEqual(ns, obj.namespace) + self.assertEqual(k, obj.key) + self.assertEqual(v, obj.version) + # val should be a key to one of the values + value_keys = [v.key for v in obj.values] + self.assertIn(val, value_keys) + + def test_value_summaries(self): + obj = self.dp + summaries = obj.value_summaries + + # should be a list + self.assertIsInstance(summaries, list) + self.assertEqual(len(summaries), len(obj.values)) + + # the summaries list should be ValueSummary objects + for summary in summaries: + self.assertIsInstance(summary, base.ValueSummary) + # key, version, and namespace come from the decision point + self.assertEqual(summary.key, obj.key) + self.assertEqual(summary.version, obj.version) + self.assertEqual(summary.namespace, obj.namespace) + # value comes from the list of values, and should be a key to one of the values + value_keys = [v.key for v in obj.values] + self.assertIn(summary.value, value_keys) + if __name__ == "__main__": unittest.main() From 3ee0b1261410d15ef695883b1f0da113e32a3895 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 24 Mar 2025 12:04:16 -0400 Subject: [PATCH 061/468] adds decision point lookup dict --- src/ssvc/dp_groups/base.py | 17 +++++++++++++- src/test/dp_groups/test_dp_groups.py | 34 ++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 1 deletion(-) diff --git a/src/ssvc/dp_groups/base.py b/src/ssvc/dp_groups/base.py index e43bd063..664644f9 100644 --- a/src/ssvc/dp_groups/base.py +++ b/src/ssvc/dp_groups/base.py @@ -24,7 +24,8 @@ from ssvc._mixins import _Base, _SchemaVersioned from ssvc.decision_points.base import ( - DecisionPoint, ValueSummary, + DecisionPoint, + ValueSummary, ) from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint @@ -50,6 +51,20 @@ def __len__(self): l = len(dplist) return l + @property + def decision_points_dict(self) -> dict[str, DecisionPoint]: + """ + Return a dictionary of decision points keyed by their name. + """ + return {dp.str: dp for dp in self.decision_points} + + @property + def decision_points_str(self) -> list[str]: + """ + Return a list of decision point names. + """ + return list(self.decision_points_dict.keys()) + def combination_summaries(self) -> Generator[tuple[ValueSummary, ...], None, None]: # get the value summaries for each decision point value_summaries = [dp.value_summaries for dp in self.decision_points] diff --git a/src/test/dp_groups/test_dp_groups.py b/src/test/dp_groups/test_dp_groups.py index ad8b9a73..e7612efa 100644 --- a/src/test/dp_groups/test_dp_groups.py +++ b/src/test/dp_groups/test_dp_groups.py @@ -119,6 +119,40 @@ def test_json_roundtrip(self): # assert that the new group is the same as the old group self.assertEqual(g_json, g2.model_dump_json()) + def test_decision_points_dict(self): + # add them to a decision point group + g = dpg.SsvcDecisionPointGroup( + name="Test Group", + description="Test Group", + decision_points=self.dps, + ) + + # get the decision points as a dictionary + dp_dict = g.decision_points_dict + + # assert that the dictionary is the correct length + self.assertEqual(len(self.dps), len(dp_dict)) + + # assert that each decision point is in the dictionary + for dp in self.dps: + self.assertIn(dp.str, dp_dict) + self.assertEqual(dp, dp_dict[dp.str]) + + def test_decision_points_str(self): + g = dpg.SsvcDecisionPointGroup( + name="Test Group", + description="Test Group", + decision_points=self.dps, + ) + dp_str = g.decision_points_str + self.assertEqual(len(self.dps), len(dp_str)) + + for i, dp in enumerate(self.dps): + self.assertIn(dp.str, dp_str) + # check that the string is the same as the decision point's string representation + # and they are in the same order + self.assertEqual(dp.str, dp_str[i]) + if __name__ == "__main__": unittest.main() From 5b6424222bd008d596a2bc4c24eed275a1e4fbf7 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 24 Mar 2025 13:04:44 -0400 Subject: [PATCH 062/468] start converting outcome groups to decision points --- src/ssvc/outcomes/base.py | 30 ++---- src/ssvc/outcomes/cvss/__init__.py | 15 +++ src/ssvc/outcomes/cvss/lmhc.py | 51 ++++++++++ src/ssvc/outcomes/groups.py | 140 ++++++++------------------ src/ssvc/outcomes/ssvc_/__init__.py | 15 +++ src/ssvc/outcomes/ssvc_/coordinate.py | 41 ++++++++ src/ssvc/outcomes/ssvc_/dsoi.py | 49 +++++++++ src/ssvc/outcomes/ssvc_/publish.py | 46 +++++++++ src/ssvc/policy_generator.py | 2 +- src/test/outcomes/test_outcomes.py | 1 + src/test/test_policy_generator.py | 41 +++++--- 11 files changed, 295 insertions(+), 136 deletions(-) create mode 100644 src/ssvc/outcomes/cvss/__init__.py create mode 100644 src/ssvc/outcomes/cvss/lmhc.py create mode 100644 src/ssvc/outcomes/ssvc_/__init__.py create mode 100644 src/ssvc/outcomes/ssvc_/coordinate.py create mode 100644 src/ssvc/outcomes/ssvc_/dsoi.py create mode 100644 src/ssvc/outcomes/ssvc_/publish.py diff --git a/src/ssvc/outcomes/base.py b/src/ssvc/outcomes/base.py index fabc5aca..a1cb6c08 100644 --- a/src/ssvc/outcomes/base.py +++ b/src/ssvc/outcomes/base.py @@ -1,7 +1,3 @@ -#!/usr/bin/env python -""" -Provides outcome group and outcome value classes for SSVC. -""" # Copyright (c) 2023-2025 Carnegie Mellon University and Contributors. # - see Contributors.md for a full list of Contributors # - see ContributionInstructions.md for information on how you can Contribute to this project @@ -14,23 +10,13 @@ # (“Third Party Software”). See LICENSE.md for more details. # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides outcome group and outcome value classes for SSVC. +""" -from pydantic import BaseModel - -from ssvc._mixins import _Base, _Keyed, _SchemaVersioned, _Valued - - -class OutcomeValue(_Base, _Keyed, BaseModel): - """ - Models a single value option for an SSVC outcome. - """ - - -class OutcomeGroup(_Valued, _Base, _Keyed, _SchemaVersioned, BaseModel): - """ - Models an outcome group. - """ - - values: tuple[OutcomeValue, ...] +from ssvc.decision_points.base import DecisionPoint, DecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint - # register all instances +OutcomeValue = DecisionPointValue +OutcomeGroup = DecisionPoint +SsvcOutcomeGroup = SsvcDecisionPoint diff --git a/src/ssvc/outcomes/cvss/__init__.py b/src/ssvc/outcomes/cvss/__init__.py new file mode 100644 index 00000000..02ead02b --- /dev/null +++ b/src/ssvc/outcomes/cvss/__init__.py @@ -0,0 +1,15 @@ +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides outcome group objects in the cvss namespace +""" diff --git a/src/ssvc/outcomes/cvss/lmhc.py b/src/ssvc/outcomes/cvss/lmhc.py new file mode 100644 index 00000000..803be31c --- /dev/null +++ b/src/ssvc/outcomes/cvss/lmhc.py @@ -0,0 +1,51 @@ +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +from ssvc.decision_points.base import DecisionPointValue as DecisionPointValue +from ssvc.decision_points.cvss.base import CvssDecisionPoint +from ssvc.decision_points.helpers import print_versions_and_diffs + +CVSS_NONE = DecisionPointValue(name="None", key="N", description="None (0.0)") +CVSS_LOW = DecisionPointValue(name="Low", key="L", description="Low (0.1-3.9)") +CVSS_MEDIUM = DecisionPointValue(name="Medium", key="M", description="Medium (4.0-6.9)") +CVSS_HIGH = DecisionPointValue(name="High", key="H", description="High (7.0-8.9)") +CVSS_CRITICAL = DecisionPointValue( + name="Critical", key="C", description="Critical (9.0-10.0)" +) + +LMHC = CvssDecisionPoint( + name="CVSS Qualitative Severity Rating Scale", + key="CVSS", + description="The CVSS Qualitative Severity Rating Scale group.", + version="1.0.0", + values=( + CVSS_NONE, + CVSS_LOW, + CVSS_MEDIUM, + CVSS_HIGH, + CVSS_CRITICAL, + ), +) +""" +The CVSS Qualitative Severity (N,L,M,H,C) Rating Scale outcome group. +""" + +VERSIONS = (LMHC,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/outcomes/groups.py b/src/ssvc/outcomes/groups.py index 73c6c91c..ee12cbf6 100644 --- a/src/ssvc/outcomes/groups.py +++ b/src/ssvc/outcomes/groups.py @@ -1,8 +1,5 @@ #!/usr/bin/env python -""" -Provides a set of outcome groups for use in SSVC. -""" -# Copyright (c) 2023-2025 Carnegie Mellon University and Contributors. +# Copyright (c) 2025 Carnegie Mellon University and Contributors. # - see Contributors.md for a full list of Contributors # - see ContributionInstructions.md for information on how you can Contribute to this project # Stakeholder Specific Vulnerability Categorization (SSVC) is @@ -14,133 +11,78 @@ # (“Third Party Software”). See LICENSE.md for more details. # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University - -from ssvc.outcomes.base import OutcomeGroup, OutcomeValue - -# Note: Outcome Groups must be defined in ascending order. - - -DSOI = OutcomeGroup( - name="Defer, Scheduled, Out-of-Cycle, Immediate", - key="DSOI", - description="The original SSVC outcome group.", - version="1.0.0", - values=( - OutcomeValue(name="Defer", key="D", description="Defer"), - OutcomeValue(name="Scheduled", key="S", description="Scheduled"), - OutcomeValue(name="Out-of-Cycle", key="O", description="Out-of-Cycle"), - OutcomeValue(name="Immediate", key="I", description="Immediate"), - ), -) """ -The original SSVC outcome group. +Provides a set of outcome groups for use in SSVC. """ -PUBLISH = OutcomeGroup( - name="Publish, Do Not Publish", - key="PUBLISH", - description="The publish outcome group.", - version="1.0.0", - values=( - OutcomeValue(name="Do Not Publish", key="N", description="Do Not Publish"), - OutcomeValue(name="Publish", key="P", description="Publish"), - ), -) -""" -The publish outcome group. -""" +from ssvc.decision_points.base import DecisionPointValue as DecisionPointValue +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint -COORDINATE = OutcomeGroup( - name="Decline, Track, Coordinate", - key="COORDINATE", - description="The coordinate outcome group.", - version="1.0.0", - values=( - OutcomeValue(name="Decline", key="D", description="Decline"), - OutcomeValue(name="Track", key="T", description="Track"), - OutcomeValue(name="Coordinate", key="C", description="Coordinate"), - ), -) -""" -The coordinate outcome group. -""" -MOSCOW = OutcomeGroup( +# Note: Outcome Groups must be defined in ascending order. + + +MOSCOW = SsvcDecisionPoint( name="MoSCoW", - key="MOSCOW", - description="The Moscow outcome group.", + key="MSCW", + description="The MoSCoW (Must, Should, Could, Won't) outcome group.", version="1.0.0", values=( - OutcomeValue(name="Won't", key="W", description="Won't"), - OutcomeValue(name="Could", key="C", description="Could"), - OutcomeValue(name="Should", key="S", description="Should"), - OutcomeValue(name="Must", key="M", description="Must"), + DecisionPointValue(name="Won't", key="W", description="Won't"), + DecisionPointValue(name="Could", key="C", description="Could"), + DecisionPointValue(name="Should", key="S", description="Should"), + DecisionPointValue(name="Must", key="M", description="Must"), ), ) """ The MoSCoW outcome group. """ -EISENHOWER = OutcomeGroup( +EISENHOWER = SsvcDecisionPoint( name="Do, Schedule, Delegate, Delete", key="EISENHOWER", description="The Eisenhower outcome group.", version="1.0.0", values=( - OutcomeValue(name="Delete", key="D", description="Delete"), - OutcomeValue(name="Delegate", key="G", description="Delegate"), - OutcomeValue(name="Schedule", key="S", description="Schedule"), - OutcomeValue(name="Do", key="O", description="Do"), + DecisionPointValue(name="Delete", key="D", description="Delete"), + DecisionPointValue(name="Delegate", key="G", description="Delegate"), + DecisionPointValue(name="Schedule", key="S", description="Schedule"), + DecisionPointValue(name="Do", key="O", description="Do"), ), ) """ The Eisenhower outcome group. """ -CVSS = OutcomeGroup( - name="CVSS Levels", - key="CVSS", - description="The CVSS outcome group.", - version="1.0.0", - values=( - OutcomeValue(name="Low", key="L", description="Low"), - OutcomeValue(name="Medium", key="M", description="Medium"), - OutcomeValue(name="High", key="H", description="High"), - OutcomeValue(name="Critical", key="C", description="Critical"), - ), -) -""" -The CVSS outcome group. -""" -CISA = OutcomeGroup( +CISA = SsvcDecisionPoint( name="CISA Levels", key="CISA", description="The CISA outcome group. " "CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", version="1.0.0", values=( - OutcomeValue( + DecisionPointValue( name="Track", key="T", description="The vulnerability does not require action at this time. " "The organization would continue to track the vulnerability and reassess it if new information becomes available. " "CISA recommends remediating Track vulnerabilities within standard update timelines.", ), - OutcomeValue( + DecisionPointValue( name="Track*", key="T*", description="The vulnerability contains specific characteristics that may require closer monitoring for changes. " "CISA recommends remediating Track* vulnerabilities within standard update timelines.", ), - OutcomeValue( + DecisionPointValue( name="Attend", key="A", description="The vulnerability requires attention from the organization's internal, supervisory-level individuals. " "Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. " "CISA recommends remediating Attend vulnerabilities sooner than standard update timelines.", ), - OutcomeValue( + DecisionPointValue( name="Act", key="A", description="The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. " @@ -155,49 +97,53 @@ See https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc """ -YES_NO = OutcomeGroup( +YES_NO = SsvcDecisionPoint( name="Yes, No", key="YES_NO", description="The Yes/No outcome group.", version="1.0.0", values=( - OutcomeValue(name="No", key="N", description="No"), - OutcomeValue(name="Yes", key="Y", description="Yes"), + DecisionPointValue(name="No", key="N", description="No"), + DecisionPointValue(name="Yes", key="Y", description="Yes"), ), ) """ The Yes/No outcome group. """ -VALUE_COMPLEXITY = OutcomeGroup( +VALUE_COMPLEXITY = SsvcDecisionPoint( name="Value, Complexity", key="VALUE_COMPLEXITY", description="The Value/Complexity outcome group.", version="1.0.0", values=( # drop, reconsider later, easy win, do first - OutcomeValue(name="Drop", key="D", description="Drop"), - OutcomeValue(name="Reconsider Later", key="R", description="Reconsider Later"), - OutcomeValue(name="Easy Win", key="E", description="Easy Win"), - OutcomeValue(name="Do First", key="F", description="Do First"), + DecisionPointValue(name="Drop", key="D", description="Drop"), + DecisionPointValue( + name="Reconsider Later", key="R", description="Reconsider Later" + ), + DecisionPointValue(name="Easy Win", key="E", description="Easy Win"), + DecisionPointValue(name="Do First", key="F", description="Do First"), ), ) """ The Value/Complexity outcome group. """ -THE_PARANOIDS = OutcomeGroup( +THE_PARANOIDS = SsvcDecisionPoint( name="theParanoids", key="PARANOIDS", description="PrioritizedRiskRemediation outcome group based on TheParanoids.", version="1.0.0", values=( - OutcomeValue(name="Track 5", key="5", description="Track"), - OutcomeValue(name="Track Closely 4", key="4", description="Track Closely"), - OutcomeValue(name="Attend 3", key="3", description="Attend"), - OutcomeValue(name="Attend 2", key="2", description="Attend"), - OutcomeValue(name="Act 1", key="1", description="Act"), - OutcomeValue(name="Act ASAP 0", key="0", description="Act ASAP"), + DecisionPointValue(name="Track 5", key="5", description="Track"), + DecisionPointValue( + name="Track Closely 4", key="4", description="Track Closely" + ), + DecisionPointValue(name="Attend 3", key="3", description="Attend"), + DecisionPointValue(name="Attend 2", key="2", description="Attend"), + DecisionPointValue(name="Act 1", key="1", description="Act"), + DecisionPointValue(name="Act ASAP 0", key="0", description="Act ASAP"), ), ) """ diff --git a/src/ssvc/outcomes/ssvc_/__init__.py b/src/ssvc/outcomes/ssvc_/__init__.py new file mode 100644 index 00000000..f9dba018 --- /dev/null +++ b/src/ssvc/outcomes/ssvc_/__init__.py @@ -0,0 +1,15 @@ +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides outcome group objects in the ssvc namespace +""" diff --git a/src/ssvc/outcomes/ssvc_/coordinate.py b/src/ssvc/outcomes/ssvc_/coordinate.py new file mode 100644 index 00000000..1baacdd2 --- /dev/null +++ b/src/ssvc/outcomes/ssvc_/coordinate.py @@ -0,0 +1,41 @@ +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +from ssvc.decision_points.base import DecisionPointValue as DecisionPointValue +from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint + +COORDINATE = SsvcDecisionPoint( + name="Decline, Track, Coordinate", + key="COORDINATE", + description="The coordinate outcome group.", + version="1.0.0", + values=( + DecisionPointValue(name="Decline", key="D", description="Decline"), + DecisionPointValue(name="Track", key="T", description="Track"), + DecisionPointValue(name="Coordinate", key="C", description="Coordinate"), + ), +) +""" +The coordinate outcome group. +""" + +VERSIONS = (COORDINATE,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/outcomes/ssvc_/dsoi.py b/src/ssvc/outcomes/ssvc_/dsoi.py new file mode 100644 index 00000000..510609c9 --- /dev/null +++ b/src/ssvc/outcomes/ssvc_/dsoi.py @@ -0,0 +1,49 @@ +#!/usr/bin/env python + +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides the defer, scheduled, out-of-cycle, immediate outcome group for use in SSVC. +""" +from ssvc.decision_points.base import DecisionPointValue as DecisionPointValue +from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint + + +DSOI = SsvcDecisionPoint( + name="Defer, Scheduled, Out-of-Cycle, Immediate", + key="DSOI", + description="The original SSVC outcome group.", + version="1.0.0", + values=( + DecisionPointValue(name="Defer", key="D", description="Defer"), + DecisionPointValue(name="Scheduled", key="S", description="Scheduled"), + DecisionPointValue(name="Out-of-Cycle", key="O", description="Out-of-Cycle"), + DecisionPointValue(name="Immediate", key="I", description="Immediate"), + ), +) +""" +The original SSVC outcome group. +""" + + +VERSIONS = (DSOI,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/outcomes/ssvc_/publish.py b/src/ssvc/outcomes/ssvc_/publish.py new file mode 100644 index 00000000..ef90c278 --- /dev/null +++ b/src/ssvc/outcomes/ssvc_/publish.py @@ -0,0 +1,46 @@ +#!/usr/bin/env python + +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University + +from ssvc.decision_points.base import DecisionPointValue as DecisionPointValue +from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint + + +PUBLISH = SsvcDecisionPoint( + name="Publish, Do Not Publish", + key="PUBLISH", + description="The publish outcome group.", + version="1.0.0", + values=( + DecisionPointValue( + name="Do Not Publish", key="N", description="Do Not Publish" + ), + DecisionPointValue(name="Publish", key="P", description="Publish"), + ), +) +""" +The publish outcome group. +""" + +VERSIONS = (PUBLISH,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/policy_generator.py b/src/ssvc/policy_generator.py index 847ab963..d03d5ad8 100644 --- a/src/ssvc/policy_generator.py +++ b/src/ssvc/policy_generator.py @@ -334,7 +334,7 @@ def main(): from ssvc.decision_points.ssvc_.exploitation import EXPLOITATION_1 from ssvc.decision_points.ssvc_.human_impact import HUMAN_IMPACT_2 from ssvc.decision_points.ssvc_.system_exposure import SYSTEM_EXPOSURE_1_0_1 - from ssvc.outcomes.groups import DSOI + from ssvc.outcomes.ssvc_.dsoi import DSOI # set up logging logger = logging.getLogger() diff --git a/src/test/outcomes/test_outcomes.py b/src/test/outcomes/test_outcomes.py index 85bdece2..b9ff379c 100644 --- a/src/test/outcomes/test_outcomes.py +++ b/src/test/outcomes/test_outcomes.py @@ -35,6 +35,7 @@ def test_outcome_group(self): name="Outcome Group", key="OG", description="an outcome group", + namespace="x_test", values=tuple(values), ) diff --git a/src/test/test_policy_generator.py b/src/test/test_policy_generator.py index b68fb757..b7dbffcb 100644 --- a/src/test/test_policy_generator.py +++ b/src/test/test_policy_generator.py @@ -20,7 +20,6 @@ from ssvc.decision_points.base import DecisionPoint, DecisionPointValue from ssvc.dp_groups.base import SsvcDecisionPointGroup -from ssvc.outcomes.base import OutcomeGroup, OutcomeValue from ssvc.policy_generator import PolicyGenerator @@ -30,28 +29,38 @@ def setUp(self) -> None: self.dp_values = ["Yes", "No"] self.dp_names = ["Who", "What", "When", "Where"] - self.og = OutcomeGroup( + self.og = DecisionPoint( name="test", description="test", key="TEST", - values=[OutcomeValue(key=c, name=c, description=c) for c in self.og_names], + namespace="x_test", + values=tuple( + [ + DecisionPointValue(key=c, name=c, description=c) + for c in self.og_names + ] + ), ) self.dpg = SsvcDecisionPointGroup( name="test", description="test", - decision_points=[ - DecisionPoint( - name=c, - description=c, - key=c, - namespace='x_test', - values=[ - DecisionPointValue(name=v, key=v, description=v) - for v in self.dp_values - ], - ) - for c in self.dp_names - ], + decision_points=tuple( + [ + DecisionPoint( + name=c, + description=c, + key=c, + namespace="x_test", + values=tuple( + [ + DecisionPointValue(name=v, key=v, description=v) + for v in self.dp_values + ] + ), + ) + for c in self.dp_names + ] + ), ) def test_pg_init(self): From daddce30166b5ab0fa1d8a526cba886abe0585b3 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 24 Mar 2025 13:18:58 -0400 Subject: [PATCH 063/468] adds a cisa namespace, CisaDecisionPoint base class, and outcome groups for CISA-specific decision models --- src/ssvc/decision_points/cisa/__init__.py | 15 +++++ src/ssvc/decision_points/cisa/base.py | 23 +++++++ src/ssvc/namespaces.py | 1 + src/ssvc/outcomes/cisa/__init__.py | 15 +++++ src/ssvc/outcomes/cisa/scoring.py | 81 +++++++++++++++++++++++ src/ssvc/outcomes/groups.py | 42 ------------ 6 files changed, 135 insertions(+), 42 deletions(-) create mode 100644 src/ssvc/decision_points/cisa/__init__.py create mode 100644 src/ssvc/decision_points/cisa/base.py create mode 100644 src/ssvc/outcomes/cisa/__init__.py create mode 100644 src/ssvc/outcomes/cisa/scoring.py diff --git a/src/ssvc/decision_points/cisa/__init__.py b/src/ssvc/decision_points/cisa/__init__.py new file mode 100644 index 00000000..e9f8bc40 --- /dev/null +++ b/src/ssvc/decision_points/cisa/__init__.py @@ -0,0 +1,15 @@ +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides Decision Point objects in the `cisa` namespace +""" diff --git a/src/ssvc/decision_points/cisa/base.py b/src/ssvc/decision_points/cisa/base.py new file mode 100644 index 00000000..739c5b0d --- /dev/null +++ b/src/ssvc/decision_points/cisa/base.py @@ -0,0 +1,23 @@ +#!/usr/bin/env python3 +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides a base class for CISA-specific decision points. +""" +from pydantic import BaseModel + +from ssvc.decision_points.base import DecisionPoint + + +class CisaDecisionPoint(DecisionPoint, BaseModel): + namespace = "cisa" diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 74fc921b..08e58d62 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -73,6 +73,7 @@ class NameSpace(StrEnum): # when used in a StrEnum, auto() assigns the lowercase name of the member as the value SSVC = auto() CVSS = auto() + CISA = auto() @classmethod def validate(cls, value: str) -> str: diff --git a/src/ssvc/outcomes/cisa/__init__.py b/src/ssvc/outcomes/cisa/__init__.py new file mode 100644 index 00000000..8ad5f951 --- /dev/null +++ b/src/ssvc/outcomes/cisa/__init__.py @@ -0,0 +1,15 @@ +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides SSVC outcome groups for the cisa namespace +""" diff --git a/src/ssvc/outcomes/cisa/scoring.py b/src/ssvc/outcomes/cisa/scoring.py new file mode 100644 index 00000000..6b64bac1 --- /dev/null +++ b/src/ssvc/outcomes/cisa/scoring.py @@ -0,0 +1,81 @@ +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides the CISA Levels outcome group for use in SSVC. +""" + +from ssvc.decision_points.base import DecisionPointValue +from ssvc.decision_points.cisa.base import CisaDecisionPoint +from ssvc.decision_points.helpers import print_versions_and_diffs + +_TRACK = DecisionPointValue( + name="Track", + key="T", + description="The vulnerability does not require action at this time. " + "The organization would continue to track the vulnerability and reassess it if new information becomes available. " + "CISA recommends remediating Track vulnerabilities within standard update timelines.", +) + +_TRACK_STAR = DecisionPointValue( + name="Track*", + key="T*", + description="The vulnerability contains specific characteristics that may require closer monitoring for changes. " + "CISA recommends remediating Track* vulnerabilities within standard update timelines.", +) + +_ATTEND = DecisionPointValue( + name="Attend", + key="A", + description="The vulnerability requires attention from the organization's internal, supervisory-level individuals. " + "Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. " + "CISA recommends remediating Attend vulnerabilities sooner than standard update timelines.", +) + +_ACT = DecisionPointValue( + name="Act", + key="A", + description="The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. " + "Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. " + "Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. " + "CISA recommends remediating Act vulnerabilities as soon as possible.", +) + +CISA = CisaDecisionPoint( + name="CISA Levels", + key="CISA", + description="The CISA outcome group. " + "CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", + version="1.0.0", + values=( + _TRACK, + _TRACK_STAR, + _ATTEND, + _ACT, + ), +) +""" +The CISA outcome group. Based on CISA's customizations of the SSVC model. +See https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc +""" + + +VERSIONS = (CISA,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/outcomes/groups.py b/src/ssvc/outcomes/groups.py index ee12cbf6..0df4121d 100644 --- a/src/ssvc/outcomes/groups.py +++ b/src/ssvc/outcomes/groups.py @@ -55,48 +55,6 @@ """ -CISA = SsvcDecisionPoint( - name="CISA Levels", - key="CISA", - description="The CISA outcome group. " - "CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", - version="1.0.0", - values=( - DecisionPointValue( - name="Track", - key="T", - description="The vulnerability does not require action at this time. " - "The organization would continue to track the vulnerability and reassess it if new information becomes available. " - "CISA recommends remediating Track vulnerabilities within standard update timelines.", - ), - DecisionPointValue( - name="Track*", - key="T*", - description="The vulnerability contains specific characteristics that may require closer monitoring for changes. " - "CISA recommends remediating Track* vulnerabilities within standard update timelines.", - ), - DecisionPointValue( - name="Attend", - key="A", - description="The vulnerability requires attention from the organization's internal, supervisory-level individuals. " - "Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. " - "CISA recommends remediating Attend vulnerabilities sooner than standard update timelines.", - ), - DecisionPointValue( - name="Act", - key="A", - description="The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. " - "Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. " - "Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. " - "CISA recommends remediating Act vulnerabilities as soon as possible.", - ), - ), -) -""" -The CISA outcome group. Based on CISA's customizations of the SSVC model. -See https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc -""" - YES_NO = SsvcDecisionPoint( name="Yes, No", key="YES_NO", From 0bfb50ab949fc9b8dc472007204439e6b8ec1733 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 24 Mar 2025 14:53:08 -0400 Subject: [PATCH 064/468] move basic outcome groups to the `x_basic` namespace --- src/ssvc/outcomes/groups.py | 84 +++---------------- src/ssvc/outcomes/x_basic/__init__.py | 18 ++++ src/ssvc/outcomes/x_basic/ike.py | 59 +++++++++++++ src/ssvc/outcomes/x_basic/mscw.py | 58 +++++++++++++ src/ssvc/outcomes/x_basic/value_complexity.py | 61 ++++++++++++++ src/ssvc/outcomes/x_basic/yn.py | 49 +++++++++++ 6 files changed, 258 insertions(+), 71 deletions(-) create mode 100644 src/ssvc/outcomes/x_basic/__init__.py create mode 100644 src/ssvc/outcomes/x_basic/ike.py create mode 100644 src/ssvc/outcomes/x_basic/mscw.py create mode 100644 src/ssvc/outcomes/x_basic/value_complexity.py create mode 100644 src/ssvc/outcomes/x_basic/yn.py diff --git a/src/ssvc/outcomes/groups.py b/src/ssvc/outcomes/groups.py index 0df4121d..50b70b39 100644 --- a/src/ssvc/outcomes/groups.py +++ b/src/ssvc/outcomes/groups.py @@ -1,4 +1,5 @@ #!/usr/bin/env python + # Copyright (c) 2025 Carnegie Mellon University and Contributors. # - see Contributors.md for a full list of Contributors # - see ContributionInstructions.md for information on how you can Contribute to this project @@ -15,83 +16,20 @@ Provides a set of outcome groups for use in SSVC. """ -from ssvc.decision_points.base import DecisionPointValue as DecisionPointValue -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint - - -# Note: Outcome Groups must be defined in ascending order. - - -MOSCOW = SsvcDecisionPoint( - name="MoSCoW", - key="MSCW", - description="The MoSCoW (Must, Should, Could, Won't) outcome group.", - version="1.0.0", - values=( - DecisionPointValue(name="Won't", key="W", description="Won't"), - DecisionPointValue(name="Could", key="C", description="Could"), - DecisionPointValue(name="Should", key="S", description="Should"), - DecisionPointValue(name="Must", key="M", description="Must"), - ), +from ssvc.decision_points.base import ( + DecisionPoint, + DecisionPointValue as DecisionPointValue, ) -""" -The MoSCoW outcome group. -""" - -EISENHOWER = SsvcDecisionPoint( - name="Do, Schedule, Delegate, Delete", - key="EISENHOWER", - description="The Eisenhower outcome group.", - version="1.0.0", - values=( - DecisionPointValue(name="Delete", key="D", description="Delete"), - DecisionPointValue(name="Delegate", key="G", description="Delegate"), - DecisionPointValue(name="Schedule", key="S", description="Schedule"), - DecisionPointValue(name="Do", key="O", description="Do"), - ), -) -""" -The Eisenhower outcome group. -""" - +from ssvc.decision_points.helpers import print_versions_and_diffs -YES_NO = SsvcDecisionPoint( - name="Yes, No", - key="YES_NO", - description="The Yes/No outcome group.", - version="1.0.0", - values=( - DecisionPointValue(name="No", key="N", description="No"), - DecisionPointValue(name="Yes", key="Y", description="Yes"), - ), -) -""" -The Yes/No outcome group. -""" +# Note: Outcome Groups must be defined in ascending order. -VALUE_COMPLEXITY = SsvcDecisionPoint( - name="Value, Complexity", - key="VALUE_COMPLEXITY", - description="The Value/Complexity outcome group.", - version="1.0.0", - values=( - # drop, reconsider later, easy win, do first - DecisionPointValue(name="Drop", key="D", description="Drop"), - DecisionPointValue( - name="Reconsider Later", key="R", description="Reconsider Later" - ), - DecisionPointValue(name="Easy Win", key="E", description="Easy Win"), - DecisionPointValue(name="Do First", key="F", description="Do First"), - ), -) -""" -The Value/Complexity outcome group. -""" -THE_PARANOIDS = SsvcDecisionPoint( +THE_PARANOIDS = DecisionPoint( name="theParanoids", key="PARANOIDS", description="PrioritizedRiskRemediation outcome group based on TheParanoids.", + namespace="x_community", version="1.0.0", values=( DecisionPointValue(name="Track 5", key="5", description="Track"), @@ -112,7 +50,11 @@ def main(): - pass + print_versions_and_diffs( + [ + THE_PARANOIDS, + ] + ) if __name__ == "__main__": diff --git a/src/ssvc/outcomes/x_basic/__init__.py b/src/ssvc/outcomes/x_basic/__init__.py new file mode 100644 index 00000000..f3f12820 --- /dev/null +++ b/src/ssvc/outcomes/x_basic/__init__.py @@ -0,0 +1,18 @@ +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides SSVC outcome groups for the `x_basic` namespace +""" + +from .mscw import MSCW +from .yn import YES_NO diff --git a/src/ssvc/outcomes/x_basic/ike.py b/src/ssvc/outcomes/x_basic/ike.py new file mode 100644 index 00000000..0a56e9ee --- /dev/null +++ b/src/ssvc/outcomes/x_basic/ike.py @@ -0,0 +1,59 @@ +#!/usr/bin/env python + +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides the Eisenhower outcome group for the `x_basic` namespace. +""" + +from ssvc.decision_points.base import ( + DecisionPoint, + DecisionPointValue as DecisionPointValue, +) +from ssvc.decision_points.helpers import print_versions_and_diffs + +_DELETE = DecisionPointValue(name="Delete", key="D", description="Delete") + +_DELEGATE = DecisionPointValue(name="Delegate", key="G", description="Delegate") + +_SCHEDULE = DecisionPointValue(name="Schedule", key="S", description="Schedule") + +_DO = DecisionPointValue(name="Do", key="O", description="Do") + +EISENHOWER = DecisionPoint( + name="Do, Schedule, Delegate, Delete", + key="IKE", + description="The Eisenhower outcome group.", + namespace="x_basic", + version="1.0.0", + values=( + _DELETE, + _DELEGATE, + _SCHEDULE, + _DO, + ), +) +""" +The Eisenhower outcome group. +""" + +VERSIONS = (EISENHOWER,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/outcomes/x_basic/mscw.py b/src/ssvc/outcomes/x_basic/mscw.py new file mode 100644 index 00000000..b74ef04e --- /dev/null +++ b/src/ssvc/outcomes/x_basic/mscw.py @@ -0,0 +1,58 @@ +#!/usr/bin/env python +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides the MSCW (Must, Should, Could, Won't) outcome group for the `x_basic` namespace +""" + +from ssvc.decision_points.base import ( + DecisionPoint, + DecisionPointValue as DecisionPointValue, +) +from ssvc.decision_points.helpers import print_versions_and_diffs + +_WONT = DecisionPointValue(name="Won't", key="W", description="Won't") + +_COULD = DecisionPointValue(name="Could", key="C", description="Could") + +_SHOULD = DecisionPointValue(name="Should", key="S", description="Should") + +_MUST = DecisionPointValue(name="Must", key="M", description="Must") + +MSCW = DecisionPoint( + name="MoSCoW", + key="MSCW", + description="The MoSCoW (Must, Should, Could, Won't) outcome group.", + version="1.0.0", + namespace="x_basic", + values=( + _WONT, + _COULD, + _SHOULD, + _MUST, + ), +) +""" +The MoSCoW outcome group. +""" + +VERSIONS = (MSCW,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/outcomes/x_basic/value_complexity.py b/src/ssvc/outcomes/x_basic/value_complexity.py new file mode 100644 index 00000000..08a61eb6 --- /dev/null +++ b/src/ssvc/outcomes/x_basic/value_complexity.py @@ -0,0 +1,61 @@ +#!/usr/bin/env python + +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides the Value/Complexity outcome group for the `x_basic` namespace. +""" + +from ssvc.decision_points.base import ( + DecisionPoint, + DecisionPointValue as DecisionPointValue, +) +from ssvc.decision_points.helpers import print_versions_and_diffs + +_DROP = DecisionPointValue(name="Drop", key="D", description="Drop") + +_RECONSIDER = DecisionPointValue( + name="Reconsider Later", key="R", description="Reconsider Later" +) + +_EASY_WIN = DecisionPointValue(name="Easy Win", key="E", description="Easy Win") + +_DO_FIRST = DecisionPointValue(name="Do First", key="F", description="Do First") + +VALUE_COMPLEXITY = DecisionPoint( + name="Value, Complexity", + key="VALUE_COMPLEXITY", + description="The Value/Complexity outcome group.", + version="1.0.0", + namespace="x_basic", + values=( + _DROP, + _RECONSIDER, + _EASY_WIN, + _DO_FIRST, + ), +) +""" +The Value/Complexity outcome group. +""" + +VERSIONS = (VALUE_COMPLEXITY,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/outcomes/x_basic/yn.py b/src/ssvc/outcomes/x_basic/yn.py new file mode 100644 index 00000000..39dddfb2 --- /dev/null +++ b/src/ssvc/outcomes/x_basic/yn.py @@ -0,0 +1,49 @@ +#!/usr/bin/env python +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University + +from ssvc.decision_points.base import ( + DecisionPoint, + DecisionPointValue as DecisionPointValue, +) +from ssvc.decision_points.helpers import print_versions_and_diffs + +_NO = DecisionPointValue(name="No", key="N", description="No") + +_YES = DecisionPointValue(name="Yes", key="Y", description="Yes") + +YES_NO = DecisionPoint( + name="Yes, No", + key="YN", + description="The Yes/No outcome group.", + version="1.0.0", + namespace="x_basic", + values=( + _NO, + _YES, + ), +) +""" +The Yes/No outcome group. +""" + +VERSIONS = (YES_NO,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() From 4d29de9c706cd26bb05358a52a171775e9278fcd Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 24 Mar 2025 14:53:38 -0400 Subject: [PATCH 065/468] clean up format --- src/ssvc/outcomes/cvss/lmhc.py | 24 ++++++++++++++---------- src/ssvc/outcomes/ssvc_/coordinate.py | 12 +++++++++--- src/ssvc/outcomes/ssvc_/dsoi.py | 17 +++++++++++++---- src/ssvc/outcomes/ssvc_/publish.py | 11 +++++++---- 4 files changed, 43 insertions(+), 21 deletions(-) diff --git a/src/ssvc/outcomes/cvss/lmhc.py b/src/ssvc/outcomes/cvss/lmhc.py index 803be31c..673c9794 100644 --- a/src/ssvc/outcomes/cvss/lmhc.py +++ b/src/ssvc/outcomes/cvss/lmhc.py @@ -14,11 +14,15 @@ from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -CVSS_NONE = DecisionPointValue(name="None", key="N", description="None (0.0)") -CVSS_LOW = DecisionPointValue(name="Low", key="L", description="Low (0.1-3.9)") -CVSS_MEDIUM = DecisionPointValue(name="Medium", key="M", description="Medium (4.0-6.9)") -CVSS_HIGH = DecisionPointValue(name="High", key="H", description="High (7.0-8.9)") -CVSS_CRITICAL = DecisionPointValue( +_NONE = DecisionPointValue(name="None", key="N", description="None (0.0)") + +_LOW = DecisionPointValue(name="Low", key="L", description="Low (0.1-3.9)") + +_MEDIUM = DecisionPointValue(name="Medium", key="M", description="Medium (4.0-6.9)") + +_HIGH = DecisionPointValue(name="High", key="H", description="High (7.0-8.9)") + +_CRITICAL = DecisionPointValue( name="Critical", key="C", description="Critical (9.0-10.0)" ) @@ -28,11 +32,11 @@ description="The CVSS Qualitative Severity Rating Scale group.", version="1.0.0", values=( - CVSS_NONE, - CVSS_LOW, - CVSS_MEDIUM, - CVSS_HIGH, - CVSS_CRITICAL, + _NONE, + _LOW, + _MEDIUM, + _HIGH, + _CRITICAL, ), ) """ diff --git a/src/ssvc/outcomes/ssvc_/coordinate.py b/src/ssvc/outcomes/ssvc_/coordinate.py index 1baacdd2..f1c8259c 100644 --- a/src/ssvc/outcomes/ssvc_/coordinate.py +++ b/src/ssvc/outcomes/ssvc_/coordinate.py @@ -14,15 +14,21 @@ from ssvc.decision_points.helpers import print_versions_and_diffs from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +_DECLINE = DecisionPointValue(name="Decline", key="D", description="Decline") + +_TRACK = DecisionPointValue(name="Track", key="T", description="Track") + +_COORDINATE = DecisionPointValue(name="Coordinate", key="C", description="Coordinate") + COORDINATE = SsvcDecisionPoint( name="Decline, Track, Coordinate", key="COORDINATE", description="The coordinate outcome group.", version="1.0.0", values=( - DecisionPointValue(name="Decline", key="D", description="Decline"), - DecisionPointValue(name="Track", key="T", description="Track"), - DecisionPointValue(name="Coordinate", key="C", description="Coordinate"), + _DECLINE, + _TRACK, + _COORDINATE, ), ) """ diff --git a/src/ssvc/outcomes/ssvc_/dsoi.py b/src/ssvc/outcomes/ssvc_/dsoi.py index 510609c9..297c3f56 100644 --- a/src/ssvc/outcomes/ssvc_/dsoi.py +++ b/src/ssvc/outcomes/ssvc_/dsoi.py @@ -19,6 +19,15 @@ from ssvc.decision_points.helpers import print_versions_and_diffs from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +_DEFER = DecisionPointValue(name="Defer", key="D", description="Defer") + +_SCHEDULED = DecisionPointValue(name="Scheduled", key="S", description="Scheduled") + +_OUT_OF_CYCLE = DecisionPointValue( + name="Out-of-Cycle", key="O", description="Out-of-Cycle" +) + +_IMMEDIATE = DecisionPointValue(name="Immediate", key="I", description="Immediate") DSOI = SsvcDecisionPoint( name="Defer, Scheduled, Out-of-Cycle, Immediate", @@ -26,10 +35,10 @@ description="The original SSVC outcome group.", version="1.0.0", values=( - DecisionPointValue(name="Defer", key="D", description="Defer"), - DecisionPointValue(name="Scheduled", key="S", description="Scheduled"), - DecisionPointValue(name="Out-of-Cycle", key="O", description="Out-of-Cycle"), - DecisionPointValue(name="Immediate", key="I", description="Immediate"), + _DEFER, + _SCHEDULED, + _OUT_OF_CYCLE, + _IMMEDIATE, ), ) """ diff --git a/src/ssvc/outcomes/ssvc_/publish.py b/src/ssvc/outcomes/ssvc_/publish.py index ef90c278..58311b6e 100644 --- a/src/ssvc/outcomes/ssvc_/publish.py +++ b/src/ssvc/outcomes/ssvc_/publish.py @@ -17,6 +17,11 @@ from ssvc.decision_points.helpers import print_versions_and_diffs from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +_DO_NOT_PUBLISH = DecisionPointValue( + name="Do Not Publish", key="N", description="Do Not Publish" +) + +_PUBLISH = DecisionPointValue(name="Publish", key="P", description="Publish") PUBLISH = SsvcDecisionPoint( name="Publish, Do Not Publish", @@ -24,10 +29,8 @@ description="The publish outcome group.", version="1.0.0", values=( - DecisionPointValue( - name="Do Not Publish", key="N", description="Do Not Publish" - ), - DecisionPointValue(name="Publish", key="P", description="Publish"), + _DO_NOT_PUBLISH, + _PUBLISH, ), ) """ From 4a0f2deb985fbb939f3b68efa5a416706494479a Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 24 Mar 2025 15:06:20 -0400 Subject: [PATCH 066/468] add `x_community` namespace for theParanoids outcome group --- src/ssvc/outcomes/groups.py | 29 +-------- src/ssvc/outcomes/x_community/__init__.py | 17 ++++++ src/ssvc/outcomes/x_community/paranoids.py | 70 ++++++++++++++++++++++ 3 files changed, 88 insertions(+), 28 deletions(-) create mode 100644 src/ssvc/outcomes/x_community/__init__.py create mode 100644 src/ssvc/outcomes/x_community/paranoids.py diff --git a/src/ssvc/outcomes/groups.py b/src/ssvc/outcomes/groups.py index 50b70b39..34f5a3f0 100644 --- a/src/ssvc/outcomes/groups.py +++ b/src/ssvc/outcomes/groups.py @@ -16,39 +16,12 @@ Provides a set of outcome groups for use in SSVC. """ -from ssvc.decision_points.base import ( - DecisionPoint, - DecisionPointValue as DecisionPointValue, -) from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.outcomes.x_community.paranoids import THE_PARANOIDS # Note: Outcome Groups must be defined in ascending order. -THE_PARANOIDS = DecisionPoint( - name="theParanoids", - key="PARANOIDS", - description="PrioritizedRiskRemediation outcome group based on TheParanoids.", - namespace="x_community", - version="1.0.0", - values=( - DecisionPointValue(name="Track 5", key="5", description="Track"), - DecisionPointValue( - name="Track Closely 4", key="4", description="Track Closely" - ), - DecisionPointValue(name="Attend 3", key="3", description="Attend"), - DecisionPointValue(name="Attend 2", key="2", description="Attend"), - DecisionPointValue(name="Act 1", key="1", description="Act"), - DecisionPointValue(name="Act ASAP 0", key="0", description="Act ASAP"), - ), -) -""" -Outcome group based on TheParanoids' PrioritizedRiskRemediation. -Their model is a 6-point scale, with 0 being the most urgent and 5 being the least. -See https://github.com/theparanoids/PrioritizedRiskRemediation -""" - - def main(): print_versions_and_diffs( [ diff --git a/src/ssvc/outcomes/x_community/__init__.py b/src/ssvc/outcomes/x_community/__init__.py new file mode 100644 index 00000000..215c5355 --- /dev/null +++ b/src/ssvc/outcomes/x_community/__init__.py @@ -0,0 +1,17 @@ +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides SSVC outcome groups for the `x_community` namespace. +""" + +from .paranoids import LATEST as THE_PARANOIDS diff --git a/src/ssvc/outcomes/x_community/paranoids.py b/src/ssvc/outcomes/x_community/paranoids.py new file mode 100644 index 00000000..2a0f7f8d --- /dev/null +++ b/src/ssvc/outcomes/x_community/paranoids.py @@ -0,0 +1,70 @@ +#!/usr/bin/env python + +# Copyright (c) 2025 Carnegie Mellon University and Contributors. +# - see Contributors.md for a full list of Contributors +# - see ContributionInstructions.md for information on how you can Contribute to this project +# Stakeholder Specific Vulnerability Categorization (SSVC) is +# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed +# with this Software or contact permission@sei.cmu.edu for full terms. +# Created, in part, with funding and support from the United States Government +# (see Acknowledgments file). This program may include and/or can make use of +# certain third party source code, object code, documentation and other files +# (“Third Party Software”). See LICENSE.md for more details. +# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the +# U.S. Patent and Trademark Office by Carnegie Mellon University + +""" +Provides a decision point for the `x_community` namespace. +""" + +from ssvc.decision_points.base import ( + DecisionPoint, + DecisionPointValue as DecisionPointValue, +) +from ssvc.decision_points.helpers import print_versions_and_diffs + +_TRACK_5 = DecisionPointValue(name="Track 5", key="5", description="Track") + +_TRACK_CLOSELY_4 = DecisionPointValue( + name="Track Closely 4", key="4", description="Track Closely" +) + +_ATTEND_3 = DecisionPointValue(name="Attend 3", key="3", description="Attend") + +_ATTEND_2 = DecisionPointValue(name="Attend 2", key="2", description="Attend") + +_ACT_1 = DecisionPointValue(name="Act 1", key="1", description="Act") + +_ACT_ASAP_0 = DecisionPointValue(name="Act ASAP 0", key="0", description="Act ASAP") + +THE_PARANOIDS = DecisionPoint( + name="theParanoids", + key="PARANOIDS", + description="PrioritizedRiskRemediation outcome group based on TheParanoids.", + namespace="x_community", + version="1.0.0", + values=( + _TRACK_5, + _TRACK_CLOSELY_4, + _ATTEND_3, + _ATTEND_2, + _ACT_1, + _ACT_ASAP_0, + ), +) +""" +Outcome group based on TheParanoids' PrioritizedRiskRemediation. +Their model is a 6-point scale, with 0 being the most urgent and 5 being the least. +See https://github.com/theparanoids/PrioritizedRiskRemediation +""" + +VERSIONS = (THE_PARANOIDS,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() From 9be0d3cf344a54c58137a57807a2cd0b0f52b1df Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 24 Mar 2025 15:07:03 -0400 Subject: [PATCH 067/468] add LATEST imports to module `__init__.py` files --- src/ssvc/outcomes/__init__.py | 12 ++++++++++++ src/ssvc/outcomes/cisa/__init__.py | 1 + src/ssvc/outcomes/cvss/__init__.py | 1 + src/ssvc/outcomes/ssvc_/__init__.py | 4 ++++ src/ssvc/outcomes/x_basic/__init__.py | 6 ++++-- 5 files changed, 22 insertions(+), 2 deletions(-) diff --git a/src/ssvc/outcomes/__init__.py b/src/ssvc/outcomes/__init__.py index 37d9487d..a918a5bd 100644 --- a/src/ssvc/outcomes/__init__.py +++ b/src/ssvc/outcomes/__init__.py @@ -10,3 +10,15 @@ # (“Third Party Software”). See LICENSE.md for more details. # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides SSVC outcome group objects. + +SSVC outcome groups are functionally equivalent to Decision Points. +The only difference is that Outcome Groups are primarily intended to be used +as the outputs of a decision, whereas Decision Points are the inputs to a decision. +However, there are use cases where an outcome of one decision may feed into another +decision, so the distinction is somewhat arbitrary. Hence, we chose to use the same +data structure for both. + +Outcome groups are organized by namespace. +""" diff --git a/src/ssvc/outcomes/cisa/__init__.py b/src/ssvc/outcomes/cisa/__init__.py index 8ad5f951..ae8acaa4 100644 --- a/src/ssvc/outcomes/cisa/__init__.py +++ b/src/ssvc/outcomes/cisa/__init__.py @@ -13,3 +13,4 @@ """ Provides SSVC outcome groups for the cisa namespace """ +from .scoring import LATEST as CISA_SCORING diff --git a/src/ssvc/outcomes/cvss/__init__.py b/src/ssvc/outcomes/cvss/__init__.py index 02ead02b..6f4e34fc 100644 --- a/src/ssvc/outcomes/cvss/__init__.py +++ b/src/ssvc/outcomes/cvss/__init__.py @@ -13,3 +13,4 @@ """ Provides outcome group objects in the cvss namespace """ +from .lmhc import LATEST as LMHC diff --git a/src/ssvc/outcomes/ssvc_/__init__.py b/src/ssvc/outcomes/ssvc_/__init__.py index f9dba018..60041bf3 100644 --- a/src/ssvc/outcomes/ssvc_/__init__.py +++ b/src/ssvc/outcomes/ssvc_/__init__.py @@ -13,3 +13,7 @@ """ Provides outcome group objects in the ssvc namespace """ + +from .coordinate import LATEST as COORDINATE +from .dsoi import LATEST as DSOI +from .publish import LATEST as PUBLISH diff --git a/src/ssvc/outcomes/x_basic/__init__.py b/src/ssvc/outcomes/x_basic/__init__.py index f3f12820..73ac8ef9 100644 --- a/src/ssvc/outcomes/x_basic/__init__.py +++ b/src/ssvc/outcomes/x_basic/__init__.py @@ -14,5 +14,7 @@ Provides SSVC outcome groups for the `x_basic` namespace """ -from .mscw import MSCW -from .yn import YES_NO +from .ike import LATEST as EISENHOWER +from .mscw import LATEST as MSCW +from .value_complexity import LATEST as VALUE_COMPLEXITY +from .yn import LATEST as YES_NO From 45bb8b58f219e57cb36539a250265d55ed543c69 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 24 Mar 2025 15:48:52 -0400 Subject: [PATCH 068/468] simplify dp_groups --- src/ssvc/dp_groups/base.py | 31 ++----------------------------- 1 file changed, 2 insertions(+), 29 deletions(-) diff --git a/src/ssvc/dp_groups/base.py b/src/ssvc/dp_groups/base.py index 664644f9..133122bc 100644 --- a/src/ssvc/dp_groups/base.py +++ b/src/ssvc/dp_groups/base.py @@ -17,15 +17,11 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University -from itertools import product -from typing import Generator - from pydantic import BaseModel from ssvc._mixins import _Base, _SchemaVersioned from ssvc.decision_points.base import ( DecisionPoint, - ValueSummary, ) from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint @@ -47,9 +43,7 @@ def __len__(self): """ Allow len() to be called on the group. """ - dplist = list(self.decision_points) - l = len(dplist) - return l + return len(self.decision_points) @property def decision_points_dict(self) -> dict[str, DecisionPoint]: @@ -65,30 +59,9 @@ def decision_points_str(self) -> list[str]: """ return list(self.decision_points_dict.keys()) - def combination_summaries(self) -> Generator[tuple[ValueSummary, ...], None, None]: - # get the value summaries for each decision point - value_summaries = [dp.value_summaries for dp in self.decision_points] - - for combination in product(*value_summaries): - yield combination - - def combination_strings(self) -> Generator[tuple[str, ...], None, None]: - """ - Produce all possible combinations of decision point values in the group as strings. - """ - for combo in self.combination_summaries(): - yield tuple(str(v) for v in combo) - - def combination_dicts(self): - """ - Produce all possible combinations of decision point values in the group as a dictionary. - """ - for combo in self.combination_summaries(): - yield tuple(v.model_dump() for v in combo) - def get_all_decision_points_from( - *groups: list[SsvcDecisionPointGroup], + *groups: list[DecisionPointGroup], ) -> tuple[SsvcDecisionPoint, ...]: """ Given a list of SsvcDecisionPointGroup objects, return a list of all From 1584e56279eb4c8bdbcaa06d2819de836e1927f1 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 24 Mar 2025 15:49:40 -0400 Subject: [PATCH 069/468] rename SsvcDecisionPointGroup to DecisionPointGroup --- src/ssvc/dp_groups/base.py | 2 +- src/ssvc/dp_groups/cvss/collections.py | 32 +++++++++---------- src/ssvc/dp_groups/ssvc/collections.py | 8 ++--- .../dp_groups/ssvc/coordinator_publication.py | 4 +-- src/ssvc/dp_groups/ssvc/coordinator_triage.py | 4 +-- src/ssvc/dp_groups/ssvc/deployer.py | 8 ++--- src/ssvc/dp_groups/ssvc/supplier.py | 6 ++-- src/ssvc/policy_generator.py | 8 ++--- src/test/dp_groups/test_dp_groups.py | 14 ++++---- src/test/test_policy_generator.py | 4 +-- 10 files changed, 45 insertions(+), 45 deletions(-) diff --git a/src/ssvc/dp_groups/base.py b/src/ssvc/dp_groups/base.py index 133122bc..1698d9cf 100644 --- a/src/ssvc/dp_groups/base.py +++ b/src/ssvc/dp_groups/base.py @@ -26,7 +26,7 @@ from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint -class SsvcDecisionPointGroup(_Base, _SchemaVersioned, BaseModel): +class DecisionPointGroup(_Base, _SchemaVersioned, BaseModel): """ Models a group of decision points. """ diff --git a/src/ssvc/dp_groups/cvss/collections.py b/src/ssvc/dp_groups/cvss/collections.py index 55e3c300..7fb31fdb 100644 --- a/src/ssvc/dp_groups/cvss/collections.py +++ b/src/ssvc/dp_groups/cvss/collections.py @@ -123,7 +123,7 @@ USER_INTERACTION_1, USER_INTERACTION_2, ) -from ssvc.dp_groups.base import SsvcDecisionPointGroup +from ssvc.dp_groups.base import DecisionPointGroup # Instantiate the CVSS v1 decision point group _BASE_1 = [ @@ -145,21 +145,21 @@ TARGET_DISTRIBUTION_1, ] -CVSSv1_B = SsvcDecisionPointGroup( +CVSSv1_B = DecisionPointGroup( name="CVSS", version="1.0", description="CVSS v1 decision points", decision_points=tuple(_BASE_1), ) -CVSSv1_BT = SsvcDecisionPointGroup( +CVSSv1_BT = DecisionPointGroup( name="CVSS", version="1.0", description="CVSS v1 decision points", decision_points=tuple(_BASE_1 + _TEMPORAL_1), ) -CVSSv1_BTE = SsvcDecisionPointGroup( +CVSSv1_BTE = DecisionPointGroup( name="CVSS", version="1.0", description="CVSS v1 decision points", @@ -191,21 +191,21 @@ AVAILABILITY_REQUIREMENT_1, ] -CVSSv2_B = SsvcDecisionPointGroup( +CVSSv2_B = DecisionPointGroup( name="CVSS Version 2 Base Metrics", description="Base metrics for CVSS v2", version="2.0", decision_points=tuple(_BASE_2), ) -CVSSv2_BT = SsvcDecisionPointGroup( +CVSSv2_BT = DecisionPointGroup( name="CVSS Version 2 Base and Temporal Metrics", description="Base and Temporal metrics for CVSS v2", version="2.0", decision_points=tuple(_BASE_2 + _TEMPORAL_2), ) -CVSSv2_BTE = SsvcDecisionPointGroup( +CVSSv2_BTE = DecisionPointGroup( name="CVSS Version 2 Base, Temporal, and Environmental Metrics", description="Base, Temporal, and Environmental metrics for CVSS v2", version="2.0", @@ -240,21 +240,21 @@ ] ) -CVSSv3_B = SsvcDecisionPointGroup( +CVSSv3_B = DecisionPointGroup( name="CVSS Version 3 Base Metrics", description="Base metrics for CVSS v3", version="3.0", decision_points=tuple(_BASE_3), ) -CVSSv3_BT = SsvcDecisionPointGroup( +CVSSv3_BT = DecisionPointGroup( name="CVSS Version 3 Base and Temporal Metrics", description="Base and Temporal metrics for CVSS v3", version="3.0", decision_points=tuple(_BASE_3 + _TEMPORAL_3), ) -CVSSv3_BTE = SsvcDecisionPointGroup( +CVSSv3_BTE = DecisionPointGroup( name="CVSS Version 3 Base, Temporal, and Environmental Metrics", description="Base, Temporal, and Environmental metrics for CVSS v3", version="3.0", @@ -304,7 +304,7 @@ VULNERABILITY_RESPONSE_EFFORT_1, ] # CVSS-B Base metrics -CVSSv4_B = SsvcDecisionPointGroup( +CVSSv4_B = DecisionPointGroup( name="CVSSv4 Base Metrics", description="Base metrics for CVSS v4", version="1.0.0", @@ -312,7 +312,7 @@ ) # CVSS-BE Base and Environmental metrics -CVSSv4_BE = SsvcDecisionPointGroup( +CVSSv4_BE = DecisionPointGroup( name="CVSSv4 Base and Environmental Metrics", description="Base and Environmental metrics for CVSS v4", version="1.0.0", @@ -320,7 +320,7 @@ ) # CVSS-BT Base and Threat metrics -CVSSv4_BT = SsvcDecisionPointGroup( +CVSSv4_BT = DecisionPointGroup( name="CVSSv4 Base and Threat Metrics", description="Base and Threat metrics for CVSS v4", version="1.0.0", @@ -328,21 +328,21 @@ ) # CVSS-BTE -CVSSv4_BTE = SsvcDecisionPointGroup( +CVSSv4_BTE = DecisionPointGroup( name="CVSSv4 Base, Threat, and Environmental Metrics", description="Base, Threat, and Environmental metrics for CVSS v4", version="1.0.0", decision_points=tuple(_BASE_4 + _THREAT_4 + _ENVIRONMENTAL_4), ) -CVSSv4 = SsvcDecisionPointGroup( +CVSSv4 = DecisionPointGroup( name="CVSSv4", description="All decision points for CVSS v4 (including supplemental metrics)", version="1.0.0", decision_points=tuple(_BASE_4 + _THREAT_4 + _ENVIRONMENTAL_4 + _SUPPLEMENTAL_4), ) -CVSSv4_Equivalence_Sets = SsvcDecisionPointGroup( +CVSSv4_Equivalence_Sets = DecisionPointGroup( name="CVSSv4 EQ Sets", description="Equivalence Sets for CVSS v4", version="1.0.0", diff --git a/src/ssvc/dp_groups/ssvc/collections.py b/src/ssvc/dp_groups/ssvc/collections.py index e106ff5a..f4475652 100644 --- a/src/ssvc/dp_groups/ssvc/collections.py +++ b/src/ssvc/dp_groups/ssvc/collections.py @@ -17,7 +17,7 @@ from ssvc.dp_groups.base import ( - SsvcDecisionPointGroup, + DecisionPointGroup, get_all_decision_points_from, ) from ssvc.dp_groups.ssvc.coordinator_publication import ( @@ -32,7 +32,7 @@ from ssvc.dp_groups.ssvc.supplier import PATCH_DEVELOPER_1, SUPPLIER_2 -SSVCv1 = SsvcDecisionPointGroup( +SSVCv1 = DecisionPointGroup( name="SSVCv1", description="The first version of the SSVC.", version="1.0.0", @@ -40,7 +40,7 @@ PATCH_APPLIER_1, PATCH_DEVELOPER_1 ), ) -SSVCv2 = SsvcDecisionPointGroup( +SSVCv2 = DecisionPointGroup( name="SSVCv2", description="The second version of the SSVC.", version="2.0.0", @@ -48,7 +48,7 @@ COORDINATOR_PUBLICATION_1, COORDINATOR_TRIAGE_1, DEPLOYER_2, SUPPLIER_2 ), ) -SSVCv2_1 = SsvcDecisionPointGroup( +SSVCv2_1 = DecisionPointGroup( name="SSVCv2.1", description="The second version of the SSVC.", version="2.1.0", diff --git a/src/ssvc/dp_groups/ssvc/coordinator_publication.py b/src/ssvc/dp_groups/ssvc/coordinator_publication.py index d46eccae..d290c686 100644 --- a/src/ssvc/dp_groups/ssvc/coordinator_publication.py +++ b/src/ssvc/dp_groups/ssvc/coordinator_publication.py @@ -20,10 +20,10 @@ from ssvc.decision_points.ssvc_.exploitation import EXPLOITATION_1 from ssvc.decision_points.ssvc_.public_value_added import PUBLIC_VALUE_ADDED_1 from ssvc.decision_points.ssvc_.supplier_involvement import SUPPLIER_INVOLVEMENT_1 -from ssvc.dp_groups.base import SsvcDecisionPointGroup +from ssvc.dp_groups.base import DecisionPointGroup -COORDINATOR_PUBLICATION_1 = SsvcDecisionPointGroup( +COORDINATOR_PUBLICATION_1 = DecisionPointGroup( name="Coordinator Publication", description="The decision points used by the coordinator during publication.", version="1.0.0", diff --git a/src/ssvc/dp_groups/ssvc/coordinator_triage.py b/src/ssvc/dp_groups/ssvc/coordinator_triage.py index af09a56b..d7d96ceb 100644 --- a/src/ssvc/dp_groups/ssvc/coordinator_triage.py +++ b/src/ssvc/dp_groups/ssvc/coordinator_triage.py @@ -27,9 +27,9 @@ from ssvc.decision_points.ssvc_.supplier_engagement import SUPPLIER_ENGAGEMENT_1 from ssvc.decision_points.ssvc_.utility import UTILITY_1_0_1 from ssvc.decision_points.ssvc_.value_density import VALUE_DENSITY_1 -from ssvc.dp_groups.base import SsvcDecisionPointGroup +from ssvc.dp_groups.base import DecisionPointGroup -COORDINATOR_TRIAGE_1 = SsvcDecisionPointGroup( +COORDINATOR_TRIAGE_1 = DecisionPointGroup( name="Coordinator Triage", description="The decision points used by the coordinator during triage.", version="1.0.0", diff --git a/src/ssvc/dp_groups/ssvc/deployer.py b/src/ssvc/dp_groups/ssvc/deployer.py index 341026fa..bc84c23b 100644 --- a/src/ssvc/dp_groups/ssvc/deployer.py +++ b/src/ssvc/dp_groups/ssvc/deployer.py @@ -32,9 +32,9 @@ ) from ssvc.decision_points.ssvc_.utility import UTILITY_1_0_1 from ssvc.decision_points.ssvc_.value_density import VALUE_DENSITY_1 -from ssvc.dp_groups.base import SsvcDecisionPointGroup +from ssvc.dp_groups.base import DecisionPointGroup -PATCH_APPLIER_1 = SsvcDecisionPointGroup( +PATCH_APPLIER_1 = DecisionPointGroup( name="SSVC Patch Applier", description="The decision points used by the patch applier.", version="1.0.0", @@ -60,7 +60,7 @@ DEPLOYER_1 = PATCH_APPLIER_1 # SSVC v2 -DEPLOYER_2 = SsvcDecisionPointGroup( +DEPLOYER_2 = DecisionPointGroup( name="SSVC Deployer", description="The decision points used by the deployer.", version="2.0.0", @@ -94,7 +94,7 @@ - Human Impact v1.0.0 is added, which depends on Mission Impact v1.0.0 and Safety Impact v1.0.0 """ -DEPLOYER_3 = SsvcDecisionPointGroup( +DEPLOYER_3 = DecisionPointGroup( name="SSVC Deployer", description="The decision points used by the deployer.", version="3.0.0", diff --git a/src/ssvc/dp_groups/ssvc/supplier.py b/src/ssvc/dp_groups/ssvc/supplier.py index 1268fd8f..eddeafce 100644 --- a/src/ssvc/dp_groups/ssvc/supplier.py +++ b/src/ssvc/dp_groups/ssvc/supplier.py @@ -24,9 +24,9 @@ from ssvc.decision_points.ssvc_.technical_impact import TECHNICAL_IMPACT_1 from ssvc.decision_points.ssvc_.utility import UTILITY_1, UTILITY_1_0_1 from ssvc.decision_points.ssvc_.value_density import VALUE_DENSITY_1 -from ssvc.dp_groups.base import SsvcDecisionPointGroup +from ssvc.dp_groups.base import DecisionPointGroup -PATCH_DEVELOPER_1 = SsvcDecisionPointGroup( +PATCH_DEVELOPER_1 = DecisionPointGroup( name="SSVC Patch Developer", description="The decision points used by the patch developer.", version="1.0.0", @@ -56,7 +56,7 @@ SUPPLIER_1 = PATCH_DEVELOPER_1 # SSVC v2 renamed to SSVC Supplier -SUPPLIER_2 = SsvcDecisionPointGroup( +SUPPLIER_2 = DecisionPointGroup( name="SSVC Supplier", description="The decision points used by the supplier.", version="2.0.0", diff --git a/src/ssvc/policy_generator.py b/src/ssvc/policy_generator.py index d03d5ad8..8e235ab4 100644 --- a/src/ssvc/policy_generator.py +++ b/src/ssvc/policy_generator.py @@ -24,7 +24,7 @@ import pandas as pd from ssvc import csv_analyzer -from ssvc.dp_groups.base import SsvcDecisionPointGroup +from ssvc.dp_groups.base import DecisionPointGroup from ssvc.outcomes.base import OutcomeGroup logger = logging.getLogger(__name__) @@ -45,7 +45,7 @@ class PolicyGenerator: def __init__( self, - dp_group: SsvcDecisionPointGroup, + dp_group: DecisionPointGroup, outcomes: OutcomeGroup, outcome_weights: list[float] = None, validate: bool = False, @@ -66,7 +66,7 @@ def __init__( if dp_group is None: raise ValueError("dp_group is required") else: - self.dpg: SsvcDecisionPointGroup = dp_group + self.dpg: DecisionPointGroup = dp_group if outcomes is None: raise ValueError("outcomes is required") @@ -342,7 +342,7 @@ def main(): hdlr = logging.StreamHandler() logger.addHandler(hdlr) - dpg = SsvcDecisionPointGroup( + dpg = DecisionPointGroup( name="Dummy Decision Point Group", description="Dummy decision point group", version="1.0.0", diff --git a/src/test/dp_groups/test_dp_groups.py b/src/test/dp_groups/test_dp_groups.py index e7612efa..fed3dc76 100644 --- a/src/test/dp_groups/test_dp_groups.py +++ b/src/test/dp_groups/test_dp_groups.py @@ -40,7 +40,7 @@ def tearDown(self) -> None: def test_iter(self): # add them to a decision point group - g = dpg.SsvcDecisionPointGroup( + g = dpg.DecisionPointGroup( name="Test Group", description="Test Group", decision_points=self.dps, @@ -54,7 +54,7 @@ def test_iter(self): def test_len(self): # add them to a decision point group - g = dpg.SsvcDecisionPointGroup( + g = dpg.DecisionPointGroup( name="Test Group", description="Test Group", decision_points=self.dps, @@ -66,7 +66,7 @@ def test_len(self): def test_combo_strings(self): # add them to a decision point group - g = dpg.SsvcDecisionPointGroup( + g = dpg.DecisionPointGroup( name="Test Group", description="Test Group", decision_points=self.dps, @@ -105,7 +105,7 @@ def test_combo_strings(self): def test_json_roundtrip(self): # add them to a decision point group - g = dpg.SsvcDecisionPointGroup( + g = dpg.DecisionPointGroup( name="Test Group", description="Test Group", decision_points=self.dps, @@ -115,13 +115,13 @@ def test_json_roundtrip(self): g_json = g.model_dump_json() # deserialize the json to a new group - g2 = dpg.SsvcDecisionPointGroup.model_validate_json(g_json) + g2 = dpg.DecisionPointGroup.model_validate_json(g_json) # assert that the new group is the same as the old group self.assertEqual(g_json, g2.model_dump_json()) def test_decision_points_dict(self): # add them to a decision point group - g = dpg.SsvcDecisionPointGroup( + g = dpg.DecisionPointGroup( name="Test Group", description="Test Group", decision_points=self.dps, @@ -139,7 +139,7 @@ def test_decision_points_dict(self): self.assertEqual(dp, dp_dict[dp.str]) def test_decision_points_str(self): - g = dpg.SsvcDecisionPointGroup( + g = dpg.DecisionPointGroup( name="Test Group", description="Test Group", decision_points=self.dps, diff --git a/src/test/test_policy_generator.py b/src/test/test_policy_generator.py index b7dbffcb..77246271 100644 --- a/src/test/test_policy_generator.py +++ b/src/test/test_policy_generator.py @@ -19,7 +19,7 @@ import pandas as pd from ssvc.decision_points.base import DecisionPoint, DecisionPointValue -from ssvc.dp_groups.base import SsvcDecisionPointGroup +from ssvc.dp_groups.base import DecisionPointGroup from ssvc.policy_generator import PolicyGenerator @@ -41,7 +41,7 @@ def setUp(self) -> None: ] ), ) - self.dpg = SsvcDecisionPointGroup( + self.dpg = DecisionPointGroup( name="test", description="test", decision_points=tuple( From 6605ca697ffe4c2ad28acdbb49c716571f26462a Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 24 Mar 2025 15:50:07 -0400 Subject: [PATCH 070/468] simplify table in prep for using new decision point and group features --- src/ssvc/decision_tables/base.py | 153 ++---------------- .../decision_tables/test_decision_table.py | 90 ++--------- 2 files changed, 27 insertions(+), 216 deletions(-) diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index 15871beb..20419528 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -17,18 +17,12 @@ """ import logging import re -from typing import Self -import pandas as pd -from pydantic import BaseModel, model_validator +from pydantic import BaseModel from ssvc._mixins import _Base, _Commented, _Namespaced, _SchemaVersioned -from ssvc.csv_analyzer import check_topological_order -from ssvc.decision_points.base import DecisionPointValue -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint -from ssvc.dp_groups.base import SsvcDecisionPointGroup -from ssvc.outcomes.base import OutcomeGroup, OutcomeValue -from ssvc.policy_generator import PolicyGenerator +from ssvc.dp_groups.base import DecisionPointGroup +from ssvc.outcomes.base import OutcomeGroup logger = logging.getLogger(__name__) @@ -53,139 +47,12 @@ class DecisionTable(_SchemaVersioned, _Namespaced, _Base, _Commented, BaseModel) The mapping dict values are outcomes. """ - decision_point_group: SsvcDecisionPointGroup + decision_point_group: DecisionPointGroup outcome_group: OutcomeGroup - mapping: list[dict[str, str]] = None - - _df: pd.DataFrame = None - - @property - def outcome_lookup(self) -> dict[str, OutcomeValue]: - """ - Return a lookup table for outcomes. - - Returns: - dict: A dictionary of outcomes keyed by outcome value name - """ - return { - name_to_key(outcome.name): outcome for outcome in self.outcome_group.values - } - - @property - def dp_lookup(self) -> dict[str, SsvcDecisionPoint]: - """ - Return a lookup table for decision points. - - Returns: - dict: A dictionary of decision points keyed by decision point name - """ - return { - name_to_key(dp.name): dp for dp in self.decision_point_group.decision_points - } - - @property - def dp_value_lookup(self) -> dict[str, dict[str, DecisionPointValue]]: - """ - Return a lookup table for decision point values. - Returns: - dict: A dictionary of decision point values keyed by decision point name and value name - """ - dp_value_lookup = {} - for dp in self.decision_point_group.decision_points: - key1 = name_to_key(dp.name) - dp_value_lookup[key1] = {} - for dp_value in dp.values: - key2 = name_to_key(dp_value.name) - dp_value_lookup[key1][key2] = dp_value - return dp_value_lookup - - @model_validator(mode="after") - def _populate_df(self) -> Self: - if self._df is None: - self._df = self.generate_df() - return self - - @model_validator(mode="after") - def validate_mapping(self): - """ - Placeholder for validating the mapping. - """ - df = self._df - target = name_to_key(df.columns[-1]) - - problems: list = check_topological_order(df, target) - - if problems: - raise ValueError(f"Mapping has problems: {problems}") - else: - logger.debug("Mapping passes topological order check") - - return self - - @model_validator(mode="after") - def _populate_mapping(self) -> Self: - """ - Populate the mapping if it is not provided. - Args: - data: - - Returns: - - """ - if not self.mapping: - mapping = self.table_to_mapping(self._df) - self.mapping = mapping - return self - - def as_csv(self) -> str: - """ - Convert the mapping to a CSV string. - """ - raise NotImplementedError - - def as_df(self) -> pd.DataFrame: - """ - Convert the mapping to a pandas DataFrame. - """ - raise NotImplementedError - - # stub for validating mapping - def generate_df(self) -> pd.DataFrame: - """ - Populate the mapping with all possible combinations of decision points. - """ - with PolicyGenerator( - dp_group=self.decision_point_group, - outcomes=self.outcome_group, - ) as policy: - df: pd.DataFrame = policy.clean_policy() - - return df - - def table_to_mapping(self, df: pd.DataFrame) -> list[dict[str, str]]: - # copy dataframe - df = pd.DataFrame(df) - columns = [dp.key for dp in self.decision_point_group.decision_points] - columns.append(self.outcome_group.key) - - df.columns = columns - data = [] - for _, row in df.iterrows(): - row_data = {} - outcome_value = None - for column in columns: - value_name = row[column] - try: - value = self.dp_value_lookup[column][value_name] - row_data[column] = value.key - except KeyError: - outcome_value = self.outcome_lookup[value_name] - if outcome_value is None: - raise ValueError("Outcome value not found") - - row_data["outcome"] = outcome_value.key - data.append(row_data) - return data + + def combinations(self): + """Generate possible decision point values""" + return self.decision_point_group.combination_strings() # convenience alias @@ -194,7 +61,7 @@ def table_to_mapping(self, df: pd.DataFrame) -> list[dict[str, str]]: def main(): from ssvc.dp_groups.ssvc.supplier import LATEST as dpg - from ssvc.outcomes.groups import MOSCOW as og + from ssvc.outcomes.x_basic.mscw import MSCW as og logger = logging.getLogger() logger.setLevel(logging.DEBUG) @@ -210,7 +77,7 @@ def main(): ) print(dt.model_dump_json(indent=2)) - print(dt._df) + print(list(dt.combinations())) if __name__ == "__main__": diff --git a/src/test/decision_tables/test_decision_table.py b/src/test/decision_tables/test_decision_table.py index d923a64a..5557b0ce 100644 --- a/src/test/decision_tables/test_decision_table.py +++ b/src/test/decision_tables/test_decision_table.py @@ -12,18 +12,14 @@ # U.S. Patent and Trademark Office by Carnegie Mellon University import tempfile import unittest -from itertools import product -import pandas as pd - -import ssvc.decision_points.ssvc_.base +from ssvc.decision_points.base import DecisionPoint, DecisionPointValue from ssvc.decision_tables import base -from ssvc.decision_tables.base import name_to_key -from ssvc.dp_groups.base import SsvcDecisionPointGroup -from ssvc.outcomes.base import OutcomeGroup, OutcomeValue +from ssvc.dp_groups.base import DecisionPointGroup +from ssvc.outcomes.base import OutcomeValue -class MyTestCase(unittest.TestCase): +class TestDecisionTables(unittest.TestCase): def setUp(self): self.tempdir = tempfile.TemporaryDirectory() self.tempdir_path = self.tempdir.name @@ -32,14 +28,14 @@ def setUp(self): for i in range(3): dpvs = [] for j in range(3): - dpv = base.DecisionPointValue( + dpv = DecisionPointValue( name=f"Value {i}{j}", key=f"DP{i}V{j}", description=f"Decision Point {i} Value {j} Description", ) dpvs.append(dpv) - dp = ssvc.decision_points.ssvc_.base.SsvcDecisionPoint( + dp = DecisionPoint( name=f"Decision Point {i}", key=f"DP{i}", description=f"Decision Point {i} Description", @@ -49,7 +45,7 @@ def setUp(self): ) dps.append(dp) - self.dpg = SsvcDecisionPointGroup( + self.dpg = DecisionPointGroup( name="Decision Point Group", description="Decision Point Group description", decision_points=tuple(dps), @@ -59,15 +55,16 @@ def setUp(self): for i in range(3): ogv = OutcomeValue( name=f"Outcome Value {i}", - key=f"ov{i}", + key=f"OV{i}", description=f"Outcome Value {i} description", ) ogvs.append(ogv) - self.og = OutcomeGroup( + self.og = DecisionPoint( name="Outcome Group", key="OG", description="Outcome Group description", + namespace="x_test", values=tuple(ogvs), ) @@ -82,66 +79,13 @@ def setUp(self): def tearDown(self): self.tempdir.cleanup() - def test_outcome_lookup(self): - d = self.dt.outcome_lookup - self.assertEqual(len(d), len(self.og.values)) - - for i, v in enumerate(self.og.values): - vname = name_to_key(v.name) - self.assertEqual(d[vname], v) - - def test_dp_lookup(self): - d = self.dt.dp_lookup - self.assertEqual(len(d), len(self.dpg.decision_points)) - - for i, dp in enumerate(self.dpg.decision_points): - dpname = name_to_key(dp.name) - self.assertEqual(d[dpname], dp) - - def test_dp_value_lookup(self): - d = self.dt.dp_value_lookup - for dp in self.dpg.decision_points: - dpname = name_to_key(dp.name) - self.assertEqual(len(d[dpname]), len(dp.values)) - - for i, v in enumerate(dp.values): - vname = name_to_key(v.name) - self.assertEqual(d[dpname][vname], v) - - def test_populate_df(self): - with self.subTest("df is set, no change"): - data = { - "a": [1, 2, 3], - "b": [4, 5, 6], - "c": [7, 8, 9], - } - df = pd.DataFrame(data) - self.dt._df = df - self.dt._populate_df() - self.assertTrue(df.equals(self.dt._df)) - - with self.subTest("df is None, populate"): - self.dt._df = None - self.dt._populate_df() - self.assertFalse(df.equals(self.dt._df)) - self.assertIsNotNone(self.dt._df) - self.assertIsInstance(self.dt._df, pd.DataFrame) - - with self.subTest("check df contents"): - nrows = len(list(product(*[dp.values for dp in self.dpg.decision_points]))) - self.assertEqual(len(self.dt._df), nrows) - ncols = len(self.dpg.decision_points) + 1 - self.assertEqual(len(self.dt._df.columns), ncols) - - def test_validate_mapping(self): - with self.subTest("no problems"): - self.dt.validate_mapping() - - with self.subTest("problems"): - # set one of the outcomes out of order - self.dt._df.iloc[0, -1] = self.og.values[-1].name - with self.assertRaises(ValueError): - self.dt.validate_mapping() + def test_create(self): + # self.dt exists in setUp + self.assertEqual(self.dt.name, "foo") + self.assertEqual(self.dt.description, "foo description") + self.assertEqual(self.dt.namespace, "x_test") + self.assertEqual(self.dt.decision_point_group, self.dpg) + self.assertEqual(self.dt.outcome_group, self.og) if __name__ == "__main__": From 0752ad94bfb49b0a4d8f5d74d24af55b081a88f3 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 24 Mar 2025 16:16:53 -0400 Subject: [PATCH 071/468] black reformat --- src/ssvc/dp_groups/ssvc/coordinator_publication.py | 4 +--- src/ssvc/dp_groups/ssvc/coordinator_triage.py | 5 ++--- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/src/ssvc/dp_groups/ssvc/coordinator_publication.py b/src/ssvc/dp_groups/ssvc/coordinator_publication.py index d290c686..5dded08b 100644 --- a/src/ssvc/dp_groups/ssvc/coordinator_publication.py +++ b/src/ssvc/dp_groups/ssvc/coordinator_publication.py @@ -43,9 +43,7 @@ - Public Value Added v1.0.0 """ -VERSIONS = ( - COORDINATOR_PUBLICATION_1, -) +VERSIONS = (COORDINATOR_PUBLICATION_1,) LATEST = VERSIONS[-1] diff --git a/src/ssvc/dp_groups/ssvc/coordinator_triage.py b/src/ssvc/dp_groups/ssvc/coordinator_triage.py index d7d96ceb..87867370 100644 --- a/src/ssvc/dp_groups/ssvc/coordinator_triage.py +++ b/src/ssvc/dp_groups/ssvc/coordinator_triage.py @@ -63,11 +63,10 @@ - Safety Impact v1.0.0 """ -VERSIONS = ( - COORDINATOR_TRIAGE_1, -) +VERSIONS = (COORDINATOR_TRIAGE_1,) LATEST = VERSIONS[-1] + def main(): for version in VERSIONS: print(version.model_dump_json(indent=2)) From 0fb279f17987338dfc769392918fcc249c99a61f Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 24 Mar 2025 16:17:07 -0400 Subject: [PATCH 072/468] add combination strings back to dpg --- src/ssvc/dp_groups/base.py | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/src/ssvc/dp_groups/base.py b/src/ssvc/dp_groups/base.py index 1698d9cf..5789e5ac 100644 --- a/src/ssvc/dp_groups/base.py +++ b/src/ssvc/dp_groups/base.py @@ -1,9 +1,5 @@ #!/usr/bin/env python -""" -file: base -author: adh -created_at: 9/20/23 4:47 PM -""" + # Copyright (c) 2025 Carnegie Mellon University and Contributors. # - see Contributors.md for a full list of Contributors # - see ContributionInstructions.md for information on how you can Contribute to this project @@ -17,13 +13,19 @@ # Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the # U.S. Patent and Trademark Office by Carnegie Mellon University +""" +Provides a DecisionPointGroup object for use in SSVC. +""" + +import itertools +from typing import Generator + from pydantic import BaseModel from ssvc._mixins import _Base, _SchemaVersioned from ssvc.decision_points.base import ( DecisionPoint, ) -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint class DecisionPointGroup(_Base, _SchemaVersioned, BaseModel): @@ -59,13 +61,21 @@ def decision_points_str(self) -> list[str]: """ return list(self.decision_points_dict.keys()) + def combination_strings(self) -> Generator[tuple[str, ...], None, None]: + """ + Return a list of tuples of the value short strings for all combinations of the decision points. + """ + value_tuples = [dp.value_summaries_str for dp in self.decision_points] + for combo in itertools.product(*value_tuples): + yield combo + def get_all_decision_points_from( *groups: list[DecisionPointGroup], -) -> tuple[SsvcDecisionPoint, ...]: +) -> tuple[DecisionPoint, ...]: """ - Given a list of SsvcDecisionPointGroup objects, return a list of all - the unique SsvcDecisionPoint objects contained in those groups. + Given a list of DecisionPointGroup objects, return a list of all + the unique DecisionPoint objects contained in those groups. Args: groups (list): A list of SsvcDecisionPointGroup objects. From 8f1e98c6037582a639d859719743da8211601d68 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 25 Mar 2025 10:03:55 -0400 Subject: [PATCH 073/468] remove separate outcome groups files --- src/outcomes_to_json.py | 29 ----------------------------- src/ssvc/outcomes/groups.py | 34 ---------------------------------- 2 files changed, 63 deletions(-) delete mode 100644 src/outcomes_to_json.py delete mode 100644 src/ssvc/outcomes/groups.py diff --git a/src/outcomes_to_json.py b/src/outcomes_to_json.py deleted file mode 100644 index 192c8169..00000000 --- a/src/outcomes_to_json.py +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/python3 - -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University - -from ssvc.outcomes import groups -from ssvc.outcomes.base import OutcomeGroup - - -def main(): - for x in dir(groups): - outcome = getattr(groups, x) - if type(outcome) == OutcomeGroup: - with open(f"../data/json/outcomes/{x}.json", "w") as f: - f.write(outcome.model_dump_json(indent=2)) - - -if __name__ == "__main__": - main() diff --git a/src/ssvc/outcomes/groups.py b/src/ssvc/outcomes/groups.py deleted file mode 100644 index 34f5a3f0..00000000 --- a/src/ssvc/outcomes/groups.py +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env python - -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University -""" -Provides a set of outcome groups for use in SSVC. -""" - -from ssvc.decision_points.helpers import print_versions_and_diffs -from ssvc.outcomes.x_community.paranoids import THE_PARANOIDS - -# Note: Outcome Groups must be defined in ascending order. - - -def main(): - print_versions_and_diffs( - [ - THE_PARANOIDS, - ] - ) - - -if __name__ == "__main__": - main() From 239eb096a620588f08e383a13aea45b61e6cdf5e Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 25 Mar 2025 10:04:18 -0400 Subject: [PATCH 074/468] revise decision point registry, add value summary registry --- src/ssvc/decision_points/base.py | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index dab1f208..5c063fbf 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -29,28 +29,37 @@ _Valued, _Versioned, ) -from ssvc.namespaces import NameSpace logger = logging.getLogger(__name__) -_RDP = {} +_DECISION_POINT_REGISTRY = {} + REGISTERED_DECISION_POINTS = [] + FIELD_DELIMITER = ":" +_VALUES_REGISTRY = {} + def register(dp): """ Register a decision point. """ - global _RDP + global _DECISION_POINT_REGISTRY - key = (dp.namespace, dp.name, dp.key, dp.version) + key = dp.str - if key in _RDP: + for value_str, value_summary in dp.value_summaries_dict.items(): + if value_str in _VALUES_REGISTRY: + logger.warning(f"Duplicate value summary {value_str}") + + _VALUES_REGISTRY[value_str] = value_summary + + if key in _DECISION_POINT_REGISTRY: logger.warning(f"Duplicate decision point {key}") - _RDP[key] = dp + _DECISION_POINT_REGISTRY[key] = dp REGISTERED_DECISION_POINTS.append(dp) @@ -58,10 +67,13 @@ def _reset_registered(): """ Reset the registered decision points. """ - global _RDP + global _DECISION_POINT_REGISTRY global REGISTERED_DECISION_POINTS - _RDP = {} + global _VALUES_REGISTRY + + _DECISION_POINT_REGISTRY = {} + _VALUES_REGISTRY = {} REGISTERED_DECISION_POINTS = [] From b3cb57f01e197669eee4628b28d5003cebe90df7 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 25 Mar 2025 10:47:15 -0400 Subject: [PATCH 075/468] remove temp notebook --- src/exploratory.ipynb | 165 ------------------------------------------ 1 file changed, 165 deletions(-) delete mode 100644 src/exploratory.ipynb diff --git a/src/exploratory.ipynb b/src/exploratory.ipynb deleted file mode 100644 index b0099b55..00000000 --- a/src/exploratory.ipynb +++ /dev/null @@ -1,165 +0,0 @@ -{ - "cells": [ - { - "cell_type": "code", - "execution_count": 1, - "id": "initial_id", - "metadata": { - "ExecuteTime": { - "end_time": "2025-03-21T13:31:21.532792Z", - "start_time": "2025-03-21T13:31:21.520299Z" - } - }, - "outputs": [ - { - "name": "stderr", - "output_type": "stream", - "text": [ - "Duplicate decision point (, 'Report Public', 'RP', '1.0.0')\n", - "Duplicate decision point (, 'Supplier Contacted', 'SC', '1.0.0')\n", - "Duplicate decision point (, 'Report Credibility', 'RC', '1.0.0')\n", - "Duplicate decision point (, 'Supplier Cardinality', 'SC', '1.0.0')\n", - "Duplicate decision point (, 'Supplier Engagement', 'SE', '1.0.0')\n", - "Duplicate decision point (, 'Utility', 'U', '1.0.1')\n", - "Duplicate decision point (, 'Automatable', 'A', '2.0.0')\n", - "Duplicate decision point (, 'Value Density', 'VD', '1.0.0')\n", - "Duplicate decision point (, 'Public Safety Impact', 'PSI', '2.0.0')\n", - "Duplicate decision point (, 'Safety Impact', 'SI', '1.0.0')\n" - ] - } - ], - "source": [ - "from ssvc.dp_groups.ssvc.coordinator_triage import COORDINATOR_TRIAGE_1 as dpg" - ] - }, - { - "cell_type": "code", - "execution_count": 2, - "id": "72c7764cb46593cc", - "metadata": { - "ExecuteTime": { - "end_time": "2025-03-21T13:33:19.287836Z", - "start_time": "2025-03-21T13:33:19.284542Z" - } - }, - "outputs": [ - { - "name": "stdout", - "output_type": "stream", - "text": [ - "0 (ValueSummary(namespace='ssvc', key='RP', version='1.0.0', value='Y'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='N'), ValueSummary(namespace='ssvc', key='RC', version='1.0.0', value='NC'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='O'), ValueSummary(namespace='ssvc', key='SE', version='1.0.0', value='A'), ValueSummary(namespace='ssvc', key='U', version='1.0.1', value='L'), ValueSummary(namespace='ssvc', key='A', version='2.0.0', value='N'), ValueSummary(namespace='ssvc', key='VD', version='1.0.0', value='D'), ValueSummary(namespace='ssvc', key='PSI', version='2.0.0', value='M'), ValueSummary(namespace='ssvc', key='SI', version='1.0.0', value='N'))\n", - "1 (ValueSummary(namespace='ssvc', key='RP', version='1.0.0', value='Y'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='N'), ValueSummary(namespace='ssvc', key='RC', version='1.0.0', value='NC'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='O'), ValueSummary(namespace='ssvc', key='SE', version='1.0.0', value='A'), ValueSummary(namespace='ssvc', key='U', version='1.0.1', value='L'), ValueSummary(namespace='ssvc', key='A', version='2.0.0', value='N'), ValueSummary(namespace='ssvc', key='VD', version='1.0.0', value='D'), ValueSummary(namespace='ssvc', key='PSI', version='2.0.0', value='M'), ValueSummary(namespace='ssvc', key='SI', version='1.0.0', value='M'))\n", - "2 (ValueSummary(namespace='ssvc', key='RP', version='1.0.0', value='Y'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='N'), ValueSummary(namespace='ssvc', key='RC', version='1.0.0', value='NC'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='O'), ValueSummary(namespace='ssvc', key='SE', version='1.0.0', value='A'), ValueSummary(namespace='ssvc', key='U', version='1.0.1', value='L'), ValueSummary(namespace='ssvc', key='A', version='2.0.0', value='N'), ValueSummary(namespace='ssvc', key='VD', version='1.0.0', value='D'), ValueSummary(namespace='ssvc', key='PSI', version='2.0.0', value='M'), ValueSummary(namespace='ssvc', key='SI', version='1.0.0', value='J'))\n", - "3 (ValueSummary(namespace='ssvc', key='RP', version='1.0.0', value='Y'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='N'), ValueSummary(namespace='ssvc', key='RC', version='1.0.0', value='NC'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='O'), ValueSummary(namespace='ssvc', key='SE', version='1.0.0', value='A'), ValueSummary(namespace='ssvc', key='U', version='1.0.1', value='L'), ValueSummary(namespace='ssvc', key='A', version='2.0.0', value='N'), ValueSummary(namespace='ssvc', key='VD', version='1.0.0', value='D'), ValueSummary(namespace='ssvc', key='PSI', version='2.0.0', value='M'), ValueSummary(namespace='ssvc', key='SI', version='1.0.0', value='H'))\n", - "4 (ValueSummary(namespace='ssvc', key='RP', version='1.0.0', value='Y'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='N'), ValueSummary(namespace='ssvc', key='RC', version='1.0.0', value='NC'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='O'), ValueSummary(namespace='ssvc', key='SE', version='1.0.0', value='A'), ValueSummary(namespace='ssvc', key='U', version='1.0.1', value='L'), ValueSummary(namespace='ssvc', key='A', version='2.0.0', value='N'), ValueSummary(namespace='ssvc', key='VD', version='1.0.0', value='D'), ValueSummary(namespace='ssvc', key='PSI', version='2.0.0', value='M'), ValueSummary(namespace='ssvc', key='SI', version='1.0.0', value='C'))\n", - "5 (ValueSummary(namespace='ssvc', key='RP', version='1.0.0', value='Y'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='N'), ValueSummary(namespace='ssvc', key='RC', version='1.0.0', value='NC'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='O'), ValueSummary(namespace='ssvc', key='SE', version='1.0.0', value='A'), ValueSummary(namespace='ssvc', key='U', version='1.0.1', value='L'), ValueSummary(namespace='ssvc', key='A', version='2.0.0', value='N'), ValueSummary(namespace='ssvc', key='VD', version='1.0.0', value='D'), ValueSummary(namespace='ssvc', key='PSI', version='2.0.0', value='S'), ValueSummary(namespace='ssvc', key='SI', version='1.0.0', value='N'))\n", - "6 (ValueSummary(namespace='ssvc', key='RP', version='1.0.0', value='Y'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='N'), ValueSummary(namespace='ssvc', key='RC', version='1.0.0', value='NC'), ValueSummary(namespace='ssvc', key='SC', version='1.0.0', value='O'), ValueSummary(namespace='ssvc', key='SE', version='1.0.0', value='A'), ValueSummary(namespace='ssvc', key='U', version='1.0.1', value='L'), ValueSummary(namespace='ssvc', key='A', version='2.0.0', value='N'), ValueSummary(namespace='ssvc', key='VD', version='1.0.0', value='D'), ValueSummary(namespace='ssvc', key='PSI', version='2.0.0', value='S'), ValueSummary(namespace='ssvc', key='SI', version='1.0.0', value='M'))\n" - ] - } - ], - "source": [ - "for i,c in enumerate(dpg.combination_summaries()):\n", - " print(i,c)\n", - " if i>5:\n", - " break" - ] - }, - { - "cell_type": "code", - "execution_count": 3, - "id": "f04f44540b0c9c2b", - "metadata": {}, - "outputs": [ - { - "name": "stdout", - "output_type": "stream", - "text": [ - "0 ('ssvc:RP:1.0.0:Y', 'ssvc:SC:1.0.0:N', 'ssvc:RC:1.0.0:NC', 'ssvc:SC:1.0.0:O', 'ssvc:SE:1.0.0:A', 'ssvc:U:1.0.1:L', 'ssvc:A:2.0.0:N', 'ssvc:VD:1.0.0:D', 'ssvc:PSI:2.0.0:M', 'ssvc:SI:1.0.0:N')\n", - "1 ('ssvc:RP:1.0.0:Y', 'ssvc:SC:1.0.0:N', 'ssvc:RC:1.0.0:NC', 'ssvc:SC:1.0.0:O', 'ssvc:SE:1.0.0:A', 'ssvc:U:1.0.1:L', 'ssvc:A:2.0.0:N', 'ssvc:VD:1.0.0:D', 'ssvc:PSI:2.0.0:M', 'ssvc:SI:1.0.0:M')\n", - "2 ('ssvc:RP:1.0.0:Y', 'ssvc:SC:1.0.0:N', 'ssvc:RC:1.0.0:NC', 'ssvc:SC:1.0.0:O', 'ssvc:SE:1.0.0:A', 'ssvc:U:1.0.1:L', 'ssvc:A:2.0.0:N', 'ssvc:VD:1.0.0:D', 'ssvc:PSI:2.0.0:M', 'ssvc:SI:1.0.0:J')\n", - "3 ('ssvc:RP:1.0.0:Y', 'ssvc:SC:1.0.0:N', 'ssvc:RC:1.0.0:NC', 'ssvc:SC:1.0.0:O', 'ssvc:SE:1.0.0:A', 'ssvc:U:1.0.1:L', 'ssvc:A:2.0.0:N', 'ssvc:VD:1.0.0:D', 'ssvc:PSI:2.0.0:M', 'ssvc:SI:1.0.0:H')\n", - "4 ('ssvc:RP:1.0.0:Y', 'ssvc:SC:1.0.0:N', 'ssvc:RC:1.0.0:NC', 'ssvc:SC:1.0.0:O', 'ssvc:SE:1.0.0:A', 'ssvc:U:1.0.1:L', 'ssvc:A:2.0.0:N', 'ssvc:VD:1.0.0:D', 'ssvc:PSI:2.0.0:M', 'ssvc:SI:1.0.0:C')\n", - "5 ('ssvc:RP:1.0.0:Y', 'ssvc:SC:1.0.0:N', 'ssvc:RC:1.0.0:NC', 'ssvc:SC:1.0.0:O', 'ssvc:SE:1.0.0:A', 'ssvc:U:1.0.1:L', 'ssvc:A:2.0.0:N', 'ssvc:VD:1.0.0:D', 'ssvc:PSI:2.0.0:S', 'ssvc:SI:1.0.0:N')\n", - "6 ('ssvc:RP:1.0.0:Y', 'ssvc:SC:1.0.0:N', 'ssvc:RC:1.0.0:NC', 'ssvc:SC:1.0.0:O', 'ssvc:SE:1.0.0:A', 'ssvc:U:1.0.1:L', 'ssvc:A:2.0.0:N', 'ssvc:VD:1.0.0:D', 'ssvc:PSI:2.0.0:S', 'ssvc:SI:1.0.0:M')\n" - ] - } - ], - "source": [ - "for i,s in enumerate(dpg.combination_strings()):\n", - " print(i,s)\n", - " if i > 5:\n", - " break" - ] - }, - { - "cell_type": "code", - "execution_count": 4, - "id": "635de87b-52a2-4c5e-9a90-5581448cb28e", - "metadata": {}, - "outputs": [ - { - "name": "stdout", - "output_type": "stream", - "text": [ - "0 ({'namespace': 'ssvc', 'key': 'RP', 'version': '1.0.0', 'value': 'Y'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'RC', 'version': '1.0.0', 'value': 'NC'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'O'}, {'namespace': 'ssvc', 'key': 'SE', 'version': '1.0.0', 'value': 'A'}, {'namespace': 'ssvc', 'key': 'U', 'version': '1.0.1', 'value': 'L'}, {'namespace': 'ssvc', 'key': 'A', 'version': '2.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'VD', 'version': '1.0.0', 'value': 'D'}, {'namespace': 'ssvc', 'key': 'PSI', 'version': '2.0.0', 'value': 'M'}, {'namespace': 'ssvc', 'key': 'SI', 'version': '1.0.0', 'value': 'N'})\n", - "\n", - "\n", - "1 ({'namespace': 'ssvc', 'key': 'RP', 'version': '1.0.0', 'value': 'Y'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'RC', 'version': '1.0.0', 'value': 'NC'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'O'}, {'namespace': 'ssvc', 'key': 'SE', 'version': '1.0.0', 'value': 'A'}, {'namespace': 'ssvc', 'key': 'U', 'version': '1.0.1', 'value': 'L'}, {'namespace': 'ssvc', 'key': 'A', 'version': '2.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'VD', 'version': '1.0.0', 'value': 'D'}, {'namespace': 'ssvc', 'key': 'PSI', 'version': '2.0.0', 'value': 'M'}, {'namespace': 'ssvc', 'key': 'SI', 'version': '1.0.0', 'value': 'M'})\n", - "\n", - "\n", - "2 ({'namespace': 'ssvc', 'key': 'RP', 'version': '1.0.0', 'value': 'Y'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'RC', 'version': '1.0.0', 'value': 'NC'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'O'}, {'namespace': 'ssvc', 'key': 'SE', 'version': '1.0.0', 'value': 'A'}, {'namespace': 'ssvc', 'key': 'U', 'version': '1.0.1', 'value': 'L'}, {'namespace': 'ssvc', 'key': 'A', 'version': '2.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'VD', 'version': '1.0.0', 'value': 'D'}, {'namespace': 'ssvc', 'key': 'PSI', 'version': '2.0.0', 'value': 'M'}, {'namespace': 'ssvc', 'key': 'SI', 'version': '1.0.0', 'value': 'J'})\n", - "\n", - "\n", - "3 ({'namespace': 'ssvc', 'key': 'RP', 'version': '1.0.0', 'value': 'Y'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'RC', 'version': '1.0.0', 'value': 'NC'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'O'}, {'namespace': 'ssvc', 'key': 'SE', 'version': '1.0.0', 'value': 'A'}, {'namespace': 'ssvc', 'key': 'U', 'version': '1.0.1', 'value': 'L'}, {'namespace': 'ssvc', 'key': 'A', 'version': '2.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'VD', 'version': '1.0.0', 'value': 'D'}, {'namespace': 'ssvc', 'key': 'PSI', 'version': '2.0.0', 'value': 'M'}, {'namespace': 'ssvc', 'key': 'SI', 'version': '1.0.0', 'value': 'H'})\n", - "\n", - "\n", - "4 ({'namespace': 'ssvc', 'key': 'RP', 'version': '1.0.0', 'value': 'Y'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'RC', 'version': '1.0.0', 'value': 'NC'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'O'}, {'namespace': 'ssvc', 'key': 'SE', 'version': '1.0.0', 'value': 'A'}, {'namespace': 'ssvc', 'key': 'U', 'version': '1.0.1', 'value': 'L'}, {'namespace': 'ssvc', 'key': 'A', 'version': '2.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'VD', 'version': '1.0.0', 'value': 'D'}, {'namespace': 'ssvc', 'key': 'PSI', 'version': '2.0.0', 'value': 'M'}, {'namespace': 'ssvc', 'key': 'SI', 'version': '1.0.0', 'value': 'C'})\n", - "\n", - "\n", - "5 ({'namespace': 'ssvc', 'key': 'RP', 'version': '1.0.0', 'value': 'Y'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'RC', 'version': '1.0.0', 'value': 'NC'}, {'namespace': 'ssvc', 'key': 'SC', 'version': '1.0.0', 'value': 'O'}, {'namespace': 'ssvc', 'key': 'SE', 'version': '1.0.0', 'value': 'A'}, {'namespace': 'ssvc', 'key': 'U', 'version': '1.0.1', 'value': 'L'}, {'namespace': 'ssvc', 'key': 'A', 'version': '2.0.0', 'value': 'N'}, {'namespace': 'ssvc', 'key': 'VD', 'version': '1.0.0', 'value': 'D'}, {'namespace': 'ssvc', 'key': 'PSI', 'version': '2.0.0', 'value': 'S'}, {'namespace': 'ssvc', 'key': 'SI', 'version': '1.0.0', 'value': 'N'})\n", - "\n", - "\n" - ] - } - ], - "source": [ - "for i,t in enumerate(dpg.combination_dicts()):\n", - " if i>5:\n", - " break\n", - " print(i,t)\n", - " print()\n", - " print()\n", - " " - ] - }, - { - "cell_type": "code", - "execution_count": null, - "id": "129afda1-f243-4b09-a0e3-8d9a8c8a9baa", - "metadata": {}, - "outputs": [], - "source": [] - } - ], - "metadata": { - "kernelspec": { - "display_name": "Python 3 (ipykernel)", - "language": "python", - "name": "python3" - }, - "language_info": { - "codemirror_mode": { - "name": "ipython", - "version": 3 - }, - "file_extension": ".py", - "mimetype": "text/x-python", - "name": "python", - "nbconvert_exporter": "python", - "pygments_lexer": "ipython3", - "version": "3.12.4" - } - }, - "nbformat": 4, - "nbformat_minor": 5 -} From b4cfd27cddb4a68cb98bf9402c825c3a3170fcbd Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 25 Mar 2025 13:14:21 -0400 Subject: [PATCH 076/468] use new features of objects --- src/ssvc/policy_generator.py | 42 ++++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 18 deletions(-) diff --git a/src/ssvc/policy_generator.py b/src/ssvc/policy_generator.py index 8e235ab4..c99d3cf8 100644 --- a/src/ssvc/policy_generator.py +++ b/src/ssvc/policy_generator.py @@ -3,18 +3,24 @@ Provides a Policy Generator class for SSVC decision point groups. """ -# Copyright (c) 2023-2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University +# Copyright (c) 2023-2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 import itertools import logging @@ -163,14 +169,14 @@ def _create_policy(self): row = {} for i in range(len(node)): # turn the numerical indexes back into decision point names - col1 = f"{self.dpg.decision_points[i].name}" - row[col1] = self.dpg.decision_points[i].values[node[i]].name + col1 = f"{self.dpg.decision_points[i].str}" + row[col1] = self.dpg.decision_points[i].value_summaries_str[node[i]] # numerical values - col2 = f"idx_{self.dpg.decision_points[i].name}" + col2 = f"idx_{self.dpg.decision_points[i].str}" row[col2] = node[i] oc_idx = self.G.nodes[node]["outcome"] - row["outcome"] = self.outcomes.values[oc_idx].name + row["outcome"] = self.outcomes.value_summaries_str[oc_idx] row["idx_outcome"] = oc_idx rows.append(row) @@ -183,8 +189,8 @@ def clean_policy(self) -> pd.DataFrame: df = df.rename(columns={"outcome": self.outcomes.name}) print_cols = [c for c in df.columns if not c.startswith("idx_")] - for c in print_cols: - df[c] = df[c].str.lower() + # for c in print_cols: + # df[c] = df[c].str.lower() return pd.DataFrame(df[print_cols]) From 059f9480e6d11e0bf2e3b3c0e5e8b19aceb52e4e Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 25 Mar 2025 13:14:44 -0400 Subject: [PATCH 077/468] add policy generator to decision table object --- src/ssvc/decision_tables/base.py | 119 +++++++++++++++++++++++-------- 1 file changed, 90 insertions(+), 29 deletions(-) diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index 20419528..5251f5a2 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -1,41 +1,40 @@ #!/usr/bin/env python -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 """ Provides a DecisionTable class that can be used to model decisions in SSVC """ import logging -import re +from typing import Optional -from pydantic import BaseModel +import pandas as pd +from pydantic import BaseModel, Field from ssvc._mixins import _Base, _Commented, _Namespaced, _SchemaVersioned from ssvc.dp_groups.base import DecisionPointGroup from ssvc.outcomes.base import OutcomeGroup +from ssvc.policy_generator import PolicyGenerator logger = logging.getLogger(__name__) -def name_to_key(name: str) -> str: - """ - Convert a name to a key by converting to lowercase and replacing spaces with underscores. - """ - # replace non-alphanumeric characters with underscores - new_name = re.sub(r"[^a-z0-9]+", "_", name.lower()) - return new_name - - class DecisionTable(_SchemaVersioned, _Namespaced, _Base, _Commented, BaseModel): """ The DecisionTable class is a model for decisions in SSVC. @@ -49,10 +48,70 @@ class DecisionTable(_SchemaVersioned, _Namespaced, _Base, _Commented, BaseModel) decision_point_group: DecisionPointGroup outcome_group: OutcomeGroup - - def combinations(self): - """Generate possible decision point values""" - return self.decision_point_group.combination_strings() + mapping: list[tuple[tuple[str, ...], tuple[str, ...]]] = Field(default_factory=list) + + def get_mapping_df(self, weights: Optional[list[float]] = None) -> pd.DataFrame: + # create a policy generator object and extract a mapping from it + with PolicyGenerator( + dp_group=self.decision_point_group, + outcomes=self.outcome_group, + outcome_weights=weights, + ) as pg: + df = pg.clean_policy() + + return df + + def dataframe_to_tuple_list( + self, df: pd.DataFrame, n_outcols: int = 1 + ) -> list[tuple[tuple[str, ...], tuple[str, ...]]]: + """ + Converts a DataFrame into a list of tuples where each tuple contains: + - A tuple of input values (all columns except the last n_outcols) + - A tuple containing the outcome value (last n_outcols columns) + + Note: + In every decision we've modeled to date, there is only one outcome column. + We have not yet encountered a decision with multiple outcome columns, + however, it has come up in some discussions, so we're allowing for it here as + a future-proofing measure. + + Attributes: + df: pandas DataFrame + n_outcols: int, default=1 + + Returns: + list[tuple[tuple[str,...],tuple[str,...]]]: A list of tuples + + """ + input_columns = df.columns[:-n_outcols] # All columns except the last one + output_column = df.columns[-n_outcols] # The last column + + return [ + (tuple(row[input_columns]), (row[output_column],)) + for _, row in df.iterrows() + ] + + def set_mapping( + self, df: pd.DataFrame + ) -> list[tuple[tuple[str, ...], tuple[str, ...]]]: + """ + Sets the mapping attribute to the output of dataframe_to_tuple_list + + :param df: pandas DataFrame + """ + self.mapping = self.dataframe_to_tuple_list(df) + return self.mapping + + def generate_mapping(self) -> list[tuple[tuple[str, ...], tuple[str, ...]]]: + """ + Generates a mapping from the decision point group to the outcome group using the PolicyGenerator class + and sets the mapping attribute to the output of dataframe_to_tuple_list + + Returns: + list[tuple[tuple[str,...],tuple[str,...]]]: The generated mapping + """ + df = self.get_mapping_df() + return self.set_mapping(df) # convenience alias @@ -75,9 +134,11 @@ def main(): decision_point_group=dpg, outcome_group=og, ) - print(dt.model_dump_json(indent=2)) - print(list(dt.combinations())) + df = dt.get_mapping_df() + dt.set_mapping(df) + + print(dt.model_dump_json(indent=2)) if __name__ == "__main__": From eb59f46f0becb2da275929c00246bfc6f4f7798b Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 25 Mar 2025 16:45:27 -0400 Subject: [PATCH 078/468] update tests --- .../{test_decision_table.py => test_base.py} | 54 ++++++++++++++----- 1 file changed, 40 insertions(+), 14 deletions(-) rename src/test/decision_tables/{test_decision_table.py => test_base.py} (55%) diff --git a/src/test/decision_tables/test_decision_table.py b/src/test/decision_tables/test_base.py similarity index 55% rename from src/test/decision_tables/test_decision_table.py rename to src/test/decision_tables/test_base.py index 5557b0ce..2fba129b 100644 --- a/src/test/decision_tables/test_decision_table.py +++ b/src/test/decision_tables/test_base.py @@ -1,25 +1,37 @@ -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 import tempfile import unittest -from ssvc.decision_points.base import DecisionPoint, DecisionPointValue +from pandas import DataFrame + +from ssvc.decision_points.base import ( + DecisionPoint, + DecisionPointValue, + _DECISION_POINT_REGISTRY, +) from ssvc.decision_tables import base from ssvc.dp_groups.base import DecisionPointGroup from ssvc.outcomes.base import OutcomeValue -class TestDecisionTables(unittest.TestCase): +class TestDecisionTable(unittest.TestCase): def setUp(self): self.tempdir = tempfile.TemporaryDirectory() self.tempdir_path = self.tempdir.name @@ -87,6 +99,20 @@ def test_create(self): self.assertEqual(self.dt.decision_point_group, self.dpg) self.assertEqual(self.dt.outcome_group, self.og) + def test_get_mapping_df(self): + df = self.dt.get_mapping_df() + self.assertIsInstance(df, DataFrame) + # columns are the decision point strings and the outcome group string + for dp in self.dpg.decision_points: + self.assertIn(dp.str, df.columns[:-1]) + self.assertEqual(self.og.str, df.columns[-1]) + + for col in df.columns: + dp = _DECISION_POINT_REGISTRY[col] + # all values in the decision point should be in the column at least once + for vsum in dp.value_summaries_str: + self.assertIn(vsum, df[col].unique()) + if __name__ == "__main__": unittest.main() From 5cc590e47f2f838a51f4b67c9df9cbefe7bb2df3 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 25 Mar 2025 16:46:01 -0400 Subject: [PATCH 079/468] minor clean up items --- src/ssvc/decision_points/cisa/base.py | 32 +++++++++++++++---------- src/ssvc/outcomes/base.py | 34 +++++++++++++++++---------- src/ssvc/policy_generator.py | 2 +- 3 files changed, 42 insertions(+), 26 deletions(-) diff --git a/src/ssvc/decision_points/cisa/base.py b/src/ssvc/decision_points/cisa/base.py index 739c5b0d..76e10368 100644 --- a/src/ssvc/decision_points/cisa/base.py +++ b/src/ssvc/decision_points/cisa/base.py @@ -1,16 +1,22 @@ #!/usr/bin/env python3 -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 """ Provides a base class for CISA-specific decision points. """ @@ -20,4 +26,4 @@ class CisaDecisionPoint(DecisionPoint, BaseModel): - namespace = "cisa" + namespace: str = "cisa" diff --git a/src/ssvc/outcomes/base.py b/src/ssvc/outcomes/base.py index a1cb6c08..f2074f4f 100644 --- a/src/ssvc/outcomes/base.py +++ b/src/ssvc/outcomes/base.py @@ -1,22 +1,32 @@ -# Copyright (c) 2023-2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University +# Copyright (c) 2023-2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 """ Provides outcome group and outcome value classes for SSVC. """ from ssvc.decision_points.base import DecisionPoint, DecisionPointValue +from ssvc.decision_points.cisa.base import CisaDecisionPoint +from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint OutcomeValue = DecisionPointValue OutcomeGroup = DecisionPoint SsvcOutcomeGroup = SsvcDecisionPoint +CvssOutcomeGroup = CvssDecisionPoint +CisaOutcomeGroup = CisaDecisionPoint diff --git a/src/ssvc/policy_generator.py b/src/ssvc/policy_generator.py index c99d3cf8..c77e649d 100644 --- a/src/ssvc/policy_generator.py +++ b/src/ssvc/policy_generator.py @@ -186,7 +186,7 @@ def _create_policy(self): def clean_policy(self) -> pd.DataFrame: df = self.policy.copy() # rename "outcome" column to outcome group name - df = df.rename(columns={"outcome": self.outcomes.name}) + df = df.rename(columns={"outcome": self.outcomes.str}) print_cols = [c for c in df.columns if not c.startswith("idx_")] # for c in print_cols: From a73f3ec6f810908af1b634021015e77311d18533 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 26 Mar 2025 12:33:30 -0400 Subject: [PATCH 080/468] update test --- src/ssvc/decision_points/base.py | 105 ++++++++++++++++++-------- src/test/decision_tables/test_base.py | 30 ++++++-- src/test/test_policy_generator.py | 42 +++++++---- 3 files changed, 122 insertions(+), 55 deletions(-) diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index 5c063fbf..2fc494ff 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -3,22 +3,28 @@ """ Defines the formatting for SSVC Decision Points. """ -# Copyright (c) 2023-2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University +# Copyright (c) 2023-2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 import logging -from pydantic import BaseModel, model_validator +from pydantic import BaseModel, Field, model_validator from ssvc._mixins import ( _Base, @@ -33,33 +39,63 @@ logger = logging.getLogger(__name__) -_DECISION_POINT_REGISTRY = {} - REGISTERED_DECISION_POINTS = [] - FIELD_DELIMITER = ":" -_VALUES_REGISTRY = {} +class Registry(BaseModel): + registry: dict[str, object] = Field(default_factory=dict) -def register(dp): + def __iter__(self): + return iter(self.registry.values()) + + def __getitem__(self, key: str) -> object: + return self.registry[key] + + def __setitem__(self, key: str, value: object): + if key in self.registry: + logger.warning(f"Duplicate key {key}") + + self.registry[key] = value + + def __contains__(self, key: str) -> bool: + return key in self.registry + + def reset_registry(self): + self.registry = {} + + # convenience alias + def clear(self): + self.reset_registry() + + +class DecisionPointRegistry(Registry, BaseModel): """ - Register a decision point. + A dictionary of decision points. """ - global _DECISION_POINT_REGISTRY - key = dp.str + registry: dict[str, "DecisionPoint"] = Field(default_factory=dict) - for value_str, value_summary in dp.value_summaries_dict.items(): - if value_str in _VALUES_REGISTRY: - logger.warning(f"Duplicate value summary {value_str}") - _VALUES_REGISTRY[value_str] = value_summary +class DecisionPointValueRegistry(Registry, BaseModel): + """ + A dictionary of decision point values. + """ + + registry: dict[str, "DecisionPointValue"] = Field(default_factory=dict) + + +def register(dp): + """ + Register a decision point. + """ - if key in _DECISION_POINT_REGISTRY: - logger.warning(f"Duplicate decision point {key}") + # register the values + for value_str, value_summary in dp.value_summaries_dict.items(): + DPV_REGISTRY[value_str] = value_summary - _DECISION_POINT_REGISTRY[key] = dp + key = dp.str + DP_REGISTRY[key] = dp REGISTERED_DECISION_POINTS.append(dp) @@ -67,13 +103,12 @@ def _reset_registered(): """ Reset the registered decision points. """ - global _DECISION_POINT_REGISTRY + global DPV_REGISTRY + global DP_REGISTRY global REGISTERED_DECISION_POINTS - global _VALUES_REGISTRY - - _DECISION_POINT_REGISTRY = {} - _VALUES_REGISTRY = {} + DPV_REGISTRY.reset_registry() + DP_REGISTRY.reset_registry() REGISTERED_DECISION_POINTS = [] @@ -195,6 +230,10 @@ def value_summaries_str(self): return list(self.value_summaries_dict.keys()) +DP_REGISTRY = DecisionPointRegistry() +DPV_REGISTRY = DecisionPointRegistry() + + def main(): opt_none = DecisionPointValue( name="None", key="N", description="No exploit available" diff --git a/src/test/decision_tables/test_base.py b/src/test/decision_tables/test_base.py index 2fba129b..471c76d3 100644 --- a/src/test/decision_tables/test_base.py +++ b/src/test/decision_tables/test_base.py @@ -22,9 +22,9 @@ from pandas import DataFrame from ssvc.decision_points.base import ( + DP_REGISTRY, DecisionPoint, DecisionPointValue, - _DECISION_POINT_REGISTRY, ) from ssvc.decision_tables import base from ssvc.dp_groups.base import DecisionPointGroup @@ -36,6 +36,8 @@ def setUp(self): self.tempdir = tempfile.TemporaryDirectory() self.tempdir_path = self.tempdir.name + DP_REGISTRY.clear() + dps = [] for i in range(3): dpvs = [] @@ -102,16 +104,32 @@ def test_create(self): def test_get_mapping_df(self): df = self.dt.get_mapping_df() self.assertIsInstance(df, DataFrame) - # columns are the decision point strings and the outcome group string - for dp in self.dpg.decision_points: - self.assertIn(dp.str, df.columns[:-1]) + + # df is not empty + self.assertFalse(df.empty) + # df has some rows + self.assertGreater(len(df), 0) + # df has the same number of rows as the product of the number of decision points and their values + combos = list(self.dpg.combination_strings()) + self.assertGreater(len(combos), 0) + self.assertEqual(len(df), len(combos)) + + # column names are the decision point strings and the outcome group string + for i, dp in enumerate(self.dpg.decision_points): + self.assertEqual(dp.str, df.columns[i]) self.assertEqual(self.og.str, df.columns[-1]) for col in df.columns: - dp = _DECISION_POINT_REGISTRY[col] + # col is in the registry + self.assertIn(col, DP_REGISTRY) + + dp = DP_REGISTRY[col] + + uniq = df[col].unique() + # all values in the decision point should be in the column at least once for vsum in dp.value_summaries_str: - self.assertIn(vsum, df[col].unique()) + self.assertIn(vsum, uniq) if __name__ == "__main__": diff --git a/src/test/test_policy_generator.py b/src/test/test_policy_generator.py index 77246271..57f7b033 100644 --- a/src/test/test_policy_generator.py +++ b/src/test/test_policy_generator.py @@ -1,15 +1,21 @@ -# Copyright (c) 2023-2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University +# Copyright (c) 2023-2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 import unittest from collections import Counter @@ -243,7 +249,7 @@ def test_emit_policy(self): for dpg in pg.dpg.decision_points: self.assertIn(dpg.name, stdout) for og in pg.outcomes.values: - self.assertIn(og.name.lower(), stdout) + self.assertIn(og.name, stdout) def test_create_policy(self): pg = PolicyGenerator( @@ -265,15 +271,19 @@ def test_create_policy(self): self.assertIsInstance(pg.policy, pd.DataFrame) self.assertEqual(16, len(pg.policy)) + idx_cols = [col for col in pg.policy.columns if col.startswith("idx_")] + other_cols = [col for col in pg.policy.columns if not col.startswith("idx_")] + for c in self.dp_names: - self.assertIn(c, pg.policy.columns) - self.assertIn(f"idx_{c}", pg.policy.columns) + + self.assertTrue(any([c in col for col in other_cols])) + self.assertTrue(any([c in col for col in idx_cols])) self.assertIn("outcome", pg.policy.columns) self.assertIn("idx_outcome", pg.policy.columns) for outcome in self.og_names: - self.assertIn(outcome, pg.policy.outcome.values) + self.assertTrue(any([outcome in val for val in pg.policy.outcome.values])) def test_validate_paths(self): pg = PolicyGenerator( From 8bac303f65e876ca10a7b9f105da9c77dbc02f38 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 27 Mar 2025 09:30:32 -0400 Subject: [PATCH 081/468] add test make target --- Makefile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1345e143..387f1b9c 100644 --- a/Makefile +++ b/Makefile @@ -37,6 +37,9 @@ dockerrun_docs: @echo "Running the docs Docker image..." $(DOCKER_RUN) --publish $(MKDOCS_PORT):8000 $(PROJECT_VOLUME) $(DOCS_IMAGE) +.PHONY: test +test: + pytest -v src/test docs: dockerbuild_docs dockerrun_docs docker_test: dockerbuild_test dockerrun_test @@ -51,8 +54,9 @@ help: @echo "Targets:" @echo " all - Display this help message" @echo " mdlint_fix - Run markdownlint with --fix" + @echo " test - Run the tests in a local shell" @echo " docs - Build and run the docs Docker image" - @echo " docker_test - Build and run the test Docker image" + @echo " docker_test - Build and run the tests in a Docker image" @echo "" @echo " dockerbuild_test - Build the test Docker image" @echo " dockerrun_test - Run the test Docker image" From 9ccfd4922cfa80a971833139540cf561861637f4 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 27 Mar 2025 12:22:11 -0400 Subject: [PATCH 082/468] update example --- src/ssvc/decision_tables/base.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index 5251f5a2..2ffb86ba 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -127,8 +127,8 @@ def main(): logger.addHandler(logging.StreamHandler()) dt = DecisionTable( - name="Example Prioritization Framework", - description="The description for an Example Prioritization Framework", + name="Example Decision Table", + description="The description for an Example Decision Table", namespace="x_test", version="1.0.0", decision_point_group=dpg, From fce30beff9a890043adad6eaccad9b7bef837251 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 31 Mar 2025 12:44:47 -0400 Subject: [PATCH 083/468] add type hints --- src/ssvc/decision_points/base.py | 15 +++++++++++---- src/ssvc/dp_groups/base.py | 4 ++-- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index 2fc494ff..9f38fd2b 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -46,13 +46,13 @@ class Registry(BaseModel): registry: dict[str, object] = Field(default_factory=dict) - def __iter__(self): + def __iter__(self) -> object: return iter(self.registry.values()) def __getitem__(self, key: str) -> object: return self.registry[key] - def __setitem__(self, key: str, value: object): + def __setitem__(self, key: str, value: object) -> None: if key in self.registry: logger.warning(f"Duplicate key {key}") @@ -61,11 +61,11 @@ def __setitem__(self, key: str, value: object): def __contains__(self, key: str) -> bool: return key in self.registry - def reset_registry(self): + def reset_registry(self) -> None: self.registry = {} # convenience alias - def clear(self): + def clear(self) -> None: self.reset_registry() @@ -229,6 +229,13 @@ def value_summaries_str(self): """ return list(self.value_summaries_dict.keys()) + @property + def enumerated_values(self) -> dict[int, str]: + """ + Return a list of enumerated values. + """ + return {i: v.str for i, v in enumerate(self.value_summaries)} + DP_REGISTRY = DecisionPointRegistry() DPV_REGISTRY = DecisionPointRegistry() diff --git a/src/ssvc/dp_groups/base.py b/src/ssvc/dp_groups/base.py index 2ea76528..daf282a7 100644 --- a/src/ssvc/dp_groups/base.py +++ b/src/ssvc/dp_groups/base.py @@ -41,13 +41,13 @@ class DecisionPointGroup(_Base, _SchemaVersioned, BaseModel): decision_points: tuple[DecisionPoint, ...] - def __iter__(self): + def __iter__(self) -> Generator[DecisionPoint, None, None]: """ Allow iteration over the decision points in the group. """ return iter(self.decision_points) - def __len__(self): + def __len__(self) -> int: """ Allow len() to be called on the group. """ From 5f5db6c379ea4c72700d8891b48d076b0a82e724 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 31 Mar 2025 12:45:39 -0400 Subject: [PATCH 084/468] add consistency checks to DecisionTable object --- src/ssvc/decision_tables/base.py | 251 ++++++++++++++++++++++++++++++- 1 file changed, 249 insertions(+), 2 deletions(-) diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index 2ffb86ba..2eccca42 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -21,9 +21,11 @@ """ Provides a DecisionTable class that can be used to model decisions in SSVC """ +import itertools import logging from typing import Optional +import networkx as nx import pandas as pd from pydantic import BaseModel, Field @@ -113,14 +115,252 @@ def generate_mapping(self) -> list[tuple[tuple[str, ...], tuple[str, ...]]]: df = self.get_mapping_df() return self.set_mapping(df) + def consistency_check_mapping(self) -> bool: + """Checks the mapping attribute by ensuring that the contents are consistent with the partial order over the decision points and outcomes""" + + # convert the decision point values to a list of numerical tuples + # and create a lookup table for the values + # The end result will be that vector contains a list of tuples + # where each tuple is a list of integers that represent the values + # in a decision point. The dp_lookup list will contain a dictionary + # for each decision point that maps the integer values to the string values + vector = [] + dp_lookup = [] + + # create an inverted index for the outcomes + outcome_lookup = {v: k for k, v in self.outcome_group.enumerated_values.items()} + logger.debug(f"Outcome lookup: {outcome_lookup}") + + for dp in self.decision_point_group: + valuesdict = dp.enumerated_values + dp_lookup.append(valuesdict) + + _vlist = tuple(valuesdict.keys()) + vector.append(_vlist) + + # vector now looks like + # [(0, 1, 2), (0, 1), (0, 1, 2, 3)] + logger.debug(f"Vector: {vector}") + # dp_lookup looks like + # [{0: 'a', 1: 'b', 2: 'c'}, {0: 'x', 1: 'y'}, {0: 'i', 1: 'j', 2: 'k', 3: 'l'}] + logger.debug(f"DP lookup: {dp_lookup}") + + bottom = tuple([min(t) for t in vector]) + top = tuple([max(t) for t in vector]) + + logger.debug(f"Bottom node: {bottom}") + logger.debug(f"Top node: {top}") + + # construct a directed graph + G = nx.DiGraph() + G = self._add_nodes(G, vector) + G = self._add_edges(G) + + problems = self._check_graph(G, bottom, top) + + # if we already have problems, we should stop here + # because the graph is not valid + if problems: + for problem in problems: + logger.error(f"Problem detected: {problem}") + return False + + # the graph has a lot of edges where the outcome does not change between the nodes + # we need to find the decision boundaries where the outcome does change + decision_boundaries = self._find_decision_boundaries(G, dp_lookup) + + problems = self._check_decision_boundaries(decision_boundaries, outcome_lookup) + for problem in problems: + logger.error(f"Problem detected: {problem}") + + # return True if there are no problems + return len(problems) == 0 + + def _check_decision_boundaries( + self, decision_boundaries: list[dict[str, str]], outcome_lookup: dict[str, int] + ) -> list[str]: + + problems = [] + for db in decision_boundaries: + from_outcome = outcome_lookup[db["from_outcome"]] + to_outcome = outcome_lookup[db["to_outcome"]] + + if from_outcome < to_outcome: + # this is what we wanted, no problem found + continue + + problem = ( + f"{db['from']} < {db['to']} but {from_outcome} is not < {to_outcome}" + ) + problems.append(problem) + return problems + + def _find_decision_boundaries( + self, G: nx.DiGraph, dp_lookup: list[dict[int, str]] + ) -> list[dict[str, str]]: + decision_boundaries = [] + for edge in G.edges: + u, v = edge + + # we need to translate from a node int tuple to the strings so we can look it up in the mapping + u_str = self.int_node_to_str(u, dp_lookup) + v_str = self.int_node_to_str(v, dp_lookup) + + mapping_dict = dict(self.mapping) + try: + u_outcome_str = mapping_dict[u_str][0] + except KeyError: + print(f"Node {u_str} has no mapping") + + try: + v_outcome_str = mapping_dict[v_str][0] + except KeyError: + logger.error(f"Node {v_str} has no mapping") + raise ValueError + + if u_outcome_str == v_outcome_str: + # no decision boundary here + continue + + # if we got here, there is a decision boundary + # so we need to record it + row = { + "from": u_str, + "to": v_str, + "from_outcome": u_outcome_str, + "to_outcome": v_outcome_str, + } + decision_boundaries.append(row) + + return decision_boundaries + + def int_node_to_str( + self, node: tuple[int, ...], dp_lookup: list[dict[int, str]] + ) -> tuple[str, ...]: + return tuple([dp_lookup[i][node[i]] for i in range(len(node))]) + + def _check_graph( + self, G: nx.DiGraph, bottom: tuple[int, ...], top: tuple[int, ...] + ) -> list[str]: + problems = [] + # check nodes for edges + for node in G.nodes: + if node != bottom and not G.in_degree(node): + # all nodes except bottom should have at least one incoming edge + problems.append(f"Node {node} has no incoming edges") + if node != top and not G.out_degree(node): + # all nodes except top should have at least one outgoing edge + problems.append(f"Node {node} has no outgoing edges") + return problems + + def _add_nodes(self, G: nx.DiGraph, vector: list[tuple[int, ...]]) -> nx.DiGraph: + + for node in itertools.product(*vector): + node = tuple(node) + # node is a tuple of integers + G.add_node(node) + + return G + + def _add_edges(self, G: nx.DiGraph) -> nx.DiGraph: + """ + Add edges to the graph G based on the nodes in G. + Node identities are tuples of integers. + Edges are added between nodes where one and only one element of the tuples differ by 1. + + Examples: + + | Node 1 | Node 2 | Edge? | + |--------|--------|-------| + | (0,0) | (0,1) | Yes | + | (0,0) | (1,0) | Yes | + | (0,0) | (1,1) | No | + | (0,0) | (0,0) | No | + | (0,0) | (0,2) | No | + | (0,1) | (0,2) | Yes | + + Args: + G: a networkx DiGraph object + + Returns: + a networkx DiGraph object with edges added + + """ + # add edges + for u, v in itertools.product(G.nodes, G.nodes): + # enforce that u and v are tuples of integers + if not isinstance(u, tuple) or any([not isinstance(i, int) for i in u]): + raise ValueError(f"Node {u} is not an integer tuple") + if not isinstance(v, tuple) or any([not isinstance(i, int) for i in v]): + raise ValueError(f"Node {v} is not an integer tuple") + + # add an edge if the difference between u and v is 1 + if u == v: + # do not create self-reflexive edges + continue + + if any(u[i] > v[i] for i in range(len(u))): + # skip the upper triangle of the connectivity matrix + continue + + # if you get here, we know that u < v, but it could be + # a gap larger than 1 from u to v. + # We only want to add edges where the gap is exactly 1. + + # compute the individual differences for each vector element + delta = [v[i] - u[i] for i in range(len(u))] + + if sum(delta) != 1: + # gap is too large + continue + + if not all([d in [0, 1] for d in delta]): + # more than one element is different + # this would be odd if it happened, but check for it anyway + continue + + # if you get here, then there is exactly one element that is different + # by 1, and the rest are the same + # add the edge + G.add_edge(u, v) + + # clean up the graph before we return it + # the transitive reduction of a graph is a graph with the same + # reachability properties, but with as few edges as possible + # https://en.wikipedia.org/wiki/Transitive_reduction + # in principle, our algorithm above shouldn't create any redundant edges + # so this is more of a belt-and-suspenders approach + before = len(G.edges) + G = nx.transitive_reduction(G) + after = len(G.edges) + if before != after: + logger.warning(f"Transitive reduction removed {before - after} edges") + logger.debug(f"Edge count: {after}") + return G + + def mapping_to_csv_str(self): + """ + Returns the mapping as a CSV string + """ + columns = [dp.str for dp in self.decision_point_group] + columns.append(self.outcome_group.str) + + rows = [] + for dpstrs, ostrs in self.mapping: + row = list(dpstrs) + row.append(ostrs[0]) + rows.append(row) + + return pd.DataFrame(rows, columns=columns).to_csv(index=False) + # convenience alias Policy = DecisionTable def main(): - from ssvc.dp_groups.ssvc.supplier import LATEST as dpg - from ssvc.outcomes.x_basic.mscw import MSCW as og + from ssvc.dp_groups.ssvc.coordinator_publication import LATEST as dpg + from ssvc.outcomes.ssvc_.publish import PUBLISH as og logger = logging.getLogger() logger.setLevel(logging.DEBUG) @@ -140,6 +380,13 @@ def main(): print(dt.model_dump_json(indent=2)) + with open("foo.json", "w") as f: + f.write(dt.model_dump_json()) + + dt.consistency_check_mapping() + + print(dt.mapping_to_csv_str()) + if __name__ == "__main__": main() From aad0511534c5afdafe1f91634c7d6e9bf4548531 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 31 Mar 2025 16:10:12 -0400 Subject: [PATCH 085/468] update unit tests --- src/ssvc/decision_tables/base.py | 7 ++ src/test/decision_tables/test_base.py | 110 ++++++++++++++++++++++++++ 2 files changed, 117 insertions(+) diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index 2eccca42..7d3034df 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -353,6 +353,13 @@ def mapping_to_csv_str(self): return pd.DataFrame(rows, columns=columns).to_csv(index=False) + def load_from_csv_str(self, csv_str: str): + """ + Loads the mapping from a CSV string + """ + # TODO add a mechanism to read a mapping from a CSV file and create a DecisionTable object from it + raise NotImplementedError + # convenience alias Policy = DecisionTable diff --git a/src/test/decision_tables/test_base.py b/src/test/decision_tables/test_base.py index 471c76d3..760a3d29 100644 --- a/src/test/decision_tables/test_base.py +++ b/src/test/decision_tables/test_base.py @@ -19,6 +19,7 @@ import tempfile import unittest +import pandas as pd from pandas import DataFrame from ssvc.decision_points.base import ( @@ -131,6 +132,115 @@ def test_get_mapping_df(self): for vsum in dp.value_summaries_str: self.assertIn(vsum, uniq) + def test_dataframe_to_tuple_list(self): + df = pd.DataFrame( + [ + {"a": 1, "b": 2, "c": 3}, + {"a": 4, "b": 5, "c": 6}, + {"a": 7, "b": 8, "c": 9}, + ] + ) + + tuple_list = self.dt.dataframe_to_tuple_list(df) + + self.assertEqual(len(tuple_list), len(df)) + + for row in tuple_list: + self.assertIsInstance(row, tuple) + self.assertEqual(len(row), 2) + self.assertIsInstance(row[0], tuple) + self.assertIsInstance(row[1], tuple) + + # manually check the structure of the tuple list + self.assertEqual((1, 2), tuple_list[0][0]) + self.assertEqual((3,), tuple_list[0][1]) + self.assertEqual((4, 5), tuple_list[1][0]) + self.assertEqual((6,), tuple_list[1][1]) + self.assertEqual((7, 8), tuple_list[2][0]) + self.assertEqual((9,), tuple_list[2][1]) + + def test_set_mapping(self): + df = pd.DataFrame( + { + "a": ["x", "y", "z"], + "b": ["one", "two", "three"], + "c": ["apple", "orange", "pear"], + } + ) + + result = self.dt.set_mapping(df) + + self.assertIn((("x", "one"), ("apple",)), result) + self.assertIn((("y", "two"), ("orange",)), result) + self.assertIn((("z", "three"), ("pear",)), result) + + self.assertEqual(result, self.dt.mapping) + + @unittest.skip("Test not implemented") + def test_consistency_check_mapping(self): + pass + + @unittest.skip("Test not implemented") + def test_check_decision_boundaries(self): + pass + + @unittest.skip("Test not implemented") + def test_find_decision_boundaries(self): + pass + + @unittest.skip("Test not implemented") + def test_int_node_to_str(self): + pass + + @unittest.skip("Test not implemented") + def test_check_graph(self): + pass + + @unittest.skip("Test not implemented") + def test_add_nodes(self): + pass + + @unittest.skip("Test not implemented") + def test_add_edges(self): + pass + + def test_mapping_to_csv_str(self): + df = self.dt.get_mapping_df() + self.dt.set_mapping(df) + + csv_str = self.dt.mapping_to_csv_str() + self.assertIsInstance(csv_str, str) + + lines = csv_str.strip().split("\n") + + # first line is the header + self.assertEqual( + lines[0], + ",".join([dp.str for dp in self.dpg.decision_points] + [self.og.str]), + ) + + combinations = list(self.dpg.combination_strings()) + + # there should be one line for each combination after the header + self.assertEqual(len(lines[1:]), len(combinations)) + + # each line after the header starts with a combination of decision point values + for combo, line in zip(combinations, lines[1:]): + # there are as many commas in the line as there are combos + comma_count = line.count(",") + self.assertEqual(comma_count, len(combo)) + + for dpv_str in combo: + self.assertIn(dpv_str, line) + + # the last thing in the line is the outcome group value + og_value = line.split(",")[-1] + self.assertIn(og_value, self.og.value_summaries_str) + + @unittest.skip("Test not implemented") + def test_load_from_csv_str(self): + pass + if __name__ == "__main__": unittest.main() From da5d4fc9e888f7455cb092b219f42a6722c61d0c Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 5 Jun 2025 16:03:27 -0400 Subject: [PATCH 086/468] simplify Makefile / Dockerfile interactions using docker-compose.yml --- Makefile | 68 +++++++++++---------------------- Dockerfile => docker/Dockerfile | 4 +- docker/docker-compose.yml | 36 +++++++++++++++++ 3 files changed, 61 insertions(+), 47 deletions(-) rename Dockerfile => docker/Dockerfile (91%) create mode 100644 docker/docker-compose.yml diff --git a/Makefile b/Makefile index 387f1b9c..af885c5c 100644 --- a/Makefile +++ b/Makefile @@ -1,19 +1,9 @@ # Project-specific vars -PFX=ssvc -DOCKER=docker -DOCKER_BUILD=$(DOCKER) build -DOCKER_RUN=$(DOCKER) run --tty --rm -PROJECT_VOLUME=--volume $(shell pwd):/app MKDOCS_PORT=8765 - -# docker names -TEST_DOCKER_TARGET=test -TEST_IMAGE = $(PFX)_test -DOCS_DOCKER_TARGET=docs -DOCS_IMAGE = $(PFX)_docs +DOCKER_DIR=docker # Targets -.PHONY: all dockerbuild_test dockerrun_test dockerbuild_docs dockerrun_docs docs docker_test clean help +.PHONY: all test docs docker_test clean help all: help @@ -21,32 +11,29 @@ mdlint_fix: @echo "Running markdownlint..." markdownlint --config .markdownlint.yml --fix . -dockerbuild_test: - @echo "Building the test Docker image..." - $(DOCKER_BUILD) --target $(TEST_DOCKER_TARGET) --tag $(TEST_IMAGE) . - -dockerrun_test: - @echo "Running the test Docker image..." - $(DOCKER_RUN) $(PROJECT_VOLUME) $(TEST_IMAGE) +test: + @echo "Running tests locally..." + pytest -v src/test -dockerbuild_docs: - @echo "Building the docs Docker image..." - $(DOCKER_BUILD) --target $(DOCS_DOCKER_TARGET) --tag $(DOCS_IMAGE) . +docker_test: + @echo "Running tests in Docker..." + pushd $(DOCKER_DIR) && docker-compose run --rm test -dockerrun_docs: - @echo "Running the docs Docker image..." - $(DOCKER_RUN) --publish $(MKDOCS_PORT):8000 $(PROJECT_VOLUME) $(DOCS_IMAGE) +docs: + @echo "Building and running docs in Docker..." + pushd $(DOCKER_DIR) && docker-compose up docs -.PHONY: test -test: - pytest -v src/test +up: + @echo "Starting Docker services..." + pushd $(DOCKER_DIR) && docker-compose up -d -docs: dockerbuild_docs dockerrun_docs -docker_test: dockerbuild_test dockerrun_test +down: + @echo "Stopping Docker services..." + pushd $(DOCKER_DIR) && docker-compose down clean: - @echo "Cleaning up..." - $(DOCKER) rmi $(TEST_IMAGE) $(DOCS_IMAGE) || true + @echo "Cleaning up Docker resources..." + pushd $(DOCKER_DIR) && docker-compose down --rmi local || true help: @echo "Usage: make [target]" @@ -55,16 +42,7 @@ help: @echo " all - Display this help message" @echo " mdlint_fix - Run markdownlint with --fix" @echo " test - Run the tests in a local shell" - @echo " docs - Build and run the docs Docker image" - @echo " docker_test - Build and run the tests in a Docker image" - @echo "" - @echo " dockerbuild_test - Build the test Docker image" - @echo " dockerrun_test - Run the test Docker image" - @echo " dockerbuild_docs - Build the docs Docker image" - @echo " dockerrun_docs - Run the docs Docker image" - @echo "" - @echo " clean - Remove the Docker images" - @echo " help - Display this help message" - - - + @echo " docs - Build and run the docs Docker service" + @echo " docker_test - Run the tests in a Docker container" + @echo " clean - Remove Docker containers and images" + @echo " help - Display this help message" diff --git a/Dockerfile b/docker/Dockerfile similarity index 91% rename from Dockerfile rename to docker/Dockerfile index 79aa5836..964af2a6 100644 --- a/Dockerfile +++ b/docker/Dockerfile @@ -5,10 +5,10 @@ WORKDIR /app FROM base AS dependencies # install requirements -COPY requirements.txt . +COPY ../requirements.txt . RUN pip install -r requirements.txt # Copy the files we need -COPY . /app +COPY .. /app # Set the environment variable ENV PYTHONPATH=/app/src diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml new file mode 100644 index 00000000..795eafb6 --- /dev/null +++ b/docker/docker-compose.yml @@ -0,0 +1,36 @@ +services: + base: + build: + context: .. + dockerfile: docker/Dockerfile + target: base + image: base:latest + + dependencies: + build: + context: .. + dockerfile: docker/Dockerfile + target: dependencies + image: dependencies:latest + depends_on: + - base + + test: + build: + context: .. + dockerfile: docker/Dockerfile + target: test + image: test:latest + depends_on: + - dependencies + + docs: + build: + context: .. + dockerfile: docker/Dockerfile + target: docs + image: docs:latest + depends_on: + - dependencies + ports: + - "8000:8000" From b99a76373ecc70d217318e15b3eaf9b531e9dca8 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 5 Jun 2025 16:03:27 -0400 Subject: [PATCH 087/468] simplify Makefile / Dockerfile interactions using docker-compose.yml # Conflicts: # Makefile --- Makefile | 66 ++++++++++++--------------------- README.md | 28 ++++++++------ Dockerfile => docker/Dockerfile | 4 +- docker/docker-compose.yml | 36 ++++++++++++++++++ 4 files changed, 79 insertions(+), 55 deletions(-) rename Dockerfile => docker/Dockerfile (91%) create mode 100644 docker/docker-compose.yml diff --git a/Makefile b/Makefile index 1345e143..af885c5c 100644 --- a/Makefile +++ b/Makefile @@ -1,19 +1,9 @@ # Project-specific vars -PFX=ssvc -DOCKER=docker -DOCKER_BUILD=$(DOCKER) build -DOCKER_RUN=$(DOCKER) run --tty --rm -PROJECT_VOLUME=--volume $(shell pwd):/app MKDOCS_PORT=8765 - -# docker names -TEST_DOCKER_TARGET=test -TEST_IMAGE = $(PFX)_test -DOCS_DOCKER_TARGET=docs -DOCS_IMAGE = $(PFX)_docs +DOCKER_DIR=docker # Targets -.PHONY: all dockerbuild_test dockerrun_test dockerbuild_docs dockerrun_docs docs docker_test clean help +.PHONY: all test docs docker_test clean help all: help @@ -21,29 +11,29 @@ mdlint_fix: @echo "Running markdownlint..." markdownlint --config .markdownlint.yml --fix . -dockerbuild_test: - @echo "Building the test Docker image..." - $(DOCKER_BUILD) --target $(TEST_DOCKER_TARGET) --tag $(TEST_IMAGE) . - -dockerrun_test: - @echo "Running the test Docker image..." - $(DOCKER_RUN) $(PROJECT_VOLUME) $(TEST_IMAGE) +test: + @echo "Running tests locally..." + pytest -v src/test -dockerbuild_docs: - @echo "Building the docs Docker image..." - $(DOCKER_BUILD) --target $(DOCS_DOCKER_TARGET) --tag $(DOCS_IMAGE) . +docker_test: + @echo "Running tests in Docker..." + pushd $(DOCKER_DIR) && docker-compose run --rm test -dockerrun_docs: - @echo "Running the docs Docker image..." - $(DOCKER_RUN) --publish $(MKDOCS_PORT):8000 $(PROJECT_VOLUME) $(DOCS_IMAGE) +docs: + @echo "Building and running docs in Docker..." + pushd $(DOCKER_DIR) && docker-compose up docs +up: + @echo "Starting Docker services..." + pushd $(DOCKER_DIR) && docker-compose up -d -docs: dockerbuild_docs dockerrun_docs -docker_test: dockerbuild_test dockerrun_test +down: + @echo "Stopping Docker services..." + pushd $(DOCKER_DIR) && docker-compose down clean: - @echo "Cleaning up..." - $(DOCKER) rmi $(TEST_IMAGE) $(DOCS_IMAGE) || true + @echo "Cleaning up Docker resources..." + pushd $(DOCKER_DIR) && docker-compose down --rmi local || true help: @echo "Usage: make [target]" @@ -51,16 +41,8 @@ help: @echo "Targets:" @echo " all - Display this help message" @echo " mdlint_fix - Run markdownlint with --fix" - @echo " docs - Build and run the docs Docker image" - @echo " docker_test - Build and run the test Docker image" - @echo "" - @echo " dockerbuild_test - Build the test Docker image" - @echo " dockerrun_test - Run the test Docker image" - @echo " dockerbuild_docs - Build the docs Docker image" - @echo " dockerrun_docs - Run the docs Docker image" - @echo "" - @echo " clean - Remove the Docker images" - @echo " help - Display this help message" - - - + @echo " test - Run the tests in a local shell" + @echo " docs - Build and run the docs Docker service" + @echo " docker_test - Run the tests in a Docker container" + @echo " clean - Remove Docker containers and images" + @echo " help - Display this help message" diff --git a/README.md b/README.md index e1bc0c1e..adcb816e 100644 --- a/README.md +++ b/README.md @@ -61,6 +61,19 @@ These json files are generated examples from the python `ssvc` module. These files are used by the `ssvc-calc` module. +## `/docker/*` + +The `docker` directory contains Dockerfiles and related configurations for to +create images that can run the SSVC documentation site and unit tests. + +Example: + +```bash +cd docker +docker-compose up test +docker-compose up docs +``` + ## `/src/*` This directory holds helper scripts that can make managing or using SSVC easier. @@ -103,7 +116,7 @@ To preview any `make` command without actually executing it, run: make -n ``` -### Run Local Server With Docker +### Run Local Docs Server With Docker The easiest way to get started is using make to build a docker image and run the site: @@ -111,18 +124,12 @@ The easiest way to get started is using make to build a docker image and run the make docs ``` -Then navigate to to see the site. - -Note that the docker container will display a message with the URL to visit, for -example: `Serving on http://0.0.0.0:8000/SSVC/` in the output. However, that port -is only available inside the container. The host port 8765 is mapped to the container's -port 8000, so you should navigate to to see the site. +Then navigate to to see the site. Or, if make is not available: ```bash -docker build --target docs --tag ssvc_docs . -docker run --tty --rm -p 8765:8000 --volume .:/app ssvc_docs +cd docker && docker-compose up docs ``` ### Run Local Server Without Docker @@ -162,8 +169,7 @@ make docker_test Or, if make is not available: ```bash -docker build --target test --tag ssvc_test . -docker run --tty --rm --volume .:/app ssvc_test +cd docker && docker-compose up test ``` ### Run Tests Without Docker diff --git a/Dockerfile b/docker/Dockerfile similarity index 91% rename from Dockerfile rename to docker/Dockerfile index 79aa5836..964af2a6 100644 --- a/Dockerfile +++ b/docker/Dockerfile @@ -5,10 +5,10 @@ WORKDIR /app FROM base AS dependencies # install requirements -COPY requirements.txt . +COPY ../requirements.txt . RUN pip install -r requirements.txt # Copy the files we need -COPY . /app +COPY .. /app # Set the environment variable ENV PYTHONPATH=/app/src diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml new file mode 100644 index 00000000..795eafb6 --- /dev/null +++ b/docker/docker-compose.yml @@ -0,0 +1,36 @@ +services: + base: + build: + context: .. + dockerfile: docker/Dockerfile + target: base + image: base:latest + + dependencies: + build: + context: .. + dockerfile: docker/Dockerfile + target: dependencies + image: dependencies:latest + depends_on: + - base + + test: + build: + context: .. + dockerfile: docker/Dockerfile + target: test + image: test:latest + depends_on: + - dependencies + + docs: + build: + context: .. + dockerfile: docker/Dockerfile + target: docs + image: docs:latest + depends_on: + - dependencies + ports: + - "8000:8000" From fd2cf476eddc8f32ceb9fc4ce1778a3a70fd9f31 Mon Sep 17 00:00:00 2001 From: Renae Metcalf Date: Thu, 12 Jun 2025 13:19:34 -0400 Subject: [PATCH 088/468] initial commit to separate HTGs from reference docs --- docs/howto/gathering_info/automatable.md | 16 ++++++++++++ docs/howto/gathering_info/exploitation.md | 25 +++++++++++++++++++ docs/howto/gathering_info/mission_impact.md | 9 +++++++ docs/howto/gathering_info/system_exposure.md | 24 ++++++++++++++++++ docs/howto/gathering_info/technical_impact.md | 16 ++++++++++++ docs/howto/gathering_info/value_density.md | 15 +++++++++++ docs/reference/decision_points/automatable.md | 16 ------------ .../reference/decision_points/exploitation.md | 24 ------------------ .../decision_points/mission_impact.md | 9 ------- .../decision_points/system_exposure.md | 24 ------------------ .../decision_points/technical_impact.md | 16 ------------ .../decision_points/value_density.md | 15 ----------- 12 files changed, 105 insertions(+), 104 deletions(-) create mode 100644 docs/howto/gathering_info/automatable.md create mode 100644 docs/howto/gathering_info/exploitation.md create mode 100644 docs/howto/gathering_info/mission_impact.md create mode 100644 docs/howto/gathering_info/system_exposure.md create mode 100644 docs/howto/gathering_info/technical_impact.md create mode 100644 docs/howto/gathering_info/value_density.md diff --git a/docs/howto/gathering_info/automatable.md b/docs/howto/gathering_info/automatable.md new file mode 100644 index 00000000..61c80227 --- /dev/null +++ b/docs/howto/gathering_info/automatable.md @@ -0,0 +1,16 @@ +# Gathering Information about Automatable + + An analyst should be able to sketch the automation scenario and how it either does or does not satisfy each of the four kill chain steps. + Once one step is not satisfied, the analyst can stop and select [*no*](automatable.md). + Code that demonstrably automates all four kill chain steps certainly satisfies as a sketch. + We say sketch to indicate that plausible arguments, such as convincing psuedocode of an automation pathway for each step, are also adequate evidence in favor of a [*yes*](automatable.md) to *Automatable*. + + Like all SSVC decision points, *Automatable* should capture the analyst's best understanding of plausible scenarios at the time of the analysis. + An answer of *no* does not mean that it is absolutely inconceivable to automate exploitation in any scenario. + It means the analyst is not able to sketch a plausible path through all four kill chain steps. + “Plausible” sketches should account for widely deployed network and host-based defenses. + Liveness of Internet-connected services means quite a few overlapping things [@bano2018scanning]. + For most vulnerabilities, an open port does not automatically mean that reconnaissance, weaponization, and delivery are automatable. + Furthermore, discovery of a vulnerable service is not automatable in a situation where only two hosts are misconfigured to expose the service out of 2 million hosts that are properly configured. + As discussed in in [Reasoning Steps Forward](../../topics/scope.md), the analyst should consider *credible* effects based on *known* use cases of the software system to be pragmatic about scope and providing values to decision points. + diff --git a/docs/howto/gathering_info/exploitation.md b/docs/howto/gathering_info/exploitation.md new file mode 100644 index 00000000..9538aa0e --- /dev/null +++ b/docs/howto/gathering_info/exploitation.md @@ -0,0 +1,25 @@ +# Gathering Information About Exploitation + + [@householder2020historical] presents a method for searching the GitHub repositories of open-source exploit databases. + This method could be employed to gather information about whether *PoC* is true. + However, part (3) of *PoC* would not be represented in such a search, so more information gathering would be needed. + For part (3), one approach is to construct a mapping of CWE-IDs which + always represent vulnerabilities with well-known methods of exploitation. + We provide a list of possible CWE-IDs for this purpose below. + + Gathering information for *active* is a bit harder. + If the vulnerability has a name or public identifier (such as a CVE-ID), a search of news websites, Twitter, the vendor's vulnerability description, and public vulnerability databases for mentions of exploitation is generally adequate. + However, if the organization has the ability to detect exploitation attempts—for instance, through reliable and precise IDS signatures based on a public *PoC*—then detection of exploitation attempts also signals that *active* is the right choice. + Determining which vulnerability a novel piece of malware uses may be time consuming, requiring reverse engineering and a lot of trial and error. + Additionally, capable incident detection and analysis capabilities are required to make reverse engineering possible. + Because most organizations do not conduct these processes fully for most incidents, information about which vulnerabilities are being actively exploited generally comes from public reporting by organizations that do conduct these processes. + As long as those organizations also share detection methods and signatures, the results are usually quickly corroborated by the community. + For these reasons, we assess public reporting by established security community members to be a good information source for *active*; however, one should not assume it is complete. + + The description for *none* says that there is no **evidence** of *active* exploitation. + This framing admits that an analyst may not be able to detect or know about every attack. + Acknowledging that *Exploitation* values can change relatively quickly, we recommend conducting these searches frequently: if they can be automated to the organization's satisfaction, perhaps once a day (see also [Guidance on Communicating Results](../../howto/bootstrap/use.md)). + An analyst should feel comfortable selecting *none* if they (or their search scripts) have performed searches in the appropriate places for public *PoC*s and *active* exploitation (as described above) and found *none*. + Acknowledging that *Exploitation*. + + diff --git a/docs/howto/gathering_info/mission_impact.md b/docs/howto/gathering_info/mission_impact.md new file mode 100644 index 00000000..c98d770e --- /dev/null +++ b/docs/howto/gathering_info/mission_impact.md @@ -0,0 +1,9 @@ +# Gathering Information About Mission Impact + +The factors that influence the mission impact level are diverse. +The material here does not exhaustively discuss how a stakeholder should answer a question; that is a topic for future work. +At a minimum, understanding mission impact should include gathering information about the critical paths that involve vulnerable components, viability of contingency measures, and resiliency of the systems that support the mission. +There are various sources of guidance on how to gather this information; see for example the FEMA guidance in Continuity Directive 2 [@FCD2_2017] or OCTAVE FORTE [@tucker2018octave]. +This is part of risk management more broadly. +It should require the vulnerability management team to interact with more senior management to understand mission priorities and other aspects of risk mitigation. + diff --git a/docs/howto/gathering_info/system_exposure.md b/docs/howto/gathering_info/system_exposure.md new file mode 100644 index 00000000..d571701a --- /dev/null +++ b/docs/howto/gathering_info/system_exposure.md @@ -0,0 +1,24 @@ +# Gathering Information About System Exposure + +*System Exposure* is primarily used by Deployers, so the question is about whether some specific system is in fact exposed, not a hypothetical or aggregate question about systems of that type. +Therefore, it generally has a concrete answer, even though it may vary from vulnerable component to vulnerable component, based on their respective configurations. + +*System Exposure* can be readily informed by network scanning techniques. +For example, if the vulnerable component is visible on [Shodan](https://www.shodan.io) or by some other external scanning service, then it is *open*. +Network policy or diagrams are also useful information sources, especially for services intentionally open to the Internet such as public web servers. +An analyst should also choose *open* for a phone or PC that connects to the web or email without the usual protections (IP and URL blocking, updated firewalls, etc.). + +Distinguishing between *small* and *controlled* is more nuanced. +If *open* has been ruled out, some suggested heuristics for differentiating the other two are as follows. +Apply these heuristics in order and stop when one of them applies. + +- If the system's networking and communication interfaces have been physically removed or disabled, choose *small*. +- If [*Automatable*](automatable.md) is [*yes*](automatable.md), then choose *controlled*. The reasoning behind this heuristic is that if reconnaissance through exploitation is automatable, then the usual deployment scenario exposes the system sufficiently that access can be automated, which contradicts the expectations of *small*. +- If the vulnerable component is on a network where other hosts can browse the web or receive email, choose *controlled*. +- If the vulnerable component is in a third party library that is unreachable because the feature is unused in the surrounding product, choose *small*. + +The unreachable vulnerable component scenario may be a point of concern for stakeholders like patch suppliers who often find it more cost-effective to simply update the included library to an existing fixed version rather than try to explain to customers why the vulnerable code is unreachable in their own product. +In those cases, we suggest the stakeholder reviews the decision outcomes of the tree to ensure the appropriate action is taken (paying attention to [*defer*](../../howto/supplier_tree.md) vs [*scheduled*](../../howto/supplier_tree.md), for example). + +If you have suggestions for further heuristics, or potential counterexamples to these, please describe the example and reasoning in an issue on the [SSVC GitHub](https://github.com/CERTCC/SSVC/issues). + diff --git a/docs/howto/gathering_info/technical_impact.md b/docs/howto/gathering_info/technical_impact.md new file mode 100644 index 00000000..97387cd0 --- /dev/null +++ b/docs/howto/gathering_info/technical_impact.md @@ -0,0 +1,16 @@ +# Gathering Information About Technical Impact + + Assessing *Technical Impact* amounts to assessing the degree of control over the vulnerable component the attacker stands to gain by exploiting the vulnerability. + One way to approach this analysis is to ask whether the control gained is *total* or not. + If it is not total, it is *partial*. + If an answer to one of the following questions is _yes_, then control is *total*. + After exploiting the vulnerability, + + - can the attacker install and run arbitrary software? + - can the attacker trigger all the actions that the vulnerable component can perform? + - does the attacker get an account with full privileges to the vulnerable component (administrator or root user accounts, for example)? + + This list is an evolving set of heuristics. + If you find a vulnerability that should have *total* *Technical Impact* but that does not answer yes to any of + these questions, please describe the example and what question we might add to this list in an issue on the + [SSVC GitHub](https://github.com/CERTCC/SSVC/issues). diff --git a/docs/howto/gathering_info/value_density.md b/docs/howto/gathering_info/value_density.md new file mode 100644 index 00000000..caab8eef --- /dev/null +++ b/docs/howto/gathering_info/value_density.md @@ -0,0 +1,15 @@ +# Gathering Information About Value Density + + The heuristics presented in the *Value Density* definitions involve whether the system is usually maintained by a dedicated professional, although we have noted some exceptions (such as encrypted mobile messaging applications). + If there are additional counterexamples to this heuristic, please describe them and the reasoning why the system should have the alternative decision value in an issue on the [SSVC GitHub](https://github.com/CERTCC/SSVC/issues). + + An analyst might use market research reports or Internet telemetry data to assess an unfamiliar product. + Organizations such as Gartner produce research on the market position and product comparisons for a large variety of systems. + These generally identify how a product is deployed, used, and maintained. + An organization's own marketing materials are a less reliable indicator of how a product is used, or at least how the organization expects it to be used. + + Network telemetry can inform how many instances of a software system are connected to a network. + Such telemetry is most reliable for the supplier of the software, especially if software licenses are purchased and checked. + Measuring how many instances of a system are in operation is useful, but having more instances does not mean that the software is a densely valuable target. + However, market penetration greater than approximately 75% generally means that the product uniquely serves a particular market segment or purpose. + This line of reasoning is what supports a determination that an ubiquitous encrypted mobile messaging application should be considered to have a *concentrated* Value Density. diff --git a/docs/reference/decision_points/automatable.md b/docs/reference/decision_points/automatable.md index 69259cfa..dc3f36d4 100644 --- a/docs/reference/decision_points/automatable.md +++ b/docs/reference/decision_points/automatable.md @@ -43,22 +43,6 @@ Due to vulnerability chaining, there is some nuance as to whether reconnaissance This automates the _reconnaissance_ of vulnerable systems. In this situation, the analyst should continue to analyze vulnerability A to understand whether the remaining steps in the kill chain can be automated. -!!! tip "Gathering Information About Automatable" - - An analyst should be able to sketch the automation scenario and how it either does or does not satisfy each of the four kill chain steps. - Once one step is not satisfied, the analyst can stop and select [*no*](automatable.md). - Code that demonstrably automates all four kill chain steps certainly satisfies as a sketch. - We say sketch to indicate that plausible arguments, such as convincing psuedocode of an automation pathway for each step, are also adequate evidence in favor of a [*yes*](automatable.md) to *Automatable*. - - Like all SSVC decision points, *Automatable* should capture the analyst's best understanding of plausible scenarios at the time of the analysis. - An answer of *no* does not mean that it is absolutely inconceivable to automate exploitation in any scenario. - It means the analyst is not able to sketch a plausible path through all four kill chain steps. - “Plausible” sketches should account for widely deployed network and host-based defenses. - Liveness of Internet-connected services means quite a few overlapping things [@bano2018scanning]. - For most vulnerabilities, an open port does not automatically mean that reconnaissance, weaponization, and delivery are automatable. - Furthermore, discovery of a vulnerable service is not automatable in a situation where only two hosts are misconfigured to expose the service out of 2 million hosts that are properly configured. - As discussed in in [Reasoning Steps Forward](../../topics/scope.md), the analyst should consider *credible* effects based on *known* use cases of the software system to be pragmatic about scope and providing values to decision points. - ## Prior Versions ```python exec="true" idprefix="" diff --git a/docs/reference/decision_points/exploitation.md b/docs/reference/decision_points/exploitation.md index b4f93bb3..731f3bf1 100644 --- a/docs/reference/decision_points/exploitation.md +++ b/docs/reference/decision_points/exploitation.md @@ -9,30 +9,6 @@ print(example_block(LATEST)) The intent of this measure is the present state of exploitation of the vulnerability. The intent is not to predict future exploitation but only to acknowledge the current state of affairs. Predictive systems, such as EPSS, could be used to augment this decision or to notify stakeholders of likely changes [@jacobs2021epss]. -!!! tip "Gathering Information About Exploitation" - - [@householder2020historical] presents a method for searching the GitHub repositories of open-source exploit databases. - This method could be employed to gather information about whether *PoC* is true. - However, part (3) of *PoC* would not be represented in such a search, so more information gathering would be needed. - For part (3), one approach is to construct a mapping of CWE-IDs which - always represent vulnerabilities with well-known methods of exploitation. - We provide a list of possible CWE-IDs for this purpose below. - - Gathering information for *active* is a bit harder. - If the vulnerability has a name or public identifier (such as a CVE-ID), a search of news websites, Twitter, the vendor's vulnerability description, and public vulnerability databases for mentions of exploitation is generally adequate. - However, if the organization has the ability to detect exploitation attempts—for instance, through reliable and precise IDS signatures based on a public *PoC*—then detection of exploitation attempts also signals that *active* is the right choice. - Determining which vulnerability a novel piece of malware uses may be time consuming, requiring reverse engineering and a lot of trial and error. - Additionally, capable incident detection and analysis capabilities are required to make reverse engineering possible. - Because most organizations do not conduct these processes fully for most incidents, information about which vulnerabilities are being actively exploited generally comes from public reporting by organizations that do conduct these processes. - As long as those organizations also share detection methods and signatures, the results are usually quickly corroborated by the community. - For these reasons, we assess public reporting by established security community members to be a good information source for *active*; however, one should not assume it is complete. - - The description for *none* says that there is no **evidence** of *active* exploitation. - This framing admits that an analyst may not be able to detect or know about every attack. - Acknowledging that *Exploitation* values can change relatively quickly, we recommend conducting these searches frequently: if they can be automated to the organization's satisfaction, perhaps once a day (see also [Guidance on Communicating Results](../../howto/bootstrap/use.md)). - An analyst should feel comfortable selecting *none* if they (or their search scripts) have performed searches in the appropriate places for public *PoC*s and *active* exploitation (as described above) and found *none*. - Acknowledging that *Exploitation*. - ## CWE-IDs for *PoC* The table below lists CWE-IDs that could be used to mark a vulnerability as *PoC* if the vulnerability is described by the CWE-ID. diff --git a/docs/reference/decision_points/mission_impact.md b/docs/reference/decision_points/mission_impact.md index f8b80503..1e24d05b 100644 --- a/docs/reference/decision_points/mission_impact.md +++ b/docs/reference/decision_points/mission_impact.md @@ -30,15 +30,6 @@ Private sector businesses may better align with [operational and financial impac While the processes, terminology, and audience for these different frameworks differ, they all can provide a sense of the criticality of an asset or assets within the scope of the stakeholder conducting the cyber vulnerability prioritization with SSVC. In that sense they all function quite similarly within SSVC. Organizations should use whatever is most appropriate for their stakeholder context, with Mission Essential Function analysis serving as a fully worked example in the SSVC documents. -## Gathering Information About Mission Impact - -The factors that influence the mission impact level are diverse. -The material here does not exhaustively discuss how a stakeholder should answer a question; that is a topic for future work. -At a minimum, understanding mission impact should include gathering information about the critical paths that involve vulnerable components, viability of contingency measures, and resiliency of the systems that support the mission. -There are various sources of guidance on how to gather this information; see for example the FEMA guidance in Continuity Directive 2 [@FCD2_2017] or OCTAVE FORTE [@tucker2018octave]. -This is part of risk management more broadly. -It should require the vulnerability management team to interact with more senior management to understand mission priorities and other aspects of risk mitigation. - ## Prior Versions ```python exec="true" idprefix="" diff --git a/docs/reference/decision_points/system_exposure.md b/docs/reference/decision_points/system_exposure.md index 9a2f52dd..7ce9196b 100644 --- a/docs/reference/decision_points/system_exposure.md +++ b/docs/reference/decision_points/system_exposure.md @@ -17,30 +17,6 @@ Therefore, a deployer’s response to Exposure may change if such mitigations ar If a mitigation changes exposure and thereby reduces the priority of a vulnerability, that mitigation can be considered a success. Whether that mitigation allows the deployer to defer further action varies according to each case. -## Gathering Information About System Exposure - -*System Exposure* is primarily used by Deployers, so the question is about whether some specific system is in fact exposed, not a hypothetical or aggregate question about systems of that type. -Therefore, it generally has a concrete answer, even though it may vary from vulnerable component to vulnerable component, based on their respective configurations. - -*System Exposure* can be readily informed by network scanning techniques. -For example, if the vulnerable component is visible on [Shodan](https://www.shodan.io) or by some other external scanning service, then it is *open*. -Network policy or diagrams are also useful information sources, especially for services intentionally open to the Internet such as public web servers. -An analyst should also choose *open* for a phone or PC that connects to the web or email without the usual protections (IP and URL blocking, updated firewalls, etc.). - -Distinguishing between *small* and *controlled* is more nuanced. -If *open* has been ruled out, some suggested heuristics for differentiating the other two are as follows. -Apply these heuristics in order and stop when one of them applies. - -- If the system's networking and communication interfaces have been physically removed or disabled, choose *small*. -- If [*Automatable*](automatable.md) is [*yes*](automatable.md), then choose *controlled*. The reasoning behind this heuristic is that if reconnaissance through exploitation is automatable, then the usual deployment scenario exposes the system sufficiently that access can be automated, which contradicts the expectations of *small*. -- If the vulnerable component is on a network where other hosts can browse the web or receive email, choose *controlled*. -- If the vulnerable component is in a third party library that is unreachable because the feature is unused in the surrounding product, choose *small*. - -The unreachable vulnerable component scenario may be a point of concern for stakeholders like patch suppliers who often find it more cost-effective to simply update the included library to an existing fixed version rather than try to explain to customers why the vulnerable code is unreachable in their own product. -In those cases, we suggest the stakeholder reviews the decision outcomes of the tree to ensure the appropriate action is taken (paying attention to [*defer*](../../howto/supplier_tree.md) vs [*scheduled*](../../howto/supplier_tree.md), for example). - -If you have suggestions for further heuristics, or potential counterexamples to these, please describe the example and reasoning in an issue on the [SSVC GitHub](https://github.com/CERTCC/SSVC/issues). - ## Prior Versions ```python exec="true" idprefix="" diff --git a/docs/reference/decision_points/technical_impact.md b/docs/reference/decision_points/technical_impact.md index 4b1dcaf6..09295ce3 100644 --- a/docs/reference/decision_points/technical_impact.md +++ b/docs/reference/decision_points/technical_impact.md @@ -16,19 +16,3 @@ Our definition of **vulnerability** is based on the determination that some secu We consider a security policy violation to be a technical impact—or at least, a security policy violation must have some technical instantiation. Therefore, if there is a vulnerability then there must be some technical impact. -!!! tip "Gathering Information About Technical Impact" - - Assessing *Technical Impact* amounts to assessing the degree of control over the vulnerable component the attacker stands to gain by exploiting the vulnerability. - One way to approach this analysis is to ask whether the control gained is *total* or not. - If it is not total, it is *partial*. - If an answer to one of the following questions is _yes_, then control is *total*. - After exploiting the vulnerability, - - - can the attacker install and run arbitrary software? - - can the attacker trigger all the actions that the vulnerable component can perform? - - does the attacker get an account with full privileges to the vulnerable component (administrator or root user accounts, for example)? - - This list is an evolving set of heuristics. - If you find a vulnerability that should have *total* *Technical Impact* but that does not answer yes to any of - these questions, please describe the example and what question we might add to this list in an issue on the - [SSVC GitHub](https://github.com/CERTCC/SSVC/issues). diff --git a/docs/reference/decision_points/value_density.md b/docs/reference/decision_points/value_density.md index 11b02a3b..2570aea6 100644 --- a/docs/reference/decision_points/value_density.md +++ b/docs/reference/decision_points/value_density.md @@ -36,18 +36,3 @@ print(example_block(LATEST)) amount of data, but because it is uniquely valuable to law enforcement. -!!! tip "Gathering Information About Value Density" - - The heuristics presented in the *Value Density* definitions involve whether the system is usually maintained by a dedicated professional, although we have noted some exceptions (such as encrypted mobile messaging applications). - If there are additional counterexamples to this heuristic, please describe them and the reasoning why the system should have the alternative decision value in an issue on the [SSVC GitHub](https://github.com/CERTCC/SSVC/issues). - - An analyst might use market research reports or Internet telemetry data to assess an unfamiliar product. - Organizations such as Gartner produce research on the market position and product comparisons for a large variety of systems. - These generally identify how a product is deployed, used, and maintained. - An organization's own marketing materials are a less reliable indicator of how a product is used, or at least how the organization expects it to be used. - - Network telemetry can inform how many instances of a software system are connected to a network. - Such telemetry is most reliable for the supplier of the software, especially if software licenses are purchased and checked. - Measuring how many instances of a system are in operation is useful, but having more instances does not mean that the software is a densely valuable target. - However, market penetration greater than approximately 75% generally means that the product uniquely serves a particular market segment or purpose. - This line of reasoning is what supports a determination that an ubiquitous encrypted mobile messaging application should be considered to have a *concentrated* Value Density. From a29f509cb746098e19d188571e86f4631250dd86 Mon Sep 17 00:00:00 2001 From: Renae Metcalf Date: Thu, 12 Jun 2025 13:33:23 -0400 Subject: [PATCH 089/468] Fix formatting --- docs/howto/gathering_info/automatable.md | 25 ++++++------ docs/howto/gathering_info/exploitation.md | 40 +++++++++---------- docs/howto/gathering_info/technical_impact.md | 26 ++++++------ docs/howto/gathering_info/value_density.md | 26 ++++++------ mkdocs.yml | 7 ++++ 5 files changed, 64 insertions(+), 60 deletions(-) diff --git a/docs/howto/gathering_info/automatable.md b/docs/howto/gathering_info/automatable.md index 61c80227..8361bff5 100644 --- a/docs/howto/gathering_info/automatable.md +++ b/docs/howto/gathering_info/automatable.md @@ -1,16 +1,15 @@ # Gathering Information about Automatable - An analyst should be able to sketch the automation scenario and how it either does or does not satisfy each of the four kill chain steps. - Once one step is not satisfied, the analyst can stop and select [*no*](automatable.md). - Code that demonstrably automates all four kill chain steps certainly satisfies as a sketch. - We say sketch to indicate that plausible arguments, such as convincing psuedocode of an automation pathway for each step, are also adequate evidence in favor of a [*yes*](automatable.md) to *Automatable*. - - Like all SSVC decision points, *Automatable* should capture the analyst's best understanding of plausible scenarios at the time of the analysis. - An answer of *no* does not mean that it is absolutely inconceivable to automate exploitation in any scenario. - It means the analyst is not able to sketch a plausible path through all four kill chain steps. - “Plausible” sketches should account for widely deployed network and host-based defenses. - Liveness of Internet-connected services means quite a few overlapping things [@bano2018scanning]. - For most vulnerabilities, an open port does not automatically mean that reconnaissance, weaponization, and delivery are automatable. - Furthermore, discovery of a vulnerable service is not automatable in a situation where only two hosts are misconfigured to expose the service out of 2 million hosts that are properly configured. - As discussed in in [Reasoning Steps Forward](../../topics/scope.md), the analyst should consider *credible* effects based on *known* use cases of the software system to be pragmatic about scope and providing values to decision points. +An analyst should be able to sketch the automation scenario and how it either does or does not satisfy each of the four kill chain steps. +Once one step is not satisfied, the analyst can stop and select [*no*](automatable.md). +Code that demonstrably automates all four kill chain steps certainly satisfies as a sketch. +We say sketch to indicate that plausible arguments, such as convincing psuedocode of an automation pathway for each step, are also adequate evidence in favor of a [*yes*](automatable.md) to *Automatable*. +Like all SSVC decision points, *Automatable* should capture the analyst's best understanding of plausible scenarios at the time of the analysis. +An answer of *no* does not mean that it is absolutely inconceivable to automate exploitation in any scenario. +It means the analyst is not able to sketch a plausible path through all four kill chain steps. +“Plausible” sketches should account for widely deployed network and host-based defenses. +Liveness of Internet-connected services means quite a few overlapping things [@bano2018scanning]. +For most vulnerabilities, an open port does not automatically mean that reconnaissance, weaponization, and delivery are automatable. +Furthermore, discovery of a vulnerable service is not automatable in a situation where only two hosts are misconfigured to expose the service out of 2 million hosts that are properly configured. +As discussed in in [Reasoning Steps Forward](../../topics/scope.md), the analyst should consider *credible* effects based on *known* use cases of the software system to be pragmatic about scope and providing values to decision points. diff --git a/docs/howto/gathering_info/exploitation.md b/docs/howto/gathering_info/exploitation.md index 9538aa0e..b0e01f3a 100644 --- a/docs/howto/gathering_info/exploitation.md +++ b/docs/howto/gathering_info/exploitation.md @@ -1,25 +1,23 @@ # Gathering Information About Exploitation - [@householder2020historical] presents a method for searching the GitHub repositories of open-source exploit databases. - This method could be employed to gather information about whether *PoC* is true. - However, part (3) of *PoC* would not be represented in such a search, so more information gathering would be needed. - For part (3), one approach is to construct a mapping of CWE-IDs which - always represent vulnerabilities with well-known methods of exploitation. - We provide a list of possible CWE-IDs for this purpose below. - - Gathering information for *active* is a bit harder. - If the vulnerability has a name or public identifier (such as a CVE-ID), a search of news websites, Twitter, the vendor's vulnerability description, and public vulnerability databases for mentions of exploitation is generally adequate. - However, if the organization has the ability to detect exploitation attempts—for instance, through reliable and precise IDS signatures based on a public *PoC*—then detection of exploitation attempts also signals that *active* is the right choice. - Determining which vulnerability a novel piece of malware uses may be time consuming, requiring reverse engineering and a lot of trial and error. - Additionally, capable incident detection and analysis capabilities are required to make reverse engineering possible. - Because most organizations do not conduct these processes fully for most incidents, information about which vulnerabilities are being actively exploited generally comes from public reporting by organizations that do conduct these processes. - As long as those organizations also share detection methods and signatures, the results are usually quickly corroborated by the community. - For these reasons, we assess public reporting by established security community members to be a good information source for *active*; however, one should not assume it is complete. - - The description for *none* says that there is no **evidence** of *active* exploitation. - This framing admits that an analyst may not be able to detect or know about every attack. - Acknowledging that *Exploitation* values can change relatively quickly, we recommend conducting these searches frequently: if they can be automated to the organization's satisfaction, perhaps once a day (see also [Guidance on Communicating Results](../../howto/bootstrap/use.md)). - An analyst should feel comfortable selecting *none* if they (or their search scripts) have performed searches in the appropriate places for public *PoC*s and *active* exploitation (as described above) and found *none*. - Acknowledging that *Exploitation*. +[@householder2020historical] presents a method for searching the GitHub repositories of open-source exploit databases. +This method could be employed to gather information about whether *PoC* is true. +However, part (3) of *PoC* would not be represented in such a search, so more information gathering would be needed. +For part (3), one approach is to construct a mapping of CWE-IDs which +always represent vulnerabilities with well-known methods of exploitation. +We provide a list of possible CWE-IDs for this purpose below. +Gathering information for *active* is a bit harder. +If the vulnerability has a name or public identifier (such as a CVE-ID), a search of news websites, Twitter, the vendor's vulnerability description, and public vulnerability databases for mentions of exploitation is generally adequate. +However, if the organization has the ability to detect exploitation attempts—for instance, through reliable and precise IDS signatures based on a public *PoC*—then detection of exploitation attempts also signals that *active* is the right choice. +Determining which vulnerability a novel piece of malware uses may be time consuming, requiring reverse engineering and a lot of trial and error. +Additionally, capable incident detection and analysis capabilities are required to make reverse engineering possible. +Because most organizations do not conduct these processes fully for most incidents, information about which vulnerabilities are being actively exploited generally comes from public reporting by organizations that do conduct these processes. +As long as those organizations also share detection methods and signatures, the results are usually quickly corroborated by the community. +For these reasons, we assess public reporting by established security community members to be a good information source for *active*; however, one should not assume it is complete. +The description for *none* says that there is no **evidence** of *active* exploitation. +This framing admits that an analyst may not be able to detect or know about every attack. +Acknowledging that *Exploitation* values can change relatively quickly, we recommend conducting these searches frequently: if they can be automated to the organization's satisfaction, perhaps once a day (see also [Guidance on Communicating Results](../../howto/bootstrap/use.md)). +An analyst should feel comfortable selecting *none* if they (or their search scripts) have performed searches in the appropriate places for public *PoC*s and *active* exploitation (as described above) and found *none*. +Acknowledging that *Exploitation*. diff --git a/docs/howto/gathering_info/technical_impact.md b/docs/howto/gathering_info/technical_impact.md index 97387cd0..7eca6804 100644 --- a/docs/howto/gathering_info/technical_impact.md +++ b/docs/howto/gathering_info/technical_impact.md @@ -1,16 +1,16 @@ # Gathering Information About Technical Impact - Assessing *Technical Impact* amounts to assessing the degree of control over the vulnerable component the attacker stands to gain by exploiting the vulnerability. - One way to approach this analysis is to ask whether the control gained is *total* or not. - If it is not total, it is *partial*. - If an answer to one of the following questions is _yes_, then control is *total*. - After exploiting the vulnerability, - - - can the attacker install and run arbitrary software? - - can the attacker trigger all the actions that the vulnerable component can perform? - - does the attacker get an account with full privileges to the vulnerable component (administrator or root user accounts, for example)? +Assessing *Technical Impact* amounts to assessing the degree of control over the vulnerable component the attacker stands to gain by exploiting the vulnerability. +One way to approach this analysis is to ask whether the control gained is *total* or not. +If it is not total, it is *partial*. +If an answer to one of the following questions is _yes_, then control is *total*. +After exploiting the vulnerability, - This list is an evolving set of heuristics. - If you find a vulnerability that should have *total* *Technical Impact* but that does not answer yes to any of - these questions, please describe the example and what question we might add to this list in an issue on the - [SSVC GitHub](https://github.com/CERTCC/SSVC/issues). +- can the attacker install and run arbitrary software? +- can the attacker trigger all the actions that the vulnerable component can perform? +- does the attacker get an account with full privileges to the vulnerable component (administrator or root user accounts, for example)? + +This list is an evolving set of heuristics. +If you find a vulnerability that should have *total* *Technical Impact* but that does not answer yes to any of +these questions, please describe the example and what question we might add to this list in an issue on the +[SSVC GitHub](https://github.com/CERTCC/SSVC/issues). diff --git a/docs/howto/gathering_info/value_density.md b/docs/howto/gathering_info/value_density.md index caab8eef..c9a9168c 100644 --- a/docs/howto/gathering_info/value_density.md +++ b/docs/howto/gathering_info/value_density.md @@ -1,15 +1,15 @@ # Gathering Information About Value Density - The heuristics presented in the *Value Density* definitions involve whether the system is usually maintained by a dedicated professional, although we have noted some exceptions (such as encrypted mobile messaging applications). - If there are additional counterexamples to this heuristic, please describe them and the reasoning why the system should have the alternative decision value in an issue on the [SSVC GitHub](https://github.com/CERTCC/SSVC/issues). - - An analyst might use market research reports or Internet telemetry data to assess an unfamiliar product. - Organizations such as Gartner produce research on the market position and product comparisons for a large variety of systems. - These generally identify how a product is deployed, used, and maintained. - An organization's own marketing materials are a less reliable indicator of how a product is used, or at least how the organization expects it to be used. - - Network telemetry can inform how many instances of a software system are connected to a network. - Such telemetry is most reliable for the supplier of the software, especially if software licenses are purchased and checked. - Measuring how many instances of a system are in operation is useful, but having more instances does not mean that the software is a densely valuable target. - However, market penetration greater than approximately 75% generally means that the product uniquely serves a particular market segment or purpose. - This line of reasoning is what supports a determination that an ubiquitous encrypted mobile messaging application should be considered to have a *concentrated* Value Density. +The heuristics presented in the *Value Density* definitions involve whether the system is usually maintained by a dedicated professional, although we have noted some exceptions (such as encrypted mobile messaging applications). +If there are additional counterexamples to this heuristic, please describe them and the reasoning why the system should have the alternative decision value in an issue on the [SSVC GitHub](https://github.com/CERTCC/SSVC/issues). + +An analyst might use market research reports or Internet telemetry data to assess an unfamiliar product. +Organizations such as Gartner produce research on the market position and product comparisons for a large variety of systems. +These generally identify how a product is deployed, used, and maintained. +An organization's own marketing materials are a less reliable indicator of how a product is used, or at least how the organization expects it to be used. + +Network telemetry can inform how many instances of a software system are connected to a network. +Such telemetry is most reliable for the supplier of the software, especially if software licenses are purchased and checked. +Measuring how many instances of a system are in operation is useful, but having more instances does not mean that the software is a densely valuable target. +However, market penetration greater than approximately 75% generally means that the product uniquely serves a particular market segment or purpose. +This line of reasoning is what supports a determination that an ubiquitous encrypted mobile messaging application should be considered to have a *concentrated* Value Density. diff --git a/mkdocs.yml b/mkdocs.yml index 80638cda..860d5517 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -8,6 +8,13 @@ nav: - SSVC Overview: 'ssvc_overview.md' - SSVC How-To: - Overview: 'howto/index.md' + - Gathering Info about Decision Points: + - Automatable: howto/gathering_info/automatable.md + - Exploitation: howto/gathering_info/exploitation.md + - Mission Impact: howto/gathering_info/mission_impact.md + - System Exposure: howto/gathering_info/system_exposure.md + - Technical Impact: howto/gathering_info/technical_impact.md + - Value Density: howto/gathering_info/value_density.md - Getting Started with SSVC: - Intro: 'howto/bootstrap/index.md' - Prepare: 'howto/bootstrap/prepare.md' From 6c6f2b0ed84d8c6b42c0a73bd286283c48718f97 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 13 Jun 2025 16:04:39 -0400 Subject: [PATCH 090/468] make unit tests pass --- src/ssvc/decision_tables/base.py | 497 ++++++------------ src/ssvc/decision_tables/experimental_base.py | 399 ++++++++++++++ src/ssvc/dp_groups/base.py | 10 +- src/test/decision_tables/test_base.py | 325 +++++------- .../decision_tables/test_experimental_base.py | 280 ++++++++++ 5 files changed, 966 insertions(+), 545 deletions(-) create mode 100644 src/ssvc/decision_tables/experimental_base.py create mode 100644 src/test/decision_tables/test_experimental_base.py diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index 7d3034df..b85e1b72 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -1,5 +1,7 @@ #!/usr/bin/env python - +""" +DecisionTableBase: A flexible, serializable SSVC decision table model. +""" # Copyright (c) 2025 Carnegie Mellon University. # NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE # ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. @@ -18,381 +20,198 @@ # This Software includes and/or makes use of Third-Party Software each # subject to its own license. # DM24-0278 -""" -Provides a DecisionTable class that can be used to model decisions in SSVC -""" -import itertools + import logging -from typing import Optional +from itertools import product +from typing import List, Optional -import networkx as nx import pandas as pd -from pydantic import BaseModel, Field +from pydantic import BaseModel, model_validator from ssvc._mixins import _Base, _Commented, _Namespaced, _SchemaVersioned +from ssvc.decision_points.base import ValueSummary from ssvc.dp_groups.base import DecisionPointGroup from ssvc.outcomes.base import OutcomeGroup -from ssvc.policy_generator import PolicyGenerator logger = logging.getLogger(__name__) -class DecisionTable(_SchemaVersioned, _Namespaced, _Base, _Commented, BaseModel): - """ - The DecisionTable class is a model for decisions in SSVC. +class ValueCombo(BaseModel): + values: tuple[ValueSummary, ...] + + +class MappingRow(BaseModel): + decision_point_values: ValueCombo + outcome: Optional[ValueSummary] - It is a collection of decision points and outcomes, and a mapping of decision points to outcomes. - The mapping is generated by the PolicyGenerator class, and stored as a dictionary. - The mapping dict keys are tuples of decision points and decision point values. - The mapping dict values are outcomes. +class DecisionTableBase(_SchemaVersioned, _Namespaced, _Base, _Commented, BaseModel): + """ + DecisionTableBase: A flexible, serializable SSVC decision table model. """ decision_point_group: DecisionPointGroup outcome_group: OutcomeGroup - mapping: list[tuple[tuple[str, ...], tuple[str, ...]]] = Field(default_factory=list) - - def get_mapping_df(self, weights: Optional[list[float]] = None) -> pd.DataFrame: - # create a policy generator object and extract a mapping from it - with PolicyGenerator( - dp_group=self.decision_point_group, - outcomes=self.outcome_group, - outcome_weights=weights, - ) as pg: - df = pg.clean_policy() - - return df - - def dataframe_to_tuple_list( - self, df: pd.DataFrame, n_outcols: int = 1 - ) -> list[tuple[tuple[str, ...], tuple[str, ...]]]: - """ - Converts a DataFrame into a list of tuples where each tuple contains: - - A tuple of input values (all columns except the last n_outcols) - - A tuple containing the outcome value (last n_outcols columns) - - Note: - In every decision we've modeled to date, there is only one outcome column. - We have not yet encountered a decision with multiple outcome columns, - however, it has come up in some discussions, so we're allowing for it here as - a future-proofing measure. - - Attributes: - df: pandas DataFrame - n_outcols: int, default=1 - - Returns: - list[tuple[tuple[str,...],tuple[str,...]]]: A list of tuples - - """ - input_columns = df.columns[:-n_outcols] # All columns except the last one - output_column = df.columns[-n_outcols] # The last column - - return [ - (tuple(row[input_columns]), (row[output_column],)) - for _, row in df.iterrows() - ] - - def set_mapping( - self, df: pd.DataFrame - ) -> list[tuple[tuple[str, ...], tuple[str, ...]]]: - """ - Sets the mapping attribute to the output of dataframe_to_tuple_list - - :param df: pandas DataFrame - """ - self.mapping = self.dataframe_to_tuple_list(df) - return self.mapping - - def generate_mapping(self) -> list[tuple[tuple[str, ...], tuple[str, ...]]]: + mapping: Optional[List[MappingRow]] = None + + @model_validator(mode="after") + def populate_mapping_if_none(self): + + if self.mapping is not None: + # short-circuit if mapping is already set + return self + + dpg = self.decision_point_group + og = self.outcome_group + if dpg is not None and og is not None: + mapping = self.generate_full_mapping() + outcome_values = getattr(og, "value_summaries", None) + if outcome_values: + mapping = distribute_outcomes_evenly(mapping, outcome_values) + else: + raise ValueError( + "Outcome group must have value_summaries to distribute outcomes." + ) + self.mapping = mapping + return self + + def to_csv(self) -> str: """ - Generates a mapping from the decision point group to the outcome group using the PolicyGenerator class - and sets the mapping attribute to the output of dataframe_to_tuple_list - - Returns: - list[tuple[tuple[str,...],tuple[str,...]]]: The generated mapping + Export the mapping to a CSV string. Columns: one per decision point (by name), one for outcome. + Indiviual decision point and outcome values are represented as a colon-separated tuple + consisting of the namespace, decision point key, decision point version, and value key. """ - df = self.get_mapping_df() - return self.set_mapping(df) - - def consistency_check_mapping(self) -> bool: - """Checks the mapping attribute by ensuring that the contents are consistent with the partial order over the decision points and outcomes""" - - # convert the decision point values to a list of numerical tuples - # and create a lookup table for the values - # The end result will be that vector contains a list of tuples - # where each tuple is a list of integers that represent the values - # in a decision point. The dp_lookup list will contain a dictionary - # for each decision point that maps the integer values to the string values - vector = [] - dp_lookup = [] - - # create an inverted index for the outcomes - outcome_lookup = {v: k for k, v in self.outcome_group.enumerated_values.items()} - logger.debug(f"Outcome lookup: {outcome_lookup}") - - for dp in self.decision_point_group: - valuesdict = dp.enumerated_values - dp_lookup.append(valuesdict) - - _vlist = tuple(valuesdict.keys()) - vector.append(_vlist) - - # vector now looks like - # [(0, 1, 2), (0, 1), (0, 1, 2, 3)] - logger.debug(f"Vector: {vector}") - # dp_lookup looks like - # [{0: 'a', 1: 'b', 2: 'c'}, {0: 'x', 1: 'y'}, {0: 'i', 1: 'j', 2: 'k', 3: 'l'}] - logger.debug(f"DP lookup: {dp_lookup}") - - bottom = tuple([min(t) for t in vector]) - top = tuple([max(t) for t in vector]) - - logger.debug(f"Bottom node: {bottom}") - logger.debug(f"Top node: {top}") - - # construct a directed graph - G = nx.DiGraph() - G = self._add_nodes(G, vector) - G = self._add_edges(G) - - problems = self._check_graph(G, bottom, top) - - # if we already have problems, we should stop here - # because the graph is not valid - if problems: - for problem in problems: - logger.error(f"Problem detected: {problem}") - return False - - # the graph has a lot of edges where the outcome does not change between the nodes - # we need to find the decision boundaries where the outcome does change - decision_boundaries = self._find_decision_boundaries(G, dp_lookup) - - problems = self._check_decision_boundaries(decision_boundaries, outcome_lookup) - for problem in problems: - logger.error(f"Problem detected: {problem}") - - # return True if there are no problems - return len(problems) == 0 - - def _check_decision_boundaries( - self, decision_boundaries: list[dict[str, str]], outcome_lookup: dict[str, int] - ) -> list[str]: - - problems = [] - for db in decision_boundaries: - from_outcome = outcome_lookup[db["from_outcome"]] - to_outcome = outcome_lookup[db["to_outcome"]] - - if from_outcome < to_outcome: - # this is what we wanted, no problem found - continue - - problem = ( - f"{db['from']} < {db['to']} but {from_outcome} is not < {to_outcome}" - ) - problems.append(problem) - return problems - - def _find_decision_boundaries( - self, G: nx.DiGraph, dp_lookup: list[dict[int, str]] - ) -> list[dict[str, str]]: - decision_boundaries = [] - for edge in G.edges: - u, v = edge - - # we need to translate from a node int tuple to the strings so we can look it up in the mapping - u_str = self.int_node_to_str(u, dp_lookup) - v_str = self.int_node_to_str(v, dp_lookup) - - mapping_dict = dict(self.mapping) - try: - u_outcome_str = mapping_dict[u_str][0] - except KeyError: - print(f"Node {u_str} has no mapping") - - try: - v_outcome_str = mapping_dict[v_str][0] - except KeyError: - logger.error(f"Node {v_str} has no mapping") - raise ValueError - - if u_outcome_str == v_outcome_str: - # no decision boundary here - continue - - # if we got here, there is a decision boundary - # so we need to record it - row = { - "from": u_str, - "to": v_str, - "from_outcome": u_outcome_str, - "to_outcome": v_outcome_str, + if not self.mapping: + raise ValueError("No mapping to export.") + dp_names = [dp.name for dp in self.decision_point_group.decision_points] + outcome_name = self.outcome_group.name + rows = [] + for row in self.mapping: + row_dict = { + name: str(val) + for name, val in zip(dp_names, row.decision_point_values.values) } - decision_boundaries.append(row) - - return decision_boundaries - - def int_node_to_str( - self, node: tuple[int, ...], dp_lookup: list[dict[int, str]] - ) -> tuple[str, ...]: - return tuple([dp_lookup[i][node[i]] for i in range(len(node))]) - - def _check_graph( - self, G: nx.DiGraph, bottom: tuple[int, ...], top: tuple[int, ...] - ) -> list[str]: - problems = [] - # check nodes for edges - for node in G.nodes: - if node != bottom and not G.in_degree(node): - # all nodes except bottom should have at least one incoming edge - problems.append(f"Node {node} has no incoming edges") - if node != top and not G.out_degree(node): - # all nodes except top should have at least one outgoing edge - problems.append(f"Node {node} has no outgoing edges") - return problems - - def _add_nodes(self, G: nx.DiGraph, vector: list[tuple[int, ...]]) -> nx.DiGraph: + row_dict[outcome_name] = str(row.outcome) if row.outcome else "" + rows.append(row_dict) + df = pd.DataFrame(rows, columns=dp_names + [outcome_name]) + return df.to_csv(index=False) - for node in itertools.product(*vector): - node = tuple(node) - # node is a tuple of integers - G.add_node(node) - - return G - - def _add_edges(self, G: nx.DiGraph) -> nx.DiGraph: + def generate_full_mapping(self) -> List[MappingRow]: """ - Add edges to the graph G based on the nodes in G. - Node identities are tuples of integers. - Edges are added between nodes where one and only one element of the tuples differ by 1. - - Examples: - - | Node 1 | Node 2 | Edge? | - |--------|--------|-------| - | (0,0) | (0,1) | Yes | - | (0,0) | (1,0) | Yes | - | (0,0) | (1,1) | No | - | (0,0) | (0,0) | No | - | (0,0) | (0,2) | No | - | (0,1) | (0,2) | Yes | - - Args: - G: a networkx DiGraph object - - Returns: - a networkx DiGraph object with edges added - + Generate a full mapping for the decision table, with every possible combination of decision point values. + Each MappingRow will have a ValueCombo of ValueSummary objects, and outcome=None. """ - # add edges - for u, v in itertools.product(G.nodes, G.nodes): - # enforce that u and v are tuples of integers - if not isinstance(u, tuple) or any([not isinstance(i, int) for i in u]): - raise ValueError(f"Node {u} is not an integer tuple") - if not isinstance(v, tuple) or any([not isinstance(i, int) for i in v]): - raise ValueError(f"Node {v} is not an integer tuple") - - # add an edge if the difference between u and v is 1 - if u == v: - # do not create self-reflexive edges - continue - - if any(u[i] > v[i] for i in range(len(u))): - # skip the upper triangle of the connectivity matrix - continue - - # if you get here, we know that u < v, but it could be - # a gap larger than 1 from u to v. - # We only want to add edges where the gap is exactly 1. - - # compute the individual differences for each vector element - delta = [v[i] - u[i] for i in range(len(u))] + if self.mapping is not None: + # short-circuit if mapping is already set + logger.warning("Mapping is already set, skipping full generation.") + return self.mapping - if sum(delta) != 1: - # gap is too large - continue + logger.debug("Generating full mapping.") + self.mapping = generate_full_mapping(self) - if not all([d in [0, 1] for d in delta]): - # more than one element is different - # this would be odd if it happened, but check for it anyway - continue - - # if you get here, then there is exactly one element that is different - # by 1, and the rest are the same - # add the edge - G.add_edge(u, v) - - # clean up the graph before we return it - # the transitive reduction of a graph is a graph with the same - # reachability properties, but with as few edges as possible - # https://en.wikipedia.org/wiki/Transitive_reduction - # in principle, our algorithm above shouldn't create any redundant edges - # so this is more of a belt-and-suspenders approach - before = len(G.edges) - G = nx.transitive_reduction(G) - after = len(G.edges) - if before != after: - logger.warning(f"Transitive reduction removed {before - after} edges") - logger.debug(f"Edge count: {after}") - return G - - def mapping_to_csv_str(self): - """ - Returns the mapping as a CSV string - """ - columns = [dp.str for dp in self.decision_point_group] - columns.append(self.outcome_group.str) - - rows = [] - for dpstrs, ostrs in self.mapping: - row = list(dpstrs) - row.append(ostrs[0]) - rows.append(row) - - return pd.DataFrame(rows, columns=columns).to_csv(index=False) + return self.mapping - def load_from_csv_str(self, csv_str: str): + def distribute_outcomes_evenly(self, overwrite: bool = False) -> List[MappingRow]: """ - Loads the mapping from a CSV string + Distribute the given outcome_values across the mapping rows in sorted order. + The earliest mappings get the lowest outcome, the latest get the highest. + If the mapping count is not divisible by the number of outcomes, the last outcome(s) get the remainder. + Returns a new list of MappingRow with outcomes assigned. """ - # TODO add a mechanism to read a mapping from a CSV file and create a DecisionTable object from it - raise NotImplementedError + if self.mapping is not None: + if not overwrite: + # short-circuit if mapping is already set + logger.warning("Mapping is already set, skipping distribution.") + return self.mapping + else: + logger.info("Overwriting existing mapping with new distribution.") + + self.generate_full_mapping() + + outcome_values = getattr(self.outcome_group, "value_summaries", None) + if outcome_values is None: + raise ValueError( + "Outcome group must have value_summaries to distribute outcomes." + ) + if mapping is None: + self.mapping = distribute_outcomes_evenly(outcome_values) -# convenience alias -Policy = DecisionTable +def generate_full_mapping(decision_table: "DecisionTableBase") -> list[MappingRow]: + """ + Generate a full mapping for the decision table, with every possible combination of decision point values. + Each MappingRow will have a ValueCombo of ValueSummary objects, and outcome=None. + """ + dp_group = decision_table.decision_point_group + # For each decision point, get its value summaries + value_lists = [ + [ + ValueSummary( + key=dp.key, + version=dp.version, + namespace=dp.namespace, + value=val.key, + ) + for val in dp.values + ] + for dp in dp_group.decision_points + ] + all_combos = product(*value_lists) + mapping = [ + MappingRow(decision_point_values=ValueCombo(values=combo), outcome=None) + for combo in all_combos + ] + return mapping + + +def distribute_outcomes_evenly( + mapping: list[MappingRow], outcome_values: list[ValueSummary] +) -> list[MappingRow]: + """ + Distribute the given outcome_values across the mapping rows in sorted order. + The earliest mappings get the lowest outcome, the latest get the highest. + If the mapping count is not divisible by the number of outcomes, the last outcome(s) get the remainder. + Returns a new list of MappingRow with outcomes assigned. + """ + if not outcome_values: + raise ValueError("No outcome values provided for distribution.") + n = len(mapping) + k = len(outcome_values) + base = n // k + rem = n % k + new_mapping = [] + idx = 0 + for i, outcome in enumerate(outcome_values): + count = base + (1 if i < rem else 0) + for _ in range(count): + if idx >= n: + break + row = mapping[idx] + new_mapping.append( + MappingRow( + decision_point_values=row.decision_point_values, outcome=outcome + ) + ) + idx += 1 + return new_mapping -def main(): - from ssvc.dp_groups.ssvc.coordinator_publication import LATEST as dpg - from ssvc.outcomes.ssvc_.publish import PUBLISH as og - logger = logging.getLogger() - logger.setLevel(logging.DEBUG) - logger.addHandler(logging.StreamHandler()) +def main() -> None: + from ssvc.dp_groups.ssvc.coordinator_triage import LATEST as dpg + from ssvc.outcomes.x_basic.mscw import LATEST as outcomes - dt = DecisionTable( - name="Example Decision Table", - description="The description for an Example Decision Table", + table = DecisionTableBase( + name="Test Table", + description="A test decision table", namespace="x_test", - version="1.0.0", decision_point_group=dpg, - outcome_group=og, + outcome_group=outcomes, ) - - df = dt.get_mapping_df() - dt.set_mapping(df) - - print(dt.model_dump_json(indent=2)) - - with open("foo.json", "w") as f: - f.write(dt.model_dump_json()) - - dt.consistency_check_mapping() - - print(dt.mapping_to_csv_str()) + table.mapping = generate_full_mapping(table) + table.mapping = distribute_outcomes_evenly(table.mapping, outcomes.value_summaries) + csv_str = table.to_csv() + print(csv_str) if __name__ == "__main__": diff --git a/src/ssvc/decision_tables/experimental_base.py b/src/ssvc/decision_tables/experimental_base.py new file mode 100644 index 00000000..7d3034df --- /dev/null +++ b/src/ssvc/decision_tables/experimental_base.py @@ -0,0 +1,399 @@ +#!/usr/bin/env python + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +""" +Provides a DecisionTable class that can be used to model decisions in SSVC +""" +import itertools +import logging +from typing import Optional + +import networkx as nx +import pandas as pd +from pydantic import BaseModel, Field + +from ssvc._mixins import _Base, _Commented, _Namespaced, _SchemaVersioned +from ssvc.dp_groups.base import DecisionPointGroup +from ssvc.outcomes.base import OutcomeGroup +from ssvc.policy_generator import PolicyGenerator + +logger = logging.getLogger(__name__) + + +class DecisionTable(_SchemaVersioned, _Namespaced, _Base, _Commented, BaseModel): + """ + The DecisionTable class is a model for decisions in SSVC. + + It is a collection of decision points and outcomes, and a mapping of decision points to outcomes. + + The mapping is generated by the PolicyGenerator class, and stored as a dictionary. + The mapping dict keys are tuples of decision points and decision point values. + The mapping dict values are outcomes. + """ + + decision_point_group: DecisionPointGroup + outcome_group: OutcomeGroup + mapping: list[tuple[tuple[str, ...], tuple[str, ...]]] = Field(default_factory=list) + + def get_mapping_df(self, weights: Optional[list[float]] = None) -> pd.DataFrame: + # create a policy generator object and extract a mapping from it + with PolicyGenerator( + dp_group=self.decision_point_group, + outcomes=self.outcome_group, + outcome_weights=weights, + ) as pg: + df = pg.clean_policy() + + return df + + def dataframe_to_tuple_list( + self, df: pd.DataFrame, n_outcols: int = 1 + ) -> list[tuple[tuple[str, ...], tuple[str, ...]]]: + """ + Converts a DataFrame into a list of tuples where each tuple contains: + - A tuple of input values (all columns except the last n_outcols) + - A tuple containing the outcome value (last n_outcols columns) + + Note: + In every decision we've modeled to date, there is only one outcome column. + We have not yet encountered a decision with multiple outcome columns, + however, it has come up in some discussions, so we're allowing for it here as + a future-proofing measure. + + Attributes: + df: pandas DataFrame + n_outcols: int, default=1 + + Returns: + list[tuple[tuple[str,...],tuple[str,...]]]: A list of tuples + + """ + input_columns = df.columns[:-n_outcols] # All columns except the last one + output_column = df.columns[-n_outcols] # The last column + + return [ + (tuple(row[input_columns]), (row[output_column],)) + for _, row in df.iterrows() + ] + + def set_mapping( + self, df: pd.DataFrame + ) -> list[tuple[tuple[str, ...], tuple[str, ...]]]: + """ + Sets the mapping attribute to the output of dataframe_to_tuple_list + + :param df: pandas DataFrame + """ + self.mapping = self.dataframe_to_tuple_list(df) + return self.mapping + + def generate_mapping(self) -> list[tuple[tuple[str, ...], tuple[str, ...]]]: + """ + Generates a mapping from the decision point group to the outcome group using the PolicyGenerator class + and sets the mapping attribute to the output of dataframe_to_tuple_list + + Returns: + list[tuple[tuple[str,...],tuple[str,...]]]: The generated mapping + """ + df = self.get_mapping_df() + return self.set_mapping(df) + + def consistency_check_mapping(self) -> bool: + """Checks the mapping attribute by ensuring that the contents are consistent with the partial order over the decision points and outcomes""" + + # convert the decision point values to a list of numerical tuples + # and create a lookup table for the values + # The end result will be that vector contains a list of tuples + # where each tuple is a list of integers that represent the values + # in a decision point. The dp_lookup list will contain a dictionary + # for each decision point that maps the integer values to the string values + vector = [] + dp_lookup = [] + + # create an inverted index for the outcomes + outcome_lookup = {v: k for k, v in self.outcome_group.enumerated_values.items()} + logger.debug(f"Outcome lookup: {outcome_lookup}") + + for dp in self.decision_point_group: + valuesdict = dp.enumerated_values + dp_lookup.append(valuesdict) + + _vlist = tuple(valuesdict.keys()) + vector.append(_vlist) + + # vector now looks like + # [(0, 1, 2), (0, 1), (0, 1, 2, 3)] + logger.debug(f"Vector: {vector}") + # dp_lookup looks like + # [{0: 'a', 1: 'b', 2: 'c'}, {0: 'x', 1: 'y'}, {0: 'i', 1: 'j', 2: 'k', 3: 'l'}] + logger.debug(f"DP lookup: {dp_lookup}") + + bottom = tuple([min(t) for t in vector]) + top = tuple([max(t) for t in vector]) + + logger.debug(f"Bottom node: {bottom}") + logger.debug(f"Top node: {top}") + + # construct a directed graph + G = nx.DiGraph() + G = self._add_nodes(G, vector) + G = self._add_edges(G) + + problems = self._check_graph(G, bottom, top) + + # if we already have problems, we should stop here + # because the graph is not valid + if problems: + for problem in problems: + logger.error(f"Problem detected: {problem}") + return False + + # the graph has a lot of edges where the outcome does not change between the nodes + # we need to find the decision boundaries where the outcome does change + decision_boundaries = self._find_decision_boundaries(G, dp_lookup) + + problems = self._check_decision_boundaries(decision_boundaries, outcome_lookup) + for problem in problems: + logger.error(f"Problem detected: {problem}") + + # return True if there are no problems + return len(problems) == 0 + + def _check_decision_boundaries( + self, decision_boundaries: list[dict[str, str]], outcome_lookup: dict[str, int] + ) -> list[str]: + + problems = [] + for db in decision_boundaries: + from_outcome = outcome_lookup[db["from_outcome"]] + to_outcome = outcome_lookup[db["to_outcome"]] + + if from_outcome < to_outcome: + # this is what we wanted, no problem found + continue + + problem = ( + f"{db['from']} < {db['to']} but {from_outcome} is not < {to_outcome}" + ) + problems.append(problem) + return problems + + def _find_decision_boundaries( + self, G: nx.DiGraph, dp_lookup: list[dict[int, str]] + ) -> list[dict[str, str]]: + decision_boundaries = [] + for edge in G.edges: + u, v = edge + + # we need to translate from a node int tuple to the strings so we can look it up in the mapping + u_str = self.int_node_to_str(u, dp_lookup) + v_str = self.int_node_to_str(v, dp_lookup) + + mapping_dict = dict(self.mapping) + try: + u_outcome_str = mapping_dict[u_str][0] + except KeyError: + print(f"Node {u_str} has no mapping") + + try: + v_outcome_str = mapping_dict[v_str][0] + except KeyError: + logger.error(f"Node {v_str} has no mapping") + raise ValueError + + if u_outcome_str == v_outcome_str: + # no decision boundary here + continue + + # if we got here, there is a decision boundary + # so we need to record it + row = { + "from": u_str, + "to": v_str, + "from_outcome": u_outcome_str, + "to_outcome": v_outcome_str, + } + decision_boundaries.append(row) + + return decision_boundaries + + def int_node_to_str( + self, node: tuple[int, ...], dp_lookup: list[dict[int, str]] + ) -> tuple[str, ...]: + return tuple([dp_lookup[i][node[i]] for i in range(len(node))]) + + def _check_graph( + self, G: nx.DiGraph, bottom: tuple[int, ...], top: tuple[int, ...] + ) -> list[str]: + problems = [] + # check nodes for edges + for node in G.nodes: + if node != bottom and not G.in_degree(node): + # all nodes except bottom should have at least one incoming edge + problems.append(f"Node {node} has no incoming edges") + if node != top and not G.out_degree(node): + # all nodes except top should have at least one outgoing edge + problems.append(f"Node {node} has no outgoing edges") + return problems + + def _add_nodes(self, G: nx.DiGraph, vector: list[tuple[int, ...]]) -> nx.DiGraph: + + for node in itertools.product(*vector): + node = tuple(node) + # node is a tuple of integers + G.add_node(node) + + return G + + def _add_edges(self, G: nx.DiGraph) -> nx.DiGraph: + """ + Add edges to the graph G based on the nodes in G. + Node identities are tuples of integers. + Edges are added between nodes where one and only one element of the tuples differ by 1. + + Examples: + + | Node 1 | Node 2 | Edge? | + |--------|--------|-------| + | (0,0) | (0,1) | Yes | + | (0,0) | (1,0) | Yes | + | (0,0) | (1,1) | No | + | (0,0) | (0,0) | No | + | (0,0) | (0,2) | No | + | (0,1) | (0,2) | Yes | + + Args: + G: a networkx DiGraph object + + Returns: + a networkx DiGraph object with edges added + + """ + # add edges + for u, v in itertools.product(G.nodes, G.nodes): + # enforce that u and v are tuples of integers + if not isinstance(u, tuple) or any([not isinstance(i, int) for i in u]): + raise ValueError(f"Node {u} is not an integer tuple") + if not isinstance(v, tuple) or any([not isinstance(i, int) for i in v]): + raise ValueError(f"Node {v} is not an integer tuple") + + # add an edge if the difference between u and v is 1 + if u == v: + # do not create self-reflexive edges + continue + + if any(u[i] > v[i] for i in range(len(u))): + # skip the upper triangle of the connectivity matrix + continue + + # if you get here, we know that u < v, but it could be + # a gap larger than 1 from u to v. + # We only want to add edges where the gap is exactly 1. + + # compute the individual differences for each vector element + delta = [v[i] - u[i] for i in range(len(u))] + + if sum(delta) != 1: + # gap is too large + continue + + if not all([d in [0, 1] for d in delta]): + # more than one element is different + # this would be odd if it happened, but check for it anyway + continue + + # if you get here, then there is exactly one element that is different + # by 1, and the rest are the same + # add the edge + G.add_edge(u, v) + + # clean up the graph before we return it + # the transitive reduction of a graph is a graph with the same + # reachability properties, but with as few edges as possible + # https://en.wikipedia.org/wiki/Transitive_reduction + # in principle, our algorithm above shouldn't create any redundant edges + # so this is more of a belt-and-suspenders approach + before = len(G.edges) + G = nx.transitive_reduction(G) + after = len(G.edges) + if before != after: + logger.warning(f"Transitive reduction removed {before - after} edges") + logger.debug(f"Edge count: {after}") + return G + + def mapping_to_csv_str(self): + """ + Returns the mapping as a CSV string + """ + columns = [dp.str for dp in self.decision_point_group] + columns.append(self.outcome_group.str) + + rows = [] + for dpstrs, ostrs in self.mapping: + row = list(dpstrs) + row.append(ostrs[0]) + rows.append(row) + + return pd.DataFrame(rows, columns=columns).to_csv(index=False) + + def load_from_csv_str(self, csv_str: str): + """ + Loads the mapping from a CSV string + """ + # TODO add a mechanism to read a mapping from a CSV file and create a DecisionTable object from it + raise NotImplementedError + + +# convenience alias +Policy = DecisionTable + + +def main(): + from ssvc.dp_groups.ssvc.coordinator_publication import LATEST as dpg + from ssvc.outcomes.ssvc_.publish import PUBLISH as og + + logger = logging.getLogger() + logger.setLevel(logging.DEBUG) + logger.addHandler(logging.StreamHandler()) + + dt = DecisionTable( + name="Example Decision Table", + description="The description for an Example Decision Table", + namespace="x_test", + version="1.0.0", + decision_point_group=dpg, + outcome_group=og, + ) + + df = dt.get_mapping_df() + dt.set_mapping(df) + + print(dt.model_dump_json(indent=2)) + + with open("foo.json", "w") as f: + f.write(dt.model_dump_json()) + + dt.consistency_check_mapping() + + print(dt.mapping_to_csv_str()) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/dp_groups/base.py b/src/ssvc/dp_groups/base.py index daf282a7..4f496a83 100644 --- a/src/ssvc/dp_groups/base.py +++ b/src/ssvc/dp_groups/base.py @@ -31,6 +31,7 @@ from ssvc._mixins import _Base, _SchemaVersioned from ssvc.decision_points.base import ( DecisionPoint, + ValueSummary, ) @@ -71,7 +72,14 @@ def combination_strings(self) -> Generator[tuple[str, ...], None, None]: """ Return a list of tuples of the value short strings for all combinations of the decision points. """ - value_tuples = [dp.value_summaries_str for dp in self.decision_points] + for combo in self.combinations(): + yield tuple(str(x) for x in combo) + + def combinations(self) -> Generator[tuple[ValueSummary, ...], None, None]: + """ + Return a list of tuples of the value summaries for all combinations of the decision points. + """ + value_tuples = [dp.value_summaries for dp in self.decision_points] for combo in itertools.product(*value_tuples): yield combo diff --git a/src/test/decision_tables/test_base.py b/src/test/decision_tables/test_base.py index 760a3d29..81cbd82b 100644 --- a/src/test/decision_tables/test_base.py +++ b/src/test/decision_tables/test_base.py @@ -16,230 +16,145 @@ # This Software includes and/or makes use of Third-Party Software each # subject to its own license. # DM24-0278 +import os import tempfile import unittest import pandas as pd -from pandas import DataFrame -from ssvc.decision_points.base import ( - DP_REGISTRY, - DecisionPoint, - DecisionPointValue, -) -from ssvc.decision_tables import base -from ssvc.dp_groups.base import DecisionPointGroup -from ssvc.outcomes.base import OutcomeValue +from ssvc.decision_points.base import DecisionPointValue +from ssvc.decision_tables.base import DecisionTableBase, MappingRow +from ssvc.dp_groups.base import DecisionPoint, DecisionPointGroup +from ssvc.outcomes.base import OutcomeGroup -class TestDecisionTable(unittest.TestCase): - def setUp(self): - self.tempdir = tempfile.TemporaryDirectory() - self.tempdir_path = self.tempdir.name - - DP_REGISTRY.clear() - - dps = [] - for i in range(3): - dpvs = [] - for j in range(3): - dpv = DecisionPointValue( - name=f"Value {i}{j}", - key=f"DP{i}V{j}", - description=f"Decision Point {i} Value {j} Description", - ) - dpvs.append(dpv) - - dp = DecisionPoint( - name=f"Decision Point {i}", - key=f"DP{i}", - description=f"Decision Point {i} Description", - version="1.0.0", - namespace="x_test", - values=tuple(dpvs), - ) - dps.append(dp) +class DummyDecisionPoint(DecisionPoint): + pass + + +class DummyOutcomeGroup(OutcomeGroup): + pass + +class TestDecisionTableBase(unittest.TestCase): + def setUp(self): + # create a temporary directory for testing + self.tmpdir = tempfile.TemporaryDirectory() + + # Create dummy decision point values + self.dp1v1 = DecisionPointValue(name="a", key="a", description="A value") + self.dp1v2 = DecisionPointValue(name="b", key="b", description="B value") + self.dp2v1 = DecisionPointValue(name="x", key="x", description="X value") + self.dp2v2 = DecisionPointValue(name="y", key="y", description="Y value") + # Create dummy decision points and group + self.dp1 = DummyDecisionPoint( + name="dp1", + description="", + version="1.0", + namespace="x_test", + key="dp1", + values=(self.dp1v1, self.dp1v2), + ) + self.dp2 = DummyDecisionPoint( + name="dp2", + description="", + version="1.0", + namespace="x_test", + key="dp2", + values=(self.dp2v1, self.dp2v2), + ) self.dpg = DecisionPointGroup( - name="Decision Point Group", - description="Decision Point Group description", - decision_points=tuple(dps), + name="dpg", + description="", + version="1.0", + namespace="x_test", + decision_points=(self.dp1, self.dp2), ) - - ogvs = [] - for i in range(3): - ogv = OutcomeValue( - name=f"Outcome Value {i}", - key=f"OV{i}", - description=f"Outcome Value {i} description", - ) - ogvs.append(ogv) - - self.og = DecisionPoint( - name="Outcome Group", - key="OG", - description="Outcome Group description", + # Create dummy outcome group + self.ogv1 = DecisionPointValue(name="o1", key="o1", description="Outcome 1") + self.ogv2 = DecisionPointValue(name="o2", key="o2", description="Outcome 2") + self.og = DummyOutcomeGroup( + name="outcome", + description="", + version="1.0", namespace="x_test", - values=tuple(ogvs), + key="outcome", + values=(self.ogv1, self.ogv2), ) - self.dt = base.DecisionTable( - name="foo", - description="foo description", + def tearDown(self): + # clean up the temporary directory + self.tmpdir.cleanup() + + def test_init(self): + dt = DecisionTableBase( + name="Test Table", namespace="x_test", + description="", decision_point_group=self.dpg, outcome_group=self.og, + mapping=None, ) - - def tearDown(self): - self.tempdir.cleanup() - - def test_create(self): - # self.dt exists in setUp - self.assertEqual(self.dt.name, "foo") - self.assertEqual(self.dt.description, "foo description") - self.assertEqual(self.dt.namespace, "x_test") - self.assertEqual(self.dt.decision_point_group, self.dpg) - self.assertEqual(self.dt.outcome_group, self.og) - - def test_get_mapping_df(self): - df = self.dt.get_mapping_df() - self.assertIsInstance(df, DataFrame) - - # df is not empty - self.assertFalse(df.empty) - # df has some rows - self.assertGreater(len(df), 0) - # df has the same number of rows as the product of the number of decision points and their values - combos = list(self.dpg.combination_strings()) - self.assertGreater(len(combos), 0) - self.assertEqual(len(df), len(combos)) - - # column names are the decision point strings and the outcome group string - for i, dp in enumerate(self.dpg.decision_points): - self.assertEqual(dp.str, df.columns[i]) - self.assertEqual(self.og.str, df.columns[-1]) - - for col in df.columns: - # col is in the registry - self.assertIn(col, DP_REGISTRY) - - dp = DP_REGISTRY[col] - - uniq = df[col].unique() - - # all values in the decision point should be in the column at least once - for vsum in dp.value_summaries_str: - self.assertIn(vsum, uniq) - - def test_dataframe_to_tuple_list(self): - df = pd.DataFrame( - [ - {"a": 1, "b": 2, "c": 3}, - {"a": 4, "b": 5, "c": 6}, - {"a": 7, "b": 8, "c": 9}, - ] - ) - - tuple_list = self.dt.dataframe_to_tuple_list(df) - - self.assertEqual(len(tuple_list), len(df)) - - for row in tuple_list: - self.assertIsInstance(row, tuple) - self.assertEqual(len(row), 2) - self.assertIsInstance(row[0], tuple) - self.assertIsInstance(row[1], tuple) - - # manually check the structure of the tuple list - self.assertEqual((1, 2), tuple_list[0][0]) - self.assertEqual((3,), tuple_list[0][1]) - self.assertEqual((4, 5), tuple_list[1][0]) - self.assertEqual((6,), tuple_list[1][1]) - self.assertEqual((7, 8), tuple_list[2][0]) - self.assertEqual((9,), tuple_list[2][1]) - - def test_set_mapping(self): - df = pd.DataFrame( - { - "a": ["x", "y", "z"], - "b": ["one", "two", "three"], - "c": ["apple", "orange", "pear"], - } + self.assertEqual(dt.decision_point_group, self.dpg) + self.assertEqual(dt.outcome_group, self.og) + + # default should be to populate mapping if not provided + self.assertIsNotNone(dt.mapping) + # mapping length should match product of decision point values + combos = list(self.dpg.combinations()) + expected_length = len(combos) + self.assertEqual(len(dt.mapping), expected_length) + # Check if mapping is a list of MappingRow objects + for row in dt.mapping: + self.assertIsInstance(row, MappingRow) + # We aren't testing the actual values here, just that they are created + # correctly. The mappings will be tested in more detail in other tests. + + def test_to_csv(self): + dt = DecisionTableBase( + name="Test Table", + namespace="x_test", + description="", + decision_point_group=self.dpg, + outcome_group=self.og, + mapping=None, ) - - result = self.dt.set_mapping(df) - - self.assertIn((("x", "one"), ("apple",)), result) - self.assertIn((("y", "two"), ("orange",)), result) - self.assertIn((("z", "three"), ("pear",)), result) - - self.assertEqual(result, self.dt.mapping) - - @unittest.skip("Test not implemented") - def test_consistency_check_mapping(self): - pass - - @unittest.skip("Test not implemented") - def test_check_decision_boundaries(self): - pass - - @unittest.skip("Test not implemented") - def test_find_decision_boundaries(self): - pass - - @unittest.skip("Test not implemented") - def test_int_node_to_str(self): - pass - - @unittest.skip("Test not implemented") - def test_check_graph(self): - pass - - @unittest.skip("Test not implemented") - def test_add_nodes(self): - pass - - @unittest.skip("Test not implemented") - def test_add_edges(self): - pass - - def test_mapping_to_csv_str(self): - df = self.dt.get_mapping_df() - self.dt.set_mapping(df) - - csv_str = self.dt.mapping_to_csv_str() - self.assertIsInstance(csv_str, str) - - lines = csv_str.strip().split("\n") - - # first line is the header - self.assertEqual( - lines[0], - ",".join([dp.str for dp in self.dpg.decision_points] + [self.og.str]), + csv_str = dt.to_csv() + + # write csv to a temporary file + csvfile = os.path.join(self.tmpdir.name, "test_table.csv") + with open(csvfile, "w") as f: + f.write(csv_str) + + # read the csv file into a DataFrame + # using pandas + df = pd.read_csv(csvfile) + + # does line count match expected? + expected_lines = len(dt.mapping) # for header + self.assertEqual(len(df), expected_lines) + # Check if the DataFrame has the expected columns + + expected_columns = [ + "dp1", + "dp2", + "outcome", + ] + self.assertTrue(all(col in df.columns for col in expected_columns)) + + def test_model_dump_json(self): + dt = DecisionTableBase( + name="Test Table", + namespace="x_test", + description="", + decision_point_group=self.dpg, + outcome_group=self.og, + mapping=None, ) - - combinations = list(self.dpg.combination_strings()) - - # there should be one line for each combination after the header - self.assertEqual(len(lines[1:]), len(combinations)) - - # each line after the header starts with a combination of decision point values - for combo, line in zip(combinations, lines[1:]): - # there are as many commas in the line as there are combos - comma_count = line.count(",") - self.assertEqual(comma_count, len(combo)) - - for dpv_str in combo: - self.assertIn(dpv_str, line) - - # the last thing in the line is the outcome group value - og_value = line.split(",")[-1] - self.assertIn(og_value, self.og.value_summaries_str) - - @unittest.skip("Test not implemented") - def test_load_from_csv_str(self): - pass + json_str = dt.model_dump_json() + self.assertIn("decision_point_group", json_str) + self.assertIn("outcome_group", json_str) + self.assertIn("mapping", json_str) if __name__ == "__main__": diff --git a/src/test/decision_tables/test_experimental_base.py b/src/test/decision_tables/test_experimental_base.py new file mode 100644 index 00000000..288bbcbf --- /dev/null +++ b/src/test/decision_tables/test_experimental_base.py @@ -0,0 +1,280 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +import tempfile +import unittest + +import pandas as pd +from pandas import DataFrame + +from ssvc.decision_points.base import ( + DP_REGISTRY, + DecisionPoint, + DecisionPointValue, +) +from ssvc.decision_tables import experimental_base as base +from ssvc.dp_groups.base import DecisionPointGroup +from ssvc.outcomes.base import OutcomeValue + + +class TestDecisionTable(unittest.TestCase): + def setUp(self): + self.tempdir = tempfile.TemporaryDirectory() + self.tempdir_path = self.tempdir.name + + DP_REGISTRY.clear() + + dps = [] + for i in range(3): + dpvs = [] + for j in range(3): + dpv = DecisionPointValue( + name=f"Value {i}{j}", + key=f"DP{i}V{j}", + description=f"Decision Point {i} Value {j} Description", + ) + dpvs.append(dpv) + + dp = DecisionPoint( + name=f"Decision Point {i}", + key=f"DP{i}", + description=f"Decision Point {i} Description", + version="1.0.0", + namespace="x_test", + values=tuple(dpvs), + ) + dps.append(dp) + + self.dpg = DecisionPointGroup( + name="Decision Point Group", + description="Decision Point Group description", + decision_points=tuple(dps), + ) + + ogvs = [] + for i in range(3): + ogv = OutcomeValue( + name=f"Outcome Value {i}", + key=f"OV{i}", + description=f"Outcome Value {i} description", + ) + ogvs.append(ogv) + + self.og = DecisionPoint( + name="Outcome Group", + key="OG", + description="Outcome Group description", + namespace="x_test", + values=tuple(ogvs), + ) + + self.dt = base.DecisionTable( + name="foo", + description="foo description", + namespace="x_test", + decision_point_group=self.dpg, + outcome_group=self.og, + ) + + def tearDown(self): + self.tempdir.cleanup() + + def test_create(self): + # self.dt exists in setUp + self.assertEqual(self.dt.name, "foo") + self.assertEqual(self.dt.description, "foo description") + self.assertEqual(self.dt.namespace, "x_test") + self.assertEqual(self.dt.decision_point_group, self.dpg) + self.assertEqual(self.dt.outcome_group, self.og) + + def test_get_mapping_df(self): + df = self.dt.get_mapping_df() + self.assertIsInstance(df, DataFrame) + + # df is not empty + self.assertFalse(df.empty) + # df has some rows + self.assertGreater(len(df), 0) + # df has the same number of rows as the product of the number of decision points and their values + combos = list(self.dpg.combination_strings()) + self.assertGreater(len(combos), 0) + self.assertEqual(len(df), len(combos)) + + # column names are the decision point strings and the outcome group string + for i, dp in enumerate(self.dpg.decision_points): + self.assertEqual(dp.str, df.columns[i]) + self.assertEqual(self.og.str, df.columns[-1]) + + for col in df.columns: + # col is in the registry + self.assertIn(col, DP_REGISTRY) + + dp = DP_REGISTRY[col] + + uniq = df[col].unique() + + # all values in the decision point should be in the column at least once + for vsum in dp.value_summaries_str: + self.assertIn(vsum, uniq) + + def test_dataframe_to_tuple_list(self): + df = pd.DataFrame( + [ + {"a": 1, "b": 2, "c": 3}, + {"a": 4, "b": 5, "c": 6}, + {"a": 7, "b": 8, "c": 9}, + ] + ) + + tuple_list = self.dt.dataframe_to_tuple_list(df) + + self.assertEqual(len(tuple_list), len(df)) + + for row in tuple_list: + self.assertIsInstance(row, tuple) + self.assertEqual(len(row), 2) + self.assertIsInstance(row[0], tuple) + self.assertIsInstance(row[1], tuple) + + # manually check the structure of the tuple list + self.assertEqual((1, 2), tuple_list[0][0]) + self.assertEqual((3,), tuple_list[0][1]) + self.assertEqual((4, 5), tuple_list[1][0]) + self.assertEqual((6,), tuple_list[1][1]) + self.assertEqual((7, 8), tuple_list[2][0]) + self.assertEqual((9,), tuple_list[2][1]) + + def test_set_mapping(self): + df = pd.DataFrame( + { + "a": ["x", "y", "z"], + "b": ["one", "two", "three"], + "c": ["apple", "orange", "pear"], + } + ) + + result = self.dt.set_mapping(df) + + self.assertIn((("x", "one"), ("apple",)), result) + self.assertIn((("y", "two"), ("orange",)), result) + self.assertIn((("z", "three"), ("pear",)), result) + + self.assertEqual(result, self.dt.mapping) + + @unittest.skip("Test not implemented") + def test_consistency_check_mapping(self): + pass + + @unittest.skip("Test not implemented") + def test_check_decision_boundaries(self): + pass + + @unittest.skip("Test not implemented") + def test_find_decision_boundaries(self): + pass + + @unittest.skip("Test not implemented") + def test_int_node_to_str(self): + pass + + @unittest.skip("Test not implemented") + def test_check_graph(self): + pass + + @unittest.skip("Test not implemented") + def test_add_nodes(self): + pass + + @unittest.skip("Test not implemented") + def test_add_edges(self): + pass + + def test_mapping_to_csv_str(self): + df = self.dt.get_mapping_df() + self.dt.set_mapping(df) + + csv_str = self.dt.mapping_to_csv_str() + self.assertIsInstance(csv_str, str) + + lines = csv_str.strip().split("\n") + + # first line is the header + self.assertEqual( + lines[0], + ",".join([dp.str for dp in self.dpg.decision_points] + [self.og.str]), + ) + + combinations = list(self.dpg.combination_strings()) + + # there should be one line for each combination after the header + self.assertEqual(len(lines[1:]), len(combinations)) + + # each line after the header starts with a combination of decision point values + for combo, line in zip(combinations, lines[1:]): + # there are as many commas in the line as there are combos + comma_count = line.count(",") + self.assertEqual(comma_count, len(combo)) + + for dpv_str in combo: + self.assertIn(dpv_str, line) + + # the last thing in the line is the outcome group value + og_value = line.split(",")[-1] + self.assertIn(og_value, self.og.value_summaries_str) + + @unittest.skip("Method not implemented") + def test_load_from_csv_str(self): + df = self.dt.get_mapping_df() + self.dt.set_mapping(df) + + csv_str = self.dt.mapping_to_csv_str() + + print("Original CSV String:") + print(csv_str) + # modify the csv_str to simulate a new mapping + # replace "OV2" with "OV1" + modified_csv_str = csv_str.replace("OV2", "OV1") + # confirm that "OV2" is no longer in the modified string + self.assertNotIn("OV2", modified_csv_str) + print("Modified CSV String:") + print(modified_csv_str) + # load the modified mapping from the CSV string + new_dt = base.DecisionTable.load_from_csv_str(csv_str=modified_csv_str) + self.assertIsInstance(new_dt, base.DecisionTable) + self.assertEqual(new_dt.name, self.dt.name) + self.assertEqual(new_dt.description, self.dt.description) + self.assertEqual(new_dt.namespace, self.dt.namespace) + self.assertEqual(new_dt.decision_point_group, self.dpg) + self.assertEqual(new_dt.outcome_group, self.og) + # check that the mapping is the same as the modified CSV string + new_mapping = new_dt.get_mapping_df() + self.assertIsInstance(new_mapping, DataFrame) + self.assertFalse(new_mapping.empty) + # check that the modified value is in the mapping + # for each row in the old mapping, the new mapping should have the same values + # original: OV0 = new: OV1 + # original: OV1 = new: OV1 + # original: OV2 = new: OV1 + for index, row in df.iterrows(): + print(row) + + self.assertIn("OV1", new_mapping[self.og.str].unique()) + + +if __name__ == "__main__": + unittest.main() From 7676a663180e864f29f208cfa6f186b1e7af869d Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 13 Jun 2025 16:09:22 -0400 Subject: [PATCH 091/468] use namespace enum rather than hard-coded string for namespace in cisa objects --- src/ssvc/decision_points/cisa/base.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ssvc/decision_points/cisa/base.py b/src/ssvc/decision_points/cisa/base.py index 76e10368..342c37a9 100644 --- a/src/ssvc/decision_points/cisa/base.py +++ b/src/ssvc/decision_points/cisa/base.py @@ -23,7 +23,8 @@ from pydantic import BaseModel from ssvc.decision_points.base import DecisionPoint +from ssvc.namespaces import NameSpace class CisaDecisionPoint(DecisionPoint, BaseModel): - namespace: str = "cisa" + namespace: str = NameSpace.CISA From 6be9d7b4baec8cf39c17773a913b47ede9cbfc00 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 16 Jun 2025 15:22:41 -0400 Subject: [PATCH 092/468] refactoring branches --- src/ssvc/decision_tables/__init__.py | 12 - src/ssvc/decision_tables/base.py | 218 ---------- src/ssvc/decision_tables/experimental_base.py | 399 ------------------ src/test/decision_tables/__init__.py | 15 - src/test/decision_tables/test_base.py | 161 ------- .../decision_tables/test_experimental_base.py | 280 ------------ 6 files changed, 1085 deletions(-) delete mode 100644 src/ssvc/decision_tables/__init__.py delete mode 100644 src/ssvc/decision_tables/base.py delete mode 100644 src/ssvc/decision_tables/experimental_base.py delete mode 100644 src/test/decision_tables/__init__.py delete mode 100644 src/test/decision_tables/test_base.py delete mode 100644 src/test/decision_tables/test_experimental_base.py diff --git a/src/ssvc/decision_tables/__init__.py b/src/ssvc/decision_tables/__init__.py deleted file mode 100644 index b9c0e1cc..00000000 --- a/src/ssvc/decision_tables/__init__.py +++ /dev/null @@ -1,12 +0,0 @@ -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py deleted file mode 100644 index b85e1b72..00000000 --- a/src/ssvc/decision_tables/base.py +++ /dev/null @@ -1,218 +0,0 @@ -#!/usr/bin/env python -""" -DecisionTableBase: A flexible, serializable SSVC decision table model. -""" -# Copyright (c) 2025 Carnegie Mellon University. -# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE -# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. -# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, -# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT -# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR -# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE -# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE -# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM -# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. -# Licensed under a MIT (SEI)-style license, please see LICENSE or contact -# permission@sei.cmu.edu for full terms. -# [DISTRIBUTION STATEMENT A] This material has been approved for -# public release and unlimited distribution. Please see Copyright notice -# for non-US Government use and distribution. -# This Software includes and/or makes use of Third-Party Software each -# subject to its own license. -# DM24-0278 - -import logging -from itertools import product -from typing import List, Optional - -import pandas as pd -from pydantic import BaseModel, model_validator - -from ssvc._mixins import _Base, _Commented, _Namespaced, _SchemaVersioned -from ssvc.decision_points.base import ValueSummary -from ssvc.dp_groups.base import DecisionPointGroup -from ssvc.outcomes.base import OutcomeGroup - -logger = logging.getLogger(__name__) - - -class ValueCombo(BaseModel): - values: tuple[ValueSummary, ...] - - -class MappingRow(BaseModel): - decision_point_values: ValueCombo - outcome: Optional[ValueSummary] - - -class DecisionTableBase(_SchemaVersioned, _Namespaced, _Base, _Commented, BaseModel): - """ - DecisionTableBase: A flexible, serializable SSVC decision table model. - """ - - decision_point_group: DecisionPointGroup - outcome_group: OutcomeGroup - mapping: Optional[List[MappingRow]] = None - - @model_validator(mode="after") - def populate_mapping_if_none(self): - - if self.mapping is not None: - # short-circuit if mapping is already set - return self - - dpg = self.decision_point_group - og = self.outcome_group - if dpg is not None and og is not None: - mapping = self.generate_full_mapping() - outcome_values = getattr(og, "value_summaries", None) - if outcome_values: - mapping = distribute_outcomes_evenly(mapping, outcome_values) - else: - raise ValueError( - "Outcome group must have value_summaries to distribute outcomes." - ) - self.mapping = mapping - return self - - def to_csv(self) -> str: - """ - Export the mapping to a CSV string. Columns: one per decision point (by name), one for outcome. - Indiviual decision point and outcome values are represented as a colon-separated tuple - consisting of the namespace, decision point key, decision point version, and value key. - """ - if not self.mapping: - raise ValueError("No mapping to export.") - dp_names = [dp.name for dp in self.decision_point_group.decision_points] - outcome_name = self.outcome_group.name - rows = [] - for row in self.mapping: - row_dict = { - name: str(val) - for name, val in zip(dp_names, row.decision_point_values.values) - } - row_dict[outcome_name] = str(row.outcome) if row.outcome else "" - rows.append(row_dict) - df = pd.DataFrame(rows, columns=dp_names + [outcome_name]) - return df.to_csv(index=False) - - def generate_full_mapping(self) -> List[MappingRow]: - """ - Generate a full mapping for the decision table, with every possible combination of decision point values. - Each MappingRow will have a ValueCombo of ValueSummary objects, and outcome=None. - """ - if self.mapping is not None: - # short-circuit if mapping is already set - logger.warning("Mapping is already set, skipping full generation.") - return self.mapping - - logger.debug("Generating full mapping.") - self.mapping = generate_full_mapping(self) - - return self.mapping - - def distribute_outcomes_evenly(self, overwrite: bool = False) -> List[MappingRow]: - """ - Distribute the given outcome_values across the mapping rows in sorted order. - The earliest mappings get the lowest outcome, the latest get the highest. - If the mapping count is not divisible by the number of outcomes, the last outcome(s) get the remainder. - Returns a new list of MappingRow with outcomes assigned. - """ - if self.mapping is not None: - if not overwrite: - # short-circuit if mapping is already set - logger.warning("Mapping is already set, skipping distribution.") - return self.mapping - else: - logger.info("Overwriting existing mapping with new distribution.") - - self.generate_full_mapping() - - outcome_values = getattr(self.outcome_group, "value_summaries", None) - if outcome_values is None: - raise ValueError( - "Outcome group must have value_summaries to distribute outcomes." - ) - - if mapping is None: - self.mapping = distribute_outcomes_evenly(outcome_values) - - -def generate_full_mapping(decision_table: "DecisionTableBase") -> list[MappingRow]: - """ - Generate a full mapping for the decision table, with every possible combination of decision point values. - Each MappingRow will have a ValueCombo of ValueSummary objects, and outcome=None. - """ - dp_group = decision_table.decision_point_group - # For each decision point, get its value summaries - value_lists = [ - [ - ValueSummary( - key=dp.key, - version=dp.version, - namespace=dp.namespace, - value=val.key, - ) - for val in dp.values - ] - for dp in dp_group.decision_points - ] - all_combos = product(*value_lists) - mapping = [ - MappingRow(decision_point_values=ValueCombo(values=combo), outcome=None) - for combo in all_combos - ] - return mapping - - -def distribute_outcomes_evenly( - mapping: list[MappingRow], outcome_values: list[ValueSummary] -) -> list[MappingRow]: - """ - Distribute the given outcome_values across the mapping rows in sorted order. - The earliest mappings get the lowest outcome, the latest get the highest. - If the mapping count is not divisible by the number of outcomes, the last outcome(s) get the remainder. - Returns a new list of MappingRow with outcomes assigned. - """ - if not outcome_values: - raise ValueError("No outcome values provided for distribution.") - n = len(mapping) - k = len(outcome_values) - base = n // k - rem = n % k - new_mapping = [] - idx = 0 - for i, outcome in enumerate(outcome_values): - count = base + (1 if i < rem else 0) - for _ in range(count): - if idx >= n: - break - row = mapping[idx] - new_mapping.append( - MappingRow( - decision_point_values=row.decision_point_values, outcome=outcome - ) - ) - idx += 1 - return new_mapping - - -def main() -> None: - from ssvc.dp_groups.ssvc.coordinator_triage import LATEST as dpg - from ssvc.outcomes.x_basic.mscw import LATEST as outcomes - - table = DecisionTableBase( - name="Test Table", - description="A test decision table", - namespace="x_test", - decision_point_group=dpg, - outcome_group=outcomes, - ) - table.mapping = generate_full_mapping(table) - table.mapping = distribute_outcomes_evenly(table.mapping, outcomes.value_summaries) - csv_str = table.to_csv() - print(csv_str) - - -if __name__ == "__main__": - main() diff --git a/src/ssvc/decision_tables/experimental_base.py b/src/ssvc/decision_tables/experimental_base.py deleted file mode 100644 index 7d3034df..00000000 --- a/src/ssvc/decision_tables/experimental_base.py +++ /dev/null @@ -1,399 +0,0 @@ -#!/usr/bin/env python - -# Copyright (c) 2025 Carnegie Mellon University. -# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE -# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. -# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, -# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT -# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR -# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE -# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE -# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM -# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. -# Licensed under a MIT (SEI)-style license, please see LICENSE or contact -# permission@sei.cmu.edu for full terms. -# [DISTRIBUTION STATEMENT A] This material has been approved for -# public release and unlimited distribution. Please see Copyright notice -# for non-US Government use and distribution. -# This Software includes and/or makes use of Third-Party Software each -# subject to its own license. -# DM24-0278 -""" -Provides a DecisionTable class that can be used to model decisions in SSVC -""" -import itertools -import logging -from typing import Optional - -import networkx as nx -import pandas as pd -from pydantic import BaseModel, Field - -from ssvc._mixins import _Base, _Commented, _Namespaced, _SchemaVersioned -from ssvc.dp_groups.base import DecisionPointGroup -from ssvc.outcomes.base import OutcomeGroup -from ssvc.policy_generator import PolicyGenerator - -logger = logging.getLogger(__name__) - - -class DecisionTable(_SchemaVersioned, _Namespaced, _Base, _Commented, BaseModel): - """ - The DecisionTable class is a model for decisions in SSVC. - - It is a collection of decision points and outcomes, and a mapping of decision points to outcomes. - - The mapping is generated by the PolicyGenerator class, and stored as a dictionary. - The mapping dict keys are tuples of decision points and decision point values. - The mapping dict values are outcomes. - """ - - decision_point_group: DecisionPointGroup - outcome_group: OutcomeGroup - mapping: list[tuple[tuple[str, ...], tuple[str, ...]]] = Field(default_factory=list) - - def get_mapping_df(self, weights: Optional[list[float]] = None) -> pd.DataFrame: - # create a policy generator object and extract a mapping from it - with PolicyGenerator( - dp_group=self.decision_point_group, - outcomes=self.outcome_group, - outcome_weights=weights, - ) as pg: - df = pg.clean_policy() - - return df - - def dataframe_to_tuple_list( - self, df: pd.DataFrame, n_outcols: int = 1 - ) -> list[tuple[tuple[str, ...], tuple[str, ...]]]: - """ - Converts a DataFrame into a list of tuples where each tuple contains: - - A tuple of input values (all columns except the last n_outcols) - - A tuple containing the outcome value (last n_outcols columns) - - Note: - In every decision we've modeled to date, there is only one outcome column. - We have not yet encountered a decision with multiple outcome columns, - however, it has come up in some discussions, so we're allowing for it here as - a future-proofing measure. - - Attributes: - df: pandas DataFrame - n_outcols: int, default=1 - - Returns: - list[tuple[tuple[str,...],tuple[str,...]]]: A list of tuples - - """ - input_columns = df.columns[:-n_outcols] # All columns except the last one - output_column = df.columns[-n_outcols] # The last column - - return [ - (tuple(row[input_columns]), (row[output_column],)) - for _, row in df.iterrows() - ] - - def set_mapping( - self, df: pd.DataFrame - ) -> list[tuple[tuple[str, ...], tuple[str, ...]]]: - """ - Sets the mapping attribute to the output of dataframe_to_tuple_list - - :param df: pandas DataFrame - """ - self.mapping = self.dataframe_to_tuple_list(df) - return self.mapping - - def generate_mapping(self) -> list[tuple[tuple[str, ...], tuple[str, ...]]]: - """ - Generates a mapping from the decision point group to the outcome group using the PolicyGenerator class - and sets the mapping attribute to the output of dataframe_to_tuple_list - - Returns: - list[tuple[tuple[str,...],tuple[str,...]]]: The generated mapping - """ - df = self.get_mapping_df() - return self.set_mapping(df) - - def consistency_check_mapping(self) -> bool: - """Checks the mapping attribute by ensuring that the contents are consistent with the partial order over the decision points and outcomes""" - - # convert the decision point values to a list of numerical tuples - # and create a lookup table for the values - # The end result will be that vector contains a list of tuples - # where each tuple is a list of integers that represent the values - # in a decision point. The dp_lookup list will contain a dictionary - # for each decision point that maps the integer values to the string values - vector = [] - dp_lookup = [] - - # create an inverted index for the outcomes - outcome_lookup = {v: k for k, v in self.outcome_group.enumerated_values.items()} - logger.debug(f"Outcome lookup: {outcome_lookup}") - - for dp in self.decision_point_group: - valuesdict = dp.enumerated_values - dp_lookup.append(valuesdict) - - _vlist = tuple(valuesdict.keys()) - vector.append(_vlist) - - # vector now looks like - # [(0, 1, 2), (0, 1), (0, 1, 2, 3)] - logger.debug(f"Vector: {vector}") - # dp_lookup looks like - # [{0: 'a', 1: 'b', 2: 'c'}, {0: 'x', 1: 'y'}, {0: 'i', 1: 'j', 2: 'k', 3: 'l'}] - logger.debug(f"DP lookup: {dp_lookup}") - - bottom = tuple([min(t) for t in vector]) - top = tuple([max(t) for t in vector]) - - logger.debug(f"Bottom node: {bottom}") - logger.debug(f"Top node: {top}") - - # construct a directed graph - G = nx.DiGraph() - G = self._add_nodes(G, vector) - G = self._add_edges(G) - - problems = self._check_graph(G, bottom, top) - - # if we already have problems, we should stop here - # because the graph is not valid - if problems: - for problem in problems: - logger.error(f"Problem detected: {problem}") - return False - - # the graph has a lot of edges where the outcome does not change between the nodes - # we need to find the decision boundaries where the outcome does change - decision_boundaries = self._find_decision_boundaries(G, dp_lookup) - - problems = self._check_decision_boundaries(decision_boundaries, outcome_lookup) - for problem in problems: - logger.error(f"Problem detected: {problem}") - - # return True if there are no problems - return len(problems) == 0 - - def _check_decision_boundaries( - self, decision_boundaries: list[dict[str, str]], outcome_lookup: dict[str, int] - ) -> list[str]: - - problems = [] - for db in decision_boundaries: - from_outcome = outcome_lookup[db["from_outcome"]] - to_outcome = outcome_lookup[db["to_outcome"]] - - if from_outcome < to_outcome: - # this is what we wanted, no problem found - continue - - problem = ( - f"{db['from']} < {db['to']} but {from_outcome} is not < {to_outcome}" - ) - problems.append(problem) - return problems - - def _find_decision_boundaries( - self, G: nx.DiGraph, dp_lookup: list[dict[int, str]] - ) -> list[dict[str, str]]: - decision_boundaries = [] - for edge in G.edges: - u, v = edge - - # we need to translate from a node int tuple to the strings so we can look it up in the mapping - u_str = self.int_node_to_str(u, dp_lookup) - v_str = self.int_node_to_str(v, dp_lookup) - - mapping_dict = dict(self.mapping) - try: - u_outcome_str = mapping_dict[u_str][0] - except KeyError: - print(f"Node {u_str} has no mapping") - - try: - v_outcome_str = mapping_dict[v_str][0] - except KeyError: - logger.error(f"Node {v_str} has no mapping") - raise ValueError - - if u_outcome_str == v_outcome_str: - # no decision boundary here - continue - - # if we got here, there is a decision boundary - # so we need to record it - row = { - "from": u_str, - "to": v_str, - "from_outcome": u_outcome_str, - "to_outcome": v_outcome_str, - } - decision_boundaries.append(row) - - return decision_boundaries - - def int_node_to_str( - self, node: tuple[int, ...], dp_lookup: list[dict[int, str]] - ) -> tuple[str, ...]: - return tuple([dp_lookup[i][node[i]] for i in range(len(node))]) - - def _check_graph( - self, G: nx.DiGraph, bottom: tuple[int, ...], top: tuple[int, ...] - ) -> list[str]: - problems = [] - # check nodes for edges - for node in G.nodes: - if node != bottom and not G.in_degree(node): - # all nodes except bottom should have at least one incoming edge - problems.append(f"Node {node} has no incoming edges") - if node != top and not G.out_degree(node): - # all nodes except top should have at least one outgoing edge - problems.append(f"Node {node} has no outgoing edges") - return problems - - def _add_nodes(self, G: nx.DiGraph, vector: list[tuple[int, ...]]) -> nx.DiGraph: - - for node in itertools.product(*vector): - node = tuple(node) - # node is a tuple of integers - G.add_node(node) - - return G - - def _add_edges(self, G: nx.DiGraph) -> nx.DiGraph: - """ - Add edges to the graph G based on the nodes in G. - Node identities are tuples of integers. - Edges are added between nodes where one and only one element of the tuples differ by 1. - - Examples: - - | Node 1 | Node 2 | Edge? | - |--------|--------|-------| - | (0,0) | (0,1) | Yes | - | (0,0) | (1,0) | Yes | - | (0,0) | (1,1) | No | - | (0,0) | (0,0) | No | - | (0,0) | (0,2) | No | - | (0,1) | (0,2) | Yes | - - Args: - G: a networkx DiGraph object - - Returns: - a networkx DiGraph object with edges added - - """ - # add edges - for u, v in itertools.product(G.nodes, G.nodes): - # enforce that u and v are tuples of integers - if not isinstance(u, tuple) or any([not isinstance(i, int) for i in u]): - raise ValueError(f"Node {u} is not an integer tuple") - if not isinstance(v, tuple) or any([not isinstance(i, int) for i in v]): - raise ValueError(f"Node {v} is not an integer tuple") - - # add an edge if the difference between u and v is 1 - if u == v: - # do not create self-reflexive edges - continue - - if any(u[i] > v[i] for i in range(len(u))): - # skip the upper triangle of the connectivity matrix - continue - - # if you get here, we know that u < v, but it could be - # a gap larger than 1 from u to v. - # We only want to add edges where the gap is exactly 1. - - # compute the individual differences for each vector element - delta = [v[i] - u[i] for i in range(len(u))] - - if sum(delta) != 1: - # gap is too large - continue - - if not all([d in [0, 1] for d in delta]): - # more than one element is different - # this would be odd if it happened, but check for it anyway - continue - - # if you get here, then there is exactly one element that is different - # by 1, and the rest are the same - # add the edge - G.add_edge(u, v) - - # clean up the graph before we return it - # the transitive reduction of a graph is a graph with the same - # reachability properties, but with as few edges as possible - # https://en.wikipedia.org/wiki/Transitive_reduction - # in principle, our algorithm above shouldn't create any redundant edges - # so this is more of a belt-and-suspenders approach - before = len(G.edges) - G = nx.transitive_reduction(G) - after = len(G.edges) - if before != after: - logger.warning(f"Transitive reduction removed {before - after} edges") - logger.debug(f"Edge count: {after}") - return G - - def mapping_to_csv_str(self): - """ - Returns the mapping as a CSV string - """ - columns = [dp.str for dp in self.decision_point_group] - columns.append(self.outcome_group.str) - - rows = [] - for dpstrs, ostrs in self.mapping: - row = list(dpstrs) - row.append(ostrs[0]) - rows.append(row) - - return pd.DataFrame(rows, columns=columns).to_csv(index=False) - - def load_from_csv_str(self, csv_str: str): - """ - Loads the mapping from a CSV string - """ - # TODO add a mechanism to read a mapping from a CSV file and create a DecisionTable object from it - raise NotImplementedError - - -# convenience alias -Policy = DecisionTable - - -def main(): - from ssvc.dp_groups.ssvc.coordinator_publication import LATEST as dpg - from ssvc.outcomes.ssvc_.publish import PUBLISH as og - - logger = logging.getLogger() - logger.setLevel(logging.DEBUG) - logger.addHandler(logging.StreamHandler()) - - dt = DecisionTable( - name="Example Decision Table", - description="The description for an Example Decision Table", - namespace="x_test", - version="1.0.0", - decision_point_group=dpg, - outcome_group=og, - ) - - df = dt.get_mapping_df() - dt.set_mapping(df) - - print(dt.model_dump_json(indent=2)) - - with open("foo.json", "w") as f: - f.write(dt.model_dump_json()) - - dt.consistency_check_mapping() - - print(dt.mapping_to_csv_str()) - - -if __name__ == "__main__": - main() diff --git a/src/test/decision_tables/__init__.py b/src/test/decision_tables/__init__.py deleted file mode 100644 index 3a081023..00000000 --- a/src/test/decision_tables/__init__.py +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University -""" -Provides test classes for ssvc.decision_tables. -""" diff --git a/src/test/decision_tables/test_base.py b/src/test/decision_tables/test_base.py deleted file mode 100644 index 81cbd82b..00000000 --- a/src/test/decision_tables/test_base.py +++ /dev/null @@ -1,161 +0,0 @@ -# Copyright (c) 2025 Carnegie Mellon University. -# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE -# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. -# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, -# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT -# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR -# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE -# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE -# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM -# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. -# Licensed under a MIT (SEI)-style license, please see LICENSE or contact -# permission@sei.cmu.edu for full terms. -# [DISTRIBUTION STATEMENT A] This material has been approved for -# public release and unlimited distribution. Please see Copyright notice -# for non-US Government use and distribution. -# This Software includes and/or makes use of Third-Party Software each -# subject to its own license. -# DM24-0278 -import os -import tempfile -import unittest - -import pandas as pd - -from ssvc.decision_points.base import DecisionPointValue -from ssvc.decision_tables.base import DecisionTableBase, MappingRow -from ssvc.dp_groups.base import DecisionPoint, DecisionPointGroup -from ssvc.outcomes.base import OutcomeGroup - - -class DummyDecisionPoint(DecisionPoint): - pass - - -class DummyOutcomeGroup(OutcomeGroup): - pass - - -class TestDecisionTableBase(unittest.TestCase): - def setUp(self): - # create a temporary directory for testing - self.tmpdir = tempfile.TemporaryDirectory() - - # Create dummy decision point values - self.dp1v1 = DecisionPointValue(name="a", key="a", description="A value") - self.dp1v2 = DecisionPointValue(name="b", key="b", description="B value") - self.dp2v1 = DecisionPointValue(name="x", key="x", description="X value") - self.dp2v2 = DecisionPointValue(name="y", key="y", description="Y value") - # Create dummy decision points and group - self.dp1 = DummyDecisionPoint( - name="dp1", - description="", - version="1.0", - namespace="x_test", - key="dp1", - values=(self.dp1v1, self.dp1v2), - ) - self.dp2 = DummyDecisionPoint( - name="dp2", - description="", - version="1.0", - namespace="x_test", - key="dp2", - values=(self.dp2v1, self.dp2v2), - ) - self.dpg = DecisionPointGroup( - name="dpg", - description="", - version="1.0", - namespace="x_test", - decision_points=(self.dp1, self.dp2), - ) - # Create dummy outcome group - self.ogv1 = DecisionPointValue(name="o1", key="o1", description="Outcome 1") - self.ogv2 = DecisionPointValue(name="o2", key="o2", description="Outcome 2") - self.og = DummyOutcomeGroup( - name="outcome", - description="", - version="1.0", - namespace="x_test", - key="outcome", - values=(self.ogv1, self.ogv2), - ) - - def tearDown(self): - # clean up the temporary directory - self.tmpdir.cleanup() - - def test_init(self): - dt = DecisionTableBase( - name="Test Table", - namespace="x_test", - description="", - decision_point_group=self.dpg, - outcome_group=self.og, - mapping=None, - ) - self.assertEqual(dt.decision_point_group, self.dpg) - self.assertEqual(dt.outcome_group, self.og) - - # default should be to populate mapping if not provided - self.assertIsNotNone(dt.mapping) - # mapping length should match product of decision point values - combos = list(self.dpg.combinations()) - expected_length = len(combos) - self.assertEqual(len(dt.mapping), expected_length) - # Check if mapping is a list of MappingRow objects - for row in dt.mapping: - self.assertIsInstance(row, MappingRow) - # We aren't testing the actual values here, just that they are created - # correctly. The mappings will be tested in more detail in other tests. - - def test_to_csv(self): - dt = DecisionTableBase( - name="Test Table", - namespace="x_test", - description="", - decision_point_group=self.dpg, - outcome_group=self.og, - mapping=None, - ) - csv_str = dt.to_csv() - - # write csv to a temporary file - csvfile = os.path.join(self.tmpdir.name, "test_table.csv") - with open(csvfile, "w") as f: - f.write(csv_str) - - # read the csv file into a DataFrame - # using pandas - df = pd.read_csv(csvfile) - - # does line count match expected? - expected_lines = len(dt.mapping) # for header - self.assertEqual(len(df), expected_lines) - # Check if the DataFrame has the expected columns - - expected_columns = [ - "dp1", - "dp2", - "outcome", - ] - self.assertTrue(all(col in df.columns for col in expected_columns)) - - def test_model_dump_json(self): - dt = DecisionTableBase( - name="Test Table", - namespace="x_test", - description="", - decision_point_group=self.dpg, - outcome_group=self.og, - mapping=None, - ) - json_str = dt.model_dump_json() - self.assertIn("decision_point_group", json_str) - self.assertIn("outcome_group", json_str) - self.assertIn("mapping", json_str) - - -if __name__ == "__main__": - unittest.main() diff --git a/src/test/decision_tables/test_experimental_base.py b/src/test/decision_tables/test_experimental_base.py deleted file mode 100644 index 288bbcbf..00000000 --- a/src/test/decision_tables/test_experimental_base.py +++ /dev/null @@ -1,280 +0,0 @@ -# Copyright (c) 2025 Carnegie Mellon University. -# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE -# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. -# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, -# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT -# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR -# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE -# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE -# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM -# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. -# Licensed under a MIT (SEI)-style license, please see LICENSE or contact -# permission@sei.cmu.edu for full terms. -# [DISTRIBUTION STATEMENT A] This material has been approved for -# public release and unlimited distribution. Please see Copyright notice -# for non-US Government use and distribution. -# This Software includes and/or makes use of Third-Party Software each -# subject to its own license. -# DM24-0278 -import tempfile -import unittest - -import pandas as pd -from pandas import DataFrame - -from ssvc.decision_points.base import ( - DP_REGISTRY, - DecisionPoint, - DecisionPointValue, -) -from ssvc.decision_tables import experimental_base as base -from ssvc.dp_groups.base import DecisionPointGroup -from ssvc.outcomes.base import OutcomeValue - - -class TestDecisionTable(unittest.TestCase): - def setUp(self): - self.tempdir = tempfile.TemporaryDirectory() - self.tempdir_path = self.tempdir.name - - DP_REGISTRY.clear() - - dps = [] - for i in range(3): - dpvs = [] - for j in range(3): - dpv = DecisionPointValue( - name=f"Value {i}{j}", - key=f"DP{i}V{j}", - description=f"Decision Point {i} Value {j} Description", - ) - dpvs.append(dpv) - - dp = DecisionPoint( - name=f"Decision Point {i}", - key=f"DP{i}", - description=f"Decision Point {i} Description", - version="1.0.0", - namespace="x_test", - values=tuple(dpvs), - ) - dps.append(dp) - - self.dpg = DecisionPointGroup( - name="Decision Point Group", - description="Decision Point Group description", - decision_points=tuple(dps), - ) - - ogvs = [] - for i in range(3): - ogv = OutcomeValue( - name=f"Outcome Value {i}", - key=f"OV{i}", - description=f"Outcome Value {i} description", - ) - ogvs.append(ogv) - - self.og = DecisionPoint( - name="Outcome Group", - key="OG", - description="Outcome Group description", - namespace="x_test", - values=tuple(ogvs), - ) - - self.dt = base.DecisionTable( - name="foo", - description="foo description", - namespace="x_test", - decision_point_group=self.dpg, - outcome_group=self.og, - ) - - def tearDown(self): - self.tempdir.cleanup() - - def test_create(self): - # self.dt exists in setUp - self.assertEqual(self.dt.name, "foo") - self.assertEqual(self.dt.description, "foo description") - self.assertEqual(self.dt.namespace, "x_test") - self.assertEqual(self.dt.decision_point_group, self.dpg) - self.assertEqual(self.dt.outcome_group, self.og) - - def test_get_mapping_df(self): - df = self.dt.get_mapping_df() - self.assertIsInstance(df, DataFrame) - - # df is not empty - self.assertFalse(df.empty) - # df has some rows - self.assertGreater(len(df), 0) - # df has the same number of rows as the product of the number of decision points and their values - combos = list(self.dpg.combination_strings()) - self.assertGreater(len(combos), 0) - self.assertEqual(len(df), len(combos)) - - # column names are the decision point strings and the outcome group string - for i, dp in enumerate(self.dpg.decision_points): - self.assertEqual(dp.str, df.columns[i]) - self.assertEqual(self.og.str, df.columns[-1]) - - for col in df.columns: - # col is in the registry - self.assertIn(col, DP_REGISTRY) - - dp = DP_REGISTRY[col] - - uniq = df[col].unique() - - # all values in the decision point should be in the column at least once - for vsum in dp.value_summaries_str: - self.assertIn(vsum, uniq) - - def test_dataframe_to_tuple_list(self): - df = pd.DataFrame( - [ - {"a": 1, "b": 2, "c": 3}, - {"a": 4, "b": 5, "c": 6}, - {"a": 7, "b": 8, "c": 9}, - ] - ) - - tuple_list = self.dt.dataframe_to_tuple_list(df) - - self.assertEqual(len(tuple_list), len(df)) - - for row in tuple_list: - self.assertIsInstance(row, tuple) - self.assertEqual(len(row), 2) - self.assertIsInstance(row[0], tuple) - self.assertIsInstance(row[1], tuple) - - # manually check the structure of the tuple list - self.assertEqual((1, 2), tuple_list[0][0]) - self.assertEqual((3,), tuple_list[0][1]) - self.assertEqual((4, 5), tuple_list[1][0]) - self.assertEqual((6,), tuple_list[1][1]) - self.assertEqual((7, 8), tuple_list[2][0]) - self.assertEqual((9,), tuple_list[2][1]) - - def test_set_mapping(self): - df = pd.DataFrame( - { - "a": ["x", "y", "z"], - "b": ["one", "two", "three"], - "c": ["apple", "orange", "pear"], - } - ) - - result = self.dt.set_mapping(df) - - self.assertIn((("x", "one"), ("apple",)), result) - self.assertIn((("y", "two"), ("orange",)), result) - self.assertIn((("z", "three"), ("pear",)), result) - - self.assertEqual(result, self.dt.mapping) - - @unittest.skip("Test not implemented") - def test_consistency_check_mapping(self): - pass - - @unittest.skip("Test not implemented") - def test_check_decision_boundaries(self): - pass - - @unittest.skip("Test not implemented") - def test_find_decision_boundaries(self): - pass - - @unittest.skip("Test not implemented") - def test_int_node_to_str(self): - pass - - @unittest.skip("Test not implemented") - def test_check_graph(self): - pass - - @unittest.skip("Test not implemented") - def test_add_nodes(self): - pass - - @unittest.skip("Test not implemented") - def test_add_edges(self): - pass - - def test_mapping_to_csv_str(self): - df = self.dt.get_mapping_df() - self.dt.set_mapping(df) - - csv_str = self.dt.mapping_to_csv_str() - self.assertIsInstance(csv_str, str) - - lines = csv_str.strip().split("\n") - - # first line is the header - self.assertEqual( - lines[0], - ",".join([dp.str for dp in self.dpg.decision_points] + [self.og.str]), - ) - - combinations = list(self.dpg.combination_strings()) - - # there should be one line for each combination after the header - self.assertEqual(len(lines[1:]), len(combinations)) - - # each line after the header starts with a combination of decision point values - for combo, line in zip(combinations, lines[1:]): - # there are as many commas in the line as there are combos - comma_count = line.count(",") - self.assertEqual(comma_count, len(combo)) - - for dpv_str in combo: - self.assertIn(dpv_str, line) - - # the last thing in the line is the outcome group value - og_value = line.split(",")[-1] - self.assertIn(og_value, self.og.value_summaries_str) - - @unittest.skip("Method not implemented") - def test_load_from_csv_str(self): - df = self.dt.get_mapping_df() - self.dt.set_mapping(df) - - csv_str = self.dt.mapping_to_csv_str() - - print("Original CSV String:") - print(csv_str) - # modify the csv_str to simulate a new mapping - # replace "OV2" with "OV1" - modified_csv_str = csv_str.replace("OV2", "OV1") - # confirm that "OV2" is no longer in the modified string - self.assertNotIn("OV2", modified_csv_str) - print("Modified CSV String:") - print(modified_csv_str) - # load the modified mapping from the CSV string - new_dt = base.DecisionTable.load_from_csv_str(csv_str=modified_csv_str) - self.assertIsInstance(new_dt, base.DecisionTable) - self.assertEqual(new_dt.name, self.dt.name) - self.assertEqual(new_dt.description, self.dt.description) - self.assertEqual(new_dt.namespace, self.dt.namespace) - self.assertEqual(new_dt.decision_point_group, self.dpg) - self.assertEqual(new_dt.outcome_group, self.og) - # check that the mapping is the same as the modified CSV string - new_mapping = new_dt.get_mapping_df() - self.assertIsInstance(new_mapping, DataFrame) - self.assertFalse(new_mapping.empty) - # check that the modified value is in the mapping - # for each row in the old mapping, the new mapping should have the same values - # original: OV0 = new: OV1 - # original: OV1 = new: OV1 - # original: OV2 = new: OV1 - for index, row in df.iterrows(): - print(row) - - self.assertIn("OV1", new_mapping[self.og.str].unique()) - - -if __name__ == "__main__": - unittest.main() From c37c0363401cf951b8938fcfc9335510030a3b96 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 17 Jun 2025 15:39:07 -0400 Subject: [PATCH 093/468] update Makefile --- Makefile | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index af885c5c..f5e33ada 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ MKDOCS_PORT=8765 DOCKER_DIR=docker # Targets -.PHONY: all test docs docker_test clean help +.PHONY: all test docs docker_test clean help mdlint_fix up down all: help @@ -40,9 +40,13 @@ help: @echo "" @echo "Targets:" @echo " all - Display this help message" - @echo " mdlint_fix - Run markdownlint with --fix" - @echo " test - Run the tests in a local shell" - @echo " docs - Build and run the docs Docker service" - @echo " docker_test - Run the tests in a Docker container" - @echo " clean - Remove Docker containers and images" - @echo " help - Display this help message" + @echo " mdlint_fix - Run markdownlint with fix" + @echo " test - Run tests locally" + @echo " docker_test - Run tests in Docker" + @echo " docs - Build and run documentation in Docker" + @echo " up - Start Docker services" + @echo " down - Stop Docker services" + @echo " clean - Clean up Docker resources" + @echo " help - Display this help message" + + From 5343403e7a187659c0bb6de45b213cf1a16f31ed Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli Date: Tue, 17 Jun 2025 15:47:05 -0400 Subject: [PATCH 094/468] Update mission_prevalence.py fixing mission prevalence imports. --- src/ssvc/decision_points/ssvc_/mission_prevalence.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ssvc/decision_points/ssvc_/mission_prevalence.py b/src/ssvc/decision_points/ssvc_/mission_prevalence.py index ba9c1a3b..9b3b0640 100644 --- a/src/ssvc/decision_points/ssvc_/mission_prevalence.py +++ b/src/ssvc/decision_points/ssvc_/mission_prevalence.py @@ -23,7 +23,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.base import DecisionPointValue, SsvcDecisionPoint + +from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs MINIMAL = DecisionPointValue( From bddc0f84543d075cd6dfe5e91332af4cc3d15c32 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 17 Jun 2025 16:19:48 -0400 Subject: [PATCH 095/468] rename packages (*.ssvc_ -> *.ssvc) --- docs/howto/coordination_triage_decision.md | 14 ++-- docs/howto/deployer_tree.md | 10 +-- docs/howto/publication_decision.md | 6 +- docs/howto/supplier_tree.md | 8 +-- docs/reference/decision_points/automatable.md | 4 +- .../reference/decision_points/exploitation.md | 4 +- .../reference/decision_points/human_impact.md | 4 +- .../decision_points/mission_impact.md | 4 +- .../decision_points/public_safety_impact.md | 4 +- .../decision_points/public_value_added.md | 2 +- .../decision_points/report_credibility.md | 2 +- .../decision_points/report_public.md | 2 +- .../decision_points/safety_impact.md | 4 +- .../decision_points/supplier_cardinality.md | 2 +- .../decision_points/supplier_contacted.md | 2 +- .../decision_points/supplier_engagement.md | 2 +- .../decision_points/supplier_involvement.md | 2 +- .../decision_points/system_exposure.md | 4 +- .../decision_points/technical_impact.md | 2 +- docs/reference/decision_points/utility.md | 4 +- .../decision_points/value_density.md | 2 +- src/ssvc/decision_points/ssvc/__init__.py | 21 ++++++ .../{ssvc_ => ssvc}/automatable.py | 2 +- .../decision_points/{ssvc_ => ssvc}/base.py | 0 .../{ssvc_ => ssvc}/critical_software.py | 2 +- .../{ssvc_ => ssvc}/exploitation.py | 2 +- .../{ssvc_ => ssvc}/high_value_asset.py | 2 +- .../{ssvc_ => ssvc}/human_impact.py | 2 +- .../decision_points/{ssvc_ => ssvc}/in_kev.py | 2 +- .../{ssvc_ => ssvc}/mission_impact.py | 2 +- .../{ssvc_ => ssvc}/mission_prevalence.py | 0 .../{ssvc_ => ssvc}/public_safety_impact.py | 2 +- .../{ssvc_ => ssvc}/public_value_added.py | 2 +- .../{ssvc_ => ssvc}/report_credibility.py | 2 +- .../{ssvc_ => ssvc}/report_public.py | 2 +- .../{ssvc_ => ssvc}/safety_impact.py | 2 +- .../{ssvc_ => ssvc}/supplier_cardinality.py | 2 +- .../{ssvc_ => ssvc}/supplier_contacted.py | 2 +- .../{ssvc_ => ssvc}/supplier_engagement.py | 2 +- .../{ssvc_ => ssvc}/supplier_involvement.py | 2 +- .../{ssvc_ => ssvc}/system_exposure.py | 2 +- .../{ssvc_ => ssvc}/technical_impact.py | 2 +- .../{ssvc_ => ssvc}/utility.py | 2 +- .../{ssvc_ => ssvc}/value_density.py | 2 +- src/ssvc/decision_points/ssvc_/__init__.py | 15 ----- src/ssvc/doc_helpers.py | 2 +- src/ssvc/doctools.py | 46 +++++++++++-- .../dp_groups/ssvc/coordinator_publication.py | 6 +- src/ssvc/dp_groups/ssvc/coordinator_triage.py | 20 +++--- src/ssvc/dp_groups/ssvc/deployer.py | 16 ++--- src/ssvc/dp_groups/ssvc/supplier.py | 12 ++-- src/ssvc/outcomes/base.py | 2 +- src/ssvc/outcomes/ssvc/__init__.py | 25 ++++++++ src/ssvc/outcomes/ssvc/coordinate.py | 53 +++++++++++++++ src/ssvc/outcomes/ssvc/dsoi.py | 64 +++++++++++++++++++ src/ssvc/outcomes/ssvc/publish.py | 55 ++++++++++++++++ src/ssvc/outcomes/ssvc_/__init__.py | 19 ------ src/ssvc/outcomes/ssvc_/coordinate.py | 47 -------------- src/ssvc/outcomes/ssvc_/dsoi.py | 58 ----------------- src/ssvc/outcomes/ssvc_/publish.py | 49 -------------- src/ssvc/policy_generator.py | 10 +-- src/test/decision_points/test_dp_base.py | 10 +-- src/test/dp_groups/test_dp_groups.py | 34 ++++++---- src/test/test_schema.py | 28 ++++---- 64 files changed, 393 insertions(+), 327 deletions(-) create mode 100644 src/ssvc/decision_points/ssvc/__init__.py rename src/ssvc/decision_points/{ssvc_ => ssvc}/automatable.py (97%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/base.py (100%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/critical_software.py (96%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/exploitation.py (97%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/high_value_asset.py (96%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/human_impact.py (98%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/in_kev.py (96%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/mission_impact.py (98%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/mission_prevalence.py (100%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/public_safety_impact.py (98%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/public_value_added.py (97%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/report_credibility.py (96%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/report_public.py (96%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/safety_impact.py (99%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/supplier_cardinality.py (96%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/supplier_contacted.py (96%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/supplier_engagement.py (97%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/supplier_involvement.py (97%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/system_exposure.py (98%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/technical_impact.py (97%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/utility.py (97%) rename src/ssvc/decision_points/{ssvc_ => ssvc}/value_density.py (97%) delete mode 100644 src/ssvc/decision_points/ssvc_/__init__.py create mode 100644 src/ssvc/outcomes/ssvc/__init__.py create mode 100644 src/ssvc/outcomes/ssvc/coordinate.py create mode 100644 src/ssvc/outcomes/ssvc/dsoi.py create mode 100644 src/ssvc/outcomes/ssvc/publish.py delete mode 100644 src/ssvc/outcomes/ssvc_/__init__.py delete mode 100644 src/ssvc/outcomes/ssvc_/coordinate.py delete mode 100644 src/ssvc/outcomes/ssvc_/dsoi.py delete mode 100644 src/ssvc/outcomes/ssvc_/publish.py diff --git a/docs/howto/coordination_triage_decision.md b/docs/howto/coordination_triage_decision.md index 240572d3..53949660 100644 --- a/docs/howto/coordination_triage_decision.md +++ b/docs/howto/coordination_triage_decision.md @@ -82,13 +82,13 @@ The remaining five decision points are: More detail about each of these decision points is provided at the links above, here we provide a brief summary of each. ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.report_public import LATEST as RP -from ssvc.decision_points.ssvc_.supplier_contacted import LATEST as SC -from ssvc.decision_points.ssvc_.report_credibility import LATEST as RC -from ssvc.decision_points.ssvc_.supplier_cardinality import LATEST as SI -from ssvc.decision_points.ssvc_.supplier_engagement import LATEST as SE -from ssvc.decision_points.ssvc_.utility import LATEST as U -from ssvc.decision_points.ssvc_.public_safety_impact import LATEST as PSI +from ssvc.decision_points.ssvc.report_public import LATEST as RP +from ssvc.decision_points.ssvc.supplier_contacted import LATEST as SC +from ssvc.decision_points.ssvc.report_credibility import LATEST as RC +from ssvc.decision_points.ssvc.supplier_cardinality import LATEST as SI +from ssvc.decision_points.ssvc.supplier_engagement import LATEST as SE +from ssvc.decision_points.ssvc.utility import LATEST as U +from ssvc.decision_points.ssvc.public_safety_impact import LATEST as PSI from ssvc.doc_helpers import example_block for dp in [RP, SC, RC, SI, SE, U, PSI]: diff --git a/docs/howto/deployer_tree.md b/docs/howto/deployer_tree.md index 637b3888..ffbde896 100644 --- a/docs/howto/deployer_tree.md +++ b/docs/howto/deployer_tree.md @@ -113,14 +113,14 @@ The Deployer Patch Deployment Priority decision model uses the following decisio More detail about each of these decision points is provided at the links above, here we provide a brief summary of each. ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.exploitation import LATEST as EXP -from ssvc.decision_points.ssvc_.system_exposure import LATEST as SE -from ssvc.decision_points.ssvc_.utility import LATEST as U -from ssvc.decision_points.ssvc_.human_impact import LATEST as HI +from ssvc.decision_points.ssvc.exploitation import LATEST as EXP +from ssvc.decision_points.ssvc.system_exposure import LATEST as SE +from ssvc.decision_points.ssvc.utility import LATEST as U +from ssvc.decision_points.ssvc.human_impact import LATEST as HI from ssvc.doc_helpers import example_block for dp in [EXP, SE, U, HI]: - print(example_block(dp)) + print(example_block(dp)) ``` In the *Human Impact* table above, *MEF* stands for Mission Essential Function. diff --git a/docs/howto/publication_decision.md b/docs/howto/publication_decision.md index e8090709..739b3b88 100644 --- a/docs/howto/publication_decision.md +++ b/docs/howto/publication_decision.md @@ -133,9 +133,9 @@ and adds two new ones ([*Supplier Involvement*](../reference/decision_points/sup More detail about each of these decision points is provided at the links above, here we provide a brief summary of each. ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.supplier_involvement import LATEST as SI -from ssvc.decision_points.ssvc_.exploitation import LATEST as EXP -from ssvc.decision_points.ssvc_.public_value_added import LATEST as PVA +from ssvc.decision_points.ssvc.supplier_involvement import LATEST as SI +from ssvc.decision_points.ssvc.exploitation import LATEST as EXP +from ssvc.decision_points.ssvc.public_value_added import LATEST as PVA from ssvc.doc_helpers import example_block diff --git a/docs/howto/supplier_tree.md b/docs/howto/supplier_tree.md index aa12d0e6..3d1c2384 100644 --- a/docs/howto/supplier_tree.md +++ b/docs/howto/supplier_tree.md @@ -72,10 +72,10 @@ The decision to create a patch is based on the following decision points: More detail about each of these decision points is provided at the links above, here we provide a brief summary of each. ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.exploitation import LATEST as EXP -from ssvc.decision_points.ssvc_.utility import LATEST as U -from ssvc.decision_points.ssvc_.technical_impact import LATEST as TI -from ssvc.decision_points.ssvc_.public_safety_impact import LATEST as PSI +from ssvc.decision_points.ssvc.exploitation import LATEST as EXP +from ssvc.decision_points.ssvc.utility import LATEST as U +from ssvc.decision_points.ssvc.technical_impact import LATEST as TI +from ssvc.decision_points.ssvc.public_safety_impact import LATEST as PSI from ssvc.doc_helpers import example_block diff --git a/docs/reference/decision_points/automatable.md b/docs/reference/decision_points/automatable.md index 44ef71b1..33592885 100644 --- a/docs/reference/decision_points/automatable.md +++ b/docs/reference/decision_points/automatable.md @@ -1,7 +1,7 @@ # Automatable (SSVC) ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.automatable import LATEST +from ssvc.decision_points.ssvc.automatable import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -62,7 +62,7 @@ Due to vulnerability chaining, there is some nuance as to whether reconnaissance ## Prior Versions ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.automatable import VERSIONS +from ssvc.decision_points.ssvc.automatable import VERSIONS from ssvc.doc_helpers import prior_version, example_block versions = VERSIONS[:-1] diff --git a/docs/reference/decision_points/exploitation.md b/docs/reference/decision_points/exploitation.md index 44fa49cb..b0c92a43 100644 --- a/docs/reference/decision_points/exploitation.md +++ b/docs/reference/decision_points/exploitation.md @@ -1,7 +1,7 @@ # Exploitation ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.exploitation import LATEST +from ssvc.decision_points.ssvc.exploitation import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -49,7 +49,7 @@ The table below lists CWE-IDs that could be used to mark a vulnerability as *PoC ## Prior Versions ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.exploitation import VERSIONS +from ssvc.decision_points.ssvc.exploitation import VERSIONS from ssvc.doc_helpers import prior_version, example_block versions = VERSIONS[:-1] diff --git a/docs/reference/decision_points/human_impact.md b/docs/reference/decision_points/human_impact.md index dc802e9d..339cdceb 100644 --- a/docs/reference/decision_points/human_impact.md +++ b/docs/reference/decision_points/human_impact.md @@ -1,7 +1,7 @@ # Human Impact ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.human_impact import LATEST +from ssvc.decision_points.ssvc.human_impact import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -47,7 +47,7 @@ see [Guidance on Communicating Results](../../howto/bootstrap/use.md). ## Prior Versions ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.human_impact import VERSIONS +from ssvc.decision_points.ssvc.human_impact import VERSIONS from ssvc.doc_helpers import prior_version, example_block versions = VERSIONS[:-1] diff --git a/docs/reference/decision_points/mission_impact.md b/docs/reference/decision_points/mission_impact.md index 617a0327..801aea6b 100644 --- a/docs/reference/decision_points/mission_impact.md +++ b/docs/reference/decision_points/mission_impact.md @@ -1,7 +1,7 @@ # Mission Impact ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.mission_impact import LATEST +from ssvc.decision_points.ssvc.mission_impact import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -42,7 +42,7 @@ It should require the vulnerability management team to interact with more senior ## Prior Versions ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.mission_impact import VERSIONS +from ssvc.decision_points.ssvc.mission_impact import VERSIONS from ssvc.doc_helpers import example_block versions = VERSIONS[:-1] diff --git a/docs/reference/decision_points/public_safety_impact.md b/docs/reference/decision_points/public_safety_impact.md index 4fc7df48..15960fa5 100644 --- a/docs/reference/decision_points/public_safety_impact.md +++ b/docs/reference/decision_points/public_safety_impact.md @@ -1,7 +1,7 @@ # Public Safety Impact ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.public_safety_impact import LATEST +from ssvc.decision_points.ssvc.public_safety_impact import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -21,7 +21,7 @@ Therefore we simplify the above into a binary categorization: ## Prior Versions ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.public_safety_impact import VERSIONS +from ssvc.decision_points.ssvc.public_safety_impact import VERSIONS from ssvc.doc_helpers import example_block versions = VERSIONS[:-1] diff --git a/docs/reference/decision_points/public_value_added.md b/docs/reference/decision_points/public_value_added.md index 4a085f25..8a07a42e 100644 --- a/docs/reference/decision_points/public_value_added.md +++ b/docs/reference/decision_points/public_value_added.md @@ -1,7 +1,7 @@ # Public Value Added ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.public_value_added import LATEST +from ssvc.decision_points.ssvc.public_value_added import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/docs/reference/decision_points/report_credibility.md b/docs/reference/decision_points/report_credibility.md index fc648de8..0bd2047c 100644 --- a/docs/reference/decision_points/report_credibility.md +++ b/docs/reference/decision_points/report_credibility.md @@ -1,7 +1,7 @@ # Report Credibility ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.report_credibility import LATEST +from ssvc.decision_points.ssvc.report_credibility import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/docs/reference/decision_points/report_public.md b/docs/reference/decision_points/report_public.md index ea60fda9..fd5df8e2 100644 --- a/docs/reference/decision_points/report_public.md +++ b/docs/reference/decision_points/report_public.md @@ -1,7 +1,7 @@ # Report Public ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.report_public import LATEST +from ssvc.decision_points.ssvc.report_public import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/docs/reference/decision_points/safety_impact.md b/docs/reference/decision_points/safety_impact.md index 18f25e7d..128275ba 100644 --- a/docs/reference/decision_points/safety_impact.md +++ b/docs/reference/decision_points/safety_impact.md @@ -1,7 +1,7 @@ # Safety Impact ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.safety_impact import LATEST +from ssvc.decision_points.ssvc.safety_impact import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -217,7 +217,7 @@ We defer this topic for now because we combine it with [*Mission Impact*](missio ## Prior Versions ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.safety_impact import VERSIONS +from ssvc.decision_points.ssvc.safety_impact import VERSIONS from ssvc.doc_helpers import example_block versions = VERSIONS[:-1] diff --git a/docs/reference/decision_points/supplier_cardinality.md b/docs/reference/decision_points/supplier_cardinality.md index 332633ab..6c27a0f3 100644 --- a/docs/reference/decision_points/supplier_cardinality.md +++ b/docs/reference/decision_points/supplier_cardinality.md @@ -1,7 +1,7 @@ # Supplier Cardinality ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.supplier_cardinality import LATEST +from ssvc.decision_points.ssvc.supplier_cardinality import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/docs/reference/decision_points/supplier_contacted.md b/docs/reference/decision_points/supplier_contacted.md index 5a863768..d8bcbdcf 100644 --- a/docs/reference/decision_points/supplier_contacted.md +++ b/docs/reference/decision_points/supplier_contacted.md @@ -1,7 +1,7 @@ # Supplier Contacted ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.supplier_contacted import LATEST +from ssvc.decision_points.ssvc.supplier_contacted import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/docs/reference/decision_points/supplier_engagement.md b/docs/reference/decision_points/supplier_engagement.md index f97a917f..35b395d7 100644 --- a/docs/reference/decision_points/supplier_engagement.md +++ b/docs/reference/decision_points/supplier_engagement.md @@ -1,7 +1,7 @@ # Supplier Engagement ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.supplier_engagement import LATEST +from ssvc.decision_points.ssvc.supplier_engagement import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/docs/reference/decision_points/supplier_involvement.md b/docs/reference/decision_points/supplier_involvement.md index bfc45eab..519db57b 100644 --- a/docs/reference/decision_points/supplier_involvement.md +++ b/docs/reference/decision_points/supplier_involvement.md @@ -1,7 +1,7 @@ # Supplier Involvement ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.supplier_involvement import LATEST +from ssvc.decision_points.ssvc.supplier_involvement import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/docs/reference/decision_points/system_exposure.md b/docs/reference/decision_points/system_exposure.md index a50c131c..5bbaa2f1 100644 --- a/docs/reference/decision_points/system_exposure.md +++ b/docs/reference/decision_points/system_exposure.md @@ -1,7 +1,7 @@ # System Exposure ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.system_exposure import LATEST +from ssvc.decision_points.ssvc.system_exposure import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -44,7 +44,7 @@ If you have suggestions for further heuristics, or potential counterexamples to ## Prior Versions ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.system_exposure import VERSIONS +from ssvc.decision_points.ssvc.system_exposure import VERSIONS from ssvc.doc_helpers import example_block versions = VERSIONS[:-1] diff --git a/docs/reference/decision_points/technical_impact.md b/docs/reference/decision_points/technical_impact.md index 6bc02a33..0c3925ff 100644 --- a/docs/reference/decision_points/technical_impact.md +++ b/docs/reference/decision_points/technical_impact.md @@ -1,7 +1,7 @@ # Technical Impact ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.technical_impact import LATEST +from ssvc.decision_points.ssvc.technical_impact import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/docs/reference/decision_points/utility.md b/docs/reference/decision_points/utility.md index 90ac80ca..13fca8b1 100644 --- a/docs/reference/decision_points/utility.md +++ b/docs/reference/decision_points/utility.md @@ -1,7 +1,7 @@ # Utility ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.utility import LATEST +from ssvc.decision_points.ssvc.utility import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -46,7 +46,7 @@ However, future work should look for and prevent large mismatches between the ou ## Previous Versions ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.utility import VERSIONS +from ssvc.decision_points.ssvc.utility import VERSIONS from ssvc.doc_helpers import example_block versions = VERSIONS[:-1] diff --git a/docs/reference/decision_points/value_density.md b/docs/reference/decision_points/value_density.md index 2cc7bb8c..265c680c 100644 --- a/docs/reference/decision_points/value_density.md +++ b/docs/reference/decision_points/value_density.md @@ -1,7 +1,7 @@ # Value Density (SSVC) ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc_.value_density import LATEST +from ssvc.decision_points.ssvc.value_density import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/src/ssvc/decision_points/ssvc/__init__.py b/src/ssvc/decision_points/ssvc/__init__.py new file mode 100644 index 00000000..03abf5f2 --- /dev/null +++ b/src/ssvc/decision_points/ssvc/__init__.py @@ -0,0 +1,21 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +""" +This package contains SSVC decision points belonging to the `ssvc` namespace. +""" diff --git a/src/ssvc/decision_points/ssvc_/automatable.py b/src/ssvc/decision_points/ssvc/automatable.py similarity index 97% rename from src/ssvc/decision_points/ssvc_/automatable.py rename to src/ssvc/decision_points/ssvc/automatable.py index 3c8fc3ac..3ebe61ff 100644 --- a/src/ssvc/decision_points/ssvc_/automatable.py +++ b/src/ssvc/decision_points/ssvc/automatable.py @@ -22,9 +22,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint RAPID = DecisionPointValue( name="Rapid", diff --git a/src/ssvc/decision_points/ssvc_/base.py b/src/ssvc/decision_points/ssvc/base.py similarity index 100% rename from src/ssvc/decision_points/ssvc_/base.py rename to src/ssvc/decision_points/ssvc/base.py diff --git a/src/ssvc/decision_points/ssvc_/critical_software.py b/src/ssvc/decision_points/ssvc/critical_software.py similarity index 96% rename from src/ssvc/decision_points/ssvc_/critical_software.py rename to src/ssvc/decision_points/ssvc/critical_software.py index 334bc29f..6fad730c 100644 --- a/src/ssvc/decision_points/ssvc_/critical_software.py +++ b/src/ssvc/decision_points/ssvc/critical_software.py @@ -24,7 +24,7 @@ from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint YES = DecisionPointValue( name="Yes", diff --git a/src/ssvc/decision_points/ssvc_/exploitation.py b/src/ssvc/decision_points/ssvc/exploitation.py similarity index 97% rename from src/ssvc/decision_points/ssvc_/exploitation.py rename to src/ssvc/decision_points/ssvc/exploitation.py index 2082a767..c4a4ccc8 100644 --- a/src/ssvc/decision_points/ssvc_/exploitation.py +++ b/src/ssvc/decision_points/ssvc/exploitation.py @@ -21,9 +21,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint ACTIVE = DecisionPointValue( name="Active", diff --git a/src/ssvc/decision_points/ssvc_/high_value_asset.py b/src/ssvc/decision_points/ssvc/high_value_asset.py similarity index 96% rename from src/ssvc/decision_points/ssvc_/high_value_asset.py rename to src/ssvc/decision_points/ssvc/high_value_asset.py index 7309d31a..3612b094 100644 --- a/src/ssvc/decision_points/ssvc_/high_value_asset.py +++ b/src/ssvc/decision_points/ssvc/high_value_asset.py @@ -24,7 +24,7 @@ from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint YES = DecisionPointValue( name="Yes", diff --git a/src/ssvc/decision_points/ssvc_/human_impact.py b/src/ssvc/decision_points/ssvc/human_impact.py similarity index 98% rename from src/ssvc/decision_points/ssvc_/human_impact.py rename to src/ssvc/decision_points/ssvc/human_impact.py index f1cac59d..a5a583bf 100644 --- a/src/ssvc/decision_points/ssvc_/human_impact.py +++ b/src/ssvc/decision_points/ssvc/human_impact.py @@ -22,9 +22,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint LOW_1 = DecisionPointValue( name="Low", diff --git a/src/ssvc/decision_points/ssvc_/in_kev.py b/src/ssvc/decision_points/ssvc/in_kev.py similarity index 96% rename from src/ssvc/decision_points/ssvc_/in_kev.py rename to src/ssvc/decision_points/ssvc/in_kev.py index 90c185a9..0e8c83bd 100644 --- a/src/ssvc/decision_points/ssvc_/in_kev.py +++ b/src/ssvc/decision_points/ssvc/in_kev.py @@ -23,7 +23,7 @@ from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint YES = DecisionPointValue( name="Yes", diff --git a/src/ssvc/decision_points/ssvc_/mission_impact.py b/src/ssvc/decision_points/ssvc/mission_impact.py similarity index 98% rename from src/ssvc/decision_points/ssvc_/mission_impact.py rename to src/ssvc/decision_points/ssvc/mission_impact.py index 98fa52dd..c9666fb2 100644 --- a/src/ssvc/decision_points/ssvc_/mission_impact.py +++ b/src/ssvc/decision_points/ssvc/mission_impact.py @@ -23,9 +23,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint MISSION_FAILURE = DecisionPointValue( name="Mission Failure", diff --git a/src/ssvc/decision_points/ssvc_/mission_prevalence.py b/src/ssvc/decision_points/ssvc/mission_prevalence.py similarity index 100% rename from src/ssvc/decision_points/ssvc_/mission_prevalence.py rename to src/ssvc/decision_points/ssvc/mission_prevalence.py diff --git a/src/ssvc/decision_points/ssvc_/public_safety_impact.py b/src/ssvc/decision_points/ssvc/public_safety_impact.py similarity index 98% rename from src/ssvc/decision_points/ssvc_/public_safety_impact.py rename to src/ssvc/decision_points/ssvc/public_safety_impact.py index 0665732c..449c8938 100644 --- a/src/ssvc/decision_points/ssvc_/public_safety_impact.py +++ b/src/ssvc/decision_points/ssvc/public_safety_impact.py @@ -23,9 +23,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint MINIMAL_1 = DecisionPointValue( name="Minimal", diff --git a/src/ssvc/decision_points/ssvc_/public_value_added.py b/src/ssvc/decision_points/ssvc/public_value_added.py similarity index 97% rename from src/ssvc/decision_points/ssvc_/public_value_added.py rename to src/ssvc/decision_points/ssvc/public_value_added.py index 38cd8090..eac5543b 100644 --- a/src/ssvc/decision_points/ssvc_/public_value_added.py +++ b/src/ssvc/decision_points/ssvc/public_value_added.py @@ -23,9 +23,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint LIMITED = DecisionPointValue( name="Limited", diff --git a/src/ssvc/decision_points/ssvc_/report_credibility.py b/src/ssvc/decision_points/ssvc/report_credibility.py similarity index 96% rename from src/ssvc/decision_points/ssvc_/report_credibility.py rename to src/ssvc/decision_points/ssvc/report_credibility.py index 6a7c99a9..e74218ce 100644 --- a/src/ssvc/decision_points/ssvc_/report_credibility.py +++ b/src/ssvc/decision_points/ssvc/report_credibility.py @@ -23,9 +23,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint NOT_CREDIBLE = DecisionPointValue( name="Not Credible", diff --git a/src/ssvc/decision_points/ssvc_/report_public.py b/src/ssvc/decision_points/ssvc/report_public.py similarity index 96% rename from src/ssvc/decision_points/ssvc_/report_public.py rename to src/ssvc/decision_points/ssvc/report_public.py index 0e5b0ffe..73cccfee 100644 --- a/src/ssvc/decision_points/ssvc_/report_public.py +++ b/src/ssvc/decision_points/ssvc/report_public.py @@ -22,9 +22,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint YES = DecisionPointValue( name="Yes", diff --git a/src/ssvc/decision_points/ssvc_/safety_impact.py b/src/ssvc/decision_points/ssvc/safety_impact.py similarity index 99% rename from src/ssvc/decision_points/ssvc_/safety_impact.py rename to src/ssvc/decision_points/ssvc/safety_impact.py index 4e05a51f..5db63999 100644 --- a/src/ssvc/decision_points/ssvc_/safety_impact.py +++ b/src/ssvc/decision_points/ssvc/safety_impact.py @@ -23,9 +23,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint CATASTROPHIC = DecisionPointValue( name="Catastrophic", diff --git a/src/ssvc/decision_points/ssvc_/supplier_cardinality.py b/src/ssvc/decision_points/ssvc/supplier_cardinality.py similarity index 96% rename from src/ssvc/decision_points/ssvc_/supplier_cardinality.py rename to src/ssvc/decision_points/ssvc/supplier_cardinality.py index ac09c252..c78167f6 100644 --- a/src/ssvc/decision_points/ssvc_/supplier_cardinality.py +++ b/src/ssvc/decision_points/ssvc/supplier_cardinality.py @@ -22,9 +22,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint MULTIPLE = DecisionPointValue( name="Multiple", diff --git a/src/ssvc/decision_points/ssvc_/supplier_contacted.py b/src/ssvc/decision_points/ssvc/supplier_contacted.py similarity index 96% rename from src/ssvc/decision_points/ssvc_/supplier_contacted.py rename to src/ssvc/decision_points/ssvc/supplier_contacted.py index a08b931b..9d440415 100644 --- a/src/ssvc/decision_points/ssvc_/supplier_contacted.py +++ b/src/ssvc/decision_points/ssvc/supplier_contacted.py @@ -21,9 +21,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint YES = DecisionPointValue( name="Yes", diff --git a/src/ssvc/decision_points/ssvc_/supplier_engagement.py b/src/ssvc/decision_points/ssvc/supplier_engagement.py similarity index 97% rename from src/ssvc/decision_points/ssvc_/supplier_engagement.py rename to src/ssvc/decision_points/ssvc/supplier_engagement.py index 354d7b2f..ed9660fb 100644 --- a/src/ssvc/decision_points/ssvc_/supplier_engagement.py +++ b/src/ssvc/decision_points/ssvc/supplier_engagement.py @@ -23,9 +23,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint UNRESPONSIVE = DecisionPointValue( name="Unresponsive", diff --git a/src/ssvc/decision_points/ssvc_/supplier_involvement.py b/src/ssvc/decision_points/ssvc/supplier_involvement.py similarity index 97% rename from src/ssvc/decision_points/ssvc_/supplier_involvement.py rename to src/ssvc/decision_points/ssvc/supplier_involvement.py index 1a9bb3dd..07dcfc2d 100644 --- a/src/ssvc/decision_points/ssvc_/supplier_involvement.py +++ b/src/ssvc/decision_points/ssvc/supplier_involvement.py @@ -22,9 +22,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint UNCOOPERATIVE = DecisionPointValue( name="Uncooperative/Unresponsive", diff --git a/src/ssvc/decision_points/ssvc_/system_exposure.py b/src/ssvc/decision_points/ssvc/system_exposure.py similarity index 98% rename from src/ssvc/decision_points/ssvc_/system_exposure.py rename to src/ssvc/decision_points/ssvc/system_exposure.py index c5926cfc..06b87b82 100644 --- a/src/ssvc/decision_points/ssvc_/system_exposure.py +++ b/src/ssvc/decision_points/ssvc/system_exposure.py @@ -22,9 +22,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint EXP_UNAVOIDABLE = DecisionPointValue( name="Unavoidable", diff --git a/src/ssvc/decision_points/ssvc_/technical_impact.py b/src/ssvc/decision_points/ssvc/technical_impact.py similarity index 97% rename from src/ssvc/decision_points/ssvc_/technical_impact.py rename to src/ssvc/decision_points/ssvc/technical_impact.py index bd205a54..e2bd46dd 100644 --- a/src/ssvc/decision_points/ssvc_/technical_impact.py +++ b/src/ssvc/decision_points/ssvc/technical_impact.py @@ -23,9 +23,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint TOTAL = DecisionPointValue( name="Total", diff --git a/src/ssvc/decision_points/ssvc_/utility.py b/src/ssvc/decision_points/ssvc/utility.py similarity index 97% rename from src/ssvc/decision_points/ssvc_/utility.py rename to src/ssvc/decision_points/ssvc/utility.py index e75b431c..f83518c3 100644 --- a/src/ssvc/decision_points/ssvc_/utility.py +++ b/src/ssvc/decision_points/ssvc/utility.py @@ -23,9 +23,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint SUPER_EFFECTIVE_2 = DecisionPointValue( name="Super Effective", diff --git a/src/ssvc/decision_points/ssvc_/value_density.py b/src/ssvc/decision_points/ssvc/value_density.py similarity index 97% rename from src/ssvc/decision_points/ssvc_/value_density.py rename to src/ssvc/decision_points/ssvc/value_density.py index 9f3d76c4..610291a8 100644 --- a/src/ssvc/decision_points/ssvc_/value_density.py +++ b/src/ssvc/decision_points/ssvc/value_density.py @@ -22,9 +22,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint CONCENTRATED = DecisionPointValue( name="Concentrated", diff --git a/src/ssvc/decision_points/ssvc_/__init__.py b/src/ssvc/decision_points/ssvc_/__init__.py deleted file mode 100644 index 3fa844ad..00000000 --- a/src/ssvc/decision_points/ssvc_/__init__.py +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University -""" -This package contains SSVC decision points belonging to the `ssvc` namespace. -""" diff --git a/src/ssvc/doc_helpers.py b/src/ssvc/doc_helpers.py index 9748df47..9ab8a8dc 100644 --- a/src/ssvc/doc_helpers.py +++ b/src/ssvc/doc_helpers.py @@ -23,7 +23,7 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint MD_TABLE_ROW_TEMPLATE = "| {value.name} | {value.description} |" diff --git a/src/ssvc/doctools.py b/src/ssvc/doctools.py index 2d5ae11d..09bfcce9 100644 --- a/src/ssvc/doctools.py +++ b/src/ssvc/doctools.py @@ -34,19 +34,48 @@ python -m ssvc.doctools --overwrite --jsondir data/json/decision_points """ +import importlib import logging import os -import ssvc.dp_groups.cvss.collections # noqa -import ssvc.dp_groups.ssvc.collections # noqa from ssvc.decision_points.base import ( - DecisionPoint, REGISTERED_DECISION_POINTS, + DecisionPoint, + REGISTERED_DECISION_POINTS, ) -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint logger = logging.getLogger(__name__) +def find_modules_to_import( + directory: str = "../decision_points", package: str = "ssvc.decision_points" +) -> bool: + """ + Find all modules that contain decision points and import them. + + This is necessary to ensure that all decision points are registered. + """ + imported_modules = [] + for root, _, files in os.walk(os.path.abspath(directory)): + for file in files: + if file.endswith(".py") and not file.startswith("__"): + # build the module name relative to the package + relative_path = os.path.relpath(root, directory) + module_name = os.path.join(relative_path, file[:-3]).replace( + os.sep, "." + ) + + full_module_name = f"{package}.{module_name}" + # import the module + try: + logger.info(f"Importing module {full_module_name}") + module = importlib.import_module(full_module_name) + imported_modules.append(module) + except ImportError as e: + logger.error(f"Failed to import {full_module_name}: {e}") + return imported_modules + + def _filename_friendly(name: str) -> str: """ Given a string, return a version that is friendly for use in a filename. @@ -120,9 +149,7 @@ def dump_decision_point(jsondir: str, dp: SsvcDecisionPoint, overwrite: bool) -> dump_json(basename, dp, jsondir, overwrite) -def dump_json( - basename: str, dp: DecisionPoint, jsondir: str, overwrite: bool -) -> str: +def dump_json(basename: str, dp: DecisionPoint, jsondir: str, overwrite: bool) -> str: """ Generate the json example for a decision point. @@ -189,6 +216,11 @@ def main(): overwrite = args.overwrite jsondir = args.jsondir + find_modules_to_import("./decision_points", "ssvc.decision_points") + find_modules_to_import("./outcomes", "ssvc.outcomes") + from ssvc.dp_groups.ssvc import collections # noqa: E402 + from ssvc.dp_groups.cvss import collections # noqa: E402 + # for each decision point: for dp in REGISTERED_DECISION_POINTS: dump_decision_point(jsondir, dp, overwrite) diff --git a/src/ssvc/dp_groups/ssvc/coordinator_publication.py b/src/ssvc/dp_groups/ssvc/coordinator_publication.py index 08003b1c..77f773d0 100644 --- a/src/ssvc/dp_groups/ssvc/coordinator_publication.py +++ b/src/ssvc/dp_groups/ssvc/coordinator_publication.py @@ -23,9 +23,9 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.exploitation import EXPLOITATION_1 -from ssvc.decision_points.ssvc_.public_value_added import PUBLIC_VALUE_ADDED_1 -from ssvc.decision_points.ssvc_.supplier_involvement import SUPPLIER_INVOLVEMENT_1 +from ssvc.decision_points.ssvc.exploitation import EXPLOITATION_1 +from ssvc.decision_points.ssvc.public_value_added import PUBLIC_VALUE_ADDED_1 +from ssvc.decision_points.ssvc.supplier_involvement import SUPPLIER_INVOLVEMENT_1 from ssvc.dp_groups.base import DecisionPointGroup diff --git a/src/ssvc/dp_groups/ssvc/coordinator_triage.py b/src/ssvc/dp_groups/ssvc/coordinator_triage.py index ac6e2153..cd625ef4 100644 --- a/src/ssvc/dp_groups/ssvc/coordinator_triage.py +++ b/src/ssvc/dp_groups/ssvc/coordinator_triage.py @@ -23,16 +23,16 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.automatable import AUTOMATABLE_2 -from ssvc.decision_points.ssvc_.public_safety_impact import PUBLIC_SAFETY_IMPACT_2 -from ssvc.decision_points.ssvc_.report_credibility import REPORT_CREDIBILITY_1 -from ssvc.decision_points.ssvc_.report_public import REPORT_PUBLIC_1 -from ssvc.decision_points.ssvc_.safety_impact import SAFETY_IMPACT_1 -from ssvc.decision_points.ssvc_.supplier_cardinality import SUPPLIER_CARDINALITY_1 -from ssvc.decision_points.ssvc_.supplier_contacted import SUPPLIER_CONTACTED_1 -from ssvc.decision_points.ssvc_.supplier_engagement import SUPPLIER_ENGAGEMENT_1 -from ssvc.decision_points.ssvc_.utility import UTILITY_1_0_1 -from ssvc.decision_points.ssvc_.value_density import VALUE_DENSITY_1 +from ssvc.decision_points.ssvc.automatable import AUTOMATABLE_2 +from ssvc.decision_points.ssvc.public_safety_impact import PUBLIC_SAFETY_IMPACT_2 +from ssvc.decision_points.ssvc.report_credibility import REPORT_CREDIBILITY_1 +from ssvc.decision_points.ssvc.report_public import REPORT_PUBLIC_1 +from ssvc.decision_points.ssvc.safety_impact import SAFETY_IMPACT_1 +from ssvc.decision_points.ssvc.supplier_cardinality import SUPPLIER_CARDINALITY_1 +from ssvc.decision_points.ssvc.supplier_contacted import SUPPLIER_CONTACTED_1 +from ssvc.decision_points.ssvc.supplier_engagement import SUPPLIER_ENGAGEMENT_1 +from ssvc.decision_points.ssvc.utility import UTILITY_1_0_1 +from ssvc.decision_points.ssvc.value_density import VALUE_DENSITY_1 from ssvc.dp_groups.base import DecisionPointGroup COORDINATOR_TRIAGE_1 = DecisionPointGroup( diff --git a/src/ssvc/dp_groups/ssvc/deployer.py b/src/ssvc/dp_groups/ssvc/deployer.py index dd2fc6d9..4473746c 100644 --- a/src/ssvc/dp_groups/ssvc/deployer.py +++ b/src/ssvc/dp_groups/ssvc/deployer.py @@ -24,20 +24,20 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.automatable import AUTOMATABLE_2 -from ssvc.decision_points.ssvc_.exploitation import EXPLOITATION_1 -from ssvc.decision_points.ssvc_.human_impact import HUMAN_IMPACT_2 -from ssvc.decision_points.ssvc_.mission_impact import ( +from ssvc.decision_points.ssvc.automatable import AUTOMATABLE_2 +from ssvc.decision_points.ssvc.exploitation import EXPLOITATION_1 +from ssvc.decision_points.ssvc.human_impact import HUMAN_IMPACT_2 +from ssvc.decision_points.ssvc.mission_impact import ( MISSION_IMPACT_1, MISSION_IMPACT_2, ) -from ssvc.decision_points.ssvc_.safety_impact import SAFETY_IMPACT_1 -from ssvc.decision_points.ssvc_.system_exposure import ( +from ssvc.decision_points.ssvc.safety_impact import SAFETY_IMPACT_1 +from ssvc.decision_points.ssvc.system_exposure import ( SYSTEM_EXPOSURE_1, SYSTEM_EXPOSURE_1_0_1, ) -from ssvc.decision_points.ssvc_.utility import UTILITY_1_0_1 -from ssvc.decision_points.ssvc_.value_density import VALUE_DENSITY_1 +from ssvc.decision_points.ssvc.utility import UTILITY_1_0_1 +from ssvc.decision_points.ssvc.value_density import VALUE_DENSITY_1 from ssvc.dp_groups.base import DecisionPointGroup PATCH_APPLIER_1 = DecisionPointGroup( diff --git a/src/ssvc/dp_groups/ssvc/supplier.py b/src/ssvc/dp_groups/ssvc/supplier.py index fd863152..f7a73c13 100644 --- a/src/ssvc/dp_groups/ssvc/supplier.py +++ b/src/ssvc/dp_groups/ssvc/supplier.py @@ -24,12 +24,12 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc_.automatable import AUTOMATABLE_2, VIRULENCE_1 -from ssvc.decision_points.ssvc_.exploitation import EXPLOITATION_1 -from ssvc.decision_points.ssvc_.safety_impact import SAFETY_IMPACT_1 -from ssvc.decision_points.ssvc_.technical_impact import TECHNICAL_IMPACT_1 -from ssvc.decision_points.ssvc_.utility import UTILITY_1, UTILITY_1_0_1 -from ssvc.decision_points.ssvc_.value_density import VALUE_DENSITY_1 +from ssvc.decision_points.ssvc.automatable import AUTOMATABLE_2, VIRULENCE_1 +from ssvc.decision_points.ssvc.exploitation import EXPLOITATION_1 +from ssvc.decision_points.ssvc.safety_impact import SAFETY_IMPACT_1 +from ssvc.decision_points.ssvc.technical_impact import TECHNICAL_IMPACT_1 +from ssvc.decision_points.ssvc.utility import UTILITY_1, UTILITY_1_0_1 +from ssvc.decision_points.ssvc.value_density import VALUE_DENSITY_1 from ssvc.dp_groups.base import DecisionPointGroup PATCH_DEVELOPER_1 = DecisionPointGroup( diff --git a/src/ssvc/outcomes/base.py b/src/ssvc/outcomes/base.py index f2074f4f..82c9da08 100644 --- a/src/ssvc/outcomes/base.py +++ b/src/ssvc/outcomes/base.py @@ -23,7 +23,7 @@ from ssvc.decision_points.base import DecisionPoint, DecisionPointValue from ssvc.decision_points.cisa.base import CisaDecisionPoint from ssvc.decision_points.cvss.base import CvssDecisionPoint -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint OutcomeValue = DecisionPointValue OutcomeGroup = DecisionPoint diff --git a/src/ssvc/outcomes/ssvc/__init__.py b/src/ssvc/outcomes/ssvc/__init__.py new file mode 100644 index 00000000..55937544 --- /dev/null +++ b/src/ssvc/outcomes/ssvc/__init__.py @@ -0,0 +1,25 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +""" +Provides outcome group objects in the ssvc namespace +""" + +from .coordinate import LATEST as COORDINATE +from .dsoi import LATEST as DSOI +from .publish import LATEST as PUBLISH diff --git a/src/ssvc/outcomes/ssvc/coordinate.py b/src/ssvc/outcomes/ssvc/coordinate.py new file mode 100644 index 00000000..136d987e --- /dev/null +++ b/src/ssvc/outcomes/ssvc/coordinate.py @@ -0,0 +1,53 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +from ssvc.decision_points.base import DecisionPointValue as DecisionPointValue +from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint + +_DECLINE = DecisionPointValue(name="Decline", key="D", description="Decline") + +_TRACK = DecisionPointValue(name="Track", key="T", description="Track") + +_COORDINATE = DecisionPointValue(name="Coordinate", key="C", description="Coordinate") + +COORDINATE = SsvcDecisionPoint( + name="Decline, Track, Coordinate", + key="COORDINATE", + description="The coordinate outcome group.", + version="1.0.0", + values=( + _DECLINE, + _TRACK, + _COORDINATE, + ), +) +""" +The coordinate outcome group. +""" + +VERSIONS = (COORDINATE,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/outcomes/ssvc/dsoi.py b/src/ssvc/outcomes/ssvc/dsoi.py new file mode 100644 index 00000000..cf477abb --- /dev/null +++ b/src/ssvc/outcomes/ssvc/dsoi.py @@ -0,0 +1,64 @@ +#!/usr/bin/env python + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +""" +Provides the defer, scheduled, out-of-cycle, immediate outcome group for use in SSVC. +""" +from ssvc.decision_points.base import DecisionPointValue as DecisionPointValue +from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint + +_DEFER = DecisionPointValue(name="Defer", key="D", description="Defer") + +_SCHEDULED = DecisionPointValue(name="Scheduled", key="S", description="Scheduled") + +_OUT_OF_CYCLE = DecisionPointValue( + name="Out-of-Cycle", key="O", description="Out-of-Cycle" +) + +_IMMEDIATE = DecisionPointValue(name="Immediate", key="I", description="Immediate") + +DSOI = SsvcDecisionPoint( + name="Defer, Scheduled, Out-of-Cycle, Immediate", + key="DSOI", + description="The original SSVC outcome group.", + version="1.0.0", + values=( + _DEFER, + _SCHEDULED, + _OUT_OF_CYCLE, + _IMMEDIATE, + ), +) +""" +The original SSVC outcome group. +""" + + +VERSIONS = (DSOI,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/outcomes/ssvc/publish.py b/src/ssvc/outcomes/ssvc/publish.py new file mode 100644 index 00000000..bcc2eb13 --- /dev/null +++ b/src/ssvc/outcomes/ssvc/publish.py @@ -0,0 +1,55 @@ +#!/usr/bin/env python + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.base import DecisionPointValue as DecisionPointValue +from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.decision_points.ssvc.base import SsvcDecisionPoint + +_DO_NOT_PUBLISH = DecisionPointValue( + name="Do Not Publish", key="N", description="Do Not Publish" +) + +_PUBLISH = DecisionPointValue(name="Publish", key="P", description="Publish") + +PUBLISH = SsvcDecisionPoint( + name="Publish, Do Not Publish", + key="PUBLISH", + description="The publish outcome group.", + version="1.0.0", + values=( + _DO_NOT_PUBLISH, + _PUBLISH, + ), +) +""" +The publish outcome group. +""" + +VERSIONS = (PUBLISH,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/outcomes/ssvc_/__init__.py b/src/ssvc/outcomes/ssvc_/__init__.py deleted file mode 100644 index 60041bf3..00000000 --- a/src/ssvc/outcomes/ssvc_/__init__.py +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University -""" -Provides outcome group objects in the ssvc namespace -""" - -from .coordinate import LATEST as COORDINATE -from .dsoi import LATEST as DSOI -from .publish import LATEST as PUBLISH diff --git a/src/ssvc/outcomes/ssvc_/coordinate.py b/src/ssvc/outcomes/ssvc_/coordinate.py deleted file mode 100644 index f1c8259c..00000000 --- a/src/ssvc/outcomes/ssvc_/coordinate.py +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University -from ssvc.decision_points.base import DecisionPointValue as DecisionPointValue -from ssvc.decision_points.helpers import print_versions_and_diffs -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint - -_DECLINE = DecisionPointValue(name="Decline", key="D", description="Decline") - -_TRACK = DecisionPointValue(name="Track", key="T", description="Track") - -_COORDINATE = DecisionPointValue(name="Coordinate", key="C", description="Coordinate") - -COORDINATE = SsvcDecisionPoint( - name="Decline, Track, Coordinate", - key="COORDINATE", - description="The coordinate outcome group.", - version="1.0.0", - values=( - _DECLINE, - _TRACK, - _COORDINATE, - ), -) -""" -The coordinate outcome group. -""" - -VERSIONS = (COORDINATE,) -LATEST = VERSIONS[-1] - - -def main(): - print_versions_and_diffs(VERSIONS) - - -if __name__ == "__main__": - main() diff --git a/src/ssvc/outcomes/ssvc_/dsoi.py b/src/ssvc/outcomes/ssvc_/dsoi.py deleted file mode 100644 index 297c3f56..00000000 --- a/src/ssvc/outcomes/ssvc_/dsoi.py +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/env python - -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University -""" -Provides the defer, scheduled, out-of-cycle, immediate outcome group for use in SSVC. -""" -from ssvc.decision_points.base import DecisionPointValue as DecisionPointValue -from ssvc.decision_points.helpers import print_versions_and_diffs -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint - -_DEFER = DecisionPointValue(name="Defer", key="D", description="Defer") - -_SCHEDULED = DecisionPointValue(name="Scheduled", key="S", description="Scheduled") - -_OUT_OF_CYCLE = DecisionPointValue( - name="Out-of-Cycle", key="O", description="Out-of-Cycle" -) - -_IMMEDIATE = DecisionPointValue(name="Immediate", key="I", description="Immediate") - -DSOI = SsvcDecisionPoint( - name="Defer, Scheduled, Out-of-Cycle, Immediate", - key="DSOI", - description="The original SSVC outcome group.", - version="1.0.0", - values=( - _DEFER, - _SCHEDULED, - _OUT_OF_CYCLE, - _IMMEDIATE, - ), -) -""" -The original SSVC outcome group. -""" - - -VERSIONS = (DSOI,) -LATEST = VERSIONS[-1] - - -def main(): - print_versions_and_diffs(VERSIONS) - - -if __name__ == "__main__": - main() diff --git a/src/ssvc/outcomes/ssvc_/publish.py b/src/ssvc/outcomes/ssvc_/publish.py deleted file mode 100644 index 58311b6e..00000000 --- a/src/ssvc/outcomes/ssvc_/publish.py +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/env python - -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University - -from ssvc.decision_points.base import DecisionPointValue as DecisionPointValue -from ssvc.decision_points.helpers import print_versions_and_diffs -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint - -_DO_NOT_PUBLISH = DecisionPointValue( - name="Do Not Publish", key="N", description="Do Not Publish" -) - -_PUBLISH = DecisionPointValue(name="Publish", key="P", description="Publish") - -PUBLISH = SsvcDecisionPoint( - name="Publish, Do Not Publish", - key="PUBLISH", - description="The publish outcome group.", - version="1.0.0", - values=( - _DO_NOT_PUBLISH, - _PUBLISH, - ), -) -""" -The publish outcome group. -""" - -VERSIONS = (PUBLISH,) -LATEST = VERSIONS[-1] - - -def main(): - print_versions_and_diffs(VERSIONS) - - -if __name__ == "__main__": - main() diff --git a/src/ssvc/policy_generator.py b/src/ssvc/policy_generator.py index c77e649d..b99b4b8e 100644 --- a/src/ssvc/policy_generator.py +++ b/src/ssvc/policy_generator.py @@ -336,11 +336,11 @@ def _is_topological_order(self, node_order: list) -> bool: def main(): - from ssvc.decision_points.ssvc_.automatable import AUTOMATABLE_2 - from ssvc.decision_points.ssvc_.exploitation import EXPLOITATION_1 - from ssvc.decision_points.ssvc_.human_impact import HUMAN_IMPACT_2 - from ssvc.decision_points.ssvc_.system_exposure import SYSTEM_EXPOSURE_1_0_1 - from ssvc.outcomes.ssvc_.dsoi import DSOI + from ssvc.decision_points.ssvc.automatable import AUTOMATABLE_2 + from ssvc.decision_points.ssvc.exploitation import EXPLOITATION_1 + from ssvc.decision_points.ssvc.human_impact import HUMAN_IMPACT_2 + from ssvc.decision_points.ssvc.system_exposure import SYSTEM_EXPOSURE_1_0_1 + from ssvc.outcomes.ssvc.dsoi import DSOI # set up logging logger = logging.getLogger() diff --git a/src/test/decision_points/test_dp_base.py b/src/test/decision_points/test_dp_base.py index faa68b4b..9ff78118 100644 --- a/src/test/decision_points/test_dp_base.py +++ b/src/test/decision_points/test_dp_base.py @@ -20,7 +20,7 @@ import unittest import ssvc.decision_points.base as base -import ssvc.decision_points.ssvc_.base +import ssvc.decision_points.ssvc.base class MyTestCase(unittest.TestCase): @@ -36,7 +36,7 @@ def setUp(self) -> None: ) ) - self.dp = ssvc.decision_points.ssvc_.base.SsvcDecisionPoint( + self.dp = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( name="foo", key="bar", description="baz", @@ -61,7 +61,7 @@ def test_registry(self): # just by creating the objects, they should be registered self.assertIn(self.dp, base.REGISTERED_DECISION_POINTS) - dp2 = ssvc.decision_points.ssvc_.base.SsvcDecisionPoint( + dp2 = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( name="asdfad", key="asdfasdf", description="asdfasdf", @@ -74,7 +74,7 @@ def test_registry(self): # just by creating the objects, they should be registered self.assertIn(self.dp, base.REGISTERED_DECISION_POINTS) - dp2 = ssvc.decision_points.ssvc_.base.SsvcDecisionPoint( + dp2 = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( name="asdfad", key="asdfasdf", description="asdfasdf", @@ -124,7 +124,7 @@ def test_ssvc_decision_point_json_roundtrip(self): self.assertIsInstance(json, str) self.assertGreater(len(json), 0) - obj2 = ssvc.decision_points.ssvc_.base.SsvcDecisionPoint.model_validate_json( + obj2 = ssvc.decision_points.ssvc.base.SsvcDecisionPoint.model_validate_json( json ) diff --git a/src/test/dp_groups/test_dp_groups.py b/src/test/dp_groups/test_dp_groups.py index fed3dc76..b6342b06 100644 --- a/src/test/dp_groups/test_dp_groups.py +++ b/src/test/dp_groups/test_dp_groups.py @@ -1,19 +1,25 @@ -# Copyright (c) 2023-2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University +# Copyright (c) 2023-2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 import unittest -import ssvc.decision_points.ssvc_.base +import ssvc.decision_points.ssvc.base import ssvc.dp_groups.base as dpg from ssvc.decision_points.base import DecisionPointValue @@ -22,7 +28,7 @@ class MyTestCase(unittest.TestCase): def setUp(self) -> None: self.dps = [] for i in range(10): - dp = ssvc.decision_points.ssvc_.base.SsvcDecisionPoint( + dp = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( name=f"Decision Point {i}", key=f"DP_{i}", description=f"Description of Decision Point {i}", diff --git a/src/test/test_schema.py b/src/test/test_schema.py index a88fcfad..383f60d4 100644 --- a/src/test/test_schema.py +++ b/src/test/test_schema.py @@ -28,16 +28,18 @@ import ssvc.decision_points # noqa F401 from ssvc.decision_points.base import REGISTERED_DECISION_POINTS + # importing these causes the decision points to register themselves -from ssvc.decision_points.ssvc_.critical_software import CRITICAL_SOFTWARE_1 # noqa -from ssvc.decision_points.ssvc_.high_value_asset import HIGH_VALUE_ASSET_1 # noqa -from ssvc.decision_points.ssvc_.in_kev import IN_KEV_1 +from ssvc.decision_points.ssvc.critical_software import CRITICAL_SOFTWARE_1 # noqa +from ssvc.decision_points.ssvc.high_value_asset import HIGH_VALUE_ASSET_1 # noqa +from ssvc.decision_points.ssvc.in_kev import IN_KEV_1 from ssvc.dp_groups.cvss.collections import ( CVSSv1, CVSSv2, CVSSv3, CVSSv4, ) # noqa + # importing these causes the decision points to register themselves from ssvc.dp_groups.ssvc.collections import SSVCv1, SSVCv2, SSVCv2_1 # noqa @@ -98,15 +100,13 @@ def test_decision_point_validation(self): loaded = json.loads(as_json) try: - Draft202012Validator( - {"$ref": schema_url}, registry=registry - ).validate(loaded) + Draft202012Validator({"$ref": schema_url}, registry=registry).validate( + loaded + ) except jsonschema.exceptions.ValidationError as e: exp = e - self.assertIsNone( - exp, f"Validation failed for {dp.name} {dp.version}" - ) + self.assertIsNone(exp, f"Validation failed for {dp.name} {dp.version}") self.logger.debug( f"Validation passed for Decision Point ({dp.namespace}) {dp.name} v{dp.version}" ) @@ -119,15 +119,13 @@ def test_decision_point_group_validation(self): loaded = json.loads(as_json) try: - Draft202012Validator( - {"$ref": schema_url}, registry=registry - ).validate(loaded) + Draft202012Validator({"$ref": schema_url}, registry=registry).validate( + loaded + ) except jsonschema.exceptions.ValidationError as e: exp = e - self.assertIsNone( - exp, f"Validation failed for {dpg.name} {dpg.version}" - ) + self.assertIsNone(exp, f"Validation failed for {dpg.name} {dpg.version}") self.logger.debug( f"Validation passed for Decision Point Group {dpg.name} v{dpg.version}" ) From df69a40fc9f3de1054c64651d5660be60a88656e Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 18 Jun 2025 13:57:24 -0400 Subject: [PATCH 096/468] make registry fail on duplicate item keys --- src/ssvc/decision_points/base.py | 17 +++++++++++++++-- src/ssvc/decision_points/cvss/helpers.py | 10 ++++++++-- src/ssvc/doctools.py | 15 ++++++++++++--- 3 files changed, 35 insertions(+), 7 deletions(-) diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index 9f38fd2b..69e42d96 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -24,7 +24,7 @@ import logging -from pydantic import BaseModel, Field, model_validator +from pydantic import BaseModel, ConfigDict, Field, model_validator from ssvc._mixins import ( _Base, @@ -53,8 +53,19 @@ def __getitem__(self, key: str) -> object: return self.registry[key] def __setitem__(self, key: str, value: object) -> None: + if key in self.registry: - logger.warning(f"Duplicate key {key}") + # are the values the same? + registered = self.registry[key].model_dump_json() + value_dumped = value.model_dump_json() + if registered == value_dumped: + logger.warning(f"Duplicate key {key} with the same value, ignoring.") + return + + logger.warning(f"Duplicate key {key}:") + logger.warning(f"\t{registered}") + logger.warning(f"\t{value_dumped}") + raise KeyError(f"Duplicate key {key}") self.registry[key] = value @@ -171,6 +182,8 @@ class DecisionPoint( values: tuple[DecisionPointValue, ...] + model_config = ConfigDict(revalidate_instances="always") + def __str__(self): return FIELD_DELIMITER.join([self.namespace, self.key, self.version]) diff --git a/src/ssvc/decision_points/cvss/helpers.py b/src/ssvc/decision_points/cvss/helpers.py index 4fe610a2..c2677735 100644 --- a/src/ssvc/decision_points/cvss/helpers.py +++ b/src/ssvc/decision_points/cvss/helpers.py @@ -23,6 +23,8 @@ from copy import deepcopy +import semver + from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss._not_defined import NOT_DEFINED_X from ssvc.decision_points.cvss.base import CvssDecisionPoint as DecisionPoint @@ -30,8 +32,8 @@ def _modify_3(dp: DecisionPoint): _dp_dict = deepcopy(dp.model_dump()) - _dp_dict["name"] = "Modified " + _dp_dict["name"] - _dp_dict["key"] = "M" + _dp_dict["key"] + _dp_dict["name"] = f"Modified {_dp_dict["name"]}" + _dp_dict["key"] = f"M{_dp_dict["key"]}" # if there is no value named "Not Defined" value, add it nd = NOT_DEFINED_X @@ -59,6 +61,7 @@ def modify_3(dp: DecisionPoint): """ _dp = _modify_3(dp) + DecisionPoint.model_validate(_dp) # validate the modified object return _dp @@ -75,6 +78,7 @@ def modify_4(dp: DecisionPoint): _dp = _modify_3(dp) _dp = _modify_4(_dp) + DecisionPoint.model_validate(_dp) # validate the modified object return _dp @@ -91,6 +95,8 @@ def _modify_4(dp: DecisionPoint): if v["key"] == "N": v["name"] = "Negligible" v["description"] = v["description"].replace(" no ", " negligible ") + # we need to bump the version for this change + _dp_dict["version"] = semver.bump_patch(_dp_dict["version"]) break # Note: For MSI, There is also a highest severity level, Safety (S), in addition to the same values as the diff --git a/src/ssvc/doctools.py b/src/ssvc/doctools.py index 09bfcce9..b5bf0fa2 100644 --- a/src/ssvc/doctools.py +++ b/src/ssvc/doctools.py @@ -37,6 +37,7 @@ import importlib import logging import os +import re from ssvc.decision_points.base import ( DecisionPoint, @@ -86,7 +87,13 @@ def _filename_friendly(name: str) -> str: Returns: str: A version of the string that is friendly for use in a filename. """ - return name.lower().replace(" ", "_").replace(".", "_") + # replace all non-alphanumeric characters with underscores and convert to lowercase + name = re.sub(r"[^a-zA-Z0-9]", "_", name) + name = name.lower() + # replace any sequence of underscores with a single underscore + name = re.sub(r"_+", "_", name) + + return name # create a runtime context that ensures that dir exists @@ -218,8 +225,10 @@ def main(): find_modules_to_import("./decision_points", "ssvc.decision_points") find_modules_to_import("./outcomes", "ssvc.outcomes") - from ssvc.dp_groups.ssvc import collections # noqa: E402 - from ssvc.dp_groups.cvss import collections # noqa: E402 + + # import collections to ensure they are registered too + import ssvc.dp_groups.ssvc.collections # noqa: F401 + import ssvc.dp_groups.cvss.collections # noqa: F401 # for each decision point: for dp in REGISTERED_DECISION_POINTS: From f7e6a2a471238efee6cd6e9e72550ac11781072b Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 18 Jun 2025 13:57:39 -0400 Subject: [PATCH 097/468] fix duplicate keys --- src/ssvc/decision_points/cvss/supplemental/safety.py | 2 +- src/ssvc/decision_points/ssvc/supplier_contacted.py | 2 +- src/ssvc/decision_points/ssvc/supplier_involvement.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ssvc/decision_points/cvss/supplemental/safety.py b/src/ssvc/decision_points/cvss/supplemental/safety.py index 5666cb27..c05d62cf 100644 --- a/src/ssvc/decision_points/cvss/supplemental/safety.py +++ b/src/ssvc/decision_points/cvss/supplemental/safety.py @@ -42,7 +42,7 @@ SAFETY_1 = CvssDecisionPoint( name="Safety", description="The Safety decision point is a measure of the potential for harm to humans or the environment.", - key="S", + key="SF", version="1.0.0", values=( NOT_DEFINED_X, diff --git a/src/ssvc/decision_points/ssvc/supplier_contacted.py b/src/ssvc/decision_points/ssvc/supplier_contacted.py index 9d440415..2b6d16d9 100644 --- a/src/ssvc/decision_points/ssvc/supplier_contacted.py +++ b/src/ssvc/decision_points/ssvc/supplier_contacted.py @@ -40,7 +40,7 @@ SUPPLIER_CONTACTED_1 = SsvcDecisionPoint( name="Supplier Contacted", description="Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", - key="SC", + key="SCON", version="1.0.0", values=( NO, diff --git a/src/ssvc/decision_points/ssvc/supplier_involvement.py b/src/ssvc/decision_points/ssvc/supplier_involvement.py index 07dcfc2d..253620d9 100644 --- a/src/ssvc/decision_points/ssvc/supplier_involvement.py +++ b/src/ssvc/decision_points/ssvc/supplier_involvement.py @@ -47,7 +47,7 @@ SUPPLIER_INVOLVEMENT_1 = SsvcDecisionPoint( name="Supplier Involvement", description="What is the state of the supplier’s work on addressing the vulnerability?", - key="SI", + key="SINV", version="1.0.0", values=( FIX_READY, From 43f551b7e84c95a0836ca1dc2015cb450a2ee8a0 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 18 Jun 2025 13:57:58 -0400 Subject: [PATCH 098/468] regenerate json examples --- .../cisa/cisa_levels_1_0_0.json} | 10 +++--- .../cvss/availability_impact_2_0_1.json | 25 ------------- .../cvss/confidentiality_impact_2_0_1.json | 25 ------------- ...alitative_severity_rating_scale_1_0_0.json | 35 +++++++++++++++++++ .../cvss/integrity_impact_2_0_1.json | 25 ------------- .../cvss/integrity_requirement_1_0_1.json | 30 ---------------- .../modified_availability_impact_2_0_1.json | 30 ---------------- ...impact_to_the_subsequent_system_1_0_0.json | 4 +-- ...mpact_to_the_subsequent_system_1_0_1.json} | 8 ++--- ...impact_to_the_subsequent_system_1_0_0.json | 2 +- ...mpact_to_the_subsequent_system_1_0_1.json} | 16 ++++----- .../cvss/modified_integrity_impact_2_0_1.json | 30 ---------------- ...impact_to_the_subsequent_system_1_0_0.json | 9 ++--- ...impact_to_the_subsequent_system_1_0_1.json | 35 +++++++++++++++++++ .../decision_points/cvss/safety_1_0_0.json | 2 +- .../subsequent_availability_impact_1_0_0.json | 25 ------------- .../ssvc/critical_software_1_0_0.json | 20 +++++++++++ .../ssvc/decline_track_coordinate_1_0_0.json} | 10 +++--- ...heduled_out_of_cycle_immediate_1_0_0.json} | 10 +++--- .../ssvc/high_value_asset_1_0_0.json | 20 +++++++++++ .../ssvc/human_impact_1_0_0.json | 30 ---------------- .../decision_points/ssvc/in_kev_1_0_0.json | 20 +++++++++++ ... mission_and_well_being_impact_1_0_0.json} | 0 .../ssvc/public_safety_impact_1_0_0.json | 20 ----------- ...on => public_well_being_impact_1_0_0.json} | 0 .../ssvc/publish_do_not_publish_1_0_0.json} | 10 +++--- .../ssvc/supplier_contacted_1_0_0.json | 2 +- .../ssvc/supplier_involvement_1_0_0.json | 2 +- .../do_schedule_delegate_delete_1_0_0.json} | 10 +++--- .../x_basic/moscow_1_0_0.json} | 10 +++--- .../x_basic/value_complexity_1_0_0.json} | 10 +++--- .../x_basic/yes_no_1_0_0.json} | 10 +++--- .../x_community/theparanoids_1_0_0.json} | 10 +++--- data/json/outcomes/CVSS.json | 28 --------------- 34 files changed, 204 insertions(+), 329 deletions(-) rename data/json/{outcomes/CISA.json => decision_points/cisa/cisa_levels_1_0_0.json} (97%) delete mode 100644 data/json/decision_points/cvss/availability_impact_2_0_1.json delete mode 100644 data/json/decision_points/cvss/confidentiality_impact_2_0_1.json create mode 100644 data/json/decision_points/cvss/cvss_qualitative_severity_rating_scale_1_0_0.json delete mode 100644 data/json/decision_points/cvss/integrity_impact_2_0_1.json delete mode 100644 data/json/decision_points/cvss/integrity_requirement_1_0_1.json delete mode 100644 data/json/decision_points/cvss/modified_availability_impact_2_0_1.json rename data/json/decision_points/cvss/{modified_subsequent_availability_impact_1_0_0.json => modified_availability_impact_to_the_subsequent_system_1_0_1.json} (81%) rename data/json/decision_points/cvss/{modified_confidentiality_impact_2_0_1.json => modified_confidentiality_impact_to_the_subsequent_system_1_0_1.json} (52%) delete mode 100644 data/json/decision_points/cvss/modified_integrity_impact_2_0_1.json create mode 100644 data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_1.json delete mode 100644 data/json/decision_points/cvss/subsequent_availability_impact_1_0_0.json create mode 100644 data/json/decision_points/ssvc/critical_software_1_0_0.json rename data/json/{outcomes/COORDINATE.json => decision_points/ssvc/decline_track_coordinate_1_0_0.json} (86%) rename data/json/{outcomes/DSOI.json => decision_points/ssvc/defer_scheduled_out_of_cycle_immediate_1_0_0.json} (90%) create mode 100644 data/json/decision_points/ssvc/high_value_asset_1_0_0.json delete mode 100644 data/json/decision_points/ssvc/human_impact_1_0_0.json create mode 100644 data/json/decision_points/ssvc/in_kev_1_0_0.json rename data/json/decision_points/ssvc/{mission_and_well-being_impact_1_0_0.json => mission_and_well_being_impact_1_0_0.json} (100%) delete mode 100644 data/json/decision_points/ssvc/public_safety_impact_1_0_0.json rename data/json/decision_points/ssvc/{public_well-being_impact_1_0_0.json => public_well_being_impact_1_0_0.json} (100%) rename data/json/{outcomes/PUBLISH.json => decision_points/ssvc/publish_do_not_publish_1_0_0.json} (84%) rename data/json/{outcomes/EISENHOWER.json => decision_points/x_basic/do_schedule_delegate_delete_1_0_0.json} (89%) rename data/json/{outcomes/MOSCOW.json => decision_points/x_basic/moscow_1_0_0.json} (71%) rename data/json/{outcomes/VALUE_COMPLEXITY.json => decision_points/x_basic/value_complexity_1_0_0.json} (87%) rename data/json/{outcomes/YES_NO.json => decision_points/x_basic/yes_no_1_0_0.json} (82%) rename data/json/{outcomes/THE_PARANOIDS.json => decision_points/x_community/theparanoids_1_0_0.json} (91%) delete mode 100644 data/json/outcomes/CVSS.json diff --git a/data/json/outcomes/CISA.json b/data/json/decision_points/cisa/cisa_levels_1_0_0.json similarity index 97% rename from data/json/outcomes/CISA.json rename to data/json/decision_points/cisa/cisa_levels_1_0_0.json index c4ebbd2a..e836c69c 100644 --- a/data/json/outcomes/CISA.json +++ b/data/json/decision_points/cisa/cisa_levels_1_0_0.json @@ -1,9 +1,11 @@ { - "version": "1.0.0", - "schemaVersion": "1-0-1", "name": "CISA Levels", "description": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", - "outcomes": [ + "namespace": "cisa", + "version": "1.0.0", + "schemaVersion": "1-0-1", + "key": "CISA", + "values": [ { "key": "T", "name": "Track", @@ -25,4 +27,4 @@ "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." } ] -} \ No newline at end of file +} diff --git a/data/json/decision_points/cvss/availability_impact_2_0_1.json b/data/json/decision_points/cvss/availability_impact_2_0_1.json deleted file mode 100644 index e815d46a..00000000 --- a/data/json/decision_points/cvss/availability_impact_2_0_1.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "namespace": "cvss", - "version": "2.0.1", - "schemaVersion": "1-0-1", - "key": "A", - "name": "Availability Impact", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", - "values": [ - { - "key": "N", - "name": "None", - "description": "There is no impact to availability within the Vulnerable System." - }, - { - "key": "L", - "name": "Low", - "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." - }, - { - "key": "H", - "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." - } - ] -} diff --git a/data/json/decision_points/cvss/confidentiality_impact_2_0_1.json b/data/json/decision_points/cvss/confidentiality_impact_2_0_1.json deleted file mode 100644 index 4c72a5d5..00000000 --- a/data/json/decision_points/cvss/confidentiality_impact_2_0_1.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "namespace": "cvss", - "version": "2.0.1", - "schemaVersion": "1-0-1", - "key": "C", - "name": "Confidentiality Impact", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", - "values": [ - { - "key": "N", - "name": "None", - "description": "There is no loss of confidentiality within the impacted component." - }, - { - "key": "L", - "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." - }, - { - "key": "H", - "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." - } - ] -} diff --git a/data/json/decision_points/cvss/cvss_qualitative_severity_rating_scale_1_0_0.json b/data/json/decision_points/cvss/cvss_qualitative_severity_rating_scale_1_0_0.json new file mode 100644 index 00000000..82135a43 --- /dev/null +++ b/data/json/decision_points/cvss/cvss_qualitative_severity_rating_scale_1_0_0.json @@ -0,0 +1,35 @@ +{ + "name": "CVSS Qualitative Severity Rating Scale", + "description": "The CVSS Qualitative Severity Rating Scale group.", + "namespace": "cvss", + "version": "1.0.0", + "schemaVersion": "1-0-1", + "key": "CVSS", + "values": [ + { + "key": "N", + "name": "None", + "description": "None (0.0)" + }, + { + "key": "L", + "name": "Low", + "description": "Low (0.1-3.9)" + }, + { + "key": "M", + "name": "Medium", + "description": "Medium (4.0-6.9)" + }, + { + "key": "H", + "name": "High", + "description": "High (7.0-8.9)" + }, + { + "key": "C", + "name": "Critical", + "description": "Critical (9.0-10.0)" + } + ] +} diff --git a/data/json/decision_points/cvss/integrity_impact_2_0_1.json b/data/json/decision_points/cvss/integrity_impact_2_0_1.json deleted file mode 100644 index 59579fbd..00000000 --- a/data/json/decision_points/cvss/integrity_impact_2_0_1.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "namespace": "cvss", - "version": "2.0.1", - "schemaVersion": "1-0-1", - "key": "I", - "name": "Integrity Impact", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", - "values": [ - { - "key": "N", - "name": "None", - "description": "There is no loss of integrity within the Vulnerable System." - }, - { - "key": "L", - "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." - }, - { - "key": "H", - "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." - } - ] -} diff --git a/data/json/decision_points/cvss/integrity_requirement_1_0_1.json b/data/json/decision_points/cvss/integrity_requirement_1_0_1.json deleted file mode 100644 index 4c8e1762..00000000 --- a/data/json/decision_points/cvss/integrity_requirement_1_0_1.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "namespace": "cvss", - "version": "1.0.1", - "schemaVersion": "1-0-1", - "key": "IR", - "name": "Integrity Requirement", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", - "values": [ - { - "key": "L", - "name": "Low", - "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - { - "key": "M", - "name": "Medium", - "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - { - "key": "H", - "name": "High", - "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - } - ] -} diff --git a/data/json/decision_points/cvss/modified_availability_impact_2_0_1.json b/data/json/decision_points/cvss/modified_availability_impact_2_0_1.json deleted file mode 100644 index 793c5579..00000000 --- a/data/json/decision_points/cvss/modified_availability_impact_2_0_1.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "namespace": "cvss", - "version": "2.0.1", - "schemaVersion": "1-0-1", - "key": "MA", - "name": "Modified Availability Impact", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", - "values": [ - { - "key": "N", - "name": "None", - "description": "There is no impact to availability within the Vulnerable System." - }, - { - "key": "L", - "name": "Low", - "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." - }, - { - "key": "H", - "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." - }, - { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - } - ] -} diff --git a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json index b36e78ae..1bd3acd8 100644 --- a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json @@ -8,8 +8,8 @@ "values": [ { "key": "N", - "name": "Negligible", - "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "name": "None", + "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { "key": "L", diff --git a/data/json/decision_points/cvss/modified_subsequent_availability_impact_1_0_0.json b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_1.json similarity index 81% rename from data/json/decision_points/cvss/modified_subsequent_availability_impact_1_0_0.json rename to data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_1.json index d8f83c65..bed5818f 100644 --- a/data/json/decision_points/cvss/modified_subsequent_availability_impact_1_0_0.json +++ b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_1.json @@ -1,15 +1,15 @@ { + "name": "Modified Availability Impact to the Subsequent System", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "namespace": "cvss", - "version": "1.0.0", + "version": "1.0.1", "schemaVersion": "1-0-1", "key": "MSA", - "name": "Modified Subsequent Availability Impact", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "values": [ { "key": "N", "name": "Negligible", - "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { "key": "L", diff --git a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json index 03e23cf7..ea677a2a 100644 --- a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json @@ -9,7 +9,7 @@ { "key": "N", "name": "Negligible", - "description": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, { "key": "L", diff --git a/data/json/decision_points/cvss/modified_confidentiality_impact_2_0_1.json b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_1.json similarity index 52% rename from data/json/decision_points/cvss/modified_confidentiality_impact_2_0_1.json rename to data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_1.json index 027f96a0..3e4adaa2 100644 --- a/data/json/decision_points/cvss/modified_confidentiality_impact_2_0_1.json +++ b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_1.json @@ -1,25 +1,25 @@ { + "name": "Modified Confidentiality Impact to the Subsequent System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "namespace": "cvss", - "version": "2.0.1", + "version": "1.0.1", "schemaVersion": "1-0-1", - "key": "MC", - "name": "Modified Confidentiality Impact", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "key": "MSC", "values": [ { "key": "N", - "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "name": "Negligible", + "description": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." }, { "key": "X", diff --git a/data/json/decision_points/cvss/modified_integrity_impact_2_0_1.json b/data/json/decision_points/cvss/modified_integrity_impact_2_0_1.json deleted file mode 100644 index a02b0fe3..00000000 --- a/data/json/decision_points/cvss/modified_integrity_impact_2_0_1.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "namespace": "cvss", - "version": "2.0.1", - "schemaVersion": "1-0-1", - "key": "MI", - "name": "Modified Integrity Impact", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", - "values": [ - { - "key": "N", - "name": "None", - "description": "There is no loss of integrity within the Vulnerable System." - }, - { - "key": "L", - "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." - }, - { - "key": "H", - "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." - }, - { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - } - ] -} diff --git a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json index ab2207f7..6af70ddc 100644 --- a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json @@ -8,8 +8,8 @@ "values": [ { "key": "N", - "name": "Negligible", - "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "name": "None", + "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { "key": "L", @@ -25,11 +25,6 @@ "key": "X", "name": "Not Defined", "description": "This metric value is not defined. See CVSS documentation for details." - }, - { - "key": "S", - "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] } diff --git a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_1.json b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_1.json new file mode 100644 index 00000000..7e0c391a --- /dev/null +++ b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_1.json @@ -0,0 +1,35 @@ +{ + "name": "Modified Integrity Impact to the Subsequent System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", + "namespace": "cvss", + "version": "1.0.1", + "schemaVersion": "1-0-1", + "key": "MSI", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + }, + { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + } + ] +} diff --git a/data/json/decision_points/cvss/safety_1_0_0.json b/data/json/decision_points/cvss/safety_1_0_0.json index 987de4d0..b1505feb 100644 --- a/data/json/decision_points/cvss/safety_1_0_0.json +++ b/data/json/decision_points/cvss/safety_1_0_0.json @@ -4,7 +4,7 @@ "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", - "key": "S", + "key": "SF", "values": [ { "key": "X", diff --git a/data/json/decision_points/cvss/subsequent_availability_impact_1_0_0.json b/data/json/decision_points/cvss/subsequent_availability_impact_1_0_0.json deleted file mode 100644 index a7ed8c04..00000000 --- a/data/json/decision_points/cvss/subsequent_availability_impact_1_0_0.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", - "key": "SA", - "name": "Subsequent Availability Impact", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", - "values": [ - { - "key": "N", - "name": "None", - "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." - }, - { - "key": "L", - "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." - }, - { - "key": "H", - "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." - } - ] -} diff --git a/data/json/decision_points/ssvc/critical_software_1_0_0.json b/data/json/decision_points/ssvc/critical_software_1_0_0.json new file mode 100644 index 00000000..232c633d --- /dev/null +++ b/data/json/decision_points/ssvc/critical_software_1_0_0.json @@ -0,0 +1,20 @@ +{ + "name": "Critical Software", + "description": "Denotes whether a system meets a critical software definition.", + "namespace": "ssvc", + "version": "1.0.0", + "schemaVersion": "1-0-1", + "key": "CS", + "values": [ + { + "key": "N", + "name": "No", + "description": "System does not meet a critical software definition." + }, + { + "key": "Y", + "name": "Yes", + "description": "System meets a critical software definition." + } + ] +} diff --git a/data/json/outcomes/COORDINATE.json b/data/json/decision_points/ssvc/decline_track_coordinate_1_0_0.json similarity index 86% rename from data/json/outcomes/COORDINATE.json rename to data/json/decision_points/ssvc/decline_track_coordinate_1_0_0.json index 67a4d9fa..fc7aae55 100644 --- a/data/json/outcomes/COORDINATE.json +++ b/data/json/decision_points/ssvc/decline_track_coordinate_1_0_0.json @@ -1,9 +1,11 @@ { - "version": "1.0.0", - "schemaVersion": "1-0-1", "name": "Decline, Track, Coordinate", "description": "The coordinate outcome group.", - "outcomes": [ + "namespace": "ssvc", + "version": "1.0.0", + "schemaVersion": "1-0-1", + "key": "COORDINATE", + "values": [ { "key": "D", "name": "Decline", @@ -20,4 +22,4 @@ "description": "Coordinate" } ] -} \ No newline at end of file +} diff --git a/data/json/outcomes/DSOI.json b/data/json/decision_points/ssvc/defer_scheduled_out_of_cycle_immediate_1_0_0.json similarity index 90% rename from data/json/outcomes/DSOI.json rename to data/json/decision_points/ssvc/defer_scheduled_out_of_cycle_immediate_1_0_0.json index 8e16b6f6..2474d981 100644 --- a/data/json/outcomes/DSOI.json +++ b/data/json/decision_points/ssvc/defer_scheduled_out_of_cycle_immediate_1_0_0.json @@ -1,9 +1,11 @@ { - "version": "1.0.0", - "schemaVersion": "1-0-1", "name": "Defer, Scheduled, Out-of-Cycle, Immediate", "description": "The original SSVC outcome group.", - "outcomes": [ + "namespace": "ssvc", + "version": "1.0.0", + "schemaVersion": "1-0-1", + "key": "DSOI", + "values": [ { "key": "D", "name": "Defer", @@ -25,4 +27,4 @@ "description": "Immediate" } ] -} \ No newline at end of file +} diff --git a/data/json/decision_points/ssvc/high_value_asset_1_0_0.json b/data/json/decision_points/ssvc/high_value_asset_1_0_0.json new file mode 100644 index 00000000..a0e94922 --- /dev/null +++ b/data/json/decision_points/ssvc/high_value_asset_1_0_0.json @@ -0,0 +1,20 @@ +{ + "name": "High Value Asset", + "description": "Denotes whether a system meets a high value asset definition.", + "namespace": "ssvc", + "version": "1.0.0", + "schemaVersion": "1-0-1", + "key": "HVA", + "values": [ + { + "key": "N", + "name": "No", + "description": "System does not meet a high value asset definition." + }, + { + "key": "Y", + "name": "Yes", + "description": "System meets a high value asset definition." + } + ] +} diff --git a/data/json/decision_points/ssvc/human_impact_1_0_0.json b/data/json/decision_points/ssvc/human_impact_1_0_0.json deleted file mode 100644 index 051c3789..00000000 --- a/data/json/decision_points/ssvc/human_impact_1_0_0.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "schemaVersion": "1-0-1", - "namespace": "ssvc", - "version": "1.0.0", - "key": "HI", - "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", - "values": [ - { - "key": "L", - "name": "Low", - "description": "Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)" - }, - { - "key": "M", - "name": "Medium", - "description": "(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))" - }, - { - "key": "H", - "name": "High", - "description": "(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)" - }, - { - "key": "VH", - "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" - } - ] -} \ No newline at end of file diff --git a/data/json/decision_points/ssvc/in_kev_1_0_0.json b/data/json/decision_points/ssvc/in_kev_1_0_0.json new file mode 100644 index 00000000..cadc960b --- /dev/null +++ b/data/json/decision_points/ssvc/in_kev_1_0_0.json @@ -0,0 +1,20 @@ +{ + "name": "In KEV", + "description": "Denotes whether a vulnerability is in the CISA Known Exploited Vulnerabilities (KEV) list.", + "namespace": "ssvc", + "version": "1.0.0", + "schemaVersion": "1-0-1", + "key": "KEV", + "values": [ + { + "key": "N", + "name": "No", + "description": "Vulnerability is not listed in KEV." + }, + { + "key": "Y", + "name": "Yes", + "description": "Vulnerability is listed in KEV." + } + ] +} diff --git a/data/json/decision_points/ssvc/mission_and_well-being_impact_1_0_0.json b/data/json/decision_points/ssvc/mission_and_well_being_impact_1_0_0.json similarity index 100% rename from data/json/decision_points/ssvc/mission_and_well-being_impact_1_0_0.json rename to data/json/decision_points/ssvc/mission_and_well_being_impact_1_0_0.json diff --git a/data/json/decision_points/ssvc/public_safety_impact_1_0_0.json b/data/json/decision_points/ssvc/public_safety_impact_1_0_0.json deleted file mode 100644 index 0426c72b..00000000 --- a/data/json/decision_points/ssvc/public_safety_impact_1_0_0.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "schemaVersion": "1-0-1", - "namespace": "ssvc", - "version": "1.0.0", - "key": "PSI", - "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", - "values": [ - { - "key": "M", - "name": "Minimal", - "description": "Safety Impact:(None OR Minor)" - }, - { - "key": "S", - "name": "Significant", - "description": "Safety Impact:(Major OR Hazardous OR Catastrophic)" - } - ] -} \ No newline at end of file diff --git a/data/json/decision_points/ssvc/public_well-being_impact_1_0_0.json b/data/json/decision_points/ssvc/public_well_being_impact_1_0_0.json similarity index 100% rename from data/json/decision_points/ssvc/public_well-being_impact_1_0_0.json rename to data/json/decision_points/ssvc/public_well_being_impact_1_0_0.json diff --git a/data/json/outcomes/PUBLISH.json b/data/json/decision_points/ssvc/publish_do_not_publish_1_0_0.json similarity index 84% rename from data/json/outcomes/PUBLISH.json rename to data/json/decision_points/ssvc/publish_do_not_publish_1_0_0.json index fd656624..aa5d01fc 100644 --- a/data/json/outcomes/PUBLISH.json +++ b/data/json/decision_points/ssvc/publish_do_not_publish_1_0_0.json @@ -1,9 +1,11 @@ { - "version": "1.0.0", - "schemaVersion": "1-0-1", "name": "Publish, Do Not Publish", "description": "The publish outcome group.", - "outcomes": [ + "namespace": "ssvc", + "version": "1.0.0", + "schemaVersion": "1-0-1", + "key": "PUBLISH", + "values": [ { "key": "N", "name": "Do Not Publish", @@ -15,4 +17,4 @@ "description": "Publish" } ] -} \ No newline at end of file +} diff --git a/data/json/decision_points/ssvc/supplier_contacted_1_0_0.json b/data/json/decision_points/ssvc/supplier_contacted_1_0_0.json index c32d5755..ee1cfb50 100644 --- a/data/json/decision_points/ssvc/supplier_contacted_1_0_0.json +++ b/data/json/decision_points/ssvc/supplier_contacted_1_0_0.json @@ -4,7 +4,7 @@ "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", - "key": "SC", + "key": "SCON", "values": [ { "key": "N", diff --git a/data/json/decision_points/ssvc/supplier_involvement_1_0_0.json b/data/json/decision_points/ssvc/supplier_involvement_1_0_0.json index 15d014e5..b1e48b02 100644 --- a/data/json/decision_points/ssvc/supplier_involvement_1_0_0.json +++ b/data/json/decision_points/ssvc/supplier_involvement_1_0_0.json @@ -4,7 +4,7 @@ "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", - "key": "SI", + "key": "SINV", "values": [ { "key": "FR", diff --git a/data/json/outcomes/EISENHOWER.json b/data/json/decision_points/x_basic/do_schedule_delegate_delete_1_0_0.json similarity index 89% rename from data/json/outcomes/EISENHOWER.json rename to data/json/decision_points/x_basic/do_schedule_delegate_delete_1_0_0.json index 40d98902..f83890fe 100644 --- a/data/json/outcomes/EISENHOWER.json +++ b/data/json/decision_points/x_basic/do_schedule_delegate_delete_1_0_0.json @@ -1,9 +1,11 @@ { - "version": "1.0.0", - "schemaVersion": "1-0-1", "name": "Do, Schedule, Delegate, Delete", "description": "The Eisenhower outcome group.", - "outcomes": [ + "namespace": "x_basic", + "version": "1.0.0", + "schemaVersion": "1-0-1", + "key": "IKE", + "values": [ { "key": "D", "name": "Delete", @@ -25,4 +27,4 @@ "description": "Do" } ] -} \ No newline at end of file +} diff --git a/data/json/outcomes/MOSCOW.json b/data/json/decision_points/x_basic/moscow_1_0_0.json similarity index 71% rename from data/json/outcomes/MOSCOW.json rename to data/json/decision_points/x_basic/moscow_1_0_0.json index 3156c47d..77955737 100644 --- a/data/json/outcomes/MOSCOW.json +++ b/data/json/decision_points/x_basic/moscow_1_0_0.json @@ -1,9 +1,11 @@ { + "name": "MoSCoW", + "description": "The MoSCoW (Must, Should, Could, Won't) outcome group.", + "namespace": "x_basic", "version": "1.0.0", "schemaVersion": "1-0-1", - "name": "Must, Should, Could, Won't", - "description": "The Moscow outcome group.", - "outcomes": [ + "key": "MSCW", + "values": [ { "key": "W", "name": "Won't", @@ -25,4 +27,4 @@ "description": "Must" } ] -} \ No newline at end of file +} diff --git a/data/json/outcomes/VALUE_COMPLEXITY.json b/data/json/decision_points/x_basic/value_complexity_1_0_0.json similarity index 87% rename from data/json/outcomes/VALUE_COMPLEXITY.json rename to data/json/decision_points/x_basic/value_complexity_1_0_0.json index b60d42f8..83579078 100644 --- a/data/json/outcomes/VALUE_COMPLEXITY.json +++ b/data/json/decision_points/x_basic/value_complexity_1_0_0.json @@ -1,9 +1,11 @@ { - "version": "1.0.0", - "schemaVersion": "1-0-1", "name": "Value, Complexity", "description": "The Value/Complexity outcome group.", - "outcomes": [ + "namespace": "x_basic", + "version": "1.0.0", + "schemaVersion": "1-0-1", + "key": "VALUE_COMPLEXITY", + "values": [ { "key": "D", "name": "Drop", @@ -25,4 +27,4 @@ "description": "Do First" } ] -} \ No newline at end of file +} diff --git a/data/json/outcomes/YES_NO.json b/data/json/decision_points/x_basic/yes_no_1_0_0.json similarity index 82% rename from data/json/outcomes/YES_NO.json rename to data/json/decision_points/x_basic/yes_no_1_0_0.json index 1a6dcdff..6a3b9b23 100644 --- a/data/json/outcomes/YES_NO.json +++ b/data/json/decision_points/x_basic/yes_no_1_0_0.json @@ -1,9 +1,11 @@ { - "version": "1.0.0", - "schemaVersion": "1-0-1", "name": "Yes, No", "description": "The Yes/No outcome group.", - "outcomes": [ + "namespace": "x_basic", + "version": "1.0.0", + "schemaVersion": "1-0-1", + "key": "YN", + "values": [ { "key": "N", "name": "No", @@ -15,4 +17,4 @@ "description": "Yes" } ] -} \ No newline at end of file +} diff --git a/data/json/outcomes/THE_PARANOIDS.json b/data/json/decision_points/x_community/theparanoids_1_0_0.json similarity index 91% rename from data/json/outcomes/THE_PARANOIDS.json rename to data/json/decision_points/x_community/theparanoids_1_0_0.json index f19fb83d..82d8a4c5 100644 --- a/data/json/outcomes/THE_PARANOIDS.json +++ b/data/json/decision_points/x_community/theparanoids_1_0_0.json @@ -1,9 +1,11 @@ { - "version": "1.0.0", - "schemaVersion": "1-0-1", "name": "theParanoids", "description": "PrioritizedRiskRemediation outcome group based on TheParanoids.", - "outcomes": [ + "namespace": "x_community", + "version": "1.0.0", + "schemaVersion": "1-0-1", + "key": "PARANOIDS", + "values": [ { "key": "5", "name": "Track 5", @@ -35,4 +37,4 @@ "description": "Act ASAP" } ] -} \ No newline at end of file +} diff --git a/data/json/outcomes/CVSS.json b/data/json/outcomes/CVSS.json deleted file mode 100644 index 5d3d3bd2..00000000 --- a/data/json/outcomes/CVSS.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "version": "1.0.0", - "schemaVersion": "1-0-1", - "name": "CVSS Levels", - "description": "The CVSS outcome group.", - "outcomes": [ - { - "key": "L", - "name": "Low", - "description": "Low" - }, - { - "key": "M", - "name": "Medium", - "description": "Medium" - }, - { - "key": "H", - "name": "High", - "description": "High" - }, - { - "key": "C", - "name": "Critical", - "description": "Critical" - } - ] -} \ No newline at end of file From 13a607214741f2819440f2af36d247a779a77b05 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 18 Jun 2025 14:06:11 -0400 Subject: [PATCH 099/468] add makefile target to regenerate json examples --- Makefile | 8 +++++++- src/ssvc/doctools.py | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) mode change 100644 => 100755 src/ssvc/doctools.py diff --git a/Makefile b/Makefile index f5e33ada..45f8bb72 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ MKDOCS_PORT=8765 DOCKER_DIR=docker # Targets -.PHONY: all test docs docker_test clean help mdlint_fix up down +.PHONY: all test docs docker_test clean help mdlint_fix up down regenerate_json all: help @@ -31,6 +31,11 @@ down: @echo "Stopping Docker services..." pushd $(DOCKER_DIR) && docker-compose down +regenerate_json: + @echo "Regenerating JSON files..." + rm -rf data/json/decision_points + export PYTHONPATH=$(PWD)/src && ./src/ssvc/doctools.py --jsondir=./data/json/decision_points --overwrite + clean: @echo "Cleaning up Docker resources..." pushd $(DOCKER_DIR) && docker-compose down --rmi local || true @@ -46,6 +51,7 @@ help: @echo " docs - Build and run documentation in Docker" @echo " up - Start Docker services" @echo " down - Stop Docker services" + @echo " regenerate_json - Regenerate JSON files from python modules" @echo " clean - Clean up Docker resources" @echo " help - Display this help message" diff --git a/src/ssvc/doctools.py b/src/ssvc/doctools.py old mode 100644 new mode 100755 index b5bf0fa2..b345ff26 --- a/src/ssvc/doctools.py +++ b/src/ssvc/doctools.py @@ -223,8 +223,8 @@ def main(): overwrite = args.overwrite jsondir = args.jsondir - find_modules_to_import("./decision_points", "ssvc.decision_points") - find_modules_to_import("./outcomes", "ssvc.outcomes") + find_modules_to_import("./src/ssvc/decision_points", "ssvc.decision_points") + find_modules_to_import("./src/ssvc/outcomes", "ssvc.outcomes") # import collections to ensure they are registered too import ssvc.dp_groups.ssvc.collections # noqa: F401 From c726d788a7b5d2e895a2d4208ba0159f722892d3 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 18 Jun 2025 14:16:45 -0400 Subject: [PATCH 100/468] fix unit tests --- src/test/decision_points/test_cvss_helpers.py | 6 +++++- src/test/dp_groups/test_dp_groups.py | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/test/decision_points/test_cvss_helpers.py b/src/test/decision_points/test_cvss_helpers.py index fe00b64c..dc662dee 100644 --- a/src/test/decision_points/test_cvss_helpers.py +++ b/src/test/decision_points/test_cvss_helpers.py @@ -20,7 +20,7 @@ import unittest import ssvc.decision_points.cvss.helpers as h -from ssvc.decision_points.base import DecisionPointValue +from ssvc.decision_points.base import DPV_REGISTRY, DP_REGISTRY, DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint @@ -56,6 +56,10 @@ def fake_ms_impacts() -> list[CvssDecisionPoint]: class TestCvssHelpers(unittest.TestCase): def setUp(self) -> None: + # reset the registry + for registry in DP_REGISTRY, DPV_REGISTRY: + registry.reset_registry() + self.dps = [] for i in range(3): dp = CvssDecisionPoint( diff --git a/src/test/dp_groups/test_dp_groups.py b/src/test/dp_groups/test_dp_groups.py index b6342b06..7feefe94 100644 --- a/src/test/dp_groups/test_dp_groups.py +++ b/src/test/dp_groups/test_dp_groups.py @@ -28,9 +28,10 @@ class MyTestCase(unittest.TestCase): def setUp(self) -> None: self.dps = [] for i in range(10): - dp = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( + dp = ssvc.decision_points.ssvc.base.DecisionPoint( name=f"Decision Point {i}", key=f"DP_{i}", + namespace="x_test", description=f"Description of Decision Point {i}", version="1.0.0", values=( From 2e56050872831c40586463f559df56603644a3d4 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 18 Jun 2025 14:27:19 -0400 Subject: [PATCH 101/468] add test for registry duplicates --- src/test/decision_points/test_dp_base.py | 52 ++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/src/test/decision_points/test_dp_base.py b/src/test/decision_points/test_dp_base.py index 9ff78118..9c340fc5 100644 --- a/src/test/decision_points/test_dp_base.py +++ b/src/test/decision_points/test_dp_base.py @@ -25,6 +25,9 @@ class MyTestCase(unittest.TestCase): def setUp(self) -> None: + base.DP_REGISTRY.reset_registry() + base.DPV_REGISTRY.reset_registry() + self.original_registry = base.REGISTERED_DECISION_POINTS.copy() # add multiple values @@ -69,6 +72,55 @@ def test_registry(self): namespace="asdfasdf", values=tuple(self.values), ) + self.assertIn(dp2, base.REGISTERED_DECISION_POINTS) + + def test_registry_errors_on_duplicate_key(self): + # dp should already be registered from setUp + self.assertIn(self.dp, base.REGISTERED_DECISION_POINTS) + + # create a new decision point with the same key + with self.assertRaises(KeyError): + # the registry key is a combination of namespace, key, and version + + dp2 = ssvc.decision_points.ssvc.base.DecisionPoint( + name="asdfad", + description="asdfasdf", + namespace=self.dp.namespace, + key=self.dp.key, # same key as self.dp + version=self.dp.version, # same version as self.dp + values=tuple(self.values), + ) + + # should not be a problem if namespace, key or version are different + dp3 = ssvc.decision_points.ssvc.base.DecisionPoint( + name="asdfad", + description="asdfasdf", + namespace="x_test-extra", # different namespace + key=self.dp.key, # same key + version=self.dp.version, # same version + values=tuple(self.values), + ) + self.assertIn(dp3, base.REGISTERED_DECISION_POINTS) + # should not be a problem if key is different + dp4 = ssvc.decision_points.ssvc.base.DecisionPoint( + name="asdfad", + description="asdfasdf", + namespace=self.dp.namespace, # same namespace + key="different_key", # different key + version=self.dp.version, # same version + values=tuple(self.values), + ) + self.assertIn(dp4, base.REGISTERED_DECISION_POINTS) + # should not be a problem if version is different + dp5 = ssvc.decision_points.ssvc.base.DecisionPoint( + name="asdfad", + description="asdfasdf", + namespace=self.dp.namespace, # same namespace + key=self.dp.key, # same key + version="2.0.0", # different version + values=tuple(self.values), + ) + self.assertIn(dp5, base.REGISTERED_DECISION_POINTS) def test_registry(self): # just by creating the objects, they should be registered From 71ae5260210265617469b5262412e6f86e36e7f5 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 18 Jun 2025 15:12:47 -0400 Subject: [PATCH 102/468] move mission prevalence to cisa namespace (their customization was the only place it was ever used) --- .../cisa/mission_prevalence_1_0_0.json | 25 +++++++++++++++++++ .../{ssvc => cisa}/mission_prevalence.py | 4 +-- 2 files changed, 27 insertions(+), 2 deletions(-) create mode 100644 data/json/decision_points/cisa/mission_prevalence_1_0_0.json rename src/ssvc/decision_points/{ssvc => cisa}/mission_prevalence.py (95%) diff --git a/data/json/decision_points/cisa/mission_prevalence_1_0_0.json b/data/json/decision_points/cisa/mission_prevalence_1_0_0.json new file mode 100644 index 00000000..50a06e4b --- /dev/null +++ b/data/json/decision_points/cisa/mission_prevalence_1_0_0.json @@ -0,0 +1,25 @@ +{ + "name": "Mission Prevalence", + "description": "Prevalence of the mission essential functions", + "namespace": "cisa", + "version": "1.0.0", + "schemaVersion": "1-0-1", + "key": "MP", + "values": [ + { + "key": "M", + "name": "Minimal", + "description": "Neither Support nor Essential apply. The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions." + }, + { + "key": "S", + "name": "Support", + "description": "The vulnerable component only supports MEFs for two or more entities." + }, + { + "key": "E", + "name": "Essential", + "description": "The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure." + } + ] +} diff --git a/src/ssvc/decision_points/ssvc/mission_prevalence.py b/src/ssvc/decision_points/cisa/mission_prevalence.py similarity index 95% rename from src/ssvc/decision_points/ssvc/mission_prevalence.py rename to src/ssvc/decision_points/cisa/mission_prevalence.py index 9b3b0640..9e209c9e 100644 --- a/src/ssvc/decision_points/ssvc/mission_prevalence.py +++ b/src/ssvc/decision_points/cisa/mission_prevalence.py @@ -24,8 +24,8 @@ # DM24-0278 -from ssvc.decision_points.ssvc_.base import SsvcDecisionPoint from ssvc.decision_points.base import DecisionPointValue +from ssvc.decision_points.cisa.base import CisaDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs MINIMAL = DecisionPointValue( @@ -48,7 +48,7 @@ ) -MISSION_PREVALENCE = SsvcDecisionPoint( +MISSION_PREVALENCE = CisaDecisionPoint( name="Mission Prevalence", description="Prevalence of the mission essential functions", key="MP", From 5e5f2990fdefabecc3c4a50b48396ac9a29a5353 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Jun 2025 16:46:00 +0000 Subject: [PATCH 103/468] Bump mkdocs-bibtex from 4.2.5 to 4.2.10 in the mkdocs group Bumps the mkdocs group with 1 update: [mkdocs-bibtex](https://github.com/shyamd/mkdocs-bibtex). Updates `mkdocs-bibtex` from 4.2.5 to 4.2.10 - [Release notes](https://github.com/shyamd/mkdocs-bibtex/releases) - [Commits](https://github.com/shyamd/mkdocs-bibtex/compare/v4.2.5...v4.2.10) --- updated-dependencies: - dependency-name: mkdocs-bibtex dependency-version: 4.2.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: mkdocs ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index ed2b5baa..9a24bf7e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ mkdocs==1.6.1 -mkdocs-bibtex==4.2.5 +mkdocs-bibtex==4.2.10 mkdocs-include-markdown-plugin==7.1.6 mkdocs-table-reader-plugin==3.1.0 mkdocs-material==9.6.14 From 16ac1e30d8d21a34bda96086a3f7f2123e4523c5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Jun 2025 18:16:32 +0000 Subject: [PATCH 104/468] Bump mkdocs-bibtex from 4.2.10 to 4.3.0 in the mkdocs group Bumps the mkdocs group with 1 update: [mkdocs-bibtex](https://github.com/shyamd/mkdocs-bibtex). Updates `mkdocs-bibtex` from 4.2.10 to 4.3.0 - [Release notes](https://github.com/shyamd/mkdocs-bibtex/releases) - [Commits](https://github.com/shyamd/mkdocs-bibtex/compare/v4.2.10...v4.3.0) --- updated-dependencies: - dependency-name: mkdocs-bibtex dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: mkdocs ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 9a24bf7e..f15e4f7e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ mkdocs==1.6.1 -mkdocs-bibtex==4.2.10 +mkdocs-bibtex==4.3.0 mkdocs-include-markdown-plugin==7.1.6 mkdocs-table-reader-plugin==3.1.0 mkdocs-material==9.6.14 From ae3b3f9d084b9532f76b99c20d231a6378434afe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Jun 2025 18:16:47 +0000 Subject: [PATCH 105/468] Bump markdown-exec from 1.10.3 to 1.11.0 Bumps [markdown-exec](https://github.com/pawamoy/markdown-exec) from 1.10.3 to 1.11.0. - [Release notes](https://github.com/pawamoy/markdown-exec/releases) - [Changelog](https://github.com/pawamoy/markdown-exec/blob/main/CHANGELOG.md) - [Commits](https://github.com/pawamoy/markdown-exec/compare/1.10.3...1.11.0) --- updated-dependencies: - dependency-name: markdown-exec dependency-version: 1.11.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 9a24bf7e..1766fb6d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,7 +7,7 @@ mkdocs-material-extensions==1.3.1 mkdocstrings==0.29.1 mkdocstrings-python==1.16.12 mkdocs-print-site-plugin==2.7.3 -markdown-exec==1.10.3 +markdown-exec==1.11.0 thefuzz==0.22.1 pandas==2.3.0 scikit-learn==1.6.1 From fb33c4fb57a1eeb67b51f08531b8217c9d2716e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Jul 2025 15:05:20 -0400 Subject: [PATCH 106/468] Bump the mkdocs group with 2 updates (#811) Bumps the mkdocs group with 2 updates: [mkdocs-bibtex](https://github.com/shyamd/mkdocs-bibtex) and [mkdocs-material](https://github.com/squidfunk/mkdocs-material). Updates `mkdocs-bibtex` from 4.3.0 to 4.4.0 - [Release notes](https://github.com/shyamd/mkdocs-bibtex/releases) - [Commits](https://github.com/shyamd/mkdocs-bibtex/compare/v4.3.0...v4.4.0) Updates `mkdocs-material` from 9.6.14 to 9.6.15 - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.14...9.6.15) --- updated-dependencies: - dependency-name: mkdocs-bibtex dependency-version: 4.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: mkdocs - dependency-name: mkdocs-material dependency-version: 9.6.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: mkdocs ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index d35c50e4..249a6927 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,8 +1,8 @@ mkdocs==1.6.1 -mkdocs-bibtex==4.3.0 +mkdocs-bibtex==4.4.0 mkdocs-include-markdown-plugin==7.1.6 mkdocs-table-reader-plugin==3.1.0 -mkdocs-material==9.6.14 +mkdocs-material==9.6.15 mkdocs-material-extensions==1.3.1 mkdocstrings==0.29.1 mkdocstrings-python==1.16.12 From e7e3d797c9d9926f0fecbe8c179cb46179c0bcad Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 15 Jul 2025 14:20:10 -0400 Subject: [PATCH 107/468] refactor VersionField into an annotation for use in other objects also make CVSS decision point groups conform --- src/ssvc/_mixins.py | 15 ++++++++-- src/ssvc/dp_groups/cvss/collections.py | 30 +++++++++---------- src/test/decision_points/test_cvss_helpers.py | 2 +- 3 files changed, 29 insertions(+), 18 deletions(-) diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index 67576910..a3647b7b 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -21,7 +21,7 @@ # subject to its own license. # DM24-0278 -from typing import Optional +from typing import Annotated, Optional from pydantic import BaseModel, ConfigDict, Field, field_validator from semver import Version @@ -29,13 +29,24 @@ from ssvc import _schemaVersion from ssvc.namespaces import NS_PATTERN, NameSpace +VersionField = Annotated[ + str, + Field( + default="0.0.0", + description="The version of the SSVC object. This should be a valid semantic version string.", + examples=["1.0.0", "2.1.3"], + pattern=r"^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$", + min_length=5, + ), +] + class _Versioned(BaseModel): """ Mixin class for versioned SSVC objects. """ - version: str = "0.0.0" + version: VersionField @field_validator("version") @classmethod diff --git a/src/ssvc/dp_groups/cvss/collections.py b/src/ssvc/dp_groups/cvss/collections.py index 4beca498..c2b61c2c 100644 --- a/src/ssvc/dp_groups/cvss/collections.py +++ b/src/ssvc/dp_groups/cvss/collections.py @@ -153,21 +153,21 @@ CVSSv1_B = DecisionPointGroup( name="CVSS", - version="1.0", + version="1.0.0", description="CVSS v1 decision points", decision_points=tuple(_BASE_1), ) CVSSv1_BT = DecisionPointGroup( name="CVSS", - version="1.0", + version="1.0.0", description="CVSS v1 decision points", decision_points=tuple(_BASE_1 + _TEMPORAL_1), ) CVSSv1_BTE = DecisionPointGroup( name="CVSS", - version="1.0", + version="1.0.0", description="CVSS v1 decision points", decision_points=tuple(_BASE_1 + _TEMPORAL_1 + _ENVIRONMENTAL_1), ) @@ -200,21 +200,21 @@ CVSSv2_B = DecisionPointGroup( name="CVSS Version 2 Base Metrics", description="Base metrics for CVSS v2", - version="2.0", + version="2.0.0", decision_points=tuple(_BASE_2), ) CVSSv2_BT = DecisionPointGroup( name="CVSS Version 2 Base and Temporal Metrics", description="Base and Temporal metrics for CVSS v2", - version="2.0", + version="2.0.0", decision_points=tuple(_BASE_2 + _TEMPORAL_2), ) CVSSv2_BTE = DecisionPointGroup( name="CVSS Version 2 Base, Temporal, and Environmental Metrics", description="Base, Temporal, and Environmental metrics for CVSS v2", - version="2.0", + version="2.0.0", decision_points=tuple(_BASE_2 + _TEMPORAL_2 + _ENVIRONMENTAL_2), ) @@ -249,21 +249,21 @@ CVSSv3_B = DecisionPointGroup( name="CVSS Version 3 Base Metrics", description="Base metrics for CVSS v3", - version="3.0", + version="3.0.0", decision_points=tuple(_BASE_3), ) CVSSv3_BT = DecisionPointGroup( name="CVSS Version 3 Base and Temporal Metrics", description="Base and Temporal metrics for CVSS v3", - version="3.0", + version="3.0.0", decision_points=tuple(_BASE_3 + _TEMPORAL_3), ) CVSSv3_BTE = DecisionPointGroup( name="CVSS Version 3 Base, Temporal, and Environmental Metrics", description="Base, Temporal, and Environmental metrics for CVSS v3", - version="3.0", + version="3.0.0", decision_points=tuple(_BASE_3 + _TEMPORAL_3 + _ENVIRONMENTAL_3), ) @@ -313,7 +313,7 @@ CVSSv4_B = DecisionPointGroup( name="CVSSv4 Base Metrics", description="Base metrics for CVSS v4", - version="1.0.0", + version="4.0.0", decision_points=tuple(_BASE_4), ) @@ -321,7 +321,7 @@ CVSSv4_BE = DecisionPointGroup( name="CVSSv4 Base and Environmental Metrics", description="Base and Environmental metrics for CVSS v4", - version="1.0.0", + version="4.0.0", decision_points=tuple(_BASE_4 + _ENVIRONMENTAL_4), ) @@ -329,7 +329,7 @@ CVSSv4_BT = DecisionPointGroup( name="CVSSv4 Base and Threat Metrics", description="Base and Threat metrics for CVSS v4", - version="1.0.0", + version="4.0.0", decision_points=tuple(_BASE_4 + _THREAT_4), ) @@ -337,21 +337,21 @@ CVSSv4_BTE = DecisionPointGroup( name="CVSSv4 Base, Threat, and Environmental Metrics", description="Base, Threat, and Environmental metrics for CVSS v4", - version="1.0.0", + version="4.0.0", decision_points=tuple(_BASE_4 + _THREAT_4 + _ENVIRONMENTAL_4), ) CVSSv4 = DecisionPointGroup( name="CVSSv4", description="All decision points for CVSS v4 (including supplemental metrics)", - version="1.0.0", + version="4.0.0", decision_points=tuple(_BASE_4 + _THREAT_4 + _ENVIRONMENTAL_4 + _SUPPLEMENTAL_4), ) CVSSv4_Equivalence_Sets = DecisionPointGroup( name="CVSSv4 EQ Sets", description="Equivalence Sets for CVSS v4", - version="1.0.0", + version="4.0.0", decision_points=( EQ1, EQ2, diff --git a/src/test/decision_points/test_cvss_helpers.py b/src/test/decision_points/test_cvss_helpers.py index dc662dee..73dcad86 100644 --- a/src/test/decision_points/test_cvss_helpers.py +++ b/src/test/decision_points/test_cvss_helpers.py @@ -65,7 +65,7 @@ def setUp(self) -> None: dp = CvssDecisionPoint( name=f"test_{i}", description=f"test_{i}", - version="1.0", + version="1.0.0", key=f"TDP{i}", values=( DecisionPointValue( From de1a38bca85e650f078eb8a8dcddc89999388f29 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 15 Jul 2025 14:21:26 -0400 Subject: [PATCH 108/468] add id property to decision points namespace:key:version is sufficient to uniquely identify any Decision Point --- src/ssvc/decision_points/base.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index 69e42d96..57b989f6 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -187,6 +187,10 @@ class DecisionPoint( def __str__(self): return FIELD_DELIMITER.join([self.namespace, self.key, self.version]) + @property + def id(self): + return ":".join([self.namespace, self.key, self.version]) + @property def str(self) -> str: """ From 0d7b1c2b890a6fa6553500ab162136cfabcbd66f Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 15 Jul 2025 14:21:45 -0400 Subject: [PATCH 109/468] add minimal selection object for data exchange --- src/ssvc/selection.py | 132 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 src/ssvc/selection.py diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py new file mode 100644 index 00000000..40979510 --- /dev/null +++ b/src/ssvc/selection.py @@ -0,0 +1,132 @@ +#!/usr/bin/env python +""" +Provides an SSVC selection object and functions to faciliate transition from an SSVC decision point to a selection. +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from datetime import datetime +from typing import Optional + +from pydantic import BaseModel, Field + +from ssvc._mixins import VersionField +from ssvc.decision_points.base import DecisionPoint + + +class MinimalSelection(BaseModel): + """ + A minimal selection object that contains the decision point ID and the selected options. + This is used to transition from an SSVC decision point to a selection. + """ + + decision_point_id: str = Field( + ..., + description="The ID (namespace:key:version) of the decision point from which the selection was made.", + ) + namespace: str = Field( + ..., + description="The namespace of the decision point.", + examples="ssvc, cisa, x_private, etc.", + min_length=3, + ) + key: str = Field( + ..., + description="The decision point key.", + examples="E, A, MI, PSI, etc.", + min_length=1, + ) + version: VersionField + + selection: list[str] = Field( + ..., + description="A list of selected values keys from the decision point values.", + min_length=1, + ) + + +class MinimalSelectionList(BaseModel): + """ + A list of minimal selection objects. + This is used to hold multiple selections made from different decision points. + """ + + vulnerability_id: Optional[str] = Field( + default=None, + description="Optional vulnerability ID associated with the selections.", + examples="CVE-2025-0000, VU#999999, GHSA-0123-4567-89ab, etc.", + ) + selections: list[MinimalSelection] = Field( + default_factory=list, + description="List of minimal selections made from decision points.", + ) + timestamp: Optional[datetime] = Field( + default=None, description="Timestamp of when the selections were made." + ) + + def add_selection(self, selection: MinimalSelection) -> None: + """ + Adds a minimal selection to the list. + + Args: + selection (MinimalSelection): The minimal selection to add. + """ + self.selections.append(selection) + + +def selection_from_decision_point(decision_point: DecisionPoint) -> MinimalSelection: + """ + Converts a decision point to a minimal selection object. + + Args: + decision_point (DecisionPoint): The decision point to convert. + + Returns: + MinimalSelection: The resulting minimal selection object. + """ + data = { + "decision_point_id": decision_point.id, + "namespace": decision_point.namespace, + "key": decision_point.key, + "version": decision_point.version, + "selection": [val.key for val in decision_point.values], + } + + return MinimalSelection(**data) + + +def main(): + from ssvc.decision_points.ssvc.automatable import LATEST as dp1 + from ssvc.decision_points.ssvc.safety_impact import LATEST as dp2 + import json + + selections = MinimalSelectionList() + selections.add_selection(selection_from_decision_point(dp1)) + selections.add_selection(selection_from_decision_point(dp2)) + selections.timestamp = datetime.now() + + print(selections.model_dump_json(indent=2, exclude_none=True)) + + print("# Schema for MinimalSelectionList") + schema = MinimalSelection.model_json_schema() + print(json.dumps(schema, indent=2)) + + +if __name__ == "__main__": + main() From 1a4bd124dc971879ccd6ed35c8bcd516aaf22ef0 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 15 Jul 2025 14:54:10 -0400 Subject: [PATCH 110/468] add new version of decision point value selection schema --- ...on_Point_Value_Selection-2-0-0.schema.json | 111 ++++++++++++++++++ src/ssvc/selection.py | 29 ++++- 2 files changed, 135 insertions(+), 5 deletions(-) create mode 100644 data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json new file mode 100644 index 00000000..69bbda43 --- /dev/null +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -0,0 +1,111 @@ +{ + "$defs": { + "MinimalSelection": { + "description": "A minimal selection object that contains the decision point ID and the selected options.\nThis is used to transition from an SSVC decision point to a selection.", + "properties": { + "decision_point_id": { + "description": "The ID (namespace:key:version) of the decision point from which the selection was made.", + "title": "Decision Point Id", + "type": "string" + }, + "namespace": { + "description": "The namespace of the decision point.", + "examples": "ssvc, cisa, x_private, etc.", + "minLength": 3, + "title": "Namespace", + "type": "string" + }, + "key": { + "description": "The decision point key.", + "examples": "E, A, MI, PSI, etc.", + "minLength": 1, + "title": "Key", + "type": "string" + }, + "version": { + "default": "0.0.0", + "description": "The version of the SSVC object. This should be a valid semantic version string.", + "examples": [ + "1.0.0", + "2.1.3" + ], + "minLength": 5, + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "title": "Version", + "type": "string" + }, + "values": { + "description": "A list of selected values keys from the decision point values.", + "items": { + "type": "string" + }, + "minItems": 1, + "title": "Values", + "type": "array" + } + }, + "required": [ + "decision_point_id", + "namespace", + "key", + "values" + ], + "title": "MinimalSelection", + "type": "object" + } + }, + "description": [ + "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available." + ], + "properties": { + "schemaVersion": { + "default": "2.0.0", + "description": "The schema version of this selection list.", + "title": "Schemaversion", + "type": "string" + }, + "vulnerability_id": { + "anyOf": [ + { + "type": "string" + }, + { + "type": "null" + } + ], + "default": null, + "description": "Optional vulnerability ID associated with the selections.", + "examples": "CVE-2025-0000, VU#999999, GHSA-0123-4567-89ab, etc.", + "title": "Vulnerability Id" + }, + "selections": { + "description": "List of minimal selections made from decision points.", + "items": { + "$ref": "#/$defs/MinimalSelection" + }, + "title": "Selections", + "type": "array" + }, + "timestamp": { + "anyOf": [ + { + "format": "date-time", + "type": "string" + }, + { + "type": "null" + } + ], + "default": null, + "description": "Timestamp of when the selections were made.", + "title": "Timestamp" + } + }, + "type": "object", + "$schema": [ + "https://json-schema.org/draft/2020-12/schema" + ], + "$id": [ + "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json" + ] +} \ No newline at end of file diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 40979510..28ef98a8 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -54,7 +54,7 @@ class MinimalSelection(BaseModel): ) version: VersionField - selection: list[str] = Field( + values: list[str] = Field( ..., description="A list of selected values keys from the decision point values.", min_length=1, @@ -63,10 +63,13 @@ class MinimalSelection(BaseModel): class MinimalSelectionList(BaseModel): """ - A list of minimal selection objects. - This is used to hold multiple selections made from different decision points. + A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability evaluation. """ + schemaVersion: str = Field( + "2.0.0", description="The schema version of this selection list." + ) + vulnerability_id: Optional[str] = Field( default=None, description="Optional vulnerability ID associated with the selections.", @@ -105,7 +108,7 @@ def selection_from_decision_point(decision_point: DecisionPoint) -> MinimalSelec "namespace": decision_point.namespace, "key": decision_point.key, "version": decision_point.version, - "selection": [val.key for val in decision_point.values], + "values": [val.key for val in decision_point.values], } return MinimalSelection(**data) @@ -124,9 +127,25 @@ def main(): print(selections.model_dump_json(indent=2, exclude_none=True)) print("# Schema for MinimalSelectionList") - schema = MinimalSelection.model_json_schema() + schema = MinimalSelectionList.model_json_schema() + + # add schema extras + schema.pop("title") + schema["$schema"] = ("https://json-schema.org/draft/2020-12/schema",) + schema["$id"] = ( + "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json", + ) + schema["description"] = ( + "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available.", + ) + print(json.dumps(schema, indent=2)) + with open( + "../../data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json", "w" + ) as f: + json.dump(schema, f, indent=2) + if __name__ == "__main__": main() From 6813909490058bd55b18eb7759e90f5d2bee836a Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 15 Jul 2025 14:55:15 -0400 Subject: [PATCH 111/468] add new version of decision point value selection schema --- data/schema/current/Decision_Point_Value_Selection.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/schema/current/Decision_Point_Value_Selection.schema.json b/data/schema/current/Decision_Point_Value_Selection.schema.json index b708b5d7..4aed9da4 120000 --- a/data/schema/current/Decision_Point_Value_Selection.schema.json +++ b/data/schema/current/Decision_Point_Value_Selection.schema.json @@ -1 +1 @@ -../v1/Decision_Point_Value_Selection-1-0-1.schema.json \ No newline at end of file +../v2/Decision_Point_Value_Selection-2-0-0.schema.json \ No newline at end of file From cc9874a125213fcb15462a17a7dae72725322652 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 15 Jul 2025 16:10:00 -0400 Subject: [PATCH 112/468] make examples into lists --- ...on_Point_Value_Selection-2-0-0.schema.json | 20 +++++++++++++++---- src/ssvc/selection.py | 6 +++--- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index 69bbda43..b419b050 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -10,20 +10,28 @@ }, "namespace": { "description": "The namespace of the decision point.", - "examples": "ssvc, cisa, x_private, etc.", + "examples": [ + "ssvc", + "cisa", + "certcc" + ], "minLength": 3, "title": "Namespace", "type": "string" }, "key": { "description": "The decision point key.", - "examples": "E, A, MI, PSI, etc.", + "examples": [ + "E", + "A", + "MI", + "PSI" + ], "minLength": 1, "title": "Key", "type": "string" }, "version": { - "default": "0.0.0", "description": "The version of the SSVC object. This should be a valid semantic version string.", "examples": [ "1.0.0", @@ -75,7 +83,11 @@ ], "default": null, "description": "Optional vulnerability ID associated with the selections.", - "examples": "CVE-2025-0000, VU#999999, GHSA-0123-4567-89ab, etc.", + "examples": [ + "CVE-2025-0000", + "VU#999999", + "GHSA-0123-4567-89ab" + ], "title": "Vulnerability Id" }, "selections": { diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 28ef98a8..b33d5464 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -43,13 +43,13 @@ class MinimalSelection(BaseModel): namespace: str = Field( ..., description="The namespace of the decision point.", - examples="ssvc, cisa, x_private, etc.", + examples=["ssvc", "cisa", "certcc"], min_length=3, ) key: str = Field( ..., description="The decision point key.", - examples="E, A, MI, PSI, etc.", + examples=["E", "A", "MI", "PSI"], min_length=1, ) version: VersionField @@ -73,7 +73,7 @@ class MinimalSelectionList(BaseModel): vulnerability_id: Optional[str] = Field( default=None, description="Optional vulnerability ID associated with the selections.", - examples="CVE-2025-0000, VU#999999, GHSA-0123-4567-89ab, etc.", + examples=["CVE-2025-0000", "VU#999999", "GHSA-0123-4567-89ab"], ) selections: list[MinimalSelection] = Field( default_factory=list, From 3842cf78cbcfb57ecd398d8dc1dfe2fb10e8a44d Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 15 Jul 2025 16:11:15 -0400 Subject: [PATCH 113/468] fix some formatting --- ...on_Point_Value_Selection-2-0-0.schema.json | 12 +++------ src/ssvc/selection.py | 25 +++++++++++++------ 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index b419b050..28a274ef 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -62,9 +62,7 @@ "type": "object" } }, - "description": [ - "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available." - ], + "description": "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available.", "properties": { "schemaVersion": { "default": "2.0.0", @@ -114,10 +112,6 @@ } }, "type": "object", - "$schema": [ - "https://json-schema.org/draft/2020-12/schema" - ], - "$id": [ - "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json" - ] + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json" } \ No newline at end of file diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index b33d5464..49be1dfa 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -1,6 +1,6 @@ #!/usr/bin/env python """ -Provides an SSVC selection object and functions to faciliate transition from an SSVC decision point to a selection. +Provides an SSVC selection object and functions to facilitate transition from an SSVC decision point to a selection. """ # Copyright (c) 2025 Carnegie Mellon University. # NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE @@ -114,7 +114,13 @@ def selection_from_decision_point(decision_point: DecisionPoint) -> MinimalSelec return MinimalSelection(**data) -def main(): +def main() -> None: + """ + Prints example selections and their schema in JSON format. + + Returns: + None + """ from ssvc.decision_points.ssvc.automatable import LATEST as dp1 from ssvc.decision_points.ssvc.safety_impact import LATEST as dp2 import json @@ -131,19 +137,22 @@ def main(): # add schema extras schema.pop("title") - schema["$schema"] = ("https://json-schema.org/draft/2020-12/schema",) + schema["$schema"] = "https://json-schema.org/draft/2020-12/schema" schema["$id"] = ( - "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json", + "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json" ) schema["description"] = ( - "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available.", + "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available." ) print(json.dumps(schema, indent=2)) - with open( - "../../data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json", "w" - ) as f: + schema_path = ( + "../../data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json" + ) + + with open(schema_path, "w") as f: + print(f"Writing schema to {schema_path}") json.dump(schema, f, indent=2) From 0031210e52ced6e3a14148baee82ac400a66a97d Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 15 Jul 2025 16:13:36 -0400 Subject: [PATCH 114/468] remove default from VersionField annotation --- .../schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json | 1 + src/ssvc/_mixins.py | 3 +-- src/ssvc/selection.py | 1 - 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index 28a274ef..53fb63eb 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -56,6 +56,7 @@ "decision_point_id", "namespace", "key", + "version", "values" ], "title": "MinimalSelection", diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index a3647b7b..30c82528 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -32,7 +32,6 @@ VersionField = Annotated[ str, Field( - default="0.0.0", description="The version of the SSVC object. This should be a valid semantic version string.", examples=["1.0.0", "2.1.3"], pattern=r"^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$", @@ -46,7 +45,7 @@ class _Versioned(BaseModel): Mixin class for versioned SSVC objects. """ - version: VersionField + version: VersionField = Field(default="0.0.0") @field_validator("version") @classmethod diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 49be1dfa..b6a08121 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -53,7 +53,6 @@ class MinimalSelection(BaseModel): min_length=1, ) version: VersionField - values: list[str] = Field( ..., description="A list of selected values keys from the decision point values.", From be0839844cd1d0374fff167b8c27551075fd99fa Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 15 Jul 2025 16:15:15 -0400 Subject: [PATCH 115/468] we don't need a decision point id field separately, it's derivable from the other key-value pairs --- .../v2/Decision_Point_Value_Selection-2-0-0.schema.json | 6 ------ src/ssvc/selection.py | 5 ----- 2 files changed, 11 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index 53fb63eb..e0edc0ed 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -3,11 +3,6 @@ "MinimalSelection": { "description": "A minimal selection object that contains the decision point ID and the selected options.\nThis is used to transition from an SSVC decision point to a selection.", "properties": { - "decision_point_id": { - "description": "The ID (namespace:key:version) of the decision point from which the selection was made.", - "title": "Decision Point Id", - "type": "string" - }, "namespace": { "description": "The namespace of the decision point.", "examples": [ @@ -53,7 +48,6 @@ } }, "required": [ - "decision_point_id", "namespace", "key", "version", diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index b6a08121..c91da537 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -36,10 +36,6 @@ class MinimalSelection(BaseModel): This is used to transition from an SSVC decision point to a selection. """ - decision_point_id: str = Field( - ..., - description="The ID (namespace:key:version) of the decision point from which the selection was made.", - ) namespace: str = Field( ..., description="The namespace of the decision point.", @@ -103,7 +99,6 @@ def selection_from_decision_point(decision_point: DecisionPoint) -> MinimalSelec MinimalSelection: The resulting minimal selection object. """ data = { - "decision_point_id": decision_point.id, "namespace": decision_point.namespace, "key": decision_point.key, "version": decision_point.version, From 4f4cde0409fcb3173bb0d0a5a6a788daa7906aac Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 15 Jul 2025 16:34:09 -0400 Subject: [PATCH 116/468] more clean up --- ...on_Point_Value_Selection-2-0-0.schema.json | 31 ++++++++++++++++--- src/ssvc/selection.py | 31 +++++++++++++------ 2 files changed, 47 insertions(+), 15 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index e0edc0ed..ada58a1f 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -38,7 +38,18 @@ "type": "string" }, "values": { - "description": "A list of selected values keys from the decision point values.", + "description": "A list of selected value keys from the decision point values.", + "examples": [ + [ + "N", + "Y" + ], + [ + "A", + "B", + "C" + ] + ], "items": { "type": "string" }, @@ -60,7 +71,7 @@ "description": "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available.", "properties": { "schemaVersion": { - "default": "2.0.0", + "const": "2.0.0", "description": "The schema version of this selection list.", "title": "Schemaversion", "type": "string" @@ -68,6 +79,7 @@ "vulnerability_id": { "anyOf": [ { + "minLength": 1, "type": "string" }, { @@ -88,6 +100,7 @@ "items": { "$ref": "#/$defs/MinimalSelection" }, + "minItems": 1, "title": "Selections", "type": "array" }, @@ -101,12 +114,20 @@ "type": "null" } ], - "default": null, - "description": "Timestamp of when the selections were made.", + "description": "Timestamp of when the selections were made, in ISO 8601 format.", + "examples": [ + "2025-01-01T12:00:00Z", + "2025-01-02T15:30:45Z" + ], "title": "Timestamp" } }, + "required": [ + "schemaVersion", + "selections", + "timestamp" + ], "type": "object", "$schema": "https://json-schema.org/draft/2020-12/schema", - "$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json" + "$id": "https://certcc.github.io/SSVC/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json" } \ No newline at end of file diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index c91da537..469c973e 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -22,7 +22,7 @@ # DM24-0278 from datetime import datetime -from typing import Optional +from typing import Literal, Optional from pydantic import BaseModel, Field @@ -51,8 +51,12 @@ class MinimalSelection(BaseModel): version: VersionField values: list[str] = Field( ..., - description="A list of selected values keys from the decision point values.", + description="A list of selected value keys from the decision point values.", min_length=1, + examples=[ + ["N", "Y"], + ["A", "B", "C"], + ], # Example values ) @@ -61,21 +65,26 @@ class MinimalSelectionList(BaseModel): A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability evaluation. """ - schemaVersion: str = Field( - "2.0.0", description="The schema version of this selection list." + schemaVersion: Literal["2.0.0"] = Field( + ..., + description="The schema version of this selection list.", ) vulnerability_id: Optional[str] = Field( default=None, description="Optional vulnerability ID associated with the selections.", examples=["CVE-2025-0000", "VU#999999", "GHSA-0123-4567-89ab"], + min_length=1, ) selections: list[MinimalSelection] = Field( - default_factory=list, + ..., description="List of minimal selections made from decision points.", + min_length=1, ) timestamp: Optional[datetime] = Field( - default=None, description="Timestamp of when the selections were made." + ..., + description="Timestamp of when the selections were made, in ISO 8601 format.", + examples=["2025-01-01T12:00:00Z", "2025-01-02T15:30:45Z"], ) def add_selection(self, selection: MinimalSelection) -> None: @@ -119,9 +128,11 @@ def main() -> None: from ssvc.decision_points.ssvc.safety_impact import LATEST as dp2 import json - selections = MinimalSelectionList() - selections.add_selection(selection_from_decision_point(dp1)) - selections.add_selection(selection_from_decision_point(dp2)) + a1 = selection_from_decision_point(dp1) + a2 = selection_from_decision_point(dp2) + selections = MinimalSelectionList( + schemaVersion="2.0.0", selections=[a1, a2], timestamp=datetime.now() + ) selections.timestamp = datetime.now() print(selections.model_dump_json(indent=2, exclude_none=True)) @@ -133,7 +144,7 @@ def main() -> None: schema.pop("title") schema["$schema"] = "https://json-schema.org/draft/2020-12/schema" schema["$id"] = ( - "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json" + "https://certcc.github.io/SSVC/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json" ) schema["description"] = ( "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available." From b48d444998de1c3f30fea39ed6ad976bf8ec9d2a Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 15 Jul 2025 16:34:09 -0400 Subject: [PATCH 117/468] more clean up --- ...on_Point_Value_Selection-2-0-0.schema.json | 30 +++++++++++++--- src/ssvc/selection.py | 34 +++++++++++++------ 2 files changed, 50 insertions(+), 14 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index e0edc0ed..ef75dd52 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -38,7 +38,18 @@ "type": "string" }, "values": { - "description": "A list of selected values keys from the decision point values.", + "description": "A list of selected value keys from the decision point values.", + "examples": [ + [ + "N", + "Y" + ], + [ + "A", + "B", + "C" + ] + ], "items": { "type": "string" }, @@ -60,6 +71,7 @@ "description": "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available.", "properties": { "schemaVersion": { + "const": "2.0.0", "default": "2.0.0", "description": "The schema version of this selection list.", "title": "Schemaversion", @@ -68,6 +80,7 @@ "vulnerability_id": { "anyOf": [ { + "minLength": 1, "type": "string" }, { @@ -88,6 +101,7 @@ "items": { "$ref": "#/$defs/MinimalSelection" }, + "minItems": 1, "title": "Selections", "type": "array" }, @@ -101,12 +115,20 @@ "type": "null" } ], - "default": null, - "description": "Timestamp of when the selections were made.", + "description": "Timestamp of when the selections were made, in ISO 8601 format.", + "examples": [ + "2025-01-01T12:00:00Z", + "2025-01-02T15:30:45Z" + ], "title": "Timestamp" } }, + "required": [ + "schemaVersion", + "selections", + "timestamp" + ], "type": "object", "$schema": "https://json-schema.org/draft/2020-12/schema", - "$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json" + "$id": "https://certcc.github.io/SSVC/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json" } \ No newline at end of file diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index c91da537..2ea3f6ef 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -22,7 +22,7 @@ # DM24-0278 from datetime import datetime -from typing import Optional +from typing import Literal, Optional from pydantic import BaseModel, Field @@ -51,8 +51,12 @@ class MinimalSelection(BaseModel): version: VersionField values: list[str] = Field( ..., - description="A list of selected values keys from the decision point values.", + description="A list of selected value keys from the decision point values.", min_length=1, + examples=[ + ["N", "Y"], + ["A", "B", "C"], + ], # Example values ) @@ -61,21 +65,26 @@ class MinimalSelectionList(BaseModel): A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability evaluation. """ - schemaVersion: str = Field( - "2.0.0", description="The schema version of this selection list." + schemaVersion: Literal["2.0.0"] = Field( + default="2.0.0", + description="The schema version of this selection list.", ) vulnerability_id: Optional[str] = Field( default=None, description="Optional vulnerability ID associated with the selections.", examples=["CVE-2025-0000", "VU#999999", "GHSA-0123-4567-89ab"], + min_length=1, ) selections: list[MinimalSelection] = Field( - default_factory=list, + ..., description="List of minimal selections made from decision points.", + min_length=1, ) timestamp: Optional[datetime] = Field( - default=None, description="Timestamp of when the selections were made." + ..., + description="Timestamp of when the selections were made, in ISO 8601 format.", + examples=["2025-01-01T12:00:00Z", "2025-01-02T15:30:45Z"], ) def add_selection(self, selection: MinimalSelection) -> None: @@ -119,9 +128,11 @@ def main() -> None: from ssvc.decision_points.ssvc.safety_impact import LATEST as dp2 import json - selections = MinimalSelectionList() - selections.add_selection(selection_from_decision_point(dp1)) - selections.add_selection(selection_from_decision_point(dp2)) + a1 = selection_from_decision_point(dp1) + a2 = selection_from_decision_point(dp2) + selections = MinimalSelectionList( + schemaVersion="2.0.0", selections=[a1, a2], timestamp=datetime.now() + ) selections.timestamp = datetime.now() print(selections.model_dump_json(indent=2, exclude_none=True)) @@ -133,11 +144,14 @@ def main() -> None: schema.pop("title") schema["$schema"] = "https://json-schema.org/draft/2020-12/schema" schema["$id"] = ( - "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Value_Selection-1-0-1.schema.json" + "https://certcc.github.io/SSVC/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json" ) schema["description"] = ( "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available." ) + # force the schema version to be included in the required fields + # even though we set a default value + schema["required"].insert(0, "schemaVersion") print(json.dumps(schema, indent=2)) From 82947e2dad79d6cc6af33e2d3fed5c4dab7a5aa8 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 15 Jul 2025 16:45:30 -0400 Subject: [PATCH 118/468] we don't need decision point id --- src/ssvc/decision_points/base.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index 57b989f6..69e42d96 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -187,10 +187,6 @@ class DecisionPoint( def __str__(self): return FIELD_DELIMITER.join([self.namespace, self.key, self.version]) - @property - def id(self): - return ":".join([self.namespace, self.key, self.version]) - @property def str(self) -> str: """ From 4b64e6b97c323e1c3fe7bd33adb83f9a9c1fc3e2 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 16 Jul 2025 10:17:06 -0400 Subject: [PATCH 119/468] refactor schema version to variable --- src/ssvc/selection.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 2ea3f6ef..07c51a82 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -29,6 +29,8 @@ from ssvc._mixins import VersionField from ssvc.decision_points.base import DecisionPoint +SCHEMA_VERSION = "2.0.0" + class MinimalSelection(BaseModel): """ @@ -65,8 +67,8 @@ class MinimalSelectionList(BaseModel): A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability evaluation. """ - schemaVersion: Literal["2.0.0"] = Field( - default="2.0.0", + schemaVersion: Literal[SCHEMA_VERSION] = Field( + default=SCHEMA_VERSION, description="The schema version of this selection list.", ) From 7c6c2a17c5b1b43fb3f6fca04e217a13357ad32b Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 16 Jul 2025 10:19:43 -0400 Subject: [PATCH 120/468] compute path relative to module location --- src/ssvc/selection.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 07c51a82..7ae3dfb7 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -157,9 +157,15 @@ def main() -> None: print(json.dumps(schema, indent=2)) + # find local path to this file + import os + + current_dir = os.path.dirname(os.path.abspath(__file__)) + # construct the path to the schema file schema_path = ( "../../data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json" ) + schema_path = os.path.abspath(os.path.join(current_dir, schema_path)) with open(schema_path, "w") as f: print(f"Writing schema to {schema_path}") From 3b73b3d559abec430bff9edeed53fa2b7d6a40f3 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 16 Jul 2025 10:25:51 -0400 Subject: [PATCH 121/468] fix some redundancy based on copilot PR review --- .../v2/Decision_Point_Value_Selection-2-0-0.schema.json | 2 +- src/ssvc/selection.py | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index ef75dd52..ff898f56 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -118,7 +118,7 @@ "description": "Timestamp of when the selections were made, in ISO 8601 format.", "examples": [ "2025-01-01T12:00:00Z", - "2025-01-02T15:30:45Z" + "2025-01-02T15:30:45-04:00" ], "title": "Timestamp" } diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 7ae3dfb7..dbebba7b 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -86,7 +86,7 @@ class MinimalSelectionList(BaseModel): timestamp: Optional[datetime] = Field( ..., description="Timestamp of when the selections were made, in ISO 8601 format.", - examples=["2025-01-01T12:00:00Z", "2025-01-02T15:30:45Z"], + examples=["2025-01-01T12:00:00Z", "2025-01-02T15:30:45-04:00"], ) def add_selection(self, selection: MinimalSelection) -> None: @@ -133,9 +133,8 @@ def main() -> None: a1 = selection_from_decision_point(dp1) a2 = selection_from_decision_point(dp2) selections = MinimalSelectionList( - schemaVersion="2.0.0", selections=[a1, a2], timestamp=datetime.now() + schemaVersion=SCHEMA_VERSION, selections=[a1, a2], timestamp=datetime.now() ) - selections.timestamp = datetime.now() print(selections.model_dump_json(indent=2, exclude_none=True)) From 36240545528612941ca4d001a6ec6b1502738933 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 16 Jul 2025 11:49:33 -0400 Subject: [PATCH 122/468] refactor namespace and version specifications for modularity --- src/ssvc/_mixins.py | 9 ++++--- src/ssvc/namespaces.py | 60 +++++++++++++++++++++++++++++------------ src/test/test_mixins.py | 6 ++--- 3 files changed, 52 insertions(+), 23 deletions(-) diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index 30c82528..b8c69d94 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -27,14 +27,17 @@ from semver import Version from ssvc import _schemaVersion -from ssvc.namespaces import NS_PATTERN, NameSpace +from ssvc.namespaces import NameSpace, NamespaceString + +VERSION_PATTERN = r"^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$" + VersionField = Annotated[ str, Field( description="The version of the SSVC object. This should be a valid semantic version string.", examples=["1.0.0", "2.1.3"], - pattern=r"^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$", + pattern=VERSION_PATTERN, min_length=5, ), ] @@ -80,7 +83,7 @@ class _Namespaced(BaseModel): # the field definition enforces the pattern for namespaces # additional validation is performed in the field_validator immediately after the pattern check - namespace: str = Field(pattern=NS_PATTERN, min_length=3, max_length=100) + namespace: NamespaceString @field_validator("namespace", mode="before") @classmethod diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 56cb3ee4..6ae3fc59 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -25,41 +25,67 @@ import re from enum import StrEnum, auto +from typing import Annotated + +from pydantic import Field X_PFX = "x_" """The prefix for extension namespaces. Extension namespaces must start with this prefix.""" +MIN_NS_LENGTH = 3 +MAX_NS_LENGTH = 1000 +NS_LENGTH_INTERVAL = MAX_NS_LENGTH - MIN_NS_LENGTH + +LENGTH_CHECK_PATTERN = rf"(?=.{{{MIN_NS_LENGTH},{MAX_NS_LENGTH}}}$)" +"""Ensures the string is between MIN_NS_LENGTH and MAX_NS_LENGTH characters long.""" + +PREFIX_CHECK_PATTERN = rf"(x_)?[a-z0-9]{{{MIN_NS_LENGTH}}}" +"""Ensures the string starts with an optional prefix followed by at least 3 alphanumeric characters.""" + +REMAINDER_CHECK_PATTERN = rf"([/.-]?[a-z0-9]+){{0,{NS_LENGTH_INTERVAL}}}$" +"""Ensures that the string contains only lowercase alphanumeric characters and limited punctuation characters (`/`, `.`, `-`),""" + + # pattern to match -# `(?=.{3,100}$)`: 3-25 characters long -# `^(x_)`: `x_` prefix is optional -# `[a-z0-9]{3,4}`: must start with 3-4 alphanumeric characters -# `[/.-]?`: only one punctuation character is allowed between alphanumeric characters -# `[a-z0-9]+`: at least one alphanumeric character is required after the punctuation character -# `([/.-]?[a-z0-9]+){0,22}`: zero to 22 occurrences of the punctuation character followed by at least one alphanumeric character -# (note that the total limit will kick in at or before this point) -# `$`: end of the string -NS_PATTERN = re.compile(r"^(?=.{3,100}$)(x_)?[a-z0-9]{3}([/.-]?[a-z0-9]+){0,97}$") -"""The regular expression pattern for validating namespaces. - -Note: +# NOTE: be careful with this regex. We're using f-strings to insert the min and max lengths, so we need to ensure that +# literal { and } characters are escaped properly (doubled up) so they appear in as single braces in the final regex. +NS_PATTERN = re.compile( + rf"^{LENGTH_CHECK_PATTERN}{PREFIX_CHECK_PATTERN}{REMAINDER_CHECK_PATTERN}$" +) +f"""The regular expression pattern for validating namespaces. + +!!! note "Namespace Validation Rules" + Namespace values must - - be 3-25 characters long + - be {MIN_NS_LENGTH}-{MAX_NS_LENGTH} characters long - contain only lowercase alphanumeric characters and limited punctuation characters (`/`,`.` and `-`) - have only one punctuation character in a row - - start with 3-4 alphanumeric characters after the optional extension prefix + - start with 3 alphanumeric characters after the optional extension prefix - end with an alphanumeric character - See examples in the `NameSpace` enum. """ +NamespaceString = Annotated[ + str, + Field( + description="The namespace of the SSVC object.", + examples=["ssvc", "cisa", "x_private-test", "ssvc/de-DE/reference-arch-1"], + pattern=NS_PATTERN, + min_length=MIN_NS_LENGTH, + max_length=MAX_NS_LENGTH, + ), +] +"""A string datatype for namespace values, for use in Pydantic models.""" + class NameSpace(StrEnum): - """ + f""" Defines the official namespaces for SSVC. The namespace value must be one of the members of this enum or start with the prefix specified in X_PFX. - Namespaces must be 3-25 lowercase characters long and must start with 3-4 alphanumeric characters after the optional prefix. + Namespaces must be {MIN_NS_LENGTH}-{MAX_NS_LENGTH} lowercase characters long and must start with 3-4 + alphanumeric characters after the optional prefix. Limited punctuation characters (/.-) are allowed between alphanumeric characters, but only one at a time. Example: diff --git a/src/test/test_mixins.py b/src/test/test_mixins.py index c4724c1c..5f7b42a3 100644 --- a/src/test/test_mixins.py +++ b/src/test/test_mixins.py @@ -23,7 +23,7 @@ from pydantic import BaseModel, ValidationError from ssvc._mixins import _Base, _Keyed, _Namespaced, _Valued, _Versioned -from ssvc.namespaces import NameSpace +from ssvc.namespaces import MAX_NS_LENGTH, NameSpace class TestMixins(unittest.TestCase): @@ -92,12 +92,12 @@ def test_namespaced_create_errors(self): _Namespaced(namespace="x_") # error if namespace starts with x_ but is too long - for i in range(150): + for i in range(MAX_NS_LENGTH + 50): shortest = "x_aaa" ns = shortest + "a" * i with self.subTest(ns=ns): # length limit set in the NS_PATTERN regex - if len(ns) <= 100: + if len(ns) <= MAX_NS_LENGTH: # expect success on shorter than limit _Namespaced(namespace=ns) else: From f690df46560eb687cbaad134bfda07856c6d5825 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 16 Jul 2025 11:49:48 -0400 Subject: [PATCH 123/468] add unit tests --- src/ssvc/selection.py | 5 +- src/test/test_selections.py | 113 ++++++++++++++++++++++++++++++++++++ 2 files changed, 115 insertions(+), 3 deletions(-) create mode 100644 src/test/test_selections.py diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index dbebba7b..3495bb48 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -28,6 +28,7 @@ from ssvc._mixins import VersionField from ssvc.decision_points.base import DecisionPoint +from ssvc.namespaces import NamespaceString SCHEMA_VERSION = "2.0.0" @@ -38,11 +39,9 @@ class MinimalSelection(BaseModel): This is used to transition from an SSVC decision point to a selection. """ - namespace: str = Field( + namespace: NamespaceString = Field( ..., description="The namespace of the decision point.", - examples=["ssvc", "cisa", "certcc"], - min_length=3, ) key: str = Field( ..., diff --git a/src/test/test_selections.py b/src/test/test_selections.py new file mode 100644 index 00000000..d4d0bf59 --- /dev/null +++ b/src/test/test_selections.py @@ -0,0 +1,113 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest +from datetime import datetime + +from ssvc import selection +from ssvc._mixins import VERSION_PATTERN +from ssvc.namespaces import NS_PATTERN +from ssvc.selection import MinimalSelectionList + + +class MyTestCase(unittest.TestCase): + def setUp(self): + self.s1 = selection.MinimalSelection( + namespace="x_test-namespace", + key="test_key_1", + version="1.0.0", + values=["value11", "value12"], + ) + self.s2 = selection.MinimalSelection( + namespace="x_test-namespace", + key="test_key_2", + version="1.0.0", + values=["value21", "value22"], + ) + self.selections = MinimalSelectionList( + selections=[self.s1, self.s2], timestamp=datetime.now() + ) + + def test_minimal_selection_init(self): + required_attrs = [ + "namespace", + "key", + "version", + "values", + ] + for attr in required_attrs: + self.assertTrue(hasattr(self.s1, attr), f"Attribute {attr} is missing") + # namespace is a valid NamespaceString + self.assertIsInstance(self.s1.namespace, str) + self.assertRegex( + self.s1.namespace, + NS_PATTERN, + "Namespace does not match the required pattern", + ) + + # key is a string + self.assertIsInstance(self.s1.key, str) + self.assertGreater(len(self.s1.key), 0, "Key should not be empty") + # version is a valid VersionField + self.assertIsInstance(self.s1.version, str) + self.assertRegex( + self.s1.version, + VERSION_PATTERN, + "Version does not match the required pattern", + ) + + # values is list of strings + self.assertIsInstance(self.s1.values, list) + for value in self.s1.values: + self.assertIsInstance(value, str, f"Value {value} is not a string") + + def test_minimal_selection_list_init(self): + required_attrs = [ + "schemaVersion", + "selections", + "timestamp", + ] + for attr in required_attrs: + self.assertTrue( + hasattr(self.selections, attr), f"Attribute {attr} is missing" + ) + + # schemaVersion is a string + self.assertIsInstance(self.selections.schemaVersion, str) + self.assertEqual( + self.selections.schemaVersion, + selection.SCHEMA_VERSION, + "Schema version does not match the expected value", + ) + self.assertRegex(self.selections.schemaVersion, VERSION_PATTERN) + + # vulnerability_id is optional and can be None or a string + self.assertIsInstance(self.selections.vulnerability_id, (str, type(None))) + + # selections is a list of MinimalSelection objects + self.assertIsInstance(self.selections.selections, list) + for sel in self.selections.selections: + self.assertIsInstance(sel, selection.MinimalSelection) + + # timestamp is a datetime object + self.assertIsInstance(self.selections.timestamp, datetime) + + +if __name__ == "__main__": + unittest.main() From 405f9d2df42762658e29f66aef38a6b906b087f3 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 16 Jul 2025 11:54:41 -0400 Subject: [PATCH 124/468] add namespace pattern and update examples --- .../v2/Decision_Point_Value_Selection-2-0-0.schema.json | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index ff898f56..3efdb287 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -8,9 +8,12 @@ "examples": [ "ssvc", "cisa", - "certcc" + "x_private-test", + "ssvc/de-DE/reference-arch-1" ], + "maxLength": 1000, "minLength": 3, + "pattern": "^(?=.{3,1000}$)(x_)?[a-z0-9]{3}([/.-]?[a-z0-9]+){0,997}$$", "title": "Namespace", "type": "string" }, From 215113e94050a93ad4677f53a39deca83da1500c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Jul 2025 12:02:47 -0400 Subject: [PATCH 125/468] Bump pandas from 2.3.0 to 2.3.1 (#819) Bumps [pandas](https://github.com/pandas-dev/pandas) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/pandas-dev/pandas/releases) - [Commits](https://github.com/pandas-dev/pandas/compare/v2.3.0...v2.3.1) --- updated-dependencies: - dependency-name: pandas dependency-version: 2.3.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 249a6927..9e991667 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9,7 +9,7 @@ mkdocstrings-python==1.16.12 mkdocs-print-site-plugin==2.7.3 markdown-exec==1.11.0 thefuzz==0.22.1 -pandas==2.3.0 +pandas==2.3.1 scikit-learn==1.6.1 jsonschema==4.24.0 networkx==3.4.2 From 3993da4366d245b7edd9a53d38b033bd00cd687b Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 17 Jul 2025 12:20:06 -0400 Subject: [PATCH 126/468] work in progress commit. Not quite working yet --- src/ssvc/namespaces.py | 53 ++++-- src/ssvc/test/test_namespaces_pattern.py | 197 +++++++++++++++++++++++ 2 files changed, 238 insertions(+), 12 deletions(-) create mode 100644 src/ssvc/test/test_namespaces_pattern.py diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 6ae3fc59..93414dc7 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -36,21 +36,40 @@ MAX_NS_LENGTH = 1000 NS_LENGTH_INTERVAL = MAX_NS_LENGTH - MIN_NS_LENGTH + +# from https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html +BCP_47_PATTERN = r"(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])" + LENGTH_CHECK_PATTERN = rf"(?=.{{{MIN_NS_LENGTH},{MAX_NS_LENGTH}}}$)" """Ensures the string is between MIN_NS_LENGTH and MAX_NS_LENGTH characters long.""" -PREFIX_CHECK_PATTERN = rf"(x_)?[a-z0-9]{{{MIN_NS_LENGTH}}}" -"""Ensures the string starts with an optional prefix followed by at least 3 alphanumeric characters.""" +# Base namespace part (before any extensions) allows . and - with restrictions +BASE_PATTERN = ( + r"(?!.*[.-]{2,})" # no consecutive separators + r"[a-z][a-z0-9]{2,}" # first part starts with a letter, followed by one or more alphanumeric characters + r"(?:[.-][a-z0-9]+)*" # remaining parts can have alphanumeric characters and single . or - separators +) + +X_PFX = "x_" +EXPERIMENTAL_BASE = rf"{X_PFX}{BASE_PATTERN}" +BASE_NS_PATTERN = rf"({EXPERIMENTAL_BASE}|{BASE_PATTERN})" + +# Extension segment pattern (alphanumeric + limited punctuation, no consecutive punctuation, ends with alphanumeric) +EXT_SEGMENT_PATTERN = ( + r"(?!.*[.-]{2,})" # no consecutive separators + r"[a-zA-Z0-9]+" # first part starts with a letter, followed by one or more alphanumeric characters + r"(?:[.-][a-zA-Z0-9]+)*" # remaining parts can have alphanumeric characters and single ., -, / separators +) -REMAINDER_CHECK_PATTERN = rf"([/.-]?[a-z0-9]+){{0,{NS_LENGTH_INTERVAL}}}$" -"""Ensures that the string contains only lowercase alphanumeric characters and limited punctuation characters (`/`, `.`, `-`),""" +# Language extension pattern (BCP-47 or empty for //) +LANG_EXT_PATTERN = rf"(/({BCP_47_PATTERN})|/)" +# Subsequent extension segments +SUBSEQUENT_EXT_PATTERN = rf"(/{EXT_SEGMENT_PATTERN})*" -# pattern to match -# NOTE: be careful with this regex. We're using f-strings to insert the min and max lengths, so we need to ensure that -# literal { and } characters are escaped properly (doubled up) so they appear in as single braces in the final regex. +# Complete pattern with length validation NS_PATTERN = re.compile( - rf"^{LENGTH_CHECK_PATTERN}{PREFIX_CHECK_PATTERN}{REMAINDER_CHECK_PATTERN}$" + rf"^{LENGTH_CHECK_PATTERN}{BASE_NS_PATTERN}({LANG_EXT_PATTERN}{SUBSEQUENT_EXT_PATTERN})?$" ) f"""The regular expression pattern for validating namespaces. @@ -59,10 +78,20 @@ Namespace values must - be {MIN_NS_LENGTH}-{MAX_NS_LENGTH} characters long - - contain only lowercase alphanumeric characters and limited punctuation characters (`/`,`.` and `-`) - - have only one punctuation character in a row - - start with 3 alphanumeric characters after the optional extension prefix - - end with an alphanumeric character + - optionally start with the experimental/private prefix `{X_PFX}` + - after the optional experimental/private prefix, they must: + - start with a letter + - contain at least 3 alphanumeric characters (longer is permitted) + - contain only lowercase alphanumeric characters and limited punctuation characters (`.`, `-`) + - extensions are supported and optional, and are delineated by slashes (`/`) + - more than one extension segment is allowed, however: + - the first extension segment, if present, is reserved for a BCP-47 language tag, otherwise it must be empty + - if no BCP-47 tag is present, the first extension segment must be empty (i.e., `//`) + - double slashes (`//`) are *only* permitted in the *first segment* to indicate no BCP-47 tag + - beyond the first extension segment, subsequent segments must: + - contain only alphanumeric characters and limited punctuation characters (`.`, `-`) + - have only one punctuation character in a row (no double dashes or dots) + - end with an alphanumeric character """ diff --git a/src/ssvc/test/test_namespaces_pattern.py b/src/ssvc/test/test_namespaces_pattern.py new file mode 100644 index 00000000..fcb4b995 --- /dev/null +++ b/src/ssvc/test/test_namespaces_pattern.py @@ -0,0 +1,197 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import logging +import re +import unittest + +from ssvc.namespaces import ( + BASE_NS_PATTERN, + BASE_PATTERN, + LENGTH_CHECK_PATTERN, + MAX_NS_LENGTH, + MIN_NS_LENGTH, + NS_PATTERN, +) + +logger = logging.getLogger(__name__) + + +class TestNamespacePattern(unittest.TestCase): + def setUp(self): + self.expect_success = [ + "ssvc", + "cisa", + "custom", # not in enum, but valid for the pattern + "x_private-test", # valid namespace with dash + "x_custom", # valid namespace with x_ prefix + "x_custom.with.dots", # valid namespace with x_ prefix and dots + "abc", # not in enum, but valid for the pattern + "x_abc", # valid namespace with x_ prefix + "x_custom//extension", # double slash is okay when it's the first segment + "ssvc/de-DE/reference-arch-1", # valid BCP-47 tag with dashes + "x_test/pl-PL/foo/bar/baz/quux", # valid BCP-47 tag and multiple segments + ] + self.expect_fail = [ + "999", # invalid namespace, numeric only + "99xx", # invalid namespace, numeric prefix + "x__invalid", # invalid namespace, double underscore + "x_-invalid", # invalid namespace, dash after x_ + "x_.invalid", # invalid namespace, dash at end + "x_/foo", # invalid namespace, slash after x_, invalid BCP-47 tag + "x_//foo", # invalid namespace, double slash after x_ + "x_abc/invalid-bcp-47", # not a valid BCP-47 tag + "abc/invalid-bcp-47", # not in enum (but that's ok for the pattern), not a valid BCP-47 tag + "abc/invalid", # not in enum (but that's ok for the pattern), not a valid BCP-47 tag + "x_custom/extension", # not a valid BCP-47 tag + "x_test/not-bcp-47", # not a valid BCP-47 tag + "x_custom/extension/with/multiple/segments/" + + "a" * 990, # exceeds max length + "x_custom.extension.", # ends with punctuation + "x_custom..extension", # double dot + "x_custom/", # ends with slash + "x_custom/extension//", # double slash at end + "x_custom/extension/with//double/slash", # double slash in middle + "x_custom/extension/with..double.dot", # double dot in middle + "x_custom/extension/with--double-dash", # double dash in middle + "ab", # too short + "x_", # too short after prefix + ] + + def test_ns_pattern(self): + + self._test_successes_failures( + NS_PATTERN.pattern, self.expect_fail, self.expect_success + ) + + def test_base_pattern(self): + x_success = [ + "abc", + "contains.dot", + "contains-dash", + "contains-dash-and.dot", + ] + x_fail = [ + "a", # too short + "ab", # too short + "9abc", # starts with a number + "x_foo", # no x_ in base pattern + "contains..double.dot", # double dot + "contains--double-dash", # double dash + "contains_underscore", # underscore not allowed + "contains/slash", # slash not allowed + ".starts.with.dot", # starts with a dot + "-starts-with-dash", # starts with a dash + "/starts-with-slash", # starts with a slash + "_starts-with-underscore", # starts with an underscore + "ends-with-dot.", # ends with a dot + "ends-with-dash-", # ends with a dash + "ends-with-slash/", # ends with a slash + ] + self._test_successes_failures(BASE_PATTERN, x_fail, x_success) + + def test_experimental_base_pattern(self): + x_success = [ + "x_abc", + "x_custom", + "x_custom.with.dots", # dots are allowed in the base pattern + "x_custom-with-dashes", # dashes are allowed in the base pattern + ] + x_fail = [ + "9abc", # does not start with x_ + "x__invalid", # double underscore + "x_-invalid", # dash after x_ + "x_.invalid", # dash at end + "x_9abc", # starts with a number after x_ + "x_abc.", # ends with a dot + "x_abc-", # ends with a dash + "x_abc/", # ends with a slash + "x_/foo", # slashes aren't part of the base pattern + ] + self._test_successes_failures(BASE_NS_PATTERN, x_fail, x_success) + + def test_base_ns_pattern(self): + x_success = [ + "abc", + "x_abc", + "x_custom", + "x_custom.with.dots", # dots are allowed in the base pattern + "x_custom-with-dashes", # dashes are allowed in the base pattern + ] + x_fail = [ + "9abc", # starts with a number + "x__invalid", # double underscore + "x_-invalid", # dash after x_ + "x_.invalid", # dash at end + "x_9abc", # starts with a number after x_ + "x_abc.", # ends with a dot + "x_abc-", # ends with a dash + "x_abc/", # ends with a slash + "x_/foo", # slashes aren't part of the base pattern + ] + self._test_successes_failures(BASE_NS_PATTERN, x_fail, x_success) + + def _test_successes_failures( + self, pattern: str, x_fail: list[str], x_success: list[str] + ): + successes = [] + failures = [] + # if pattern is not anchored, anchor it + if not pattern.startswith("^"): + pattern = "^" + pattern + if not pattern.endswith("$"): + pattern = pattern + "$" + + for ns in x_success: + expected = f"Should match {ns}" + if re.match(pattern, ns) is None: + failures.append(expected) + else: + successes.append(expected) + for ns in x_fail: + expected = f"Should not match {ns}" + if re.match(pattern, ns) is not None: + failures.append(expected) + else: + successes.append(expected) + logger.debug(f"Successes: {successes}") + self.assertFalse(failures) + + def test_length_check_pattern(self): + """ + Test the length check pattern for namespaces. + The pattern should enforce a minimum and maximum length. + """ + min_length = MIN_NS_LENGTH + max_length = MAX_NS_LENGTH + + valid_ns = "x_valid_namespace" + too_short_ns = "x_v" + too_long_ns = "x_" + "a" * (max_length - 2) + + for i in range(0, MIN_NS_LENGTH): + # should fail for lengths less than MIN_NS_LENGTH + ns = "a" * i + self.assertIsNone( + re.match(LENGTH_CHECK_PATTERN, ns), f"Should not match: {ns}" + ) + + +if __name__ == "__main__": + unittest.main() From 494dbbd7193596cff4f3114fbe9a39006e71aa25 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 17 Jul 2025 15:23:42 -0400 Subject: [PATCH 127/468] updates namespace regex to fit test strings --- ...on_Point_Value_Selection-2-0-0.schema.json | 2 +- src/ssvc/namespaces.py | 68 +++++++++++-------- src/test/test_mixins.py | 2 +- src/test/test_namespaces.py | 5 +- .../test/test_namespaces_pattern.py | 1 + 5 files changed, 47 insertions(+), 31 deletions(-) rename src/{ssvc => }/test/test_namespaces_pattern.py (98%) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index 3efdb287..4a483cc4 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -13,7 +13,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(x_)?[a-z0-9]{3}([/.-]?[a-z0-9]+){0,997}$$", + "pattern": "^(?=.{3,1000}$)((x_(?!.*[.-]{2,})[a-z][a-z0-9]{2,}(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]{2,}(?:[.-][a-z0-9]+)*))((/((([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo]))/|//)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*)*)?$", "title": "Namespace", "type": "string" }, diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 93414dc7..3693c139 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -29,16 +29,13 @@ from pydantic import Field -X_PFX = "x_" -"""The prefix for extension namespaces. Extension namespaces must start with this prefix.""" - MIN_NS_LENGTH = 3 MAX_NS_LENGTH = 1000 NS_LENGTH_INTERVAL = MAX_NS_LENGTH - MIN_NS_LENGTH - # from https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html BCP_47_PATTERN = r"(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])" +"""A regular expression pattern for BCP-47 language tags.""" LENGTH_CHECK_PATTERN = rf"(?=.{{{MIN_NS_LENGTH},{MAX_NS_LENGTH}}}$)" """Ensures the string is between MIN_NS_LENGTH and MAX_NS_LENGTH characters long.""" @@ -46,52 +43,69 @@ # Base namespace part (before any extensions) allows . and - with restrictions BASE_PATTERN = ( r"(?!.*[.-]{2,})" # no consecutive separators - r"[a-z][a-z0-9]{2,}" # first part starts with a letter, followed by one or more alphanumeric characters + r"[a-z][a-z0-9]{2,}" # first part starts with a letter, followed by three or more alphanumeric characters r"(?:[.-][a-z0-9]+)*" # remaining parts can have alphanumeric characters and single . or - separators ) +"""The base pattern for namespaces, which must start with a letter and contain at least 3 alphanumeric characters.""" X_PFX = "x_" +"""The prefix for extension namespaces. Extension namespaces must start with this prefix.""" + EXPERIMENTAL_BASE = rf"{X_PFX}{BASE_PATTERN}" +f"""The base pattern for experimental namespaces, which must start with the {X_PFX} prefix, +followed by a string matching the base pattern.""" + BASE_NS_PATTERN = rf"({EXPERIMENTAL_BASE}|{BASE_PATTERN})" +"""The complete base namespace pattern, which allows for experimental namespaces.""" # Extension segment pattern (alphanumeric + limited punctuation, no consecutive punctuation, ends with alphanumeric) EXT_SEGMENT_PATTERN = ( r"(?!.*[.-]{2,})" # no consecutive separators - r"[a-zA-Z0-9]+" # first part starts with a letter, followed by one or more alphanumeric characters + r"[a-zA-Z][a-zA-Z0-9]*" # first part starts with a letter, followed by one or more alphanumeric characters r"(?:[.-][a-zA-Z0-9]+)*" # remaining parts can have alphanumeric characters and single ., -, / separators ) +"""The pattern for extension segments in namespaces, which must start with a letter and contain alphanumeric characters or +limited punctuation characters (., -), with no consecutive punctuation characters allowed.""" # Language extension pattern (BCP-47 or empty for //) -LANG_EXT_PATTERN = rf"(/({BCP_47_PATTERN})|/)" +LANG_EXT_PATTERN = rf"(/({BCP_47_PATTERN})/|//)" +"""The pattern for the first extension segment, which must be either a valid BCP-47 tag or empty (//).""" # Subsequent extension segments -SUBSEQUENT_EXT_PATTERN = rf"(/{EXT_SEGMENT_PATTERN})*" +SUBSEQUENT_EXT_PATTERN = rf"{EXT_SEGMENT_PATTERN}(?:/{EXT_SEGMENT_PATTERN})*" +"""The pattern for subsequent extension segments, which must follow the rules for extension segments, delimited by slashes (/).""" # Complete pattern with length validation NS_PATTERN = re.compile( - rf"^{LENGTH_CHECK_PATTERN}{BASE_NS_PATTERN}({LANG_EXT_PATTERN}{SUBSEQUENT_EXT_PATTERN})?$" + rf"^{LENGTH_CHECK_PATTERN}({BASE_NS_PATTERN})({LANG_EXT_PATTERN}{SUBSEQUENT_EXT_PATTERN})?$" ) -f"""The regular expression pattern for validating namespaces. +f"""The full regular expression pattern for validating namespaces. + +!!! note "Length Requirements" -!!! note "Namespace Validation Rules" + - Namespaces must be between {MIN_NS_LENGTH} and {MAX_NS_LENGTH} characters long. - Namespace values must +!!! note "Base Namespace Requirements" + + - Must start with a lowercase letter + - Must contain at least 3 total characters in the base part (after the optional experimental/private prefix) + - Must contain only lowercase letters, numbers, dots (`.`), and hyphens (`-`) + - Must not contain consecutive dots or hyphens (no `..`, `--`, `.-`, `-.`, `---`, etc.) + - May optionally start with the experimental/private prefix `{X_PFX}`. + +!!! note "Extension Requirements (Optional)" - - be {MIN_NS_LENGTH}-{MAX_NS_LENGTH} characters long - - optionally start with the experimental/private prefix `{X_PFX}` - - after the optional experimental/private prefix, they must: - - start with a letter - - contain at least 3 alphanumeric characters (longer is permitted) - - contain only lowercase alphanumeric characters and limited punctuation characters (`.`, `-`) - - extensions are supported and optional, and are delineated by slashes (`/`) - - more than one extension segment is allowed, however: - - the first extension segment, if present, is reserved for a BCP-47 language tag, otherwise it must be empty - - if no BCP-47 tag is present, the first extension segment must be empty (i.e., `//`) - - double slashes (`//`) are *only* permitted in the *first segment* to indicate no BCP-47 tag - - beyond the first extension segment, subsequent segments must: - - contain only alphanumeric characters and limited punctuation characters (`.`, `-`) - - have only one punctuation character in a row (no double dashes or dots) - - end with an alphanumeric character + - Extensions are optional + - Extensions must be delineated by slashes (`/`) + - If any extension segments are present, the following rules apply: + - The first extension segment, must be a valid BCP-47 language tag or empty (i.e., `//`). + - Subsequent extension segments: + - must start with a letter (upper or lowercase) + - may contain letters, numbers, dots (`.`), and hyphens (`-`) + - must not start or end with a dot or hyphen + - must not contain consecutive dots or hyphens (no `..`, `--`, `.-`, `-.`, `---`, etc.) + - are separated by single forward slashes (`/`) + - multiple extension segments are allowed """ diff --git a/src/test/test_mixins.py b/src/test/test_mixins.py index 5f7b42a3..adfe2973 100644 --- a/src/test/test_mixins.py +++ b/src/test/test_mixins.py @@ -114,7 +114,7 @@ def test_namespaced_create(self): # custom namespaces are allowed as long as they start with x_ for _ in range(100): # we're just fuzzing some random strings here - ns = f"x_{randint(1000,1000000)}" + ns = f"x_a{randint(1000,1000000)}" obj = _Namespaced(namespace=ns) self.assertEqual(obj.namespace, ns) diff --git a/src/test/test_namespaces.py b/src/test/test_namespaces.py index 598de3ed..4f527a88 100644 --- a/src/test/test_namespaces.py +++ b/src/test/test_namespaces.py @@ -34,8 +34,9 @@ def test_ns_pattern(self): "foo", "foo.bar", "foo.bar.baz", - "foo/bar/baz/quux", - "foo.bar/baz.quux", + "foo/jp-JP/bar.baz/quux", + "foo//bar/baz/quux", + "foo.bar//baz.quux", ] should_match.extend([f"x_{ns}" for ns in should_match]) diff --git a/src/ssvc/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py similarity index 98% rename from src/ssvc/test/test_namespaces_pattern.py rename to src/test/test_namespaces_pattern.py index fcb4b995..674a26fc 100644 --- a/src/ssvc/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -47,6 +47,7 @@ def setUp(self): "x_custom//extension", # double slash is okay when it's the first segment "ssvc/de-DE/reference-arch-1", # valid BCP-47 tag with dashes "x_test/pl-PL/foo/bar/baz/quux", # valid BCP-47 tag and multiple segments + "foo.bar//baz.quux", # valid namespace with x_ prefix and mixed segments ] self.expect_fail = [ "999", # invalid namespace, numeric only From 2b8c5afbcd6b0ef4a41c95245592a7e8b6438749 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 17 Jul 2025 16:55:34 -0400 Subject: [PATCH 128/468] add namespaces docs --- docs/reference/code/namespaces.md | 300 ++++++++++++++++++++++++++++++ 1 file changed, 300 insertions(+) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index bc7ed7b4..63a0464c 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -1,3 +1,303 @@ # SSVC Namespaces +We use namespaces in SSVC to organize the various components of the framework. +The bulk of our work is done in the `ssvc` namespace, which contains the core +decision points for SSVC. + +!!! question "Why does SSVC need namespaces?" + + We want to provide a clear way to differentiate between decision points we + developed as part of the SSVC project, and those that are derived from work + done by other projects. This helps us maintain clarity in our codebase and + to avoid confusion when integrating with other systems or libraries. + +!!! tip "Namespace syntax" + + The syntax for namespaces is `/`, where + + - `base` is the name of the namespace + - `extensions` is an optional set of extensions that can be used to further + specify the decision point. Extensions are delimited by a `/` + + See below for additional details on SSVC namespace extensions. + +!!! note "Namespace Requirements" + + A full namepace string must be between 3 and 1000 characters long. (We recommend + keeping them short ease of use.) + + Further requirements are noted in each section below. + + +## Registered Namespaces + +Registered namespaces appear in the `Namespaces` enum, and are intended to be used as follows: + +- Objects in the `ssvc` namespace are managed by the SSVC + project team. We have complete control over these ones. +- Objects in other explicitly registered namespaces are provided for convenience, + but the SSVC team is not responsible for modifying the content or semantics of + those decision points. + +!!! note "Base Namespace Requirements" + + Base namespaces must start with a letter and contain only lowercase + alphanumeric characters, dots (`.`), and dashes (`-`). + The sole exception is the the `x_` prefix for private namespaces described below. + + Consecutive dots or dashes or combinations thereof are not allowed. + Base namespaces cannot end with a dot or dash. + + For base namespaces only, we chose to use lowercase alphanumeric + characters to ensure consistency and avoid confusion when using namespaces + in code. (Extensions may contain mixed case alphanumeric characters, dots, and dashes.) + +The SSVC project may create, at our discretion, new namespaces to reflect +administrative scope for decision points we choose to include for user convenience. + +!!! example "Potential Standards-based namespaces" + + We may in the future add namespaces when needed to reflect different standards + bodies like `nist`, `iso-iec`, `ietf`, `oasis`, etc. + +!!! question "How do I request a new registered namespace?" + + If you have a suggestion for a new registered namespace, please open an + issue in the [SSVC GitHub repository](https://github.com/CERTCC/SSVC/issues) + and provide a brief description of the namespace and its intended use. + +### Current Registered Namespaces + +```python exec="true" idprefix="" +from ssvc.namespaces import NameSpace + +for ns in NameSpace: + print(f"- {ns.value}") +``` + +### Non-`ssvc` Namespaces + +We use namespaces other than `ssvc` to indicate decision points that are based +externally defined standards, specifications, or relevant projects. +We expect for decision points in these namespaces to be technically compatible +with SSVC, but we do not claim any ownership or responsibility for the +underlying specifications or their semantic content. +Objects in these namespaces are provided for the convenience +of SSVC users to allow them to use these decision points in their SSVC +decision models without needing to implement them from scratch. + +While we are happy to resolve technical issues with these decision points as +technically implemented in the SSVC project, all suggestions for changes to the +underlying specifications or semantic content should be directed to the +maintainers of the respective projects or standards. + +!!! example "The `cvss` namespace" + + We wanted to allow SSVC users to include Common Vulnerability Scoring System + (CVSS) vector elements as [decision points](../decision_points/cvss/index.md) + in their SSVC decision models. + So we created the `cvss` namespace to contain + [decision points](../decision_points/cvss/index.md) that are + based on various versions of the CVSS. These + [decision points](../decision_points/cvss/index.md) are provided + as part of the SSVC project for convenience, but we do not maintain the + underlying CVSS specifications, their semantic content or their implementations. + Suggestions for changes to the CVSS specifications should be directed to the + [FIRST CVSS Special Interest Group](https://www.first.org/cvss/) (SIG). + + +## Private / Experimental Namespaces + +Private and experimental namespaces may prepend a prefix `x_` to a namespace +to an otherwise valid namespace string to create private decision points that +are not intended to be shared outside of a specific scope, e.g., for internal +use only. + +The SSVC project does not manage namespaces with the `x_` prefix, so +collisions may occur across organizations who develop their own private SSVC +namespaces. + +!!! example "OT Monitoring Service (OTMS) Private Namespace" + + Organization A creates a set of decision points for testing purposes and + uses the `x_test` namespace. They do not intend to share these decision + points with anyone outside of their organization, so they use the `x_` + prefix to indicate that this namespace is private to them. + + Organization B also creates a set of decision points for testing purposes + and uses the same `x_test` namespace. They also do not intend to share + these decision points with anyone outside of their organization. + +!!! warning "Namespace Conflicts" + + Conflicts are possible in the x_ prefix space. + In the previous example, Organizations A and B could both choose to use + `x_test`, and there are no guarantees of global uniqueness for the + decision points in the `x_test` namespace. + +!!! tip "Private vs Extension Namespaces" + + Private namespaces are intended for internal use only and are not registered + with the SSVC project. They are not intended to be shared or used outside of + the organization that created them. In contrast, extension namespaces are + intended to extend the existing SSVC namespaces and may be shared with other + users of the SSVC framework. + +## Namespace Extensions + +We allow users to extend the SSVC namespaces to clarify existing decision +points or to add new decision points that are compatible with the SSVC framework. +The intent of an extension is to allow clarification of the application of +decision points and their values to specific constituencies. + +- Extensions must not alter the decision point key, version number, or value keys + for any decision point they are derived from. +- Extensions must not alter the meaning of existing values, or add values to + existing decision points in the parent namespace. +- Extensions may reduce the set of values for a decision point in the parent + namespace, but must not add new values. + + +!!! info "Namespace Extension Syntax and Structure" + + Extension strings may contain alphanumeric characters (upper or lower case), + dots (`.`), and dashes (`-`). + Multiple extension segments are separated by a `/` character. + + The structure of the namespace string is intended to show inheritance for + variations on SSVC objects. + + Extension order matters. `ssvc/de-DE/ref-arch-1` would describe an extension + for `ref-arch-1` derived from the German (Germany) translation of SSVC. + `ssvc/ref-arch-1/de-DE` would denote an extension of SSVC for `ref-arch-1` + (in English) that had subsequently been translated in to German (Germany). + + +!!! note "First Extension Segment Reserved for Language Tag" + + The first extension segment is reserved for a language tag, which is + optional but recommended. + This allows users to specify the language of extension, making it easier to + understand and use in different linguistic contexts. + + If *any* extensions are present, the first extension segment must be an + (optionally empty) + [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. + E.g., `ssvc/jp-JP/extension` + + The language may be left empty in which case the default language (`en-US`) is + implied. An unspecified language tag will result in a `//` format. + + The use of a language tag in the first segment is intended to be used to + indicate translations of entire sets of decision points. + +!!! example "Translation and Localization" + + `ssvc/de-DE` might denote a German translation of the corresponding `ssvc` object. + +!!! example "Refinement of Concepts for a Specific Constituency" + + A sector-specific information sharing and analysis organization (ISAO) + might create an extension for their specific constituency. + For example, say that namespace foo has a decision point for + Regulated System=(Y,N). A medical-focused ISAO might create an extension + `foo//example.med-isao` where they refine the values to refer to specific + regulations. If multiple regulatory regimes exist, they might even have + `foo//example.med-isao/regulation-1` and `foo//example.med-isao/regulation-2` + to cover assessment of the appropriate regulations. + + +### Usage Suggestions + +Although we reserved the first segment of the extension for language tags, +there are scenarios where it may be appropriate to use a language tag in a later +segment of the extension. + +!!! tip "Use BCP-47 Language Tags" + + Regardless where they appear in the extension strings, we recommend using + BCP-47 strings for any language-based extension. Note, however that we do not + strictly enforce this recommendation in the SSVC codebase outside of the + first segment. + +!!! example "Translation of a custom extension" + + If you have a custom extension that is not a translation of an existing + decision point, you might use a language tag in a later segment to indicate + a translation of the extension. + For example, `ssvc//com.example/extension/pl-PL` would indicate that the + an extension in the default `en-US` language has been translated to Polish (Poland). + +!!! tip "Use Reverse Domain Name Notation for Extensions" + + To avoid conflicts with other users' extensions, we recommend using reverse + domain name notation for your extensions. This helps to ensure that your + extensions are unique and easily identifiable. + +!!! example "Reverse Domain Name Notation" + + If your organization has a domain name, you can use it as the base for your + extension. This helps to ensure that your extensions are unique and easily + identifiable. + + For example, if your organization is `example.com`, you might use an extension + like `ssvc//com.example/extension`. + + +## Technical requirements + +The following technical requirements are enforced for SSVC namespaces, +based on the implementation in `src/ssvc/namespaces.py` and the NS_PATTERN regular expression: + +```python exec="true" idprefix="" +from ssvc.namespaces import NS_PATTERN + +print(f"`{NS_PATTERN.pattern}`") +``` + +- **Length**: Namespaces must be between 3 and 1000 characters long. +- **Base Namespace**: + - Must start with a lowercase letter. + - Must contain at least 3 total characters in the base part (after the optional experimental/private prefix). + - Only lowercase letters, numbers, dots (`.`), and hyphens (`-`) are allowed. + - Must not contain consecutive dots or hyphens (no `..`, `--`, `.-`, `-.`, `---`, etc.). + - Cannot end with a dot or hyphen. + - May optionally start with the experimental/private prefix `x_`. +- **Experimental/Private Namespaces**: + - Must start with `x_` followed by a valid base namespace. +- **Extensions (Optional)**: + - Extensions are optional and must be delineated by slashes (`/`). + - If present, the first extension segment must be a valid BCP-47 language tag or empty (`//`). + - Subsequent extension segments: + - Must start with a letter (upper or lowercase). + - May contain letters, numbers, dots (`.`), and hyphens (`-`). + - Must not start or end with a dot or hyphen. + - Must not contain consecutive dots or hyphens. + - Are separated by single forward slashes (`/`). + - Multiple extension segments are allowed. +- **Examples of valid namespaces**: + - `ssvc` + - `cisa` + - `x_private-test` + - `ssvc/de-DE/reference-arch-1` + - `x_custom//extension` (empty language tag) +- **Examples of invalid namespaces**: + - `custom` (not in enum, no `x_` prefix) + - `x_custom/extension` (first segment must be a language tag) + - `x_custom.extension.` (ends with punctuation) + - `x_custom..extension` (double dot) + - `x_custom/` (ends with slash) + - `x_custom/extension//` (double slash at end) + - `ab` (too short) + - `x_` (too short after prefix) + +These requirements are strictly enforced by the `NS_PATTERN` regular expression +in the codebase. For full details, see the documentation below and +implementation in `src/ssvc/namespaces.py`. + +## The `ssvc.namespaces` module + +The `ssvc.namespaces` module provides a way to access and use these namespaces. + ::: ssvc.namespaces + From 30f0a907ce9f93c8632b03abab98848734806707 Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli Date: Fri, 18 Jul 2025 09:16:15 -0400 Subject: [PATCH 129/468] Fix for Bug paging issue #818 (#822) * Fix for Bug paging issue #818 * Smaller update for includtree #818 --- docs/ssvc-calc/icons8-copy-link-48-blue.png | Bin 0 -> 730 bytes docs/ssvc-calc/ssvc.js | 24 ++++++++++++++------ 2 files changed, 17 insertions(+), 7 deletions(-) create mode 100644 docs/ssvc-calc/icons8-copy-link-48-blue.png diff --git a/docs/ssvc-calc/icons8-copy-link-48-blue.png b/docs/ssvc-calc/icons8-copy-link-48-blue.png new file mode 100644 index 0000000000000000000000000000000000000000..c8796660b3c371dff1413f45781bf351db14fc3f GIT binary patch literal 730 zcmeAS@N?(olHy`uVBq!ia0vp^1|ZDA3?vioaBc-sEa{HEjtmSN`?>!lvI6-E$sR$z z3=CCj3=9n|3=F@3LJcn%7)pT}UnMXwSj}Ky5HFasE6@fgF(JSw#Fc^J|KLIY|Nqze z@8Jb>n_fwfUogXuiRL^OlO7uwK6$7#Il%L;ZusvchrPtp*OmP#r>FoU$LpN`en4qnPZ!4!kK=cz z+%0M{5O6bRVq;w+wT4aeT7CBI+W*J1ubE8UD0JPrQ2zwObDy;RIt(_R4|}t^3(7C^ zYi*dFKUKlXQNk_uplC`?W88dom6gg#2L;dBI2;quv7hkisLsLMM2ki4$*nVHmma$D z&~%GUw862?aOTfiNlQ)U3fiZc%+1~<_W9G>>F<9g`(E-A<_|dMS2L@czwgr;laB`H z#g3@oySU-!e*I4Uf~`LuOSjl;{kdNKi1Iq7b_j>C?;Sk&U^#U_Wx7*h^=>D&FihVOLU;pRprViD=L`h0wNvc(HQ7VvPFfuSQ)HSfwH8Kn_ vG_x`=v@)>JHZZU 280) { + doc.addPage("a4"); + ynow = 20; + } if(steps[i] in ischild) { continue; } @@ -1910,17 +1914,21 @@ function createPDF(vulnerability,cveinfo) { var f = t[i].match(/.{1,45}(\s|$)/g); doc.text("=> "+f[0],xOffset+q*5,ynow); if(t[i].length<= f[0].length) { - ynow = ynow +10 - continue + ynow = ynow + 10; + continue; } //console.log(t[i].substr(f[0].length)); f = t[i].substr(f[0].length).match(/.{1,65}(\s|$)/g); for (var j = 0; j 280) { + doc.addPage("a4"); + ynow = 20; + } doc.text(f[j],xOffset,ynow); } - ynow = ynow +10 + ynow = ynow +10; } doc.setFont("helvetica",'bold'); doc.text("Contact:",xOffset,ynow); @@ -1929,10 +1937,12 @@ function createPDF(vulnerability,cveinfo) { var safetime = ts.toGMTString().replace(/[^a-z0-9]+/ig,'-'); var fulltree = includetree ? "-with-full-tree" : "" var dfilename = "SSVC-"+role+"-"+vulid+"-"+safetime+fulltree+".pdf"; - if(includetree) - appendtree(doc,dfilename) - else + if(includetree) { + doc.text("*** Decision Tree included in next page ***", xOffset, ynow+10); + appendtree(doc,dfilename); + } else { doc.save(dfilename); + } $('.Exporter').css({'pointer-events':'all'}); } function sigmoid(flen) { From 3fbb206697a79de8a1c04ecf308c5f9e2df5a448 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 18 Jul 2025 15:01:42 -0400 Subject: [PATCH 130/468] Update docs/reference/code/namespaces.md Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- docs/reference/code/namespaces.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index 63a0464c..2ef5801b 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -24,7 +24,7 @@ decision points for SSVC. !!! note "Namespace Requirements" A full namepace string must be between 3 and 1000 characters long. (We recommend - keeping them short ease of use.) + keeping them short for ease of use.) Further requirements are noted in each section below. From 21081576c424881fa17f4c4feb6bc39dd52c853f Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 18 Jul 2025 15:10:32 -0400 Subject: [PATCH 131/468] fix typo --- docs/reference/code/namespaces.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index 63a0464c..b1bfa774 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -108,8 +108,8 @@ maintainers of the respective projects or standards. ## Private / Experimental Namespaces -Private and experimental namespaces may prepend a prefix `x_` to a namespace -to an otherwise valid namespace string to create private decision points that +Private and experimental namespaces may prepend a prefix `x_` to +an otherwise valid namespace string to create private decision points that are not intended to be shared outside of a specific scope, e.g., for internal use only. From 5c0b2139a5681780a6ec72ddeeb216603fff74b4 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 18 Jul 2025 15:23:21 -0400 Subject: [PATCH 132/468] add reverse domain name recommendation for private / experimental namespaces --- docs/reference/code/namespaces.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index 2cfc7677..9a18edb5 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -115,7 +115,14 @@ use only. The SSVC project does not manage namespaces with the `x_` prefix, so collisions may occur across organizations who develop their own private SSVC -namespaces. +namespaces. + +!!! warning "Reverse domain name notation recommended" + + We strongly recommend using reverse domain name notation for private namespaces to + avoid conflicts with other users' private namespaces. This helps to ensure + that your private namespaces are unique and easily identifiable. + E.g., `x_org.cert-experimental` for an experimental namespace within the CERT organization. !!! example "OT Monitoring Service (OTMS) Private Namespace" @@ -233,6 +240,8 @@ segment of the extension. To avoid conflicts with other users' extensions, we recommend using reverse domain name notation for your extensions. This helps to ensure that your extensions are unique and easily identifiable. + For example, if your organization is `example.com`, you might use an extension + like `ssvc//com.example/extension`. !!! example "Reverse Domain Name Notation" From 85458785c0cc299be92cb2b6aaff725d86982d99 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 18 Jul 2025 15:23:21 -0400 Subject: [PATCH 133/468] add reverse domain name recommendation for private / experimental namespaces --- docs/reference/code/namespaces.md | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index 2cfc7677..77a4908b 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -115,7 +115,14 @@ use only. The SSVC project does not manage namespaces with the `x_` prefix, so collisions may occur across organizations who develop their own private SSVC -namespaces. +namespaces. + +!!! warning "Reverse domain name notation recommended" + + We strongly recommend using reverse domain name notation for private namespaces to + avoid conflicts with other users' private namespaces. This helps to ensure + that your private namespaces are unique and easily identifiable. + E.g., `x_org.cert-experimental` for an experimental namespace within the CERT organization. !!! example "OT Monitoring Service (OTMS) Private Namespace" @@ -137,9 +144,15 @@ namespaces. !!! tip "Private vs Extension Namespaces" - Private namespaces are intended for internal use only and are not registered - with the SSVC project. They are not intended to be shared or used outside of - the organization that created them. In contrast, extension namespaces are + Private namespaces are intended for use within a closed scope + and are not registered with the SSVC project. + In other words, they are not intended to be used outside of a + specific constuency. + For example, an organization might create a private namespace for + decision points that are specific to their internal processes or policies. + Or an information sharing and analysis organization (ISAO) might create a + private namespace for decision points that are specific to their sector. + In contrast, extension namespaces are intended to extend the existing SSVC namespaces and may be shared with other users of the SSVC framework. @@ -233,6 +246,8 @@ segment of the extension. To avoid conflicts with other users' extensions, we recommend using reverse domain name notation for your extensions. This helps to ensure that your extensions are unique and easily identifiable. + For example, if your organization is `example.com`, you might use an extension + like `ssvc//com.example/extension`. !!! example "Reverse Domain Name Notation" From c2a5e8495109c9b495c7cea5cb664a1aeb6934fb Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 18 Jul 2025 15:40:01 -0400 Subject: [PATCH 134/468] add warning about "no adds" in extensions. --- docs/reference/code/namespaces.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index 77a4908b..878d04c9 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -159,7 +159,7 @@ namespaces. ## Namespace Extensions We allow users to extend the SSVC namespaces to clarify existing decision -points or to add new decision points that are compatible with the SSVC framework. +points. The intent of an extension is to allow clarification of the application of decision points and their values to specific constituencies. @@ -170,6 +170,12 @@ decision points and their values to specific constituencies. - Extensions may reduce the set of values for a decision point in the parent namespace, but must not add new values. +!!! warning "Extensions are not for new decision points" + + Extensions are not intended to be used to create new decision points. + If you want to create a new decision point, please use a + private/experimental namespace as described above + instead of an extension. !!! info "Namespace Extension Syntax and Structure" From 3dae4a94636bf88f53b4cc776346fb2cbfafadcd Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 18 Jul 2025 15:51:32 -0400 Subject: [PATCH 135/468] add one more test string --- src/test/test_namespaces_pattern.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index 674a26fc..96424469 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -73,6 +73,7 @@ def setUp(self): "x_custom/extension/with--double-dash", # double dash in middle "ab", # too short "x_", # too short after prefix + "x_x_some-weird-private-one", # double x_ not allowed ] def test_ns_pattern(self): From 628709fc97e78119ba5ecc9986299862aba0a519 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 10:49:02 -0400 Subject: [PATCH 136/468] we're enforcing version patterns, so should -> must. Also bump default version to 0.0.1 --- src/ssvc/_mixins.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index b8c69d94..f80109b5 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -35,7 +35,7 @@ VersionField = Annotated[ str, Field( - description="The version of the SSVC object. This should be a valid semantic version string.", + description="The version of the SSVC object. This must be a valid semantic version string.", examples=["1.0.0", "2.1.3"], pattern=VERSION_PATTERN, min_length=5, @@ -48,7 +48,7 @@ class _Versioned(BaseModel): Mixin class for versioned SSVC objects. """ - version: VersionField = Field(default="0.0.0") + version: VersionField = Field(default="0.0.1") @field_validator("version") @classmethod From e853f33371121e4ba934590b737d025f7d65f317 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 11:01:36 -0400 Subject: [PATCH 137/468] fix default version implementation --- src/ssvc/_mixins.py | 3 ++- src/test/test_mixins.py | 11 +++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index f80109b5..a3456d57 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -29,6 +29,7 @@ from ssvc import _schemaVersion from ssvc.namespaces import NameSpace, NamespaceString +DEFAULT_VERSION = "0.0.1" VERSION_PATTERN = r"^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$" @@ -48,7 +49,7 @@ class _Versioned(BaseModel): Mixin class for versioned SSVC objects. """ - version: VersionField = Field(default="0.0.1") + version: VersionField = Field(default=DEFAULT_VERSION) @field_validator("version") @classmethod diff --git a/src/test/test_mixins.py b/src/test/test_mixins.py index 5f7b42a3..9ea31446 100644 --- a/src/test/test_mixins.py +++ b/src/test/test_mixins.py @@ -22,7 +22,14 @@ from pydantic import BaseModel, ValidationError -from ssvc._mixins import _Base, _Keyed, _Namespaced, _Valued, _Versioned +from ssvc._mixins import ( + DEFAULT_VERSION, + _Base, + _Keyed, + _Namespaced, + _Valued, + _Versioned, +) from ssvc.namespaces import MAX_NS_LENGTH, NameSpace @@ -120,7 +127,7 @@ def test_namespaced_create(self): def test_versioned_create(self): obj = _Versioned() - self.assertEqual(obj.version, "0.0.0") + self.assertEqual(obj.version, DEFAULT_VERSION) obj = _Versioned(version="1.2.3") self.assertEqual(obj.version, "1.2.3") From 89c1c0b7498bd74b369e52480876894c16d2b1b7 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 11:02:19 -0400 Subject: [PATCH 138/468] make timestamp required. --- ...cision_Point_Value_Selection-2-0-0.schema.json | 15 ++++----------- src/ssvc/selection.py | 2 +- 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index 3efdb287..a973e753 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -30,7 +30,7 @@ "type": "string" }, "version": { - "description": "The version of the SSVC object. This should be a valid semantic version string.", + "description": "The version of the SSVC object. This must be a valid semantic version string.", "examples": [ "1.0.0", "2.1.3" @@ -109,21 +109,14 @@ "type": "array" }, "timestamp": { - "anyOf": [ - { - "format": "date-time", - "type": "string" - }, - { - "type": "null" - } - ], "description": "Timestamp of when the selections were made, in ISO 8601 format.", "examples": [ "2025-01-01T12:00:00Z", "2025-01-02T15:30:45-04:00" ], - "title": "Timestamp" + "format": "date-time", + "title": "Timestamp", + "type": "string" } }, "required": [ diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 3495bb48..e3a63ff3 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -82,7 +82,7 @@ class MinimalSelectionList(BaseModel): description="List of minimal selections made from decision points.", min_length=1, ) - timestamp: Optional[datetime] = Field( + timestamp: datetime = Field( ..., description="Timestamp of when the selections were made, in ISO 8601 format.", examples=["2025-01-01T12:00:00Z", "2025-01-02T15:30:45-04:00"], From b2132545f676a7a84ed66577c3debd8bc0809312 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 11:16:05 -0400 Subject: [PATCH 139/468] force schema order --- ...on_Point_Value_Selection-2-0-0.schema.json | 114 +++++++++--------- src/ssvc/selection.py | 28 ++++- 2 files changed, 82 insertions(+), 60 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index a973e753..5b4c4a6b 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -1,4 +1,60 @@ { + "$schema": "https://json-schema.org/draft/2020-12/schema", + "$id": "https://certcc.github.io/SSVC/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json", + "description": "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available.", + "type": "object", + "properties": { + "schemaVersion": { + "const": "2.0.0", + "default": "2.0.0", + "description": "The schema version of this selection list.", + "title": "Schemaversion", + "type": "string" + }, + "vulnerability_id": { + "anyOf": [ + { + "minLength": 1, + "type": "string" + }, + { + "type": "null" + } + ], + "default": null, + "description": "Optional vulnerability ID associated with the selections.", + "examples": [ + "CVE-2025-0000", + "VU#999999", + "GHSA-0123-4567-89ab" + ], + "title": "Vulnerability Id" + }, + "selections": { + "description": "List of minimal selections made from decision points.", + "items": { + "$ref": "#/$defs/MinimalSelection" + }, + "minItems": 1, + "title": "Selections", + "type": "array" + }, + "timestamp": { + "description": "Timestamp of when the selections were made, in ISO 8601 format.", + "examples": [ + "2025-01-01T12:00:00Z", + "2025-01-02T15:30:45-04:00" + ], + "format": "date-time", + "title": "Timestamp", + "type": "string" + } + }, + "required": [ + "schemaVersion", + "selections", + "timestamp" + ], "$defs": { "MinimalSelection": { "description": "A minimal selection object that contains the decision point ID and the selected options.\nThis is used to transition from an SSVC decision point to a selection.", @@ -70,61 +126,5 @@ "title": "MinimalSelection", "type": "object" } - }, - "description": "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available.", - "properties": { - "schemaVersion": { - "const": "2.0.0", - "default": "2.0.0", - "description": "The schema version of this selection list.", - "title": "Schemaversion", - "type": "string" - }, - "vulnerability_id": { - "anyOf": [ - { - "minLength": 1, - "type": "string" - }, - { - "type": "null" - } - ], - "default": null, - "description": "Optional vulnerability ID associated with the selections.", - "examples": [ - "CVE-2025-0000", - "VU#999999", - "GHSA-0123-4567-89ab" - ], - "title": "Vulnerability Id" - }, - "selections": { - "description": "List of minimal selections made from decision points.", - "items": { - "$ref": "#/$defs/MinimalSelection" - }, - "minItems": 1, - "title": "Selections", - "type": "array" - }, - "timestamp": { - "description": "Timestamp of when the selections were made, in ISO 8601 format.", - "examples": [ - "2025-01-01T12:00:00Z", - "2025-01-02T15:30:45-04:00" - ], - "format": "date-time", - "title": "Timestamp", - "type": "string" - } - }, - "required": [ - "schemaVersion", - "selections", - "timestamp" - ], - "type": "object", - "$schema": "https://json-schema.org/draft/2020-12/schema", - "$id": "https://certcc.github.io/SSVC/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json" + } } \ No newline at end of file diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index e3a63ff3..71b48844 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -24,7 +24,7 @@ from datetime import datetime from typing import Literal, Optional -from pydantic import BaseModel, Field +from pydantic import BaseModel, ConfigDict, Field from ssvc._mixins import VersionField from ssvc.decision_points.base import DecisionPoint @@ -66,6 +66,7 @@ class MinimalSelectionList(BaseModel): A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability evaluation. """ + model_config = ConfigDict(extra="allow") schemaVersion: Literal[SCHEMA_VERSION] = Field( default=SCHEMA_VERSION, description="The schema version of this selection list.", @@ -153,7 +154,28 @@ def main() -> None: # even though we set a default value schema["required"].insert(0, "schemaVersion") - print(json.dumps(schema, indent=2)) + # preferred order of fields, just setting for convention + preferred_order = [ + "$schema", + "$id", + "title", + "description", + "schemaVersion", + "type", + "properties", + "required", + "additionalProperties", + "$defs", + ] + + # create a new dict with the preferred order of fields first + ordered_fields = {k: schema[k] for k in preferred_order if k in schema} + # add the rest of the fields in their original order + for k in schema: + if k not in ordered_fields: + ordered_fields[k] = schema[k] + + print(json.dumps(ordered_fields, indent=2)) # find local path to this file import os @@ -167,7 +189,7 @@ def main() -> None: with open(schema_path, "w") as f: print(f"Writing schema to {schema_path}") - json.dump(schema, f, indent=2) + json.dump(ordered_fields, f, indent=2) if __name__ == "__main__": From 8729d51c90bf9c5fc970703b3874a08f4bcacf6a Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 11:16:35 -0400 Subject: [PATCH 140/468] allow additional properties in selection object --- data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json | 1 + 1 file changed, 1 insertion(+) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index 5b4c4a6b..e041c913 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -55,6 +55,7 @@ "selections", "timestamp" ], + "additionalProperties": true, "$defs": { "MinimalSelection": { "description": "A minimal selection object that contains the decision point ID and the selected options.\nThis is used to transition from an SSVC decision point to a selection.", From 925d66120615baf1d07cfed624863611a85169f9 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 11:36:19 -0400 Subject: [PATCH 141/468] fix how we set the schemaVersion --- ...ecision_Point_Value_Selection-2-0-0.schema.json | 1 - src/ssvc/selection.py | 14 +++++++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index e041c913..ed0c31a3 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -6,7 +6,6 @@ "properties": { "schemaVersion": { "const": "2.0.0", - "default": "2.0.0", "description": "The schema version of this selection list.", "title": "Schemaversion", "type": "string" diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 71b48844..88398dd3 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -24,7 +24,7 @@ from datetime import datetime from typing import Literal, Optional -from pydantic import BaseModel, ConfigDict, Field +from pydantic import BaseModel, ConfigDict, Field, model_validator from ssvc._mixins import VersionField from ssvc.decision_points.base import DecisionPoint @@ -68,7 +68,7 @@ class MinimalSelectionList(BaseModel): model_config = ConfigDict(extra="allow") schemaVersion: Literal[SCHEMA_VERSION] = Field( - default=SCHEMA_VERSION, + ..., description="The schema version of this selection list.", ) @@ -89,6 +89,13 @@ class MinimalSelectionList(BaseModel): examples=["2025-01-01T12:00:00Z", "2025-01-02T15:30:45-04:00"], ) + @model_validator(mode="before") + def set_schema_version(cls, data): + # If schemaVersion is missing, add it + if "schemaVersion" not in data: + data["schemaVersion"] = SCHEMA_VERSION + return data + def add_selection(self, selection: MinimalSelection) -> None: """ Adds a minimal selection to the list. @@ -150,9 +157,6 @@ def main() -> None: schema["description"] = ( "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available." ) - # force the schema version to be included in the required fields - # even though we set a default value - schema["required"].insert(0, "schemaVersion") # preferred order of fields, just setting for convention preferred_order = [ From 70fce8ea6c53706f822c8d8c24a461f9da5436dc Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 11:56:07 -0400 Subject: [PATCH 142/468] RFC 3339 is more specific than ISO 8601 --- src/ssvc/selection.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 88398dd3..e2444821 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -85,7 +85,7 @@ class MinimalSelectionList(BaseModel): ) timestamp: datetime = Field( ..., - description="Timestamp of when the selections were made, in ISO 8601 format.", + description="Timestamp of when the selections were made, in RFC 3339 format.", examples=["2025-01-01T12:00:00Z", "2025-01-02T15:30:45-04:00"], ) From c2673cc33fd6099af22afc9d53d9e09974f5c6fe Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 12:31:47 -0400 Subject: [PATCH 143/468] adjust example namespaces --- src/ssvc/namespaces.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 3693c139..459dfdb7 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -113,7 +113,13 @@ str, Field( description="The namespace of the SSVC object.", - examples=["ssvc", "cisa", "x_private-test", "ssvc/de-DE/reference-arch-1"], + examples=[ + "ssvc", + "cisa", + "x_com.example//private", + "com.example//some-extension", + "ssvc/de-DE/example.org/reference-arch-1", + ], pattern=NS_PATTERN, min_length=MIN_NS_LENGTH, max_length=MAX_NS_LENGTH, From 337bcf1cac4afea41946f0ca167c28d085e9ba85 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 12:32:50 -0400 Subject: [PATCH 144/468] pattern was blocking 2-letter TLDs in reverse-domain-name convention Also added more test strings --- src/ssvc/namespaces.py | 2 +- src/test/test_namespaces_pattern.py | 24 ++++++++++++++++++------ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 459dfdb7..1abc8130 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -43,7 +43,7 @@ # Base namespace part (before any extensions) allows . and - with restrictions BASE_PATTERN = ( r"(?!.*[.-]{2,})" # no consecutive separators - r"[a-z][a-z0-9]{2,}" # first part starts with a letter, followed by three or more alphanumeric characters + r"[a-z][a-z0-9]+" # first part starts with a letter, followed by one or more alphanumeric characters r"(?:[.-][a-z0-9]+)*" # remaining parts can have alphanumeric characters and single . or - separators ) """The base pattern for namespaces, which must start with a letter and contain at least 3 alphanumeric characters.""" diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index 96424469..a87df58d 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -39,15 +39,26 @@ def setUp(self): "ssvc", "cisa", "custom", # not in enum, but valid for the pattern - "x_private-test", # valid namespace with dash - "x_custom", # valid namespace with x_ prefix - "x_custom.with.dots", # valid namespace with x_ prefix and dots "abc", # not in enum, but valid for the pattern "x_abc", # valid namespace with x_ prefix + "x_custom", # valid namespace with x_ prefix + "x_private-test", # valid namespace with dash + "x_custom.with.dots", # valid namespace with x_ prefix and dots "x_custom//extension", # double slash is okay when it's the first segment - "ssvc/de-DE/reference-arch-1", # valid BCP-47 tag with dashes + "x_private-test", # valid namespace with x_ prefix and dash (does not follow reverse domain notation) + "x_com.example//custom-extension", # x_prefix, reverse domain notation, double slash, dashes + "ssvc/de-DE/example.org/reference-arch-1", # valid BCP-47 tag, reverse domain notation, dashes + "ssvc/de-DE/reference-arch-1", # valid BCP-47 tag with dashes (But doesn't follow reverse domain notation) "x_test/pl-PL/foo/bar/baz/quux", # valid BCP-47 tag and multiple segments - "foo.bar//baz.quux", # valid namespace with x_ prefix and mixed segments + "com.example", # valid namespace with dots following reverse domain notation + "x_com.example", # valid namespace with x_ prefix and dots following reverse domain notation + "au.com.example", # valid namespace with dots following reverse domain notation for 2-letter TLD + "x_au.com.example" # valid namespace with x_ prefix and dots following reverse domain notation + "abc//com.example", # valid namespace with double slash + "abc//com.au.example", + "abc//com.example/foo.bar", # valid namespace with double slash and additional segments + "abc//com.example-foo.bar", # valid namespace with double slash and dash + "foo.bar//baz.quux", ] self.expect_fail = [ "999", # invalid namespace, numeric only @@ -88,10 +99,11 @@ def test_base_pattern(self): "contains.dot", "contains-dash", "contains-dash-and.dot", + "com.example", # valid namespace with dots following reverse domain notation + "au.com.example", # valid namespace with dots following reverse domain notation ] x_fail = [ "a", # too short - "ab", # too short "9abc", # starts with a number "x_foo", # no x_ in base pattern "contains..double.dot", # double dot From b52b8ca91a936903baad03571c6cf292464c99d9 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 12:35:39 -0400 Subject: [PATCH 145/468] example.org -> example.organization (as in organization.example reversed) to avoid confusion with "example.org" which is also reserved --- src/ssvc/namespaces.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 1abc8130..2ff39529 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -118,7 +118,7 @@ "cisa", "x_com.example//private", "com.example//some-extension", - "ssvc/de-DE/example.org/reference-arch-1", + "ssvc/de-DE/example.organization/reference-arch-1", ], pattern=NS_PATTERN, min_length=MIN_NS_LENGTH, From 009b8a2fe8592343d872a8f9ffc908ddcbda26dd Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 13:07:04 -0400 Subject: [PATCH 146/468] refactor defaults, patterns, and types into an ssvc.utils sub-package --- docs/reference/code/namespaces.md | 3 +- src/ssvc/_mixins.py | 22 ++--- src/ssvc/decision_points/base.py | 2 +- src/ssvc/namespaces.py | 103 +--------------------- src/ssvc/selection.py | 5 +- src/ssvc/utils/__init__.py | 20 +++++ src/ssvc/utils/defaults.py | 47 ++++++++++ src/ssvc/utils/patterns.py | 130 ++++++++++++++++++++++++++++ src/ssvc/utils/types.py | 86 ++++++++++++++++++ src/test/test_mixins.py | 4 +- src/test/test_namespaces.py | 3 +- src/test/test_namespaces_pattern.py | 5 +- src/test/test_selections.py | 5 +- 13 files changed, 303 insertions(+), 132 deletions(-) create mode 100644 src/ssvc/utils/__init__.py create mode 100644 src/ssvc/utils/defaults.py create mode 100644 src/ssvc/utils/patterns.py create mode 100644 src/ssvc/utils/types.py diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index 878d04c9..50cdf330 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -271,7 +271,8 @@ The following technical requirements are enforced for SSVC namespaces, based on the implementation in `src/ssvc/namespaces.py` and the NS_PATTERN regular expression: ```python exec="true" idprefix="" -from ssvc.namespaces import NS_PATTERN + +from ssvc.utils.patterns import NS_PATTERN print(f"`{NS_PATTERN.pattern}`") ``` diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index a3456d57..5039ab55 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -21,27 +21,15 @@ # subject to its own license. # DM24-0278 -from typing import Annotated, Optional +from typing import Optional from pydantic import BaseModel, ConfigDict, Field, field_validator from semver import Version from ssvc import _schemaVersion -from ssvc.namespaces import NameSpace, NamespaceString - -DEFAULT_VERSION = "0.0.1" -VERSION_PATTERN = r"^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$" - - -VersionField = Annotated[ - str, - Field( - description="The version of the SSVC object. This must be a valid semantic version string.", - examples=["1.0.0", "2.1.3"], - pattern=VERSION_PATTERN, - min_length=5, - ), -] +from ssvc.namespaces import NameSpace +from ssvc.utils.defaults import DEFAULT_VERSION +from ssvc.utils.types import NamespaceString, VersionString class _Versioned(BaseModel): @@ -49,7 +37,7 @@ class _Versioned(BaseModel): Mixin class for versioned SSVC objects. """ - version: VersionField = Field(default=DEFAULT_VERSION) + version: VersionString = Field(default=DEFAULT_VERSION) @field_validator("version") @classmethod diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index 69e42d96..2c803235 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -35,12 +35,12 @@ _Valued, _Versioned, ) +from ssvc.utils.defaults import FIELD_DELIMITER logger = logging.getLogger(__name__) REGISTERED_DECISION_POINTS = [] -FIELD_DELIMITER = ":" class Registry(BaseModel): diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 2ff39529..d0f73a48 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -23,109 +23,10 @@ # subject to its own license. # DM24-0278 -import re from enum import StrEnum, auto -from typing import Annotated - -from pydantic import Field - -MIN_NS_LENGTH = 3 -MAX_NS_LENGTH = 1000 -NS_LENGTH_INTERVAL = MAX_NS_LENGTH - MIN_NS_LENGTH - -# from https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html -BCP_47_PATTERN = r"(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])" -"""A regular expression pattern for BCP-47 language tags.""" - -LENGTH_CHECK_PATTERN = rf"(?=.{{{MIN_NS_LENGTH},{MAX_NS_LENGTH}}}$)" -"""Ensures the string is between MIN_NS_LENGTH and MAX_NS_LENGTH characters long.""" - -# Base namespace part (before any extensions) allows . and - with restrictions -BASE_PATTERN = ( - r"(?!.*[.-]{2,})" # no consecutive separators - r"[a-z][a-z0-9]+" # first part starts with a letter, followed by one or more alphanumeric characters - r"(?:[.-][a-z0-9]+)*" # remaining parts can have alphanumeric characters and single . or - separators -) -"""The base pattern for namespaces, which must start with a letter and contain at least 3 alphanumeric characters.""" - -X_PFX = "x_" -"""The prefix for extension namespaces. Extension namespaces must start with this prefix.""" - -EXPERIMENTAL_BASE = rf"{X_PFX}{BASE_PATTERN}" -f"""The base pattern for experimental namespaces, which must start with the {X_PFX} prefix, -followed by a string matching the base pattern.""" - -BASE_NS_PATTERN = rf"({EXPERIMENTAL_BASE}|{BASE_PATTERN})" -"""The complete base namespace pattern, which allows for experimental namespaces.""" - -# Extension segment pattern (alphanumeric + limited punctuation, no consecutive punctuation, ends with alphanumeric) -EXT_SEGMENT_PATTERN = ( - r"(?!.*[.-]{2,})" # no consecutive separators - r"[a-zA-Z][a-zA-Z0-9]*" # first part starts with a letter, followed by one or more alphanumeric characters - r"(?:[.-][a-zA-Z0-9]+)*" # remaining parts can have alphanumeric characters and single ., -, / separators -) -"""The pattern for extension segments in namespaces, which must start with a letter and contain alphanumeric characters or -limited punctuation characters (., -), with no consecutive punctuation characters allowed.""" - -# Language extension pattern (BCP-47 or empty for //) -LANG_EXT_PATTERN = rf"(/({BCP_47_PATTERN})/|//)" -"""The pattern for the first extension segment, which must be either a valid BCP-47 tag or empty (//).""" - -# Subsequent extension segments -SUBSEQUENT_EXT_PATTERN = rf"{EXT_SEGMENT_PATTERN}(?:/{EXT_SEGMENT_PATTERN})*" -"""The pattern for subsequent extension segments, which must follow the rules for extension segments, delimited by slashes (/).""" - -# Complete pattern with length validation -NS_PATTERN = re.compile( - rf"^{LENGTH_CHECK_PATTERN}({BASE_NS_PATTERN})({LANG_EXT_PATTERN}{SUBSEQUENT_EXT_PATTERN})?$" -) -f"""The full regular expression pattern for validating namespaces. - -!!! note "Length Requirements" - - - Namespaces must be between {MIN_NS_LENGTH} and {MAX_NS_LENGTH} characters long. - -!!! note "Base Namespace Requirements" - - - Must start with a lowercase letter - - Must contain at least 3 total characters in the base part (after the optional experimental/private prefix) - - Must contain only lowercase letters, numbers, dots (`.`), and hyphens (`-`) - - Must not contain consecutive dots or hyphens (no `..`, `--`, `.-`, `-.`, `---`, etc.) - - May optionally start with the experimental/private prefix `{X_PFX}`. - -!!! note "Extension Requirements (Optional)" - - - Extensions are optional - - Extensions must be delineated by slashes (`/`) - - If any extension segments are present, the following rules apply: - - The first extension segment, must be a valid BCP-47 language tag or empty (i.e., `//`). - - Subsequent extension segments: - - must start with a letter (upper or lowercase) - - may contain letters, numbers, dots (`.`), and hyphens (`-`) - - must not start or end with a dot or hyphen - - must not contain consecutive dots or hyphens (no `..`, `--`, `.-`, `-.`, `---`, etc.) - - are separated by single forward slashes (`/`) - - multiple extension segments are allowed - -""" -NamespaceString = Annotated[ - str, - Field( - description="The namespace of the SSVC object.", - examples=[ - "ssvc", - "cisa", - "x_com.example//private", - "com.example//some-extension", - "ssvc/de-DE/example.organization/reference-arch-1", - ], - pattern=NS_PATTERN, - min_length=MIN_NS_LENGTH, - max_length=MAX_NS_LENGTH, - ), -] -"""A string datatype for namespace values, for use in Pydantic models.""" +from ssvc.utils.defaults import MAX_NS_LENGTH, MIN_NS_LENGTH, X_PFX +from ssvc.utils.patterns import NS_PATTERN class NameSpace(StrEnum): diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index e2444821..6a009cdc 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -26,9 +26,8 @@ from pydantic import BaseModel, ConfigDict, Field, model_validator -from ssvc._mixins import VersionField from ssvc.decision_points.base import DecisionPoint -from ssvc.namespaces import NamespaceString +from ssvc.utils.types import NamespaceString, VersionString SCHEMA_VERSION = "2.0.0" @@ -49,7 +48,7 @@ class MinimalSelection(BaseModel): examples=["E", "A", "MI", "PSI"], min_length=1, ) - version: VersionField + version: VersionString values: list[str] = Field( ..., description="A list of selected value keys from the decision point values.", diff --git a/src/ssvc/utils/__init__.py b/src/ssvc/utils/__init__.py new file mode 100644 index 00000000..ff52eb81 --- /dev/null +++ b/src/ssvc/utils/__init__.py @@ -0,0 +1,20 @@ +"""Provides utility features for the SSVC package.""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 diff --git a/src/ssvc/utils/defaults.py b/src/ssvc/utils/defaults.py new file mode 100644 index 00000000..b925a1a9 --- /dev/null +++ b/src/ssvc/utils/defaults.py @@ -0,0 +1,47 @@ +#!/usr/bin/env python +""" +Provides default values and constants for use in SSVC objects. +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +X_PFX = "x_" +"""The prefix for extension namespaces. Extension namespaces must start with this prefix.""" + +MIN_NS_LENGTH = 3 +"""The minimum length of a namespace string.""" + +MAX_NS_LENGTH = 1000 +"""The maximum length of a namespace string.""" + +NS_LENGTH_INTERVAL = MAX_NS_LENGTH - MIN_NS_LENGTH +"""The interval between the minimum and maximum lengths of a namespace string.""" + +FIELD_DELIMITER = ":" +"""The delimiter used to separate fields in SSVC object IDs.""" + + +def main(): + pass + + +if __name__ == "__main__": + main() +DEFAULT_VERSION = "0.0.1" diff --git a/src/ssvc/utils/patterns.py b/src/ssvc/utils/patterns.py new file mode 100644 index 00000000..3886b61f --- /dev/null +++ b/src/ssvc/utils/patterns.py @@ -0,0 +1,130 @@ +#!/usr/bin/env python +""" +Provides python regular expressions and utility functions for SSVC-related patterns. +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import re + +from ssvc.utils.defaults import MAX_NS_LENGTH, MIN_NS_LENGTH, X_PFX + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +# from https://semver.org/ +VERSION_PATTERN = r"^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$" +"""A regular expression pattern for semantic versioning (semver).""" + +# from https://docs.oasis-open.org/csaf/csaf/v2.0/os/csaf-v2.0-os.html +BCP_47_PATTERN = r"(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])" +"""A regular expression pattern for BCP-47 language tags.""" + + +LENGTH_CHECK_PATTERN = rf"(?=.{{{MIN_NS_LENGTH},{MAX_NS_LENGTH}}}$)" +"""Ensures the string is between MIN_NS_LENGTH and MAX_NS_LENGTH characters long.""" + +# Base namespace part (before any extensions) allows . and - with restrictions +BASE_PATTERN = ( + r"(?!.*[.-]{2,})" # no consecutive separators + r"[a-z][a-z0-9]+" # first part starts with a letter, followed by one or more alphanumeric characters + r"(?:[.-][a-z0-9]+)*" # remaining parts can have alphanumeric characters and single . or - separators +) +"""The base pattern for namespaces, which must start with a letter followed by at least one alphanumeric character.""" + +EXPERIMENTAL_BASE = rf"{X_PFX}{BASE_PATTERN}" +f"""The base pattern for experimental namespaces, which must start with the {X_PFX} prefix, +followed by a string matching the base pattern.""" + +BASE_NS_PATTERN = rf"({EXPERIMENTAL_BASE}|{BASE_PATTERN})" +"""The complete base namespace pattern, which allows for experimental namespaces.""" + +EXT_SEGMENT_PATTERN = ( + r"(?!.*[.-]{2,})" # no consecutive separators + r"[a-zA-Z][a-zA-Z0-9]*" # first part starts with a letter, followed by zero or more alphanumeric characters + r"(?:[.-][a-zA-Z0-9]+)*" # remaining parts can have alphanumeric characters and single ., -, / separators +) +"""The pattern for extension segments in namespaces, which must start with a letter and contain alphanumeric characters or +limited punctuation characters (., -), with no consecutive punctuation characters allowed.""" + +LANG_EXT_PATTERN = rf"(/({BCP_47_PATTERN})/|//)" +# Language extension pattern (BCP-47 or empty for //) +"""The pattern for the first extension segment, which must be either a valid BCP-47 tag or empty (//).""" + +SUBSEQUENT_EXT_PATTERN = rf"{EXT_SEGMENT_PATTERN}(?:/{EXT_SEGMENT_PATTERN})*" +# Subsequent extension segments +"""The pattern for subsequent extension segments, which must follow the rules for extension segments, delimited by slashes (/).""" + +NS_PATTERN = re.compile( + rf"^{LENGTH_CHECK_PATTERN}({BASE_NS_PATTERN})({LANG_EXT_PATTERN}{SUBSEQUENT_EXT_PATTERN})?$" +) +f"""The full regular expression pattern for validating namespaces. + +!!! note "Length Requirements" + + - Namespaces must be between {MIN_NS_LENGTH} and {MAX_NS_LENGTH} characters long. + +!!! note "Base Namespace Requirements" + + - Must start with a lowercase letter + - Must contain at least 3 total characters in the base part (after the optional experimental/private prefix) + - Must contain only lowercase letters, numbers, dots (`.`), and hyphens (`-`) + - Must not contain consecutive dots or hyphens (no `..`, `--`, `.-`, `-.`, `---`, etc.) + - May optionally start with the experimental/private prefix `{X_PFX}`. + +!!! note "Extension Requirements (Optional)" + + - Extensions are optional + - Extensions must be delineated by slashes (`/`) + - If any extension segments are present, the following rules apply: + - The first extension segment, must be a valid BCP-47 language tag or empty (i.e., `//`). + - Subsequent extension segments: + - must start with a letter (upper or lowercase) + - may contain letters, numbers, dots (`.`), and hyphens (`-`) + - must not start or end with a dot or hyphen + - must not contain consecutive dots or hyphens (no `..`, `--`, `.-`, `-.`, `---`, etc.) + - are separated by single forward slashes (`/`) + - multiple extension segments are allowed + +""" + + +def main(): + pass + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/utils/types.py b/src/ssvc/utils/types.py new file mode 100644 index 00000000..ec33938b --- /dev/null +++ b/src/ssvc/utils/types.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python +""" +Provides custom data types for use in SSVC objects. +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from typing import Annotated + +from pydantic import Field + +from ssvc.utils.defaults import MAX_NS_LENGTH, MIN_NS_LENGTH +from ssvc.utils.patterns import NS_PATTERN, VERSION_PATTERN + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +VersionString = Annotated[ + str, + Field( + description="The version of the SSVC object. This must be a valid semantic version string.", + examples=["1.0.0", "2.1.3"], + pattern=VERSION_PATTERN, + min_length=5, + ), +] +"""A string datatype for version values, for use in Pydantic models.""" + +NamespaceString = Annotated[ + str, + Field( + description="The namespace of the SSVC object.", + examples=[ + "ssvc", + "cisa", + "x_com.example//private", + "com.example//some-extension", + "ssvc/de-DE/example.organization/reference-arch-1", + ], + pattern=NS_PATTERN, + min_length=MIN_NS_LENGTH, + max_length=MAX_NS_LENGTH, + ), +] +"""A string datatype for namespace values, for use in Pydantic models.""" + + +def main(): + pass + + +if __name__ == "__main__": + main() diff --git a/src/test/test_mixins.py b/src/test/test_mixins.py index a5269aee..9744d8f5 100644 --- a/src/test/test_mixins.py +++ b/src/test/test_mixins.py @@ -23,14 +23,14 @@ from pydantic import BaseModel, ValidationError from ssvc._mixins import ( - DEFAULT_VERSION, _Base, _Keyed, _Namespaced, _Valued, _Versioned, ) -from ssvc.namespaces import MAX_NS_LENGTH, NameSpace +from ssvc.namespaces import NameSpace +from ssvc.utils.defaults import DEFAULT_VERSION, MAX_NS_LENGTH class TestMixins(unittest.TestCase): diff --git a/src/test/test_namespaces.py b/src/test/test_namespaces.py index 4f527a88..dde85463 100644 --- a/src/test/test_namespaces.py +++ b/src/test/test_namespaces.py @@ -19,7 +19,8 @@ import unittest -from ssvc.namespaces import NS_PATTERN, NameSpace +from ssvc.namespaces import NameSpace +from ssvc.utils.patterns import NS_PATTERN class MyTestCase(unittest.TestCase): diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index a87df58d..54aeff84 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -21,12 +21,11 @@ import re import unittest -from ssvc.namespaces import ( +from ssvc.utils.defaults import MAX_NS_LENGTH, MIN_NS_LENGTH +from ssvc.utils.patterns import ( BASE_NS_PATTERN, BASE_PATTERN, LENGTH_CHECK_PATTERN, - MAX_NS_LENGTH, - MIN_NS_LENGTH, NS_PATTERN, ) diff --git a/src/test/test_selections.py b/src/test/test_selections.py index d4d0bf59..2ff73fbe 100644 --- a/src/test/test_selections.py +++ b/src/test/test_selections.py @@ -21,9 +21,8 @@ from datetime import datetime from ssvc import selection -from ssvc._mixins import VERSION_PATTERN -from ssvc.namespaces import NS_PATTERN from ssvc.selection import MinimalSelectionList +from ssvc.utils.patterns import NS_PATTERN, VERSION_PATTERN class MyTestCase(unittest.TestCase): @@ -64,7 +63,7 @@ def test_minimal_selection_init(self): # key is a string self.assertIsInstance(self.s1.key, str) self.assertGreater(len(self.s1.key), 0, "Key should not be empty") - # version is a valid VersionField + # version is a valid VersionString self.assertIsInstance(self.s1.version, str) self.assertRegex( self.s1.version, From cc4a67961e55a327fe7fba2f5fb25a8764c630a1 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 13:08:41 -0400 Subject: [PATCH 147/468] cleanup defaults module --- src/ssvc/utils/defaults.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/ssvc/utils/defaults.py b/src/ssvc/utils/defaults.py index b925a1a9..e864283b 100644 --- a/src/ssvc/utils/defaults.py +++ b/src/ssvc/utils/defaults.py @@ -22,6 +22,9 @@ # subject to its own license. # DM24-0278 +DEFAULT_VERSION = "0.0.1" +"""The default version for SSVC objects, used when no version is specified at object creation.""" + X_PFX = "x_" """The prefix for extension namespaces. Extension namespaces must start with this prefix.""" @@ -44,4 +47,3 @@ def main(): if __name__ == "__main__": main() -DEFAULT_VERSION = "0.0.1" From a1c071992c060a42c708626a92a8229bdf16ccbb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Jul 2025 17:08:49 +0000 Subject: [PATCH 148/468] Bump jsonschema from 4.24.0 to 4.25.0 --- updated-dependencies: - dependency-name: jsonschema dependency-version: 4.25.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 9e991667..3100fdcf 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,7 +11,7 @@ markdown-exec==1.11.0 thefuzz==0.22.1 pandas==2.3.1 scikit-learn==1.6.1 -jsonschema==4.24.0 +jsonschema==4.25.0 networkx==3.4.2 pydantic==2.11.7 semver==3.0.4 \ No newline at end of file From 989a07af6a22016d5a105b4021dbd9ed772d1963 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 13:09:55 -0400 Subject: [PATCH 149/468] fix double-copyright blocks --- src/ssvc/utils/patterns.py | 19 ------------------- src/ssvc/utils/types.py | 19 ------------------- 2 files changed, 38 deletions(-) diff --git a/src/ssvc/utils/patterns.py b/src/ssvc/utils/patterns.py index 3886b61f..04463b0c 100644 --- a/src/ssvc/utils/patterns.py +++ b/src/ssvc/utils/patterns.py @@ -26,25 +26,6 @@ from ssvc.utils.defaults import MAX_NS_LENGTH, MIN_NS_LENGTH, X_PFX -# Copyright (c) 2025 Carnegie Mellon University. -# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE -# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. -# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, -# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT -# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR -# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE -# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE -# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM -# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. -# Licensed under a MIT (SEI)-style license, please see LICENSE or contact -# permission@sei.cmu.edu for full terms. -# [DISTRIBUTION STATEMENT A] This material has been approved for -# public release and unlimited distribution. Please see Copyright notice -# for non-US Government use and distribution. -# This Software includes and/or makes use of Third-Party Software each -# subject to its own license. -# DM24-0278 - # from https://semver.org/ VERSION_PATTERN = r"^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$" """A regular expression pattern for semantic versioning (semver).""" diff --git a/src/ssvc/utils/types.py b/src/ssvc/utils/types.py index ec33938b..c50bee1d 100644 --- a/src/ssvc/utils/types.py +++ b/src/ssvc/utils/types.py @@ -29,25 +29,6 @@ from ssvc.utils.defaults import MAX_NS_LENGTH, MIN_NS_LENGTH from ssvc.utils.patterns import NS_PATTERN, VERSION_PATTERN -# Copyright (c) 2025 Carnegie Mellon University. -# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE -# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. -# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, -# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT -# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR -# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE -# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE -# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM -# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. -# Licensed under a MIT (SEI)-style license, please see LICENSE or contact -# permission@sei.cmu.edu for full terms. -# [DISTRIBUTION STATEMENT A] This material has been approved for -# public release and unlimited distribution. Please see Copyright notice -# for non-US Government use and distribution. -# This Software includes and/or makes use of Third-Party Software each -# subject to its own license. -# DM24-0278 - VersionString = Annotated[ str, Field( From be4f0364417c56da7dd6f02f38904356683390fb Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 13:14:02 -0400 Subject: [PATCH 150/468] rename types.py to field_specs.py --- src/ssvc/_mixins.py | 2 +- src/ssvc/selection.py | 2 +- src/ssvc/utils/{types.py => field_specs.py} | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename src/ssvc/utils/{types.py => field_specs.py} (100%) diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index 5039ab55..4c3fa7f4 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -29,7 +29,7 @@ from ssvc import _schemaVersion from ssvc.namespaces import NameSpace from ssvc.utils.defaults import DEFAULT_VERSION -from ssvc.utils.types import NamespaceString, VersionString +from ssvc.utils.field_specs import NamespaceString, VersionString class _Versioned(BaseModel): diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 6a009cdc..e8d1fdd3 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -27,7 +27,7 @@ from pydantic import BaseModel, ConfigDict, Field, model_validator from ssvc.decision_points.base import DecisionPoint -from ssvc.utils.types import NamespaceString, VersionString +from ssvc.utils.field_specs import NamespaceString, VersionString SCHEMA_VERSION = "2.0.0" diff --git a/src/ssvc/utils/types.py b/src/ssvc/utils/field_specs.py similarity index 100% rename from src/ssvc/utils/types.py rename to src/ssvc/utils/field_specs.py From 9816c5c660df82d35f0fcb092de29519b17d8b58 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 13:19:02 -0400 Subject: [PATCH 151/468] reinstate additionalProperties=false in JSON schema --- .../v2/Decision_Point_Value_Selection-2-0-0.schema.json | 4 ++-- src/ssvc/selection.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index ed0c31a3..ad2fa0c3 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -39,7 +39,7 @@ "type": "array" }, "timestamp": { - "description": "Timestamp of when the selections were made, in ISO 8601 format.", + "description": "Timestamp of when the selections were made, in RFC 3339 format.", "examples": [ "2025-01-01T12:00:00Z", "2025-01-02T15:30:45-04:00" @@ -54,7 +54,7 @@ "selections", "timestamp" ], - "additionalProperties": true, + "additionalProperties": false, "$defs": { "MinimalSelection": { "description": "A minimal selection object that contains the decision point ID and the selected options.\nThis is used to transition from an SSVC decision point to a selection.", diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index e2444821..94e3e416 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -66,7 +66,7 @@ class MinimalSelectionList(BaseModel): A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability evaluation. """ - model_config = ConfigDict(extra="allow") + model_config = ConfigDict(extra="forbid") schemaVersion: Literal[SCHEMA_VERSION] = Field( ..., description="The schema version of this selection list.", From 054e17581d137f5e3e8aeb1c924332cbca86f55b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Jul 2025 13:21:22 -0400 Subject: [PATCH 152/468] Bump jsonschema from 4.24.0 to 4.25.0 (#827) --- updated-dependencies: - dependency-name: jsonschema dependency-version: 4.25.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 9e991667..3100fdcf 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,7 +11,7 @@ markdown-exec==1.11.0 thefuzz==0.22.1 pandas==2.3.1 scikit-learn==1.6.1 -jsonschema==4.24.0 +jsonschema==4.25.0 networkx==3.4.2 pydantic==2.11.7 semver==3.0.4 \ No newline at end of file From cb05a84d3655f96df218c73df61de763df916ea0 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 13:28:08 -0400 Subject: [PATCH 153/468] update schema to reflect recent changes --- .../v2/Decision_Point_Value_Selection-2-0-0.schema.json | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index d2d986db..0a325d2c 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -64,12 +64,13 @@ "examples": [ "ssvc", "cisa", - "x_private-test", - "ssvc/de-DE/reference-arch-1" + "x_com.example//private", + "com.example//some-extension", + "ssvc/de-DE/example.organization/reference-arch-1" ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)((x_(?!.*[.-]{2,})[a-z][a-z0-9]{2,}(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]{2,}(?:[.-][a-z0-9]+)*))((/((([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo]))/|//)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*)*)?$", + "pattern": "^(?=.{3,1000}$)((x_(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*))((/((([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo]))/|//)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*)*)?$", "title": "Namespace", "type": "string" }, From 85dab997f5bc6dd3e78a4f946c4b05775ef7628a Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 15:27:15 -0400 Subject: [PATCH 154/468] change "vulnerability_id" to "target_ids" and make it a list of strings rather than a single string. --- ...on_Point_Value_Selection-2-0-0.schema.json | 23 ++++++++++----- src/ssvc/selection.py | 29 ++++++++++++++++--- src/test/test_selections.py | 11 +++++-- 3 files changed, 48 insertions(+), 15 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index ad2fa0c3..33e92925 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -10,24 +10,31 @@ "title": "Schemaversion", "type": "string" }, - "vulnerability_id": { + "target_ids": { "anyOf": [ { - "minLength": 1, - "type": "string" + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" }, { "type": "null" } ], "default": null, - "description": "Optional vulnerability ID associated with the selections.", + "description": "Optional list of identifiers for the item or items (vulnerabilities, reports, advisories, systems, assets, etc.) being evaluated by these selections.", "examples": [ - "CVE-2025-0000", - "VU#999999", - "GHSA-0123-4567-89ab" + [ + "CVE-2025-0000" + ], + [ + "VU#999999", + "GHSA-0123-4567-89ab" + ] ], - "title": "Vulnerability Id" + "title": "Target Ids" }, "selections": { "description": "List of minimal selections made from decision points.", diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 94e3e416..629309c8 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -24,7 +24,7 @@ from datetime import datetime from typing import Literal, Optional -from pydantic import BaseModel, ConfigDict, Field, model_validator +from pydantic import BaseModel, ConfigDict, Field, field_validator, model_validator from ssvc._mixins import VersionField from ssvc.decision_points.base import DecisionPoint @@ -72,10 +72,15 @@ class MinimalSelectionList(BaseModel): description="The schema version of this selection list.", ) - vulnerability_id: Optional[str] = Field( + target_ids: Optional[list[str]] = Field( default=None, - description="Optional vulnerability ID associated with the selections.", - examples=["CVE-2025-0000", "VU#999999", "GHSA-0123-4567-89ab"], + description="Optional list of identifiers for the item or items " + "(vulnerabilities, reports, advisories, systems, assets, etc.) " + "being evaluated by these selections.", + examples=[ + ["CVE-2025-0000"], + ["VU#999999", "GHSA-0123-4567-89ab"], + ], min_length=1, ) selections: list[MinimalSelection] = Field( @@ -96,6 +101,22 @@ def set_schema_version(cls, data): data["schemaVersion"] = SCHEMA_VERSION return data + # target_ids should be a non-empty list if not None + @field_validator("target_ids", mode="before") + @classmethod + def validate_target_ids(cls, value: Optional[list[str]]) -> Optional[list[str]]: + """ + Validate the target_ids field. + If target_ids is provided, it must be a non-empty list of strings. + """ + if value is not None: + if not isinstance(value, list) or len(value) == 0: + raise ValueError("target_ids must be a non-empty list of strings.") + for item in value: + if not isinstance(item, str): + raise ValueError("Each target_id must be a string.") + return value + def add_selection(self, selection: MinimalSelection) -> None: """ Adds a minimal selection to the list. diff --git a/src/test/test_selections.py b/src/test/test_selections.py index d4d0bf59..bfa67741 100644 --- a/src/test/test_selections.py +++ b/src/test/test_selections.py @@ -41,7 +41,9 @@ def setUp(self): values=["value21", "value22"], ) self.selections = MinimalSelectionList( - selections=[self.s1, self.s2], timestamp=datetime.now() + selections=[self.s1, self.s2], + timestamp=datetime.now(), + target_ids=["target_id_1", "target_id_2"], ) def test_minimal_selection_init(self): @@ -97,8 +99,11 @@ def test_minimal_selection_list_init(self): ) self.assertRegex(self.selections.schemaVersion, VERSION_PATTERN) - # vulnerability_id is optional and can be None or a string - self.assertIsInstance(self.selections.vulnerability_id, (str, type(None))) + self.assertIsInstance(self.selections.target_ids, (list, type(None))) + for target_id in self.selections.target_ids: + self.assertIsInstance( + target_id, str, f"Target ID {target_id} is not a string" + ) # selections is a list of MinimalSelection objects self.assertIsInstance(self.selections.selections, list) From 1876d68a3599a0e5cd154aa037f89c2754738c0b Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 15:29:06 -0400 Subject: [PATCH 155/468] make single selection sub-object forbid extras too --- data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json | 1 + src/ssvc/selection.py | 2 ++ 2 files changed, 3 insertions(+) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index 33e92925..616bd12b 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -64,6 +64,7 @@ "additionalProperties": false, "$defs": { "MinimalSelection": { + "additionalProperties": false, "description": "A minimal selection object that contains the decision point ID and the selected options.\nThis is used to transition from an SSVC decision point to a selection.", "properties": { "namespace": { diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 629309c8..ce41a84a 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -39,6 +39,8 @@ class MinimalSelection(BaseModel): This is used to transition from an SSVC decision point to a selection. """ + model_config = ConfigDict(extra="forbid") + namespace: NamespaceString = Field( ..., description="The namespace of the decision point.", From 8dd15693075dbca90725d403116b445a56dcac56 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 16:10:43 -0400 Subject: [PATCH 156/468] fails on "ssvc//example.organization#model/com.example#foo" --- src/ssvc/utils/patterns.py | 49 ++++++++++++++++++----------- src/test/test_namespaces_pattern.py | 37 +++++++++++++++++++++- 2 files changed, 66 insertions(+), 20 deletions(-) diff --git a/src/ssvc/utils/patterns.py b/src/ssvc/utils/patterns.py index 04463b0c..8a4fa3af 100644 --- a/src/ssvc/utils/patterns.py +++ b/src/ssvc/utils/patterns.py @@ -35,42 +35,53 @@ """A regular expression pattern for BCP-47 language tags.""" +# --- Namespace Regex Components --- + +# Length check LENGTH_CHECK_PATTERN = rf"(?=.{{{MIN_NS_LENGTH},{MAX_NS_LENGTH}}}$)" """Ensures the string is between MIN_NS_LENGTH and MAX_NS_LENGTH characters long.""" -# Base namespace part (before any extensions) allows . and - with restrictions +# Base namespace pattern (before any // or /lang/) BASE_PATTERN = ( r"(?!.*[.-]{2,})" # no consecutive separators - r"[a-z][a-z0-9]+" # first part starts with a letter, followed by one or more alphanumeric characters - r"(?:[.-][a-z0-9]+)*" # remaining parts can have alphanumeric characters and single . or - separators + r"[a-z][a-z0-9]+" # starts with a letter, followed by one or more alphanumeric chars + r"(?:[.-][a-z0-9]+)*" # then . or - followed by alphanumerics ) -"""The base pattern for namespaces, which must start with a letter followed by at least one alphanumeric character.""" +"""The base pattern for namespaces.""" EXPERIMENTAL_BASE = rf"{X_PFX}{BASE_PATTERN}" -f"""The base pattern for experimental namespaces, which must start with the {X_PFX} prefix, -followed by a string matching the base pattern.""" +"""The base pattern for experimental namespaces with the x_ prefix.""" + +BASE_NS_PATTERN = rf"(?:{EXPERIMENTAL_BASE}|{BASE_PATTERN})" +"""The complete base namespace pattern.""" -BASE_NS_PATTERN = rf"({EXPERIMENTAL_BASE}|{BASE_PATTERN})" -"""The complete base namespace pattern, which allows for experimental namespaces.""" +# --- Extension Segments --- +# Single extension segment between slashes. +# Requirements: +# - Starts with a letter +# - May contain '.', '-', or '#' as separators +# - No consecutive '.' or '-' +# - At most one '#' EXT_SEGMENT_PATTERN = ( - r"(?!.*[.-]{2,})" # no consecutive separators - r"[a-zA-Z][a-zA-Z0-9]*" # first part starts with a letter, followed by zero or more alphanumeric characters - r"(?:[.-][a-zA-Z0-9]+)*" # remaining parts can have alphanumeric characters and single ., -, / separators + r"(?!.*#.*#)" # at most one hash + r"(?!.*[.-]{2,})" # no consecutive dots or hyphens + r"[a-zA-Z][a-zA-Z0-9]*" # must start with a letter + r"(?:[.#-][a-zA-Z0-9]+)*" # allowed separators with alphanumerics ) -"""The pattern for extension segments in namespaces, which must start with a letter and contain alphanumeric characters or -limited punctuation characters (., -), with no consecutive punctuation characters allowed.""" +"""The pattern for a single extension segment.""" -LANG_EXT_PATTERN = rf"(/({BCP_47_PATTERN})/|//)" -# Language extension pattern (BCP-47 or empty for //) -"""The pattern for the first extension segment, which must be either a valid BCP-47 tag or empty (//).""" +# Language extension pattern: either // or // +LANG_EXT_PATTERN = rf"(?:/{BCP_47_PATTERN}/|//)" +"""The first extension segment, either empty (//) or a valid BCP-47 tag.""" +# Subsequent extension segments (zero or more) SUBSEQUENT_EXT_PATTERN = rf"{EXT_SEGMENT_PATTERN}(?:/{EXT_SEGMENT_PATTERN})*" -# Subsequent extension segments -"""The pattern for subsequent extension segments, which must follow the rules for extension segments, delimited by slashes (/).""" +"""The pattern for all subsequent extension segments.""" +# --- Full Namespace Pattern --- NS_PATTERN = re.compile( - rf"^{LENGTH_CHECK_PATTERN}({BASE_NS_PATTERN})({LANG_EXT_PATTERN}{SUBSEQUENT_EXT_PATTERN})?$" + rf"^{LENGTH_CHECK_PATTERN}{BASE_NS_PATTERN}(?:{LANG_EXT_PATTERN}{SUBSEQUENT_EXT_PATTERN})?$" ) f"""The full regular expression pattern for validating namespaces. diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index 54aeff84..d936dac0 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -25,6 +25,7 @@ from ssvc.utils.patterns import ( BASE_NS_PATTERN, BASE_PATTERN, + EXT_SEGMENT_PATTERN, LENGTH_CHECK_PATTERN, NS_PATTERN, ) @@ -46,7 +47,8 @@ def setUp(self): "x_custom//extension", # double slash is okay when it's the first segment "x_private-test", # valid namespace with x_ prefix and dash (does not follow reverse domain notation) "x_com.example//custom-extension", # x_prefix, reverse domain notation, double slash, dashes - "ssvc/de-DE/example.org/reference-arch-1", # valid BCP-47 tag, reverse domain notation, dashes + "ssvc/de-DE/example.organization#reference-arch-1", # valid BCP-47 tag, reverse domain notation, hash + "ssvc//example.organization#model/com.example#foo", # valid BCP-47 tag, two segments with one hash each "ssvc/de-DE/reference-arch-1", # valid BCP-47 tag with dashes (But doesn't follow reverse domain notation) "x_test/pl-PL/foo/bar/baz/quux", # valid BCP-47 tag and multiple segments "com.example", # valid namespace with dots following reverse domain notation @@ -74,6 +76,8 @@ def setUp(self): "x_test/not-bcp-47", # not a valid BCP-47 tag "x_custom/extension/with/multiple/segments/" + "a" * 990, # exceeds max length + "ssvc/de-DE/example.organization##reference-arch-1", # valid BCP-47 tag, reverse domain notation, double hash + "ssvc/de-DE/example.organization#multi#hash#forbidden", # valid BCP-47 tag, reverse domain notation, more than one hash per segment "x_custom.extension.", # ends with punctuation "x_custom..extension", # double dot "x_custom/", # ends with slash @@ -105,6 +109,9 @@ def test_base_pattern(self): "a", # too short "9abc", # starts with a number "x_foo", # no x_ in base pattern + "com.example#foo", # no hashes in base + "com.example##foo", # double hash + "com.example#foo#bar", # multiple hashes not allowed "contains..double.dot", # double dot "contains--double-dash", # double dash "contains_underscore", # underscore not allowed @@ -205,6 +212,34 @@ def test_length_check_pattern(self): re.match(LENGTH_CHECK_PATTERN, ns), f"Should not match: {ns}" ) + def test_ext_segment_pattern(self): + """ + Test the extension segment pattern. + The pattern should allow valid extension segments and disallow invalid ones. + """ + valid_segments = [ + "valid", + "valid.extension", + "valid-extension", + "valid#extension", + "valid.extension#with-hash", + "com.example#foo", # valid namespace with hash + ] + invalid_segments = [ + "a_bc", # underscore not allowed + "invalid..segment", # double dot + "invalid--segment", # double dash + "invalid.segment.", # ends with a dot + "invalid.segment-", # ends with a dash + "invalid/segment", # slash not allowed + "com.example##foo", # valid namespace with hash + "invalid#segment#with#multiple#hashes", # multiple hashes not allowed + "invalid/segment/", # ends with a slash + ] + self._test_successes_failures( + EXT_SEGMENT_PATTERN, invalid_segments, valid_segments + ) + if __name__ == "__main__": unittest.main() From 0a2ee249e71187dc2a2ad64cfc0382e330272104 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 16:16:25 -0400 Subject: [PATCH 157/468] make tests pass --- src/ssvc/utils/patterns.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/ssvc/utils/patterns.py b/src/ssvc/utils/patterns.py index 8a4fa3af..554251d6 100644 --- a/src/ssvc/utils/patterns.py +++ b/src/ssvc/utils/patterns.py @@ -64,10 +64,9 @@ # - No consecutive '.' or '-' # - At most one '#' EXT_SEGMENT_PATTERN = ( - r"(?!.*#.*#)" # at most one hash r"(?!.*[.-]{2,})" # no consecutive dots or hyphens - r"[a-zA-Z][a-zA-Z0-9]*" # must start with a letter - r"(?:[.#-][a-zA-Z0-9]+)*" # allowed separators with alphanumerics + r"[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*" # main part, will handle reverse domain style + r"(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?" # optional single hash part ) """The pattern for a single extension segment.""" From 37c55e3bcff9d2e764a17cf4b673b53219c78a07 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 16:29:13 -0400 Subject: [PATCH 158/468] revise docstring, add abnf draft --- src/ssvc/utils/patterns.py | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/src/ssvc/utils/patterns.py b/src/ssvc/utils/patterns.py index 554251d6..b674899d 100644 --- a/src/ssvc/utils/patterns.py +++ b/src/ssvc/utils/patterns.py @@ -101,15 +101,29 @@ - Extensions are optional - Extensions must be delineated by slashes (`/`) - If any extension segments are present, the following rules apply: - - The first extension segment, must be a valid BCP-47 language tag or empty (i.e., `//`). + - The first extension segment must be a valid BCP-47 language tag or empty (i.e., `//`). - Subsequent extension segments: - must start with a letter (upper or lowercase) - - may contain letters, numbers, dots (`.`), and hyphens (`-`) - - must not start or end with a dot or hyphen + - may contain letters, numbers, dots (`.`), hyphens (`-`), and at most one hash (`#`) - must not contain consecutive dots or hyphens (no `..`, `--`, `.-`, `-.`, `---`, etc.) + - if a hash is present, it separates the main part from an optional fragment part - are separated by single forward slashes (`/`) - multiple extension segments are allowed +!!! info "ABNF Notation" + + namespace = base-ns [extensions] + base-ns = [x-prefix] ns-core + x-prefix = "x_" + ns-core = LOWER 1*ALNUMLOW *("." / "-" 1*ALNUMLOW) + extensions = lang-ext [*("/" ext-seg)] + lang-ext = "//" / ("/" bcp47 "/") + ext-seg = ALPHA *ALNUM *("." / "-" 1*ALNUM) ["#" 1*ALNUM *("." / "-" 1*ALNUM)] + bcp47 = (2*3ALPHA ["-" 3ALPHA *2("-" 3ALPHA)] / 4*8ALPHA) ["-" 4ALPHA] ["-" (2ALPHA / 3DIGIT)] *("-" (5*8ALNUM / DIGIT 3ALNUM)) *("-" %x41-57.59-5A.61-7A.7C-7E "-" 2*8ALNUM) ["-" %x58.78 1*("-" 1*8ALNUM)] / %x58.78 1*("-" 1*8ALNUM) / %x49.69 "-" %x44.64 %x45.65 %x46.66 %x41.61 %x55.75 %x4C.6C %x54.74 / %x49.69 "-" %x4D.6D %x49.69 %x4E.6E %x47.67 %x4F.6F + LOWER = %x61-7A + ALNUMLOW = LOWER / DIGIT + ; constraints: 3-1000 chars total, no consecutive separators + """ From f9904fc3687a46e9125ace88c0d02c25343c1653 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 16:44:01 -0400 Subject: [PATCH 159/468] update ns pattern documentation --- docs/reference/code/namespaces.md | 132 ++++++++++++++++++++---------- src/ssvc/utils/patterns.py | 105 ++++++------------------ 2 files changed, 116 insertions(+), 121 deletions(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index 50cdf330..a57198a4 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -270,53 +270,99 @@ segment of the extension. The following technical requirements are enforced for SSVC namespaces, based on the implementation in `src/ssvc/namespaces.py` and the NS_PATTERN regular expression: -```python exec="true" idprefix="" +!!! info "Namespace Pattern" -from ssvc.utils.patterns import NS_PATTERN + The regular expression used to validate namespaces is: -print(f"`{NS_PATTERN.pattern}`") -``` + ```python exec="true" idprefix="" + + from ssvc.utils.patterns import NS_PATTERN + + print(f"`{NS_PATTERN.pattern}`") + ``` + +### Length Requirements + +- Namespaces must be between 3 and 1000 characters long. + +### Base Namespace Requirements + +- Must start with a lowercase letter +- Must contain at least 3 total characters in the base part (after the optional experimental/private prefix) +- Must contain only lowercase letters, numbers, dots (`.`), and hyphens (`-`) +- Must not contain consecutive dots or hyphens (no `..`, `--`, `.-`, `-.`, `---`, etc.) +- May optionally start with the experimental/private prefix `{X_PFX}`. + +### Extension Requirements (Optional) -- **Length**: Namespaces must be between 3 and 1000 characters long. -- **Base Namespace**: - - Must start with a lowercase letter. - - Must contain at least 3 total characters in the base part (after the optional experimental/private prefix). - - Only lowercase letters, numbers, dots (`.`), and hyphens (`-`) are allowed. - - Must not contain consecutive dots or hyphens (no `..`, `--`, `.-`, `-.`, `---`, etc.). - - Cannot end with a dot or hyphen. - - May optionally start with the experimental/private prefix `x_`. -- **Experimental/Private Namespaces**: - - Must start with `x_` followed by a valid base namespace. -- **Extensions (Optional)**: - - Extensions are optional and must be delineated by slashes (`/`). - - If present, the first extension segment must be a valid BCP-47 language tag or empty (`//`). - - Subsequent extension segments: - - Must start with a letter (upper or lowercase). - - May contain letters, numbers, dots (`.`), and hyphens (`-`). - - Must not start or end with a dot or hyphen. - - Must not contain consecutive dots or hyphens. - - Are separated by single forward slashes (`/`). - - Multiple extension segments are allowed. -- **Examples of valid namespaces**: - - `ssvc` - - `cisa` - - `x_private-test` - - `ssvc/de-DE/reference-arch-1` - - `x_custom//extension` (empty language tag) -- **Examples of invalid namespaces**: - - `custom` (not in enum, no `x_` prefix) - - `x_custom/extension` (first segment must be a language tag) - - `x_custom.extension.` (ends with punctuation) - - `x_custom..extension` (double dot) - - `x_custom/` (ends with slash) - - `x_custom/extension//` (double slash at end) - - `ab` (too short) - - `x_` (too short after prefix) - -These requirements are strictly enforced by the `NS_PATTERN` regular expression -in the codebase. For full details, see the documentation below and -implementation in `src/ssvc/namespaces.py`. +- Extensions are optional +- Extensions must be delineated by slashes (`/`) +- If any extension segments are present, the following rules apply: + - The first extension segment must be a valid BCP-47 language tag or empty (i.e., `//`). + - Subsequent extension segments: + - must start with a letter (upper or lowercase) + - may contain letters, numbers, dots (`.`), hyphens (`-`), and at most one hash (`#`) + - must not contain consecutive dots or hyphens (no `..`, `--`, `.-`, `-.`, `---`, etc.) + - if a hash is present, it separates the main part from an optional fragment part + - are separated by single forward slashes (`/`) +- Multiple extension segments are allowed +!!! info "ABNF Notation" + + ```abnf + namespace = base-ns [extensions] + ; Overall namespace must be 3–1000 characters + ; (Enforced via regex length lookahead) + + base-ns = x-base / std-base + x-base = "x_" ns-core + std-base = ns-core + + ; ns-core starts with a lowercase letter and may have '.' or '-' separators. + ; Consecutive '.' or '-' are not allowed. + ns-core = LOWER ALNUMLOW *("." / "-" 1*ALNUMLOW) + + extensions = lang-ext [ *("/" ext-seg) ] + + ; Language extension: either // (empty language extension) + ; or // (BCP-47 language code) + lang-ext = "//" / ( "/" bcp47 "/" ) + + ; Extension segment between slashes. + ; - Must start with ALPHA + ; - May have '.' or '-' separators + ; - Optional '#' section, at most one per segment + ; - No consecutive '.' or '-' + ext-seg = ALPHA ALNUM * + ( ("." / "-") 1*ALNUM ) * + [ "#" 1*ALNUM * ( ("." / "-") 1*ALNUM ) ] + + ; BCP-47 tag (based on the regex expansion) + bcp47 = ( 2*3ALPHA + [ "-" 3ALPHA *2( "-" 3ALPHA ) ] + / 4*8ALPHA ) + [ "-" 4ALPHA ] + [ "-" ( 2ALPHA / 3DIGIT ) ] + * ( "-" ( 5*8ALNUM / DIGIT 3ALNUM ) ) + * ( "-" %x41-57.59-5A.61-7A.7C-7E "-" 2*8ALNUM ) + [ "-" %x58.78 1*( "-" 1*8ALNUM ) ] + / %x58.78 1*( "-" 1*8ALNUM ) + / %x49.69 "-" %x44.64 %x45.65 %x46.66 %x41.61 %x55.75 %x4C.6C %x54.74 + / %x49.69 "-" %x4D.6D %x49.69 %x4E.6E %x47.67 %x4F.6F + + ; Character sets + LOWER = %x61-7A ; a-z + ALPHA = %x41-5A / %x61-7A ; A-Z / a-z + DIGIT = %x30-39 ; 0-9 + ALNUM = ALPHA / DIGIT + ALNUMLOW = LOWER / DIGIT + + ; Constraints: + ; - No consecutive "." or "-" in ns-core or ext-seg. + ; - Each ext-seg can contain at most one "#". + ; - Overall namespace is 3–1000 chars. + ``` + ## The `ssvc.namespaces` module The `ssvc.namespaces` module provides a way to access and use these namespaces. diff --git a/src/ssvc/utils/patterns.py b/src/ssvc/utils/patterns.py index b674899d..c3cef410 100644 --- a/src/ssvc/utils/patterns.py +++ b/src/ssvc/utils/patterns.py @@ -24,8 +24,6 @@ import re -from ssvc.utils.defaults import MAX_NS_LENGTH, MIN_NS_LENGTH, X_PFX - # from https://semver.org/ VERSION_PATTERN = r"^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$" """A regular expression pattern for semantic versioning (semver).""" @@ -37,94 +35,45 @@ # --- Namespace Regex Components --- -# Length check -LENGTH_CHECK_PATTERN = rf"(?=.{{{MIN_NS_LENGTH},{MAX_NS_LENGTH}}}$)" -"""Ensures the string is between MIN_NS_LENGTH and MAX_NS_LENGTH characters long.""" +# --- Length constraint --- +LENGTH_CHECK_PATTERN = r"(?=.{3,1000}$)" + +# --- Base namespace --- +NO_CONSECUTIVE_SEP = r"(?!.*[.-]{2,})" # no consecutive '.' or '-' -# Base namespace pattern (before any // or /lang/) BASE_PATTERN = ( - r"(?!.*[.-]{2,})" # no consecutive separators - r"[a-z][a-z0-9]+" # starts with a letter, followed by one or more alphanumeric chars - r"(?:[.-][a-z0-9]+)*" # then . or - followed by alphanumerics + rf"{NO_CONSECUTIVE_SEP}" + r"[a-z][a-z0-9]+" # starts with lowercase letter + 1+ alnum + r"(?:[.-][a-z0-9]+)*" # optional dot or dash + alnum ) -"""The base pattern for namespaces.""" - -EXPERIMENTAL_BASE = rf"{X_PFX}{BASE_PATTERN}" -"""The base pattern for experimental namespaces with the x_ prefix.""" -BASE_NS_PATTERN = rf"(?:{EXPERIMENTAL_BASE}|{BASE_PATTERN})" -"""The complete base namespace pattern.""" +BASE_NS_PATTERN = rf"(?:x_{BASE_PATTERN}|{BASE_PATTERN})" -# --- Extension Segments --- - -# Single extension segment between slashes. -# Requirements: -# - Starts with a letter -# - May contain '.', '-', or '#' as separators -# - No consecutive '.' or '-' -# - At most one '#' +# --- Extension segments --- +# A single ext-seg with at most one '#' EXT_SEGMENT_PATTERN = ( - r"(?!.*[.-]{2,})" # no consecutive dots or hyphens - r"[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*" # main part, will handle reverse domain style - r"(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?" # optional single hash part + rf"{NO_CONSECUTIVE_SEP}" + r"[a-zA-Z][a-zA-Z0-9]*" # start with a letter + r"(?:[.-][a-zA-Z0-9]+)*" # dot or dash + alnum + r"(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?" # optional single hash section ) -"""The pattern for a single extension segment.""" -# Language extension pattern: either // or // -LANG_EXT_PATTERN = rf"(?:/{BCP_47_PATTERN}/|//)" -"""The first extension segment, either empty (//) or a valid BCP-47 tag.""" +# Subsequent ext-seg(s) +SUBSEQUENT_EXT = rf"{EXT_SEGMENT_PATTERN}(?:/{EXT_SEGMENT_PATTERN})*" + -# Subsequent extension segments (zero or more) -SUBSEQUENT_EXT_PATTERN = rf"{EXT_SEGMENT_PATTERN}(?:/{EXT_SEGMENT_PATTERN})*" -"""The pattern for all subsequent extension segments.""" +# --- Language extension --- +LANG_EXT = rf"(?:/{BCP_47_PATTERN}/|//)" -# --- Full Namespace Pattern --- -NS_PATTERN = re.compile( - rf"^{LENGTH_CHECK_PATTERN}{BASE_NS_PATTERN}(?:{LANG_EXT_PATTERN}{SUBSEQUENT_EXT_PATTERN})?$" +# --- Combine all parts into the full namespace pattern --- +NS_PATTERN_STR = ( + rf"^{LENGTH_CHECK_PATTERN}" + rf"{BASE_NS_PATTERN}" + rf"(?:{LANG_EXT}{SUBSEQUENT_EXT})?$" ) -f"""The full regular expression pattern for validating namespaces. - -!!! note "Length Requirements" - - - Namespaces must be between {MIN_NS_LENGTH} and {MAX_NS_LENGTH} characters long. - -!!! note "Base Namespace Requirements" - - - Must start with a lowercase letter - - Must contain at least 3 total characters in the base part (after the optional experimental/private prefix) - - Must contain only lowercase letters, numbers, dots (`.`), and hyphens (`-`) - - Must not contain consecutive dots or hyphens (no `..`, `--`, `.-`, `-.`, `---`, etc.) - - May optionally start with the experimental/private prefix `{X_PFX}`. - -!!! note "Extension Requirements (Optional)" - - - Extensions are optional - - Extensions must be delineated by slashes (`/`) - - If any extension segments are present, the following rules apply: - - The first extension segment must be a valid BCP-47 language tag or empty (i.e., `//`). - - Subsequent extension segments: - - must start with a letter (upper or lowercase) - - may contain letters, numbers, dots (`.`), hyphens (`-`), and at most one hash (`#`) - - must not contain consecutive dots or hyphens (no `..`, `--`, `.-`, `-.`, `---`, etc.) - - if a hash is present, it separates the main part from an optional fragment part - - are separated by single forward slashes (`/`) - - multiple extension segments are allowed - -!!! info "ABNF Notation" - - namespace = base-ns [extensions] - base-ns = [x-prefix] ns-core - x-prefix = "x_" - ns-core = LOWER 1*ALNUMLOW *("." / "-" 1*ALNUMLOW) - extensions = lang-ext [*("/" ext-seg)] - lang-ext = "//" / ("/" bcp47 "/") - ext-seg = ALPHA *ALNUM *("." / "-" 1*ALNUM) ["#" 1*ALNUM *("." / "-" 1*ALNUM)] - bcp47 = (2*3ALPHA ["-" 3ALPHA *2("-" 3ALPHA)] / 4*8ALPHA) ["-" 4ALPHA] ["-" (2ALPHA / 3DIGIT)] *("-" (5*8ALNUM / DIGIT 3ALNUM)) *("-" %x41-57.59-5A.61-7A.7C-7E "-" 2*8ALNUM) ["-" %x58.78 1*("-" 1*8ALNUM)] / %x58.78 1*("-" 1*8ALNUM) / %x49.69 "-" %x44.64 %x45.65 %x46.66 %x41.61 %x55.75 %x4C.6C %x54.74 / %x49.69 "-" %x4D.6D %x49.69 %x4E.6E %x47.67 %x4F.6F - LOWER = %x61-7A - ALNUMLOW = LOWER / DIGIT - ; constraints: 3-1000 chars total, no consecutive separators -""" +# Compile the regex with verbose flag for readability (if needed) +NS_PATTERN = re.compile(NS_PATTERN_STR) def main(): From 13c364e8b31dbbfc460b2c0b4ea5d51bd6238ffa Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 21 Jul 2025 16:44:58 -0400 Subject: [PATCH 160/468] updated NS pattern --- data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index 3314e5ed..e4cf875d 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -78,7 +78,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)((x_(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*))((/((([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo]))/|//)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*)*)?$", + "pattern": "^(?=.{3,1000}$)(?:x_(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*)(?:(?:/(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])/|//)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?(?:/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?)*)?$", "title": "Namespace", "type": "string" }, From 4aae5b0ccbabc4adc5785bb231c0358e126a0de7 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 22 Jul 2025 09:53:55 -0400 Subject: [PATCH 161/468] add # to allowed chars --- src/ssvc/namespaces.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index d0f73a48..0c1592b3 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -36,7 +36,7 @@ class NameSpace(StrEnum): The namespace value must be one of the members of this enum or start with the prefix specified in X_PFX. Namespaces must be {MIN_NS_LENGTH}-{MAX_NS_LENGTH} lowercase characters long and must start with 3-4 alphanumeric characters after the optional prefix. - Limited punctuation characters (/.-) are allowed between alphanumeric characters, but only one at a time. + Limited punctuation characters (#/.-) are allowed between alphanumeric characters, but only one at a time. Example: Following are examples of valid and invalid namespace values: From e26856b15306b3818533f907d4d6966b2b7b6a9e Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 22 Jul 2025 11:08:19 -0400 Subject: [PATCH 162/468] replace "x_test" with "x_example.test" to bring into line with reverse domain expectation --- docs/reference/code/namespaces.md | 8 ++++---- src/test/decision_points/test_dp_base.py | 8 ++++---- src/test/decision_points/test_dp_helpers.py | 2 +- src/test/dp_groups/test_dp_groups.py | 2 +- src/test/outcomes/test_outcomes.py | 2 +- src/test/test_doc_helpers.py | 2 +- src/test/test_mixins.py | 2 +- src/test/test_namespaces_pattern.py | 4 ++-- src/test/test_policy_generator.py | 4 ++-- src/test/test_selections.py | 4 ++-- 10 files changed, 19 insertions(+), 19 deletions(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index a57198a4..75c47884 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -127,20 +127,20 @@ namespaces. !!! example "OT Monitoring Service (OTMS) Private Namespace" Organization A creates a set of decision points for testing purposes and - uses the `x_test` namespace. They do not intend to share these decision + uses the `x_example.test` namespace. They do not intend to share these decision points with anyone outside of their organization, so they use the `x_` prefix to indicate that this namespace is private to them. Organization B also creates a set of decision points for testing purposes - and uses the same `x_test` namespace. They also do not intend to share + and uses the same `x_example.test` namespace. They also do not intend to share these decision points with anyone outside of their organization. !!! warning "Namespace Conflicts" Conflicts are possible in the x_ prefix space. In the previous example, Organizations A and B could both choose to use - `x_test`, and there are no guarantees of global uniqueness for the - decision points in the `x_test` namespace. + `x_example.test`, and there are no guarantees of global uniqueness for the + decision points in the `x_example.test` namespace. !!! tip "Private vs Extension Namespaces" diff --git a/src/test/decision_points/test_dp_base.py b/src/test/decision_points/test_dp_base.py index 9c340fc5..d5b1fcf5 100644 --- a/src/test/decision_points/test_dp_base.py +++ b/src/test/decision_points/test_dp_base.py @@ -44,7 +44,7 @@ def setUp(self) -> None: key="bar", description="baz", version="1.0.0", - namespace="x_test", + namespace="x_example.test", values=tuple(self.values), ) @@ -95,7 +95,7 @@ def test_registry_errors_on_duplicate_key(self): dp3 = ssvc.decision_points.ssvc.base.DecisionPoint( name="asdfad", description="asdfasdf", - namespace="x_test-extra", # different namespace + namespace="x_example.test.extra", # different namespace key=self.dp.key, # same key version=self.dp.version, # same version values=tuple(self.values), @@ -131,7 +131,7 @@ def test_registry(self): key="asdfasdf", description="asdfasdf", version="1.33.1", - namespace="x_test", + namespace="x_example.test", values=self.values, ) @@ -157,7 +157,7 @@ def test_ssvc_decision_point(self): self.assertEqual(obj.key, "bar") self.assertEqual(obj.description, "baz") self.assertEqual(obj.version, "1.0.0") - self.assertEqual(obj.namespace, "x_test") + self.assertEqual(obj.namespace, "x_example.test") self.assertEqual(len(self.values), len(obj.values)) def test_ssvc_value_json_roundtrip(self): diff --git a/src/test/decision_points/test_dp_helpers.py b/src/test/decision_points/test_dp_helpers.py index 9be7148d..cd30fe43 100644 --- a/src/test/decision_points/test_dp_helpers.py +++ b/src/test/decision_points/test_dp_helpers.py @@ -31,7 +31,7 @@ def setUp(self) -> None: key="test_dp", description="This is a test decision point", version="1.0.0", - namespace='x_test', + namespace="x_example.test", values=( DecisionPointValue( name="Yes", diff --git a/src/test/dp_groups/test_dp_groups.py b/src/test/dp_groups/test_dp_groups.py index 7feefe94..907f3df6 100644 --- a/src/test/dp_groups/test_dp_groups.py +++ b/src/test/dp_groups/test_dp_groups.py @@ -31,7 +31,7 @@ def setUp(self) -> None: dp = ssvc.decision_points.ssvc.base.DecisionPoint( name=f"Decision Point {i}", key=f"DP_{i}", - namespace="x_test", + namespace="x_example.test", description=f"Description of Decision Point {i}", version="1.0.0", values=( diff --git a/src/test/outcomes/test_outcomes.py b/src/test/outcomes/test_outcomes.py index 1a130481..5d3245c3 100644 --- a/src/test/outcomes/test_outcomes.py +++ b/src/test/outcomes/test_outcomes.py @@ -41,7 +41,7 @@ def test_outcome_group(self): name="Outcome Group", key="OG", description="an outcome group", - namespace="x_test", + namespace="x_example.test", values=tuple(values), ) diff --git a/src/test/test_doc_helpers.py b/src/test/test_doc_helpers.py index 29899026..124dd407 100644 --- a/src/test/test_doc_helpers.py +++ b/src/test/test_doc_helpers.py @@ -26,7 +26,7 @@ class MyTestCase(unittest.TestCase): def setUp(self): self.dp = DecisionPoint( - namespace="x_test", + namespace="x_example.test", name="test name", description="test description", key="TK", diff --git a/src/test/test_mixins.py b/src/test/test_mixins.py index 9744d8f5..41c8d480 100644 --- a/src/test/test_mixins.py +++ b/src/test/test_mixins.py @@ -160,7 +160,7 @@ def test_mixin_combos(self): {"class": _Keyed, "args": {"key": "fizz"}, "has_default": False}, { "class": _Namespaced, - "args": {"namespace": "x_test"}, + "args": {"namespace": "x_example.test"}, "has_default": False, }, { diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index d936dac0..f24d9019 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -50,7 +50,7 @@ def setUp(self): "ssvc/de-DE/example.organization#reference-arch-1", # valid BCP-47 tag, reverse domain notation, hash "ssvc//example.organization#model/com.example#foo", # valid BCP-47 tag, two segments with one hash each "ssvc/de-DE/reference-arch-1", # valid BCP-47 tag with dashes (But doesn't follow reverse domain notation) - "x_test/pl-PL/foo/bar/baz/quux", # valid BCP-47 tag and multiple segments + "x_example.test/pl-PL/foo/bar/baz/quux", # valid BCP-47 tag and multiple segments "com.example", # valid namespace with dots following reverse domain notation "x_com.example", # valid namespace with x_ prefix and dots following reverse domain notation "au.com.example", # valid namespace with dots following reverse domain notation for 2-letter TLD @@ -73,7 +73,7 @@ def setUp(self): "abc/invalid-bcp-47", # not in enum (but that's ok for the pattern), not a valid BCP-47 tag "abc/invalid", # not in enum (but that's ok for the pattern), not a valid BCP-47 tag "x_custom/extension", # not a valid BCP-47 tag - "x_test/not-bcp-47", # not a valid BCP-47 tag + "x_example.test/not-bcp-47", # not a valid BCP-47 tag "x_custom/extension/with/multiple/segments/" + "a" * 990, # exceeds max length "ssvc/de-DE/example.organization##reference-arch-1", # valid BCP-47 tag, reverse domain notation, double hash diff --git a/src/test/test_policy_generator.py b/src/test/test_policy_generator.py index 57f7b033..1dcc6250 100644 --- a/src/test/test_policy_generator.py +++ b/src/test/test_policy_generator.py @@ -39,7 +39,7 @@ def setUp(self) -> None: name="test", description="test", key="TEST", - namespace="x_test", + namespace="x_example.test", values=tuple( [ DecisionPointValue(key=c, name=c, description=c) @@ -56,7 +56,7 @@ def setUp(self) -> None: name=c, description=c, key=c, - namespace="x_test", + namespace="x_example.test", values=tuple( [ DecisionPointValue(name=v, key=v, description=v) diff --git a/src/test/test_selections.py b/src/test/test_selections.py index 839fe033..50982702 100644 --- a/src/test/test_selections.py +++ b/src/test/test_selections.py @@ -28,13 +28,13 @@ class MyTestCase(unittest.TestCase): def setUp(self): self.s1 = selection.MinimalSelection( - namespace="x_test-namespace", + namespace="x_example.test", key="test_key_1", version="1.0.0", values=["value11", "value12"], ) self.s2 = selection.MinimalSelection( - namespace="x_test-namespace", + namespace="x_example.test", key="test_key_2", version="1.0.0", values=["value21", "value22"], From 343542b7bd9da7eaeddd1cbd14a1cca9639920ad Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 22 Jul 2025 14:34:24 -0400 Subject: [PATCH 163/468] revise documentation --- docs/reference/code/namespaces.md | 351 +++++++++++++++++------------- 1 file changed, 197 insertions(+), 154 deletions(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index 75c47884..defe180b 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -11,27 +11,70 @@ decision points for SSVC. done by other projects. This helps us maintain clarity in our codebase and to avoid confusion when integrating with other systems or libraries. -!!! tip "Namespace syntax" +## Namespace Structure + +Namespaces are structured as follows: + +```mermaid +--- +title: SSVC Namespace Structure +--- +flowchart LR + base_ns[Base Namespace] + exts[Extensions] + base_ns -->|/| exts +``` - The syntax for namespaces is `/`, where +A namespace consists of a base namespace and optional extensions. - - `base` is the name of the namespace - - `extensions` is an optional set of extensions that can be used to further - specify the decision point. Extensions are delimited by a `/` +### Base Namespace - See below for additional details on SSVC namespace extensions. +The base namespace can be either registered or unregistered. +The following diagram illustrates the structure of the base namespace: -!!! note "Namespace Requirements" +```mermaid +--- +title: Base Namespace Structure +--- +flowchart LR - A full namepace string must be between 3 and 1000 characters long. (We recommend - keeping them short for ease of use.) +subgraph base_ns[Base Namespace] + direction LR + subgraph unregistered[Unregistered Namespace] + direction LR + xpfx[x_] + reverse_ns[Reverse Domain Name Notation] + xpfx --> reverse_ns + end + subgraph registered[Registered Namespace] + direction LR + base_registered[Registered Base Namespace] + end + registered ~~~|OR| unregistered +end +``` + + +!!! info inline end "Current Registered Namespaces" - Further requirements are noted in each section below. + The SSVC project currently has a set of registered namespaces that are + intended to be used as part of the framework. These namespaces are defined + in the `ssvc.namespaces` module and can be accessed via the `NameSpace` enum. + Current registered namespaces are: + ```python exec="true" idprefix="" + from ssvc.namespaces import NameSpace + + for ns in NameSpace: + print(f"- {ns.value}") + ``` -## Registered Namespaces +#### Registered Namespace -Registered namespaces appear in the `Namespaces` enum, and are intended to be used as follows: +Registered namespaces are those that are explicitly defined in the SSVC project. +A list of the current registered namespaces can be found in the sidebar. + +Registered namespaces are intended to be used as follows: - Objects in the `ssvc` namespace are managed by the SSVC project team. We have complete control over these ones. @@ -39,57 +82,21 @@ Registered namespaces appear in the `Namespaces` enum, and are intended to be us but the SSVC team is not responsible for modifying the content or semantics of those decision points. -!!! note "Base Namespace Requirements" - - Base namespaces must start with a letter and contain only lowercase - alphanumeric characters, dots (`.`), and dashes (`-`). - The sole exception is the the `x_` prefix for private namespaces described below. - - Consecutive dots or dashes or combinations thereof are not allowed. - Base namespaces cannot end with a dot or dash. - - For base namespaces only, we chose to use lowercase alphanumeric - characters to ensure consistency and avoid confusion when using namespaces - in code. (Extensions may contain mixed case alphanumeric characters, dots, and dashes.) - -The SSVC project may create, at our discretion, new namespaces to reflect -administrative scope for decision points we choose to include for user convenience. - -!!! example "Potential Standards-based namespaces" - - We may in the future add namespaces when needed to reflect different standards - bodies like `nist`, `iso-iec`, `ietf`, `oasis`, etc. - -!!! question "How do I request a new registered namespace?" - - If you have a suggestion for a new registered namespace, please open an - issue in the [SSVC GitHub repository](https://github.com/CERTCC/SSVC/issues) - and provide a brief description of the namespace and its intended use. - -### Current Registered Namespaces - -```python exec="true" idprefix="" -from ssvc.namespaces import NameSpace - -for ns in NameSpace: - print(f"- {ns.value}") -``` - -### Non-`ssvc` Namespaces - -We use namespaces other than `ssvc` to indicate decision points that are based -externally defined standards, specifications, or relevant projects. -We expect for decision points in these namespaces to be technically compatible -with SSVC, but we do not claim any ownership or responsibility for the -underlying specifications or their semantic content. -Objects in these namespaces are provided for the convenience -of SSVC users to allow them to use these decision points in their SSVC -decision models without needing to implement them from scratch. +!!! note "Registered Non-`ssvc` Namespaces" -While we are happy to resolve technical issues with these decision points as -technically implemented in the SSVC project, all suggestions for changes to the -underlying specifications or semantic content should be directed to the -maintainers of the respective projects or standards. + We use namespaces other than `ssvc` to indicate decision points that are based + externally defined standards, specifications, or relevant projects. + We expect for decision points in these namespaces to be technically compatible + with SSVC, but we do not claim any ownership or responsibility for the + underlying specifications or their semantic content. + Objects in these namespaces are provided for the convenience + of SSVC users to allow them to use these decision points in their SSVC + decision models without needing to implement them from scratch. + + While we are happy to resolve technical issues with these decision points as + technically implemented in the SSVC project, all suggestions for changes to the + underlying specifications or semantic content should be directed to the + maintainers of the respective projects or standards. !!! example "The `cvss` namespace" @@ -106,34 +113,34 @@ maintainers of the respective projects or standards. [FIRST CVSS Special Interest Group](https://www.first.org/cvss/) (SIG). -## Private / Experimental Namespaces -Private and experimental namespaces may prepend a prefix `x_` to -an otherwise valid namespace string to create private decision points that -are not intended to be shared outside of a specific scope, e.g., for internal -use only. +!!! example "Potential Standards-based namespaces" -The SSVC project does not manage namespaces with the `x_` prefix, so -collisions may occur across organizations who develop their own private SSVC -namespaces. + We may in the future add namespaces when needed to reflect different standards + bodies like `nist`, `iso-iec`, `ietf`, `oasis`, etc. -!!! warning "Reverse domain name notation recommended" +!!! question "How do I request a new registered namespace?" - We strongly recommend using reverse domain name notation for private namespaces to - avoid conflicts with other users' private namespaces. This helps to ensure - that your private namespaces are unique and easily identifiable. - E.g., `x_org.cert-experimental` for an experimental namespace within the CERT organization. + If you have a suggestion for a new registered namespace, please open an + issue in the [SSVC GitHub repository](https://github.com/CERTCC/SSVC/issues) + and provide a brief description of the namespace and its intended use. + +#### Unregistered Namespace -!!! example "OT Monitoring Service (OTMS) Private Namespace" +Unregistered namespaces are those that are not explicitly defined in the SSVC project. +Because unregistered namespaces are not managed by the SSVC project team, +there is no strict guarantee of uniqueness across different users or organizations. +However, because we require unregistered namespaces to use reverse domain name notation, +we expect that this will rarely lead to conflicts in practice. - Organization A creates a set of decision points for testing purposes and - uses the `x_example.test` namespace. They do not intend to share these decision - points with anyone outside of their organization, so they use the `x_` - prefix to indicate that this namespace is private to them. +!!! info "Unregistered Namespace Requirements" + + Unregistered namespaces must follow the following structure: + + - Unregistered namespaces must use the `x_` prefix. + - Following the `x_` prefix, unregistered namespaces must use reverse domain name notation to ensure uniqueness. + - Aside from the required `x_` prefix, unregistered namespaces must contain only alphanumeric characters, dots (`.`), and dashes (`-`). - Organization B also creates a set of decision points for testing purposes - and uses the same `x_example.test` namespace. They also do not intend to share - these decision points with anyone outside of their organization. !!! warning "Namespace Conflicts" @@ -142,90 +149,135 @@ namespaces. `x_example.test`, and there are no guarantees of global uniqueness for the decision points in the `x_example.test` namespace. -!!! tip "Private vs Extension Namespaces" - Private namespaces are intended for use within a closed scope - and are not registered with the SSVC project. - In other words, they are not intended to be used outside of a - specific constuency. - For example, an organization might create a private namespace for - decision points that are specific to their internal processes or policies. - Or an information sharing and analysis organization (ISAO) might create a - private namespace for decision points that are specific to their sector. - In contrast, extension namespaces are - intended to extend the existing SSVC namespaces and may be shared with other - users of the SSVC framework. +!!! tip "Test Namespace" + + The `x_example.test` namespace is used for testing purposes and is not intended for production use. + It is used to test the SSVC framework and its components, and may contain decision points that are not fully implemented or tested. -## Namespace Extensions +### Namespace Extensions -We allow users to extend the SSVC namespaces to clarify existing decision -points. -The intent of an extension is to allow clarification of the application of -decision points and their values to specific constituencies. +Namespace extensions allow users to extend the SSVC namespaces to clarify existing decision points +from a base namespace. +Extensions are optional and may be used to refine or clarify existing decision points. +Extensions allow SSVC users to create decision points that are specific to their +constituencies or to provide translations of existing decision points. -- Extensions must not alter the decision point key, version number, or value keys - for any decision point they are derived from. -- Extensions must not alter the meaning of existing values, or add values to - existing decision points in the parent namespace. -- Extensions may reduce the set of values for a decision point in the parent - namespace, but must not add new values. +!!! info "Namespace Extension Requirements" -!!! warning "Extensions are not for new decision points" + Extensions must follow the following requirements: + + - Extensions must not alter the decision point key, version number, or value keys + for any decision point they are derived from. + - Extensions must not alter the meaning of existing values, or add values to + existing decision points in the parent namespace. + - Extensions may reduce the set of values for a decision point in the parent + namespace, but must not add new values. + +!!! question "What if I want to create a new decision point?" + If you want to create a new decision point, please use a private/experimental namespace + as described above instead of an extension. Extensions are not intended to be used to create new decision points. - If you want to create a new decision point, please use a - private/experimental namespace as described above - instead of an extension. -!!! info "Namespace Extension Syntax and Structure" +#### Namespace Extension Structure + +The first extension segment is reserved for an optional BCP-47 language tag, which may be left empty. +When empty, the default language (`en-US`) is implied. + +Subsequent extension segments must begin with a reverse domain name notation string, +and may contain alphanumeric characters (upper or lower case), dots (`.`), and dashes (`-`). +A single fragment identifier (`#`) may be included in an extension segment, but it is optional. +Fragment identifiers can be used to indicate a specific interpretation or context for the extension. + +The following diagram illustrates the structure of namespace extensions: +```mermaid +--- +title: Namespace Extensions +--- +flowchart LR + +subgraph exts[Extensions] + direction LR + subgraph first[1st Extension Segment] + direction TB + lang[Language Tag] + empty_lang[Empty String] + lang ~~~|OR| empty_lang + end + subgraph ext[Subsequent Extension Segments] + direction LR + reverse_ns_ext[Reverse Domain Name Notation] + fragment[#Optional Fragment ID] + reverse_ns_ext --> fragment + end + first -->|/| ext + ext -->|/| ext +end + +base_ns[Base Namespace] +base_ns -->|/| first + +``` - Extension strings may contain alphanumeric characters (upper or lower case), - dots (`.`), and dashes (`-`). - Multiple extension segments are separated by a `/` character. +!!! info "Namespace Extension Requirements" + + Extensions must follow the following structure: + + - Extension segments are separated by slashes (`/`). + - Multiple extension segments are allowed. + - If any extension segments are present, the first segment must be a valid BCP-47 language tag or an empty string. + - When the first segment is left as an empty string, the default language (`en-US`) is implied. + - Subsequent extension segments must begin with a reverse domain name notation string. + - A fragment identifier (`#`) may be included in extension segments, but it is optional. + - Extension segments may contain alphanumeric characters (upper or lower case), dots (`.`), and dashes (`-`), and zero or one hash (`#`). + - Extensions must not alter the decision point key, version number, or value keys for any decision point they are derived from. + - Extensions may reduce the set of values for a decision point in the parent namespace, but must not add new values. The structure of the namespace string is intended to show inheritance for variations on SSVC objects. - Extension order matters. `ssvc/de-DE/ref-arch-1` would describe an extension - for `ref-arch-1` derived from the German (Germany) translation of SSVC. - `ssvc/ref-arch-1/de-DE` would denote an extension of SSVC for `ref-arch-1` - (in English) that had subsequently been translated in to German (Germany). +!!! tip "Extension Order Matters" + Extension order matters. `ssvc/de-DE/example.organization#ref-arch-1` + denotes that (a) a German (Germany) translation of the SSVC decision points + is available, and (b) that this translation has been extended with an extension + by `organization.example` to fit their specific needs for `ref-arch-1`. -!!! note "First Extension Segment Reserved for Language Tag" + On the other hand, `ssvc//example.organization#ref-arch-1/de-DE` + denotes that (a) the `example.organization#ref-arch-1` extension is + available in the default language (`en-US`), and (b) that this extension has + been translated into German (Germany). - The first extension segment is reserved for a language tag, which is - optional but recommended. - This allows users to specify the language of extension, making it easier to - understand and use in different linguistic contexts. - If *any* extensions are present, the first extension segment must be an - (optionally empty) - [BCP-47](https://www.rfc-editor.org/rfc/bcp/bcp47.txt) language tag. - E.g., `ssvc/jp-JP/extension` - - The language may be left empty in which case the default language (`en-US`) is - implied. An unspecified language tag will result in a `//` format. +!!! example "Use of fragment identifiers and language tags" - The use of a language tag in the first segment is intended to be used to - indicate translations of entire sets of decision points. + Imagine an Information Sharing and Analysis Organization (ISAO) `isao.example` + wants to create an extension to refine an existing decision point in the `ssvc` namespace + with additional context for a part of their constituency. They could create an extension + namespace like `ssvc//example.isao#constituency` to indicate that this extension + is specifically tailored for a particular constituency within the ISAO. + Note the empty first segment, which implies the default language (`en-US`). -!!! example "Translation and Localization" - - `ssvc/de-DE` might denote a German translation of the corresponding `ssvc` object. + If they further chose to create a Polish language version of their extension, + they would add a language segment _following_ their extension namespace, + e.g., `ssvc//example.isao#constituency/pl-PL`. Note that this is different + from a hypothetical `ssvc/pl-PL/example.isao#constituency` extension, which would imply + that the `ssvc` namespace has been translated to Polish (Poland) and then extended + (in Polish) with the `example.isao#constituency` extension. !!! example "Refinement of Concepts for a Specific Constituency" A sector-specific information sharing and analysis organization (ISAO) might create an extension for their specific constituency. - For example, say that namespace foo has a decision point for - Regulated System=(Y,N). A medical-focused ISAO might create an extension + For example, say that a hypothetical registered namespace `foo` + has a decision point for `Regulated System=(Y,N)`. + A medical-focused ISAO might create an extension `foo//example.med-isao` where they refine the values to refer to specific regulations. If multiple regulatory regimes exist, they might even have - `foo//example.med-isao/regulation-1` and `foo//example.med-isao/regulation-2` + `foo//example.med-isao#regulation-1` and `foo//example.med-isao#regulation-2` to cover assessment of the appropriate regulations. - ### Usage Suggestions Although we reserved the first segment of the extension for language tags, @@ -234,10 +286,10 @@ segment of the extension. !!! tip "Use BCP-47 Language Tags" - Regardless where they appear in the extension strings, we recommend using - BCP-47 strings for any language-based extension. Note, however that we do not - strictly enforce this recommendation in the SSVC codebase outside of the - first segment. + Regardless where they appear in the extension strings, BCP-47 language tags + must be for any language-based extension. + Note, however that we do not strictly enforce this recommendation in the + SSVC codebase outside of the first extension segment. !!! example "Translation of a custom extension" @@ -249,20 +301,11 @@ segment of the extension. !!! tip "Use Reverse Domain Name Notation for Extensions" - To avoid conflicts with other users' extensions, we recommend using reverse + To avoid conflicts with other users' extensions, we require the use of reverse domain name notation for your extensions. This helps to ensure that your extensions are unique and easily identifiable. For example, if your organization is `example.com`, you might use an extension - like `ssvc//com.example/extension`. - -!!! example "Reverse Domain Name Notation" - - If your organization has a domain name, you can use it as the base for your - extension. This helps to ensure that your extensions are unique and easily - identifiable. - - For example, if your organization is `example.com`, you might use an extension - like `ssvc//com.example/extension`. + like `ssvc//com.example#extension`. ## Technical requirements From 9210646d2f7b0852b10865d9de882af173623b40 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 22 Jul 2025 14:54:54 -0400 Subject: [PATCH 164/468] refine `target_ids` to avoid nullable values --- ...on_Point_Value_Selection-2-0-0.schema.json | 22 +++------ src/ssvc/selection.py | 46 ++++++++++++++----- 2 files changed, 42 insertions(+), 26 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index 616bd12b..c47bc6df 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -11,30 +11,22 @@ "type": "string" }, "target_ids": { - "anyOf": [ - { - "items": { - "type": "string" - }, - "minItems": 1, - "type": "array" - }, - { - "type": "null" - } - ], - "default": null, "description": "Optional list of identifiers for the item or items (vulnerabilities, reports, advisories, systems, assets, etc.) being evaluated by these selections.", "examples": [ [ - "CVE-2025-0000" + "CVE-1900-0000" ], [ "VU#999999", "GHSA-0123-4567-89ab" ] ], - "title": "Target Ids" + "items": { + "type": "string" + }, + "minItems": 1, + "title": "Target Ids", + "type": "array" }, "selections": { "description": "List of minimal selections made from decision points.", diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index ce41a84a..332374c5 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -22,9 +22,16 @@ # DM24-0278 from datetime import datetime -from typing import Literal, Optional +from typing import Annotated, Literal, Optional -from pydantic import BaseModel, ConfigDict, Field, field_validator, model_validator +from pydantic import ( + BaseModel, + ConfigDict, + Field, + field_validator, + model_serializer, + model_validator, +) from ssvc._mixins import VersionField from ssvc.decision_points.base import DecisionPoint @@ -63,6 +70,9 @@ class MinimalSelection(BaseModel): ) +TargetIdList = Annotated[list[str], Field(min_length=1)] + + class MinimalSelectionList(BaseModel): """ A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability evaluation. @@ -74,13 +84,13 @@ class MinimalSelectionList(BaseModel): description="The schema version of this selection list.", ) - target_ids: Optional[list[str]] = Field( - default=None, + target_ids: TargetIdList = Field( + default_factory=list, description="Optional list of identifiers for the item or items " "(vulnerabilities, reports, advisories, systems, assets, etc.) " "being evaluated by these selections.", examples=[ - ["CVE-2025-0000"], + ["CVE-1900-0000"], ["VU#999999", "GHSA-0123-4567-89ab"], ], min_length=1, @@ -111,14 +121,28 @@ def validate_target_ids(cls, value: Optional[list[str]]) -> Optional[list[str]]: Validate the target_ids field. If target_ids is provided, it must be a non-empty list of strings. """ - if value is not None: - if not isinstance(value, list) or len(value) == 0: - raise ValueError("target_ids must be a non-empty list of strings.") - for item in value: - if not isinstance(item, str): - raise ValueError("Each target_id must be a string.") + if value is None: + return [] + if not isinstance(value, list): + raise ValueError("target_ids must be a list of strings.") + if len(value) == 0: + raise ValueError("target_ids must be a non-empty list of strings.") + for item in value: + if not isinstance(item, str): + raise ValueError("Each target_id must be a string.") return value + @model_serializer + def serialize_model(self) -> dict: + data = dict() + + data["schemaVersion"] = self.schemaVersion + if self.target_ids: + data["targetIds"] = self.target_ids + data["selections"] = self.selections + data["timestamp"] = self.timestamp + return data + def add_selection(self, selection: MinimalSelection) -> None: """ Adds a minimal selection to the list. From 8179b0fdc41eabe42ac5a665475a5d66a7837789 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 22 Jul 2025 15:01:40 -0400 Subject: [PATCH 165/468] update field descriptions --- src/ssvc/selection.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 332374c5..efae39d4 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -97,7 +97,9 @@ class MinimalSelectionList(BaseModel): ) selections: list[MinimalSelection] = Field( ..., - description="List of minimal selections made from decision points.", + description="List of selections made from decision points. Each selection item corresponds to " + "value keys contained in a specific decision point identified by its namespace, key, and version. " + "Note that selection objects are deliberately minimal objects and do not contain the full decision point details.", min_length=1, ) timestamp: datetime = Field( @@ -202,7 +204,9 @@ def main() -> None: "https://certcc.github.io/SSVC/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json" ) schema["description"] = ( - "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available." + "This schema defines the structure for selecting SSVC Decision Points and their evaluated values " + "for a given vulnerability. Each vulnerability can have multiple Decision Points, and each " + "Decision Point can have multiple selected values when full certainty is not available." ) # preferred order of fields, just setting for convention From eba76b4ba763663643e59ff92513646c30e38fe4 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 22 Jul 2025 15:06:13 -0400 Subject: [PATCH 166/468] fix examples in namespace field_specs.py --- src/ssvc/utils/field_specs.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/ssvc/utils/field_specs.py b/src/ssvc/utils/field_specs.py index c50bee1d..0e1eda43 100644 --- a/src/ssvc/utils/field_specs.py +++ b/src/ssvc/utils/field_specs.py @@ -47,9 +47,8 @@ examples=[ "ssvc", "cisa", - "x_com.example//private", - "com.example//some-extension", - "ssvc/de-DE/example.organization/reference-arch-1", + "x_com.example//com.example#private", + "ssvc/de-DE/example.organization#reference-arch-1", ], pattern=NS_PATTERN, min_length=MIN_NS_LENGTH, From 08558750b87398489e1cca697c2fd8d7589bf153 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 22 Jul 2025 15:10:14 -0400 Subject: [PATCH 167/468] refactor TargetIdList into ssvc.utils.field_specs --- src/ssvc/selection.py | 7 ++----- src/ssvc/utils/field_specs.py | 3 +++ 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index e05bc4fb..4180f760 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -22,7 +22,7 @@ # DM24-0278 from datetime import datetime -from typing import Annotated, Literal, Optional +from typing import Literal, Optional from pydantic import ( BaseModel, @@ -34,7 +34,7 @@ ) from ssvc.decision_points.base import DecisionPoint -from ssvc.utils.field_specs import NamespaceString, VersionString +from ssvc.utils.field_specs import NamespaceString, TargetIdList, VersionString SCHEMA_VERSION = "2.0.0" @@ -69,9 +69,6 @@ class MinimalSelection(BaseModel): ) -TargetIdList = Annotated[list[str], Field(min_length=1)] - - class MinimalSelectionList(BaseModel): """ A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability evaluation. diff --git a/src/ssvc/utils/field_specs.py b/src/ssvc/utils/field_specs.py index 0e1eda43..9c4a84df 100644 --- a/src/ssvc/utils/field_specs.py +++ b/src/ssvc/utils/field_specs.py @@ -57,6 +57,9 @@ ] """A string datatype for namespace values, for use in Pydantic models.""" +TargetIdList = Annotated[list[str], Field(min_length=1)] +"""A list of target IDs, for use in Pydantic models.""" + def main(): pass From abc3bde9536908583f6f9f505c6e4e48640a71b6 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 22 Jul 2025 15:10:37 -0400 Subject: [PATCH 168/468] update schema --- .../v2/Decision_Point_Value_Selection-2-0-0.schema.json | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index dc7dd90c..fd5a8c30 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -29,7 +29,7 @@ "type": "array" }, "selections": { - "description": "List of minimal selections made from decision points.", + "description": "List of selections made from decision points. Each selection item corresponds to value keys contained in a specific decision point identified by its namespace, key, and version. Note that selection objects are deliberately minimal objects and do not contain the full decision point details.", "items": { "$ref": "#/$defs/MinimalSelection" }, @@ -64,9 +64,8 @@ "examples": [ "ssvc", "cisa", - "x_com.example//private", - "com.example//some-extension", - "ssvc/de-DE/example.organization/reference-arch-1" + "x_com.example//com.example#private", + "ssvc/de-DE/example.organization#reference-arch-1" ], "maxLength": 1000, "minLength": 3, From 670255803c4b9d24c275ded5ae1b181fa8bf0de4 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 22 Jul 2025 16:17:41 -0400 Subject: [PATCH 169/468] fix #753 --- docs/adr/0012-ssvc-namespaces.md | 121 +++++++++++++++++++++++++++++++ docs/adr/index.md | 1 + 2 files changed, 122 insertions(+) create mode 100644 docs/adr/0012-ssvc-namespaces.md diff --git a/docs/adr/0012-ssvc-namespaces.md b/docs/adr/0012-ssvc-namespaces.md new file mode 100644 index 00000000..01e64b6b --- /dev/null +++ b/docs/adr/0012-ssvc-namespaces.md @@ -0,0 +1,121 @@ +--- +status: "accepted" +date: 2025-07-22 +deciders: @ahouseholer @sei-vsarvepalli +consulted: @tschmidtb51 +--- +# Use of Namespaces in SSVC objects + +## Context and Problem Statement + +We need to include decision points and other objects that are not directly +defined by the SSVC project team. For example, CVSS vector elements are a +rich source of structured data that can be used to inform SSVC decisions and +modeled as SSVC decision point objects. However, the +[FIRST CVSS SIG](https://www.first.org/cvss) owns the definition of CVSS vector +elements. So we need a way to describe these objects in SSVC format +without making them part of the SSVC specification. + + +## Decision Drivers + +- Need to include decision points based on data, objects, standards, and other + definitions that are not part of the SSVC specification. +- Need to clearly distinguish between objects managed by the SSVC project and + objects provided for convenience by the SSVC project, but whose semantics are + defined by other projects or standards. + +## Considered Options + +- One big pile of objects (effectively no namespaces) +- Use namespaces to distinguish between SSVC project objects and other objects + +## Decision Outcome + +Chosen option: "Use namespaces", because + +- Clearly distinguishes between SSVC project objects and objects derived from other sources +- Allows for extension of SSVC objects with additional data from other sources +- Allows for extensions for langauages, translation, localization, etc. + +Specifically, we intend to use: + +**Registered namespaces** for objects that we create and maintain (even if they are +based on other sources). + +!!! example + + We use the `ssvc` namespace for all SSVC objects that are part of the + main project. We use the `cvss` namespace to contain CVSS vector elements. + +**Unregistered namespaces** for objects that we do not create or maintain, but +that others may want for their own use. Unregistered namespaces must start with +an `x_` prefix followed by a reverse domain name, such as `x_org.example`. +Unregistered namespaces are intended for experimental or private use. + +!!! example + + A government agency might create a set of decision points for internal use + using the `x_example.agency` namespace. This allows them to use SSVC objects + of their own design alongside existig SSVC objects without needing to + register their namespace with the SSVC project. + +**Namespace extensions** for objects that are derived from other objects in an +registered or unregistered namespace. Extensions are not intended to be used to +introduce new objects, but rather to refine existing objects with additional data +or semantics. +Namespace extensions can be used for refining the meaning of decision point +values for a specific constituency, or adding additional nuance to +interpretation of a decision point in a specific context. + +!!! example + + An ISAO might want to refine the meaning of decision point values for their + constituency, and could use `ssvc//example.isao` as the namespace for their + collection of extensions. + +### Consequences + +#### Positive Consequences + +- SSVC users can customize SSVC objects with additional refinements using extensions +- SSVC users can create their own SSVC objects in an unregistered namespace for + their own use, and share them with others +- Facilitates language translation and localization of SSVC objects to specific + constituencies + + +#### Negative Consequences + +- Registered namespaces must be managed and maintained +- Potential for confusion if unregistered namespaces are used without care or + violating the naming conventions + + +### Confirmation + +- Regular expressions are used in the SSVC specification in both python objects + and JSON schema to validate the namespace format. +- Object validators can be used to ensure that namespaces are correctly formatted + and that registered namespaces are used for objects that are part of the SSVC + specification. + + +## Pros and Cons of the Options + +### One big pile of objects + +We started out with all objects having no namespaces, which meant that +all objects were effectively part of the SSVC specification. This was problematic +because it made it difficult to distinguish between objects that were part of the +SSVC specification under our control and objects that were derived from other sources. + +- Good, because it was simple and easy to understand +- Bad, because it made it difficult to distinguish between SSVC project objects and + objects based on specifications we neither created nor maintained + + + +## More Information + +- [SSVC Namespace Documentation](../reference/code/namespaces.md) diff --git a/docs/adr/index.md b/docs/adr/index.md index e99a6286..e613b442 100644 --- a/docs/adr/index.md +++ b/docs/adr/index.md @@ -23,6 +23,7 @@ the decision records that have been made. - [0009 - Outcomes are Ordered Sets](0009-outcomes-are-ordered-sets.md) - [0010 - Outcome Sets are separate from Decision Point Groups](0010-outcome-sets-are-separate-from-decision-point-groups.md) - [0011 - Correspondence between Automatable v2.0.0, Value Density v1.0.0, and CVSS v4](0011-automatable-and-value-density-and-CVSSv4.md) +- [0012 - SSVC Namespaces](0012-ssvc-namespaces.md) ## Rejected Records From 5dcf367f342124c66bec8e51aca9a88843cd8b8d Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 23 Jul 2025 12:11:29 -0400 Subject: [PATCH 170/468] change how we set default version so that "version" is required in versioned json schemas --- src/ssvc/_mixins.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index 4c3fa7f4..f7e2f15c 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -23,7 +23,7 @@ from typing import Optional -from pydantic import BaseModel, ConfigDict, Field, field_validator +from pydantic import BaseModel, ConfigDict, field_validator from semver import Version from ssvc import _schemaVersion @@ -37,7 +37,7 @@ class _Versioned(BaseModel): Mixin class for versioned SSVC objects. """ - version: VersionString = Field(default=DEFAULT_VERSION) + version: VersionString @field_validator("version") @classmethod @@ -53,6 +53,8 @@ def validate_version(cls, value: str) -> str: Raises: ValueError: if the value is not a valid version number """ + if value is None: + value = DEFAULT_VERSION version = Version.parse(value, optional_minor_and_patch=True) return version.__str__() From afe9c61d4b638fded8905b18dd2bba78a3d01ff6 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 23 Jul 2025 12:11:52 -0400 Subject: [PATCH 171/468] clean up definitions with mixins --- ...on_Point_Value_Selection-2-0-0.schema.json | 48 ++++++++++++------- src/ssvc/selection.py | 30 +++++------- 2 files changed, 44 insertions(+), 34 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index fd5a8c30..e9ee4e9d 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -55,12 +55,26 @@ ], "additionalProperties": false, "$defs": { + "MinimalDecisionPointValue": { + "description": "A minimal representation of a decision point value.", + "properties": { + "key": { + "title": "Key", + "type": "string" + } + }, + "required": [ + "key" + ], + "title": "MinimalDecisionPointValue", + "type": "object" + }, "MinimalSelection": { "additionalProperties": false, - "description": "A minimal selection object that contains the decision point ID and the selected options.\nThis is used to transition from an SSVC decision point to a selection.", + "description": "A minimal selection object that contains the decision point ID and the selected values.\nThis is used to transition from an SSVC decision point to a selection.", "properties": { "namespace": { - "description": "The namespace of the decision point.", + "description": "The namespace of the SSVC object.", "examples": [ "ssvc", "cisa", @@ -74,14 +88,6 @@ "type": "string" }, "key": { - "description": "The decision point key.", - "examples": [ - "E", - "A", - "MI", - "PSI" - ], - "minLength": 1, "title": "Key", "type": "string" }, @@ -100,17 +106,27 @@ "description": "A list of selected value keys from the decision point values.", "examples": [ [ - "N", - "Y" + { + "key": "N" + }, + { + "key": "Y" + } ], [ - "A", - "B", - "C" + { + "key": "A" + }, + { + "key": "B" + }, + { + "key": "C" + } ] ], "items": { - "type": "string" + "$ref": "#/$defs/MinimalDecisionPointValue" }, "minItems": 1, "title": "Values", diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 4180f760..6a262f83 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -33,38 +33,32 @@ model_validator, ) +from ssvc._mixins import _Keyed, _Namespaced, _Valued, _Versioned from ssvc.decision_points.base import DecisionPoint -from ssvc.utils.field_specs import NamespaceString, TargetIdList, VersionString +from ssvc.utils.field_specs import TargetIdList SCHEMA_VERSION = "2.0.0" -class MinimalSelection(BaseModel): +class MinimalDecisionPointValue(_Keyed, BaseModel): + """A minimal representation of a decision point value.""" + + +class MinimalSelection(_Valued, _Versioned, _Keyed, _Namespaced, BaseModel): """ - A minimal selection object that contains the decision point ID and the selected options. + A minimal selection object that contains the decision point ID and the selected values. This is used to transition from an SSVC decision point to a selection. """ model_config = ConfigDict(extra="forbid") - namespace: NamespaceString = Field( - ..., - description="The namespace of the decision point.", - ) - key: str = Field( - ..., - description="The decision point key.", - examples=["E", "A", "MI", "PSI"], - min_length=1, - ) - version: VersionString - values: list[str] = Field( + values: tuple[MinimalDecisionPointValue, ...] = Field( ..., description="A list of selected value keys from the decision point values.", min_length=1, examples=[ - ["N", "Y"], - ["A", "B", "C"], + [{"key": "N"}, {"key": "Y"}], + [{"key": "A"}, {"key": "B"}, {"key": "C"}], ], # Example values ) @@ -165,7 +159,7 @@ def selection_from_decision_point(decision_point: DecisionPoint) -> MinimalSelec "namespace": decision_point.namespace, "key": decision_point.key, "version": decision_point.version, - "values": [val.key for val in decision_point.values], + "values": [{"key": val.key} for val in decision_point.values], } return MinimalSelection(**data) From 53d550d772104965f8b64281d6048f2741c98026 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 23 Jul 2025 12:39:46 -0400 Subject: [PATCH 172/468] enforce UTC and no milliseconds when serializing out to JSON --- src/ssvc/selection.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 6a262f83..d1c04f45 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -21,7 +21,7 @@ # subject to its own license. # DM24-0278 -from datetime import datetime +from datetime import datetime, timezone from typing import Literal, Optional from pydantic import ( @@ -132,7 +132,12 @@ def serialize_model(self) -> dict: if self.target_ids: data["targetIds"] = self.target_ids data["selections"] = self.selections - data["timestamp"] = self.timestamp + + # 1. Ensure the datetime object is UTC + dt = self.timestamp.astimezone(timezone.utc) + # 2. Format as ISO 8601 with 'Z' for UTC and no milliseconds + data["timestamp"] = dt.strftime("%Y-%m-%dT%H:%M:%SZ") + return data def add_selection(self, selection: MinimalSelection) -> None: From 46c27a9eab9b65a609e17bb35cda4f5f7faebb51 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 23 Jul 2025 12:49:57 -0400 Subject: [PATCH 173/468] refactor timestamp into a mixin class --- ...on_Point_Value_Selection-2-0-0.schema.json | 24 ++++++++--------- src/ssvc/_mixins.py | 26 ++++++++++++++++++- src/ssvc/selection.py | 6 ++--- 3 files changed, 40 insertions(+), 16 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index e9ee4e9d..0521f2db 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -4,6 +4,16 @@ "description": "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available.", "type": "object", "properties": { + "timestamp": { + "description": "Timestamp of the selections, in RFC 3339 format.", + "examples": [ + "2025-01-01T12:00:00Z", + "2025-01-02T15:30:45-04:00" + ], + "format": "date-time", + "title": "Timestamp", + "type": "string" + }, "schemaVersion": { "const": "2.0.0", "description": "The schema version of this selection list.", @@ -36,22 +46,12 @@ "minItems": 1, "title": "Selections", "type": "array" - }, - "timestamp": { - "description": "Timestamp of when the selections were made, in RFC 3339 format.", - "examples": [ - "2025-01-01T12:00:00Z", - "2025-01-02T15:30:45-04:00" - ], - "format": "date-time", - "title": "Timestamp", - "type": "string" } }, "required": [ + "timestamp", "schemaVersion", - "selections", - "timestamp" + "selections" ], "additionalProperties": false, "$defs": { diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index f7e2f15c..69ef38ff 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -2,6 +2,7 @@ """ This module provides mixin classes for adding features to SSVC objects. """ + # Copyright (c) 2023-2025 Carnegie Mellon University. # NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE # ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. @@ -21,9 +22,10 @@ # subject to its own license. # DM24-0278 +from datetime import datetime, timezone from typing import Optional -from pydantic import BaseModel, ConfigDict, field_validator +from pydantic import BaseModel, ConfigDict, Field, field_validator, model_validator from semver import Version from ssvc import _schemaVersion @@ -139,6 +141,28 @@ class _Commented(BaseModel): model_config = ConfigDict(json_encoders={Optional[str]: exclude_if_none}) +class _Timestamped(BaseModel): + """ + Mixin class for timestamped SSVC objects. + """ + + timestamp: datetime = Field( + ..., + description="Timestamp of the SSVC object, in RFC 3339 format.", + examples=["2025-01-01T12:00:00Z", "2025-01-02T15:30:45-04:00"], + ) + + # set the default value to the current time + @model_validator(mode="before") + def set_timestamp(cls, data): + """ + Set the timestamp to the current time if not provided. + """ + if "timestamp" not in data: + data["timestamp"] = datetime.now().astimezone(timezone.utc) + return data + + class _Base(BaseModel): """ Base class for SSVC objects. diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index d1c04f45..7bd6397e 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -33,7 +33,7 @@ model_validator, ) -from ssvc._mixins import _Keyed, _Namespaced, _Valued, _Versioned +from ssvc._mixins import _Keyed, _Namespaced, _Timestamped, _Valued, _Versioned from ssvc.decision_points.base import DecisionPoint from ssvc.utils.field_specs import TargetIdList @@ -63,7 +63,7 @@ class MinimalSelection(_Valued, _Versioned, _Keyed, _Namespaced, BaseModel): ) -class MinimalSelectionList(BaseModel): +class MinimalSelectionList(_Timestamped, BaseModel): """ A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability evaluation. """ @@ -94,7 +94,7 @@ class MinimalSelectionList(BaseModel): ) timestamp: datetime = Field( ..., - description="Timestamp of when the selections were made, in RFC 3339 format.", + description="Timestamp of the selections, in RFC 3339 format.", examples=["2025-01-01T12:00:00Z", "2025-01-02T15:30:45-04:00"], ) From 8dd88e1ee741033b29086e28ba0cc5d174ffdb29 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 23 Jul 2025 13:28:55 -0400 Subject: [PATCH 174/468] fix tests --- src/ssvc/_mixins.py | 4 +--- src/test/test_selections.py | 20 ++++++++++++++------ 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index 69ef38ff..76583603 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -39,7 +39,7 @@ class _Versioned(BaseModel): Mixin class for versioned SSVC objects. """ - version: VersionString + version: VersionString = Field(default=DEFAULT_VERSION) @field_validator("version") @classmethod @@ -55,8 +55,6 @@ def validate_version(cls, value: str) -> str: Raises: ValueError: if the value is not a valid version number """ - if value is None: - value = DEFAULT_VERSION version = Version.parse(value, optional_minor_and_patch=True) return version.__str__() diff --git a/src/test/test_selections.py b/src/test/test_selections.py index 50982702..f2a836a2 100644 --- a/src/test/test_selections.py +++ b/src/test/test_selections.py @@ -21,7 +21,7 @@ from datetime import datetime from ssvc import selection -from ssvc.selection import MinimalSelectionList +from ssvc.selection import MinimalDecisionPointValue, MinimalSelectionList from ssvc.utils.patterns import NS_PATTERN, VERSION_PATTERN @@ -31,13 +31,13 @@ def setUp(self): namespace="x_example.test", key="test_key_1", version="1.0.0", - values=["value11", "value12"], + values=[{"key": "value11"}, {"key": "value12"}], ) self.s2 = selection.MinimalSelection( namespace="x_example.test", key="test_key_2", version="1.0.0", - values=["value21", "value22"], + values=[{"key": "value21"}, {"key": "value22"}], ) self.selections = MinimalSelectionList( selections=[self.s1, self.s2], @@ -73,10 +73,18 @@ def test_minimal_selection_init(self): "Version does not match the required pattern", ) - # values is list of strings - self.assertIsInstance(self.s1.values, list) + # values is list of strings' + self.assertIsInstance(self.s1.values, tuple) for value in self.s1.values: - self.assertIsInstance(value, str, f"Value {value} is not a string") + self.assertIsInstance( + value, + MinimalDecisionPointValue, + f"Value {value} is not a MinimalDecisionPoint", + ) + self.assertTrue( + hasattr(value, "key"), f"Attribute 'key' is missing from {value}" + ) + self.assertIsInstance(value.key, str) def test_minimal_selection_list_init(self): required_attrs = [ From 4746d8e55f72f21804b85b519183b8f4ace32dd7 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 23 Jul 2025 13:51:31 -0400 Subject: [PATCH 175/468] add keys in parentheses when we generate examples of decision points for documentation --- src/ssvc/doc_helpers.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/ssvc/doc_helpers.py b/src/ssvc/doc_helpers.py index 9ab8a8dc..c491706d 100644 --- a/src/ssvc/doc_helpers.py +++ b/src/ssvc/doc_helpers.py @@ -25,7 +25,7 @@ from ssvc.decision_points.ssvc.base import SsvcDecisionPoint -MD_TABLE_ROW_TEMPLATE = "| {value.name} | {value.description} |" +MD_TABLE_ROW_TEMPLATE = "| {value.name} ({value.key}) | {value.description} |" def markdown_table(dp: SsvcDecisionPoint, indent: int = 0) -> str: @@ -56,9 +56,11 @@ def markdown_table(dp: SsvcDecisionPoint, indent: int = 0) -> str: def example_block_tabbed(dp: SsvcDecisionPoint, indent=4) -> str: """Given a decision point, return a markdown block that contains an example of the decision point.""" + dp_title_str = f"{dp.name} ({dp.key}) v{dp.version}" + indent_ = " " * 4 rows = [] - rows.append(f'!!! note "{dp.name} v{dp.version}"') + rows.append(f'!!! note "{dp_title_str}"') rows.append("") rows.append(indent_ + '=== "Table"') @@ -80,9 +82,11 @@ def example_block( ) -> str: """Given a decision point, return a markdown block that contains an example of the decision point.""" + dp_title_str = f"{dp.name} ({dp.key}) v{dp.version}" + indent_ = " " * indent rows = [] - rows.append(f'!!! note "{dp.name} v{dp.version}"') + rows.append(f'!!! note "{dp_title_str}"') rows.append("") for row in markdown_table(dp).splitlines(): @@ -90,7 +94,7 @@ def example_block( rows.append("") if include_json: - rows.append(indent_ + f'??? example "{dp.name} v{dp.version} JSON Example"') + rows.append(indent_ + f'??? example "{dp_title_str} JSON Example"') rows.append("") for row in json_example(dp, indent=4).splitlines(): rows.append(indent_ + row) From 079d7b29de7ad68e73dfff19c6a3e6c73a13f537 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 23 Jul 2025 13:56:51 -0400 Subject: [PATCH 176/468] add full identity to dp title strings --- src/ssvc/doc_helpers.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ssvc/doc_helpers.py b/src/ssvc/doc_helpers.py index c491706d..bdf68d80 100644 --- a/src/ssvc/doc_helpers.py +++ b/src/ssvc/doc_helpers.py @@ -56,7 +56,7 @@ def markdown_table(dp: SsvcDecisionPoint, indent: int = 0) -> str: def example_block_tabbed(dp: SsvcDecisionPoint, indent=4) -> str: """Given a decision point, return a markdown block that contains an example of the decision point.""" - dp_title_str = f"{dp.name} ({dp.key}) v{dp.version}" + dp_title_str = f"{dp.name} ({dp.namespace}:{dp.key}:{dp.version})" indent_ = " " * 4 rows = [] @@ -82,7 +82,7 @@ def example_block( ) -> str: """Given a decision point, return a markdown block that contains an example of the decision point.""" - dp_title_str = f"{dp.name} ({dp.key}) v{dp.version}" + dp_title_str = f"{dp.name} ({dp.namespace}:{dp.key}:{dp.version})" indent_ = " " * indent rows = [] From 65cef849927839ccaa24ffbd5b11340761374b8d Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 23 Jul 2025 14:00:17 -0400 Subject: [PATCH 177/468] port over decision point identity method from another branch --- src/ssvc/decision_points/base.py | 8 ++++++++ src/ssvc/doc_helpers.py | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index 2c803235..30eb2261 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -187,6 +187,14 @@ class DecisionPoint( def __str__(self): return FIELD_DELIMITER.join([self.namespace, self.key, self.version]) + @property + def id(self): + """ + Return an identity string for the DecisionPoint. + """ + + return FIELD_DELIMITER.join([self.namespace, self.key, self.version]) + @property def str(self) -> str: """ diff --git a/src/ssvc/doc_helpers.py b/src/ssvc/doc_helpers.py index bdf68d80..a78a6fee 100644 --- a/src/ssvc/doc_helpers.py +++ b/src/ssvc/doc_helpers.py @@ -56,7 +56,7 @@ def markdown_table(dp: SsvcDecisionPoint, indent: int = 0) -> str: def example_block_tabbed(dp: SsvcDecisionPoint, indent=4) -> str: """Given a decision point, return a markdown block that contains an example of the decision point.""" - dp_title_str = f"{dp.name} ({dp.namespace}:{dp.key}:{dp.version})" + dp_title_str = f"{dp.name} ({dp.id})" indent_ = " " * 4 rows = [] @@ -82,7 +82,7 @@ def example_block( ) -> str: """Given a decision point, return a markdown block that contains an example of the decision point.""" - dp_title_str = f"{dp.name} ({dp.namespace}:{dp.key}:{dp.version})" + dp_title_str = f"{dp.name} ({dp.id})" indent_ = " " * indent rows = [] From a623e2c6932783a6809d04ab61f32d0e12a1e6ba Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 23 Jul 2025 14:03:40 -0400 Subject: [PATCH 178/468] fix tests --- src/test/test_doc_helpers.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/test/test_doc_helpers.py b/src/test/test_doc_helpers.py index 124dd407..73d54650 100644 --- a/src/test/test_doc_helpers.py +++ b/src/test/test_doc_helpers.py @@ -48,8 +48,8 @@ def test_markdown_table(self): "\n" "| Value | Definition |\n" "|:-----|:-----------|\n" - "| A | A Definition |\n" - "| B | B Definition |" + "| A (A) | A Definition |\n" + "| B (B) | B Definition |" ) self.assertEqual(result, expected) @@ -61,8 +61,8 @@ def test_markdown_table(self): "\n" " | Value | Definition |\n" " |:-----|:-----------|\n" - " | A | A Definition |\n" - " | B | B Definition |" + " | A (A) | A Definition |\n" + " | B (B) | B Definition |" ) self.assertEqual(indented, expected_indented) @@ -73,8 +73,8 @@ def test_example_block(self): self.assertIn("!!! note", result) self.assertIn("\n | Value | Definition |", result) - self.assertIn("\n | A | A Definition |", result) - self.assertIn("\n | B | B Definition |", result) + self.assertIn("\n | A (A) | A Definition |", result) + self.assertIn("\n | B (B) | B Definition |", result) self.assertIn("\n ??? example", result) self.assertIn("\n ```json", result) From d41bfc3abbf88603ac10c60fb599e4ddfbdd7f3a Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 23 Jul 2025 15:35:56 -0400 Subject: [PATCH 179/468] add resources and reference lists to selection object --- ...on_Point_Value_Selection-2-0-0.schema.json | 65 ++++++++++++++++++- src/ssvc/selection.py | 59 ++++++++++++++++- 2 files changed, 121 insertions(+), 3 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index 0521f2db..6f7c8fa8 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -46,6 +46,48 @@ "minItems": 1, "title": "Selections", "type": "array" + }, + "resources": { + "description": "A list of references to resources that provide additional context about the decision points found in this selection.", + "examples": [ + [ + { + "description": "Documentation for a set of decision points", + "uri": "https://example.com/decision_points" + }, + { + "description": "JSON representation of decision point 2", + "uri": "https://example.org/definitions/dp2.json" + }, + { + "description": "A JSON file containing extension decision points in the x_com.example namespace", + "uri": "https://example.com/ssvc/x_com.example/decision_points.json" + } + ] + ], + "items": { + "$ref": "#/$defs/Reference" + }, + "minItems": 1, + "title": "Resources", + "type": "array" + }, + "references": { + "description": "A list of references to resources that provide additional context about the specific values selected.", + "examples": [ + [ + { + "description": "A report on which the selections were based", + "uri": "https://example.com/report" + } + ] + ], + "items": { + "$ref": "#/$defs/Reference" + }, + "minItems": 1, + "title": "References", + "type": "array" } }, "required": [ @@ -92,6 +134,7 @@ "type": "string" }, "version": { + "default": "0.0.1", "description": "The version of the SSVC object. This must be a valid semantic version string.", "examples": [ "1.0.0", @@ -136,11 +179,31 @@ "required": [ "namespace", "key", - "version", "values" ], "title": "MinimalSelection", "type": "object" + }, + "Reference": { + "description": "A reference to a resource that provides additional context about the decision points or selections.", + "properties": { + "uri": { + "format": "uri", + "minLength": 1, + "title": "Uri", + "type": "string" + }, + "description": { + "title": "Description", + "type": "string" + } + }, + "required": [ + "uri", + "description" + ], + "title": "Reference", + "type": "object" } } } \ No newline at end of file diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 7bd6397e..7581d8a3 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -25,6 +25,7 @@ from typing import Literal, Optional from pydantic import ( + AnyUrl, BaseModel, ConfigDict, Field, @@ -63,6 +64,13 @@ class MinimalSelection(_Valued, _Versioned, _Keyed, _Namespaced, BaseModel): ) +class Reference(BaseModel): + """A reference to a resource that provides additional context about the decision points or selections.""" + + uri: AnyUrl + description: str + + class MinimalSelectionList(_Timestamped, BaseModel): """ A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability evaluation. @@ -97,6 +105,40 @@ class MinimalSelectionList(_Timestamped, BaseModel): description="Timestamp of the selections, in RFC 3339 format.", examples=["2025-01-01T12:00:00Z", "2025-01-02T15:30:45-04:00"], ) + resources: list[Reference] = Field( + default_factory=list, + min_length=1, + description="A list of references to resources that provide additional context about the decision points found in this selection.", + examples=[ + [ + { + "uri": "https://example.com/decision_points", + "description": "Documentation for a set of decision points", + }, + { + "uri": "https://example.org/definitions/dp2.json", + "description": "JSON representation of decision point 2", + }, + { + "uri": "https://example.com/ssvc/x_com.example/decision_points.json", + "description": "A JSON file containing extension decision points in the x_com.example namespace", + }, + ], + ], + ) + references: list[Reference] = Field( + default_factory=list, + min_length=1, + description="A list of references to resources that provide additional context about the specific values selected.", + examples=[ + [ + { + "uri": "https://example.com/report", + "description": "A report on which the selections were based", + }, + ] + ], + ) @model_validator(mode="before") def set_schema_version(cls, data): @@ -130,13 +172,17 @@ def serialize_model(self) -> dict: data["schemaVersion"] = self.schemaVersion if self.target_ids: - data["targetIds"] = self.target_ids + data["target_ids"] = self.target_ids data["selections"] = self.selections # 1. Ensure the datetime object is UTC dt = self.timestamp.astimezone(timezone.utc) # 2. Format as ISO 8601 with 'Z' for UTC and no milliseconds data["timestamp"] = dt.strftime("%Y-%m-%dT%H:%M:%SZ") + if self.resources: + data["resources"] = [resource.model_dump() for resource in self.resources] + if self.references: + data["references"] = [ref.model_dump() for ref in self.references] return data @@ -184,7 +230,16 @@ def main() -> None: a1 = selection_from_decision_point(dp1) a2 = selection_from_decision_point(dp2) selections = MinimalSelectionList( - schemaVersion=SCHEMA_VERSION, selections=[a1, a2], timestamp=datetime.now() + schemaVersion=SCHEMA_VERSION, + selections=[a1, a2], + timestamp=datetime.now(), + target_ids=["CVE-2025-0001", "GHSA-0123-4567-89ab"], + references=[ + Reference( + uri="https://example.com/report", + description="A report on which the selections were based", + ) + ], ) print(selections.model_dump_json(indent=2, exclude_none=True)) From 4d87f7454a7cacbab7959bb848cd56bb7481a893 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 23 Jul 2025 16:23:18 -0400 Subject: [PATCH 180/468] post-process schema to ensure that "name" and "description" fields are never required --- ...on_Point_Value_Selection-2-0-0.schema.json | 20 +++- src/ssvc/selection.py | 103 +++++++++++++----- 2 files changed, 94 insertions(+), 29 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index 6f7c8fa8..1a1e55b4 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -103,6 +103,14 @@ "key": { "title": "Key", "type": "string" + }, + "name": { + "title": "Name", + "type": "string" + }, + "description": { + "title": "Description", + "type": "string" } }, "required": [ @@ -115,6 +123,14 @@ "additionalProperties": false, "description": "A minimal selection object that contains the decision point ID and the selected values.\nThis is used to transition from an SSVC decision point to a selection.", "properties": { + "name": { + "title": "Name", + "type": "string" + }, + "description": { + "title": "Description", + "type": "string" + }, "namespace": { "description": "The namespace of the SSVC object.", "examples": [ @@ -185,6 +201,7 @@ "type": "object" }, "Reference": { + "additionalProperties": false, "description": "A reference to a resource that provides additional context about the decision points or selections.", "properties": { "uri": { @@ -199,8 +216,7 @@ } }, "required": [ - "uri", - "description" + "uri" ], "title": "Reference", "type": "object" diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 7581d8a3..ede18646 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -21,7 +21,7 @@ # subject to its own license. # DM24-0278 -from datetime import datetime, timezone +from datetime import datetime from typing import Literal, Optional from pydantic import ( @@ -30,22 +30,37 @@ ConfigDict, Field, field_validator, - model_serializer, model_validator, ) -from ssvc._mixins import _Keyed, _Namespaced, _Timestamped, _Valued, _Versioned +from ssvc._mixins import ( + _Base, + _Keyed, + _Namespaced, + _Timestamped, + _Valued, + _Versioned, +) from ssvc.decision_points.base import DecisionPoint from ssvc.utils.field_specs import TargetIdList SCHEMA_VERSION = "2.0.0" -class MinimalDecisionPointValue(_Keyed, BaseModel): +class MinimalDecisionPointValue(_Base, _Keyed, BaseModel): """A minimal representation of a decision point value.""" + @model_validator(mode="before") + def set_optional_fields(cls, data): + if "name" not in data: + data["name"] = "" + if "description" not in data: + data["description"] = "" + + return data + -class MinimalSelection(_Valued, _Versioned, _Keyed, _Namespaced, BaseModel): +class MinimalSelection(_Valued, _Versioned, _Keyed, _Namespaced, _Base, BaseModel): """ A minimal selection object that contains the decision point ID and the selected values. This is used to transition from an SSVC decision point to a selection. @@ -63,13 +78,44 @@ class MinimalSelection(_Valued, _Versioned, _Keyed, _Namespaced, BaseModel): ], # Example values ) + @model_validator(mode="before") + def set_optional_fields(cls, data): + if "name" not in data: + data["name"] = "" + if "description" not in data: + data["description"] = "" + return data + + def model_json_schema(cls, **kwargs): + schema = super().model_json_schema(**kwargs) + not_required = ["name", "description"] + if "required" in schema and isinstance(schema["required"], list): + # remove description from required list if it exists + schema["required"] = [ + field for field in schema["required"] if field not in not_required + ] + return schema + class Reference(BaseModel): """A reference to a resource that provides additional context about the decision points or selections.""" + model_config = ConfigDict(extra="forbid") + uri: AnyUrl description: str + # override schema generation to ensure that description is not required + def model_json_schema(cls, **kwargs): + schema = super().model_json_schema(**kwargs) + not_required = ["description"] + if "required" in schema and isinstance(schema["required"], list): + # remove description from required list if it exists + schema["required"] = [ + field for field in schema["required"] if field not in not_required + ] + return schema + class MinimalSelectionList(_Timestamped, BaseModel): """ @@ -142,7 +188,6 @@ class MinimalSelectionList(_Timestamped, BaseModel): @model_validator(mode="before") def set_schema_version(cls, data): - # If schemaVersion is missing, add it if "schemaVersion" not in data: data["schemaVersion"] = SCHEMA_VERSION return data @@ -166,26 +211,6 @@ def validate_target_ids(cls, value: Optional[list[str]]) -> Optional[list[str]]: raise ValueError("Each target_id must be a string.") return value - @model_serializer - def serialize_model(self) -> dict: - data = dict() - - data["schemaVersion"] = self.schemaVersion - if self.target_ids: - data["target_ids"] = self.target_ids - data["selections"] = self.selections - - # 1. Ensure the datetime object is UTC - dt = self.timestamp.astimezone(timezone.utc) - # 2. Format as ISO 8601 with 'Z' for UTC and no milliseconds - data["timestamp"] = dt.strftime("%Y-%m-%dT%H:%M:%SZ") - if self.resources: - data["resources"] = [resource.model_dump() for resource in self.resources] - if self.references: - data["references"] = [ref.model_dump() for ref in self.references] - - return data - def add_selection(self, selection: MinimalSelection) -> None: """ Adds a minimal selection to the list. @@ -242,7 +267,7 @@ def main() -> None: ], ) - print(selections.model_dump_json(indent=2, exclude_none=True)) + print(selections.model_dump_json(indent=2, exclude_none=True, exclude_unset=True)) print("# Schema for MinimalSelectionList") schema = MinimalSelectionList.model_json_schema() @@ -259,6 +284,30 @@ def main() -> None: "Decision Point can have multiple selected values when full certainty is not available." ) + non_required_fields = [ + "name", + "description", + "target_ids", + "resources", + "references", + ] + + # remove non-required fields from the required list + if "required" in schema and isinstance(schema["required"], list): + schema["required"] = [ + field for field in schema["required"] if field not in non_required_fields + ] + + # dive in to find all the required lists in the schema + # don't forget the defs + if "$defs" in schema: + for prop in schema["$defs"].values(): + if isinstance(prop, dict) and "required" in prop: + # remove non-required fields from the required list + prop["required"] = [ + r for r in prop["required"] if r not in non_required_fields + ] + # preferred order of fields, just setting for convention preferred_order = [ "$schema", From 1075c55ec04607f775cca6fb02a8e1b2a102551b Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 23 Jul 2025 16:29:20 -0400 Subject: [PATCH 181/468] move post-processing into the data class itself --- ...on_Point_Value_Selection-2-0-0.schema.json | 1 + src/ssvc/selection.py | 126 ++++++++++-------- 2 files changed, 68 insertions(+), 59 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index 1a1e55b4..1dac219f 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -1,6 +1,7 @@ { "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://certcc.github.io/SSVC/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json", + "title": "Decision Point Value Selection List", "description": "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available.", "type": "object", "properties": { diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index ede18646..f224d495 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -220,6 +220,71 @@ def add_selection(self, selection: MinimalSelection) -> None: """ self.selections.append(selection) + # override schema generation to ensure it's the way we want it + @classmethod + def model_json_schema(cls, **kwargs): + schema = super().model_json_schema(**kwargs) + + schema["title"] = "Decision Point Value Selection List" + schema["$schema"] = "https://json-schema.org/draft/2020-12/schema" + schema["$id"] = ( + "https://certcc.github.io/SSVC/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json" + ) + schema["description"] = ( + "This schema defines the structure for selecting SSVC Decision Points and their evaluated values " + "for a given vulnerability. Each vulnerability can have multiple Decision Points, and each " + "Decision Point can have multiple selected values when full certainty is not available." + ) + + non_required_fields = [ + "name", + "description", + "target_ids", + "resources", + "references", + ] + + # remove non-required fields from the required list + if "required" in schema and isinstance(schema["required"], list): + schema["required"] = [ + field + for field in schema["required"] + if field not in non_required_fields + ] + + # dive in to find all the required lists in the schema + # don't forget the defs + if "$defs" in schema: + for prop in schema["$defs"].values(): + if isinstance(prop, dict) and "required" in prop: + # remove non-required fields from the required list + prop["required"] = [ + r for r in prop["required"] if r not in non_required_fields + ] + + # preferred order of fields, just setting for convention + preferred_order = [ + "$schema", + "$id", + "title", + "description", + "schemaVersion", + "type", + "properties", + "required", + "additionalProperties", + "$defs", + ] + + # create a new dict with the preferred order of fields first + ordered_fields = {k: schema[k] for k in preferred_order if k in schema} + # add the rest of the fields in their original order + for k in schema: + if k not in ordered_fields: + ordered_fields[k] = schema[k] + + return ordered_fields + def selection_from_decision_point(decision_point: DecisionPoint) -> MinimalSelection: """ @@ -272,64 +337,7 @@ def main() -> None: print("# Schema for MinimalSelectionList") schema = MinimalSelectionList.model_json_schema() - # add schema extras - schema.pop("title") - schema["$schema"] = "https://json-schema.org/draft/2020-12/schema" - schema["$id"] = ( - "https://certcc.github.io/SSVC/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json" - ) - schema["description"] = ( - "This schema defines the structure for selecting SSVC Decision Points and their evaluated values " - "for a given vulnerability. Each vulnerability can have multiple Decision Points, and each " - "Decision Point can have multiple selected values when full certainty is not available." - ) - - non_required_fields = [ - "name", - "description", - "target_ids", - "resources", - "references", - ] - - # remove non-required fields from the required list - if "required" in schema and isinstance(schema["required"], list): - schema["required"] = [ - field for field in schema["required"] if field not in non_required_fields - ] - - # dive in to find all the required lists in the schema - # don't forget the defs - if "$defs" in schema: - for prop in schema["$defs"].values(): - if isinstance(prop, dict) and "required" in prop: - # remove non-required fields from the required list - prop["required"] = [ - r for r in prop["required"] if r not in non_required_fields - ] - - # preferred order of fields, just setting for convention - preferred_order = [ - "$schema", - "$id", - "title", - "description", - "schemaVersion", - "type", - "properties", - "required", - "additionalProperties", - "$defs", - ] - - # create a new dict with the preferred order of fields first - ordered_fields = {k: schema[k] for k in preferred_order if k in schema} - # add the rest of the fields in their original order - for k in schema: - if k not in ordered_fields: - ordered_fields[k] = schema[k] - - print(json.dumps(ordered_fields, indent=2)) + print(json.dumps(schema, indent=2)) # find local path to this file import os @@ -343,7 +351,7 @@ def main() -> None: with open(schema_path, "w") as f: print(f"Writing schema to {schema_path}") - json.dump(ordered_fields, f, indent=2) + json.dump(schema, f, indent=2) if __name__ == "__main__": From 11793a22701a1773c8ff1a9750aeed6806da101e Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 23 Jul 2025 16:33:17 -0400 Subject: [PATCH 182/468] rename Selection and SelectionList objects --- ...on_Point_Value_Selection-2-0-0.schema.json | 48 +++++++++---------- src/ssvc/selection.py | 22 ++++----- src/test/test_selections.py | 12 ++--- 3 files changed, 41 insertions(+), 41 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index 1dac219f..a3cc11a0 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -42,7 +42,7 @@ "selections": { "description": "List of selections made from decision points. Each selection item corresponds to value keys contained in a specific decision point identified by its namespace, key, and version. Note that selection objects are deliberately minimal objects and do not contain the full decision point details.", "items": { - "$ref": "#/$defs/MinimalSelection" + "$ref": "#/$defs/Selection" }, "minItems": 1, "title": "Selections", @@ -120,7 +120,28 @@ "title": "MinimalDecisionPointValue", "type": "object" }, - "MinimalSelection": { + "Reference": { + "additionalProperties": false, + "description": "A reference to a resource that provides additional context about the decision points or selections.", + "properties": { + "uri": { + "format": "uri", + "minLength": 1, + "title": "Uri", + "type": "string" + }, + "description": { + "title": "Description", + "type": "string" + } + }, + "required": [ + "uri" + ], + "title": "Reference", + "type": "object" + }, + "Selection": { "additionalProperties": false, "description": "A minimal selection object that contains the decision point ID and the selected values.\nThis is used to transition from an SSVC decision point to a selection.", "properties": { @@ -198,28 +219,7 @@ "key", "values" ], - "title": "MinimalSelection", - "type": "object" - }, - "Reference": { - "additionalProperties": false, - "description": "A reference to a resource that provides additional context about the decision points or selections.", - "properties": { - "uri": { - "format": "uri", - "minLength": 1, - "title": "Uri", - "type": "string" - }, - "description": { - "title": "Description", - "type": "string" - } - }, - "required": [ - "uri" - ], - "title": "Reference", + "title": "Selection", "type": "object" } } diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index f224d495..1a560264 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -60,7 +60,7 @@ def set_optional_fields(cls, data): return data -class MinimalSelection(_Valued, _Versioned, _Keyed, _Namespaced, _Base, BaseModel): +class Selection(_Valued, _Versioned, _Keyed, _Namespaced, _Base, BaseModel): """ A minimal selection object that contains the decision point ID and the selected values. This is used to transition from an SSVC decision point to a selection. @@ -117,7 +117,7 @@ def model_json_schema(cls, **kwargs): return schema -class MinimalSelectionList(_Timestamped, BaseModel): +class SelectionList(_Timestamped, BaseModel): """ A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability evaluation. """ @@ -139,7 +139,7 @@ class MinimalSelectionList(_Timestamped, BaseModel): ], min_length=1, ) - selections: list[MinimalSelection] = Field( + selections: list[Selection] = Field( ..., description="List of selections made from decision points. Each selection item corresponds to " "value keys contained in a specific decision point identified by its namespace, key, and version. " @@ -211,12 +211,12 @@ def validate_target_ids(cls, value: Optional[list[str]]) -> Optional[list[str]]: raise ValueError("Each target_id must be a string.") return value - def add_selection(self, selection: MinimalSelection) -> None: + def add_selection(self, selection: Selection) -> None: """ Adds a minimal selection to the list. Args: - selection (MinimalSelection): The minimal selection to add. + selection (Selection): The minimal selection to add. """ self.selections.append(selection) @@ -286,7 +286,7 @@ def model_json_schema(cls, **kwargs): return ordered_fields -def selection_from_decision_point(decision_point: DecisionPoint) -> MinimalSelection: +def selection_from_decision_point(decision_point: DecisionPoint) -> Selection: """ Converts a decision point to a minimal selection object. @@ -294,7 +294,7 @@ def selection_from_decision_point(decision_point: DecisionPoint) -> MinimalSelec decision_point (DecisionPoint): The decision point to convert. Returns: - MinimalSelection: The resulting minimal selection object. + Selection: The resulting minimal selection object. """ data = { "namespace": decision_point.namespace, @@ -303,7 +303,7 @@ def selection_from_decision_point(decision_point: DecisionPoint) -> MinimalSelec "values": [{"key": val.key} for val in decision_point.values], } - return MinimalSelection(**data) + return Selection(**data) def main() -> None: @@ -319,7 +319,7 @@ def main() -> None: a1 = selection_from_decision_point(dp1) a2 = selection_from_decision_point(dp2) - selections = MinimalSelectionList( + selections = SelectionList( schemaVersion=SCHEMA_VERSION, selections=[a1, a2], timestamp=datetime.now(), @@ -334,8 +334,8 @@ def main() -> None: print(selections.model_dump_json(indent=2, exclude_none=True, exclude_unset=True)) - print("# Schema for MinimalSelectionList") - schema = MinimalSelectionList.model_json_schema() + print("# Schema for SelectionList") + schema = SelectionList.model_json_schema() print(json.dumps(schema, indent=2)) diff --git a/src/test/test_selections.py b/src/test/test_selections.py index f2a836a2..58d54fd1 100644 --- a/src/test/test_selections.py +++ b/src/test/test_selections.py @@ -21,25 +21,25 @@ from datetime import datetime from ssvc import selection -from ssvc.selection import MinimalDecisionPointValue, MinimalSelectionList +from ssvc.selection import MinimalDecisionPointValue, SelectionList from ssvc.utils.patterns import NS_PATTERN, VERSION_PATTERN class MyTestCase(unittest.TestCase): def setUp(self): - self.s1 = selection.MinimalSelection( + self.s1 = selection.Selection( namespace="x_example.test", key="test_key_1", version="1.0.0", values=[{"key": "value11"}, {"key": "value12"}], ) - self.s2 = selection.MinimalSelection( + self.s2 = selection.Selection( namespace="x_example.test", key="test_key_2", version="1.0.0", values=[{"key": "value21"}, {"key": "value22"}], ) - self.selections = MinimalSelectionList( + self.selections = SelectionList( selections=[self.s1, self.s2], timestamp=datetime.now(), target_ids=["target_id_1", "target_id_2"], @@ -112,10 +112,10 @@ def test_minimal_selection_list_init(self): target_id, str, f"Target ID {target_id} is not a string" ) - # selections is a list of MinimalSelection objects + # selections is a list of Selection objects self.assertIsInstance(self.selections.selections, list) for sel in self.selections.selections: - self.assertIsInstance(sel, selection.MinimalSelection) + self.assertIsInstance(sel, selection.Selection) # timestamp is a datetime object self.assertIsInstance(self.selections.timestamp, datetime) From 3d60391ee31b88231f63603fd39725734be210aa Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 23 Jul 2025 16:35:33 -0400 Subject: [PATCH 183/468] make selection_from_decision_point into a class method of Selection --- ...on_Point_Value_Selection-2-0-0.schema.json | 2 +- src/ssvc/selection.py | 47 ++++++++++--------- 2 files changed, 26 insertions(+), 23 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index a3cc11a0..e2927937 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -143,7 +143,7 @@ }, "Selection": { "additionalProperties": false, - "description": "A minimal selection object that contains the decision point ID and the selected values.\nThis is used to transition from an SSVC decision point to a selection.", + "description": "A minimal selection object that contains the decision point ID and the selected values.\nThis is used to transition from an SSVC decision point to a selection.\nOther fields like name and description may be copied from the decision point, but are not required.", "properties": { "name": { "title": "Name", diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 1a560264..40df5da9 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -64,6 +64,7 @@ class Selection(_Valued, _Versioned, _Keyed, _Namespaced, _Base, BaseModel): """ A minimal selection object that contains the decision point ID and the selected values. This is used to transition from an SSVC decision point to a selection. + Other fields like name and description may be copied from the decision point, but are not required. """ model_config = ConfigDict(extra="forbid") @@ -78,6 +79,28 @@ class Selection(_Valued, _Versioned, _Keyed, _Namespaced, _Base, BaseModel): ], # Example values ) + # class method to convert a decision point to a selection + @classmethod + def from_decision_point(cls, decision_point: DecisionPoint) -> "Selection": + """ + Converts a decision point to a minimal selection object. + + Args: + decision_point (DecisionPoint): The decision point to convert. + + Returns: + Selection: The resulting minimal selection object. + """ + data = { + "namespace": decision_point.namespace, + "key": decision_point.key, + "version": decision_point.version, + "values": [ + MinimalDecisionPointValue(key=val.key) for val in decision_point.values + ], + } + return cls(**data) + @model_validator(mode="before") def set_optional_fields(cls, data): if "name" not in data: @@ -286,26 +309,6 @@ def model_json_schema(cls, **kwargs): return ordered_fields -def selection_from_decision_point(decision_point: DecisionPoint) -> Selection: - """ - Converts a decision point to a minimal selection object. - - Args: - decision_point (DecisionPoint): The decision point to convert. - - Returns: - Selection: The resulting minimal selection object. - """ - data = { - "namespace": decision_point.namespace, - "key": decision_point.key, - "version": decision_point.version, - "values": [{"key": val.key} for val in decision_point.values], - } - - return Selection(**data) - - def main() -> None: """ Prints example selections and their schema in JSON format. @@ -317,8 +320,8 @@ def main() -> None: from ssvc.decision_points.ssvc.safety_impact import LATEST as dp2 import json - a1 = selection_from_decision_point(dp1) - a2 = selection_from_decision_point(dp2) + a1 = Selection.from_decision_point(dp1) + a2 = Selection.from_decision_point(dp2) selections = SelectionList( schemaVersion=SCHEMA_VERSION, selections=[a1, a2], From 0cceff7335556de94005b6004fb9950f3fc92b25 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 23 Jul 2025 16:49:27 -0400 Subject: [PATCH 184/468] take advantage of `exclude_none=True` --- src/ssvc/selection.py | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 40df5da9..de7391a9 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -59,6 +59,18 @@ def set_optional_fields(cls, data): return data + @model_validator(mode="after") + def validate_values(cls, data): + """ + If name or description are empty strings, set them to None so that + they are not included in the JSON output when serialized using model_dump_json. + """ + if not data.name: + data.name = None + if not data.description: + data.description = None + return data + class Selection(_Valued, _Versioned, _Keyed, _Namespaced, _Base, BaseModel): """ @@ -81,7 +93,9 @@ class Selection(_Valued, _Versioned, _Keyed, _Namespaced, _Base, BaseModel): # class method to convert a decision point to a selection @classmethod - def from_decision_point(cls, decision_point: DecisionPoint) -> "Selection": + def from_decision_point( + cls, decision_point: DecisionPoint, include_optional: bool = False + ) -> "Selection": """ Converts a decision point to a minimal selection object. @@ -99,6 +113,10 @@ def from_decision_point(cls, decision_point: DecisionPoint) -> "Selection": MinimalDecisionPointValue(key=val.key) for val in decision_point.values ], } + for attr in ("name", "description"): + if hasattr(decision_point, attr): + data[attr] = getattr(decision_point, attr) + return cls(**data) @model_validator(mode="before") @@ -109,6 +127,14 @@ def set_optional_fields(cls, data): data["description"] = "" return data + @model_validator(mode="after") + def validate_values(cls, data): + if not data.name: + data.name = None + if not data.description: + data.description = None + return data + def model_json_schema(cls, **kwargs): schema = super().model_json_schema(**kwargs) not_required = ["name", "description"] From f6f068e6c0ab1c8a652b6bee0b4ecfa08dbb35fe Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 23 Jul 2025 16:52:22 -0400 Subject: [PATCH 185/468] add newline at end of schema file --- data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json | 2 +- src/ssvc/selection.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index e2927937..a2e013ec 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -223,4 +223,4 @@ "type": "object" } } -} \ No newline at end of file +} diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index de7391a9..371bdb45 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -381,6 +381,7 @@ def main() -> None: with open(schema_path, "w") as f: print(f"Writing schema to {schema_path}") json.dump(schema, f, indent=2) + f.write("\n") # Ensure the file ends with a newline if __name__ == "__main__": From 92274ee654a0a179db5e3adb7de9afd82a96cd2c Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 24 Jul 2025 09:52:31 -0400 Subject: [PATCH 186/468] add selection schema dumper to doctools.py for commit hook --- src/ssvc/doctools.py | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/ssvc/doctools.py b/src/ssvc/doctools.py index b345ff26..919a757d 100755 --- a/src/ssvc/doctools.py +++ b/src/ssvc/doctools.py @@ -35,6 +35,7 @@ """ import importlib +import json import logging import os import re @@ -44,6 +45,7 @@ REGISTERED_DECISION_POINTS, ) from ssvc.decision_points.ssvc.base import SsvcDecisionPoint +from ssvc.selection import SelectionList logger = logging.getLogger(__name__) @@ -195,6 +197,14 @@ def dump_json(basename: str, dp: DecisionPoint, jsondir: str, overwrite: bool) - return str(json_file) +def dump_selection_schema(filepath: str): + logger.info(f"Dumping schema to {filepath}") + schema = SelectionList.model_json_schema() + with open(filepath, "w") as f: + json.dump(schema, f, indent=2) + f.write("\n") # newline at end of file + + def main(): # we are going to generate three files for each decision point: # - a markdown table that can be used in the decision point documentation @@ -223,6 +233,8 @@ def main(): overwrite = args.overwrite jsondir = args.jsondir + dp_dir = os.path.join(os.path.abspath(jsondir), "decision_points") + find_modules_to_import("./src/ssvc/decision_points", "ssvc.decision_points") find_modules_to_import("./src/ssvc/outcomes", "ssvc.outcomes") @@ -232,7 +244,14 @@ def main(): # for each decision point: for dp in REGISTERED_DECISION_POINTS: - dump_decision_point(jsondir, dp, overwrite) + dump_decision_point(dp_dir, dp, overwrite) + + # dump the selection schema + schemadir = os.path.abspath(os.path.join(jsondir, "..", "schema", "v2")) + schemafile = os.path.join( + schemadir, "Decision_Point_Value_Selection-2-0-0.schema.json" + ) + dump_selection_schema(schemafile) if __name__ == "__main__": From 54f2a14838ff93d78534fcc3a1d315a36729ccff Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 24 Jul 2025 10:07:26 -0400 Subject: [PATCH 187/468] add unit tests --- src/ssvc/doctools.py | 1 + src/ssvc/selection.py | 2 +- src/test/test_doctools.py | 16 +++- src/test/test_selections.py | 182 ++++++++++++++++++++++++++++++++++++ 4 files changed, 198 insertions(+), 3 deletions(-) diff --git a/src/ssvc/doctools.py b/src/ssvc/doctools.py index 919a757d..b1707c1b 100755 --- a/src/ssvc/doctools.py +++ b/src/ssvc/doctools.py @@ -187,6 +187,7 @@ def dump_json(basename: str, dp: DecisionPoint, jsondir: str, overwrite: bool) - remove_if_exists(json_file) with EnsureDirExists(dirname): try: + logger.info(f"Writing {json_file}") with open(json_file, "x") as f: f.write(dp.model_dump_json(indent=2)) f.write("\n") # newline at end of file diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 371bdb45..a00cb95f 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -352,7 +352,7 @@ def main() -> None: schemaVersion=SCHEMA_VERSION, selections=[a1, a2], timestamp=datetime.now(), - target_ids=["CVE-2025-0001", "GHSA-0123-4567-89ab"], + target_ids=["CVE-1900-0001", "GHSA-0123-4567-89ab"], references=[ Reference( uri="https://example.com/report", diff --git a/src/test/test_doctools.py b/src/test/test_doctools.py index 5b38ca71..a41e9fd4 100644 --- a/src/test/test_doctools.py +++ b/src/test/test_doctools.py @@ -166,8 +166,20 @@ def test_dump_json(self): d = json.load(open(json_file)) self.assertEqual(dp.name, d["name"]) - def test_main(self): - pass + def test_dump_selection_schema(self): + schemafile = os.path.join(self.tempdir.name, "selection_schema.json") + self.assertFalse(os.path.exists(schemafile)) + from ssvc.doctools import dump_selection_schema + + dump_selection_schema(schemafile) + self.assertTrue(os.path.exists(schemafile)) + + # file is loadable json + d = json.load(open(schemafile)) + self.assertIn("title", d) + self.assertEqual(d["title"], "Decision Point Value Selection List") + self.assertIn("type", d) + self.assertEqual(d["type"], "object") if __name__ == "__main__": diff --git a/src/test/test_selections.py b/src/test/test_selections.py index 58d54fd1..f64c6819 100644 --- a/src/test/test_selections.py +++ b/src/test/test_selections.py @@ -120,6 +120,188 @@ def test_minimal_selection_list_init(self): # timestamp is a datetime object self.assertIsInstance(self.selections.timestamp, datetime) + def test_minimal_decision_point_value_validators(self): + """Test the model validators for MinimalDecisionPointValue.""" + # Test set_optional_fields validator + value = MinimalDecisionPointValue(key="test_key") + self.assertIsNone(value.name) + self.assertIsNone(value.description) + + # Test with empty strings + value_empty = MinimalDecisionPointValue(key="test_key", name="", description="") + self.assertIsNone(value_empty.name) + self.assertIsNone(value_empty.description) + + def test_selection_validators(self): + """Test the model validators for Selection.""" + # Test with minimal data + selection_minimal = selection.Selection( + namespace="x_example.test", + key="test_key", + version="1.0.0", + values=[{"key": "value1"}], + ) + self.assertIsNone(selection_minimal.name) + self.assertIsNone(selection_minimal.description) + + # Test with empty strings + selection_empty = selection.Selection( + namespace="x_example.test", + key="test_key", + version="1.0.0", + values=[{"key": "value1"}], + name="", + description="", + ) + self.assertIsNone(selection_empty.name) + self.assertIsNone(selection_empty.description) + + def test_from_decision_point(self): + """Test converting a decision point to a selection.""" + from ssvc.decision_points.ssvc.automatable import LATEST as dp + + selection_obj = selection.Selection.from_decision_point(dp) + + self.assertEqual(selection_obj.namespace, dp.namespace) + self.assertEqual(selection_obj.key, dp.key) + self.assertEqual(selection_obj.version, dp.version) + self.assertEqual(len(selection_obj.values), len(dp.values)) + + for sel_val, dp_val in zip(selection_obj.values, dp.values): + self.assertEqual(sel_val.key, dp_val.key) + + def test_reference_model(self): + """Test the Reference model.""" + ref = selection.Reference( + uri="https://example.com/test", description="Test description" + ) + self.assertEqual(str(ref.uri), "https://example.com/test") + self.assertEqual(ref.description, "Test description") + + def test_selection_list_validators(self): + """Test SelectionList validators.""" + # Test schema version is set automatically + sel_list = SelectionList( + selections=[self.s1], + timestamp=datetime.now(), + ) + self.assertEqual(sel_list.schemaVersion, selection.SCHEMA_VERSION) + + def test_target_ids_validation(self): + """Test target_ids field validation.""" + # Test empty list throws ValueError + with self.assertRaises(ValueError): + SelectionList( + selections=[self.s1], + timestamp=datetime.now(), + target_ids=[], + ) + + # Test None throws ValueError + with self.assertRaises(ValueError): + SelectionList( + selections=[self.s1], + timestamp=datetime.now(), + target_ids=None, + ) + + # absent target_ids leads to empty list + sel_list = SelectionList( + selections=[self.s1], + timestamp=datetime.now(), + ) + self.assertEqual(sel_list.target_ids, []) + + # Test valid target_ids + sel_list_valid = SelectionList( + selections=[self.s1], + timestamp=datetime.now(), + target_ids=["CVE-1900-0001"], + ) + self.assertEqual(sel_list_valid.target_ids, ["CVE-1900-0001"]) + + # Test invalid target_ids (non-string) + with self.assertRaises(ValueError): + SelectionList( + selections=[self.s1], + timestamp=datetime.now(), + target_ids=[123], # Invalid: not a string + ) + + def test_add_selection_method(self): + """Test the add_selection method.""" + initial_count = len(self.selections.selections) + new_selection = selection.Selection( + namespace="x_example.test", + key="new_key", + version="1.0.0", + values=[{"key": "new_value"}], + ) + + self.selections.add_selection(new_selection) + self.assertEqual(len(self.selections.selections), initial_count + 1) + self.assertEqual(self.selections.selections[-1], new_selection) + + def test_selection_list_optional_fields(self): + """Test SelectionList with optional fields.""" + ref = selection.Reference( + uri="https://example.com/resource", description="Test resource" + ) + + sel_list = SelectionList( + selections=[self.s1, self.s2], + timestamp=datetime.now(), + target_ids=["CVE-1900-0001"], + resources=[ref], + references=[ref], + ) + + self.assertEqual(len(sel_list.resources), 1) + self.assertEqual(len(sel_list.references), 1) + self.assertEqual(sel_list.resources[0].uri, ref.uri) + + def test_model_json_schema_customization(self): + """Test that JSON schema is properly customized.""" + schema = SelectionList.model_json_schema() + + # Check schema metadata + self.assertEqual(schema["title"], "Decision Point Value Selection List") + self.assertEqual( + schema["$schema"], "https://json-schema.org/draft/2020-12/schema" + ) + self.assertIn("$id", schema) + self.assertIn("description", schema) + + # Check that optional fields are not in required list + required_fields = schema.get("required", []) + optional_fields = [ + "name", + "description", + "target_ids", + "resources", + "references", + ] + for field in optional_fields: + self.assertNotIn(field, required_fields) + + def test_selection_values_validation(self): + """Test that Selection requires at least one value.""" + with self.assertRaises(ValueError): + selection.Selection( + namespace="x_example.test", + key="test_key", + version="1.0.0", + values=[], # Empty values should raise error + ) + + def test_selection_list_minimum_selections(self): + """Test that SelectionList requires at least one selection.""" + with self.assertRaises(ValueError): + SelectionList( + selections=[], # Empty selections should raise error + timestamp=datetime.now(), + ) + if __name__ == "__main__": unittest.main() From b8e091196e6bf04b8fe4dd3646e89c03cef425c4 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 24 Jul 2025 10:16:17 -0400 Subject: [PATCH 188/468] fix test that was overly spec'ed to log sequence --- src/ssvc/doctools.py | 11 ++++++++++- src/test/test_doctools.py | 14 +++++++++++--- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/src/ssvc/doctools.py b/src/ssvc/doctools.py index b1707c1b..3dfca898 100755 --- a/src/ssvc/doctools.py +++ b/src/ssvc/doctools.py @@ -198,7 +198,16 @@ def dump_json(basename: str, dp: DecisionPoint, jsondir: str, overwrite: bool) - return str(json_file) -def dump_selection_schema(filepath: str): +def dump_selection_schema(filepath: str) -> None: + """ + Dump the schema for the SelectionList model to a file. + Args: + filepath: The path to the file to write the schema to. + + Returns: + None + + """ logger.info(f"Dumping schema to {filepath}") schema = SelectionList.model_json_schema() with open(filepath, "w") as f: diff --git a/src/test/test_doctools.py b/src/test/test_doctools.py index a41e9fd4..c669f924 100644 --- a/src/test/test_doctools.py +++ b/src/test/test_doctools.py @@ -146,9 +146,17 @@ def test_dump_json(self): # capture logger output with self.assertLogs() as cm: json_file = dump_json(basename, dp, jsondir, overwrite) - self.assertEqual(_jsonfile, json_file) - # logger warns that the file exists - self.assertIn("already exists", cm.output[0]) + self.assertEqual(_jsonfile, json_file) + # logger warns that the file exists + found = False + for line in cm.output: + if not "WARNING" in line: + continue + # it's a warning log + if "already exists" in line: + found = True + break + self.assertTrue(found, "Expected warning about existing file not found") # should overwrite the file overwrite = True From bd55dd68dc8d87fcc37c4c54cb4a30ef97b65c8e Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 24 Jul 2025 10:28:14 -0400 Subject: [PATCH 189/468] remove default version from selection object --- .../v2/Decision_Point_Value_Selection-2-0-0.schema.json | 2 +- src/ssvc/selection.py | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index a2e013ec..9f2d8a43 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -172,7 +172,6 @@ "type": "string" }, "version": { - "default": "0.0.1", "description": "The version of the SSVC object. This must be a valid semantic version string.", "examples": [ "1.0.0", @@ -217,6 +216,7 @@ "required": [ "namespace", "key", + "version", "values" ], "title": "Selection", diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index a00cb95f..bce29030 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -42,7 +42,7 @@ _Versioned, ) from ssvc.decision_points.base import DecisionPoint -from ssvc.utils.field_specs import TargetIdList +from ssvc.utils.field_specs import TargetIdList, VersionString SCHEMA_VERSION = "2.0.0" @@ -81,6 +81,9 @@ class Selection(_Valued, _Versioned, _Keyed, _Namespaced, _Base, BaseModel): model_config = ConfigDict(extra="forbid") + # _Versioned has a default value, but here we don't want to have a default + version: VersionString + values: tuple[MinimalDecisionPointValue, ...] = Field( ..., description="A list of selected value keys from the decision point values.", From cc57bb298158b1f00831b5b208b29b7514ba1b7e Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 24 Jul 2025 10:41:08 -0400 Subject: [PATCH 190/468] Add & refine docstrings --- ...on_Point_Value_Selection-2-0-0.schema.json | 12 +++--- src/ssvc/selection.py | 37 ++++++++++++++++--- 2 files changed, 38 insertions(+), 11 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index 9f2d8a43..de646fd0 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -99,7 +99,7 @@ "additionalProperties": false, "$defs": { "MinimalDecisionPointValue": { - "description": "A minimal representation of a decision point value.", + "description": "A minimal representation of a decision point value.\nIntended to parallel the DecisionPointValue object, but with fewer required fields.\nA decision point value is uniquely identified within a decision point by its key.\nGlobally, the combination of Decision Point namespace, key, and version coupled with the value key\nuniquely identifies a value across all decision points and values.\nOther required fields in the DecisionPointValue object, such as name and description, are optional here.", "properties": { "key": { "title": "Key", @@ -122,12 +122,12 @@ }, "Reference": { "additionalProperties": false, - "description": "A reference to a resource that provides additional context about the decision points or selections.", + "description": "A reference to a resource that provides additional context about the decision points or selections.\nThis object is intentionally minimal and contains only the URL and an optional description.", "properties": { - "uri": { + "urL": { "format": "uri", "minLength": 1, - "title": "Uri", + "title": "Url", "type": "string" }, "description": { @@ -136,14 +136,14 @@ } }, "required": [ - "uri" + "urL" ], "title": "Reference", "type": "object" }, "Selection": { "additionalProperties": false, - "description": "A minimal selection object that contains the decision point ID and the selected values.\nThis is used to transition from an SSVC decision point to a selection.\nOther fields like name and description may be copied from the decision point, but are not required.", + "description": "A minimal selection object that contains the decision point ID and the selected values.\nWhile the Selection object parallels the DecisionPoint object, it is intentionally minimal, with\nfewer required fields and no additional metadata, as it is meant to represent a selection made from a\npreviously defined decision point. The expectation is that a Selection object will usually have\nfewer values than the original decision point, as it represents a specific evaluation\nat a specific time and may therefore rule out some values that were previously considered.\nOther fields like name and description may be copied from the decision point, but are not required.", "properties": { "name": { "title": "Name", diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index bce29030..b1687d4c 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -48,7 +48,14 @@ class MinimalDecisionPointValue(_Base, _Keyed, BaseModel): - """A minimal representation of a decision point value.""" + """ + A minimal representation of a decision point value. + Intended to parallel the DecisionPointValue object, but with fewer required fields. + A decision point value is uniquely identified within a decision point by its key. + Globally, the combination of Decision Point namespace, key, and version coupled with the value key + uniquely identifies a value across all decision points and values. + Other required fields in the DecisionPointValue object, such as name and description, are optional here. + """ @model_validator(mode="before") def set_optional_fields(cls, data): @@ -75,7 +82,11 @@ def validate_values(cls, data): class Selection(_Valued, _Versioned, _Keyed, _Namespaced, _Base, BaseModel): """ A minimal selection object that contains the decision point ID and the selected values. - This is used to transition from an SSVC decision point to a selection. + While the Selection object parallels the DecisionPoint object, it is intentionally minimal, with + fewer required fields and no additional metadata, as it is meant to represent a selection made from a + previously defined decision point. The expectation is that a Selection object will usually have + fewer values than the original decision point, as it represents a specific evaluation + at a specific time and may therefore rule out some values that were previously considered. Other fields like name and description may be copied from the decision point, but are not required. """ @@ -150,11 +161,14 @@ def model_json_schema(cls, **kwargs): class Reference(BaseModel): - """A reference to a resource that provides additional context about the decision points or selections.""" + """ + A reference to a resource that provides additional context about the decision points or selections. + This object is intentionally minimal and contains only the URL and an optional description. + """ model_config = ConfigDict(extra="forbid") - uri: AnyUrl + urL: AnyUrl description: str # override schema generation to ensure that description is not required @@ -171,7 +185,20 @@ def model_json_schema(cls, **kwargs): class SelectionList(_Timestamped, BaseModel): """ - A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability evaluation. + A list decision point selections that represent an evaluation at a specific time of evaluation. + Individual selections are derived from decision points, and each selection + contains a minimal representation of the decision point and the selected values. + + A SelectionList requires a timestamp in RFC 3339 format, which indicates when the selections were made. + + Optional fields include + + - `target_ids`: If present, a non-empty list of identifiers for the item or items being evaluated. + - `resources`: If present, a non-empty list of references to resources that provide additional context about the decision points + found in this selection. Resources point to documentation, JSON files, or other relevant information that + describe what the decision points are and how they should be interpreted. + - `references`: If present, a non-empty list of references to resources that provide additional context about the specific values selected. + References point to reports, advisories, or other relevant information that describe why the selected values were chosen. """ model_config = ConfigDict(extra="forbid") From a89b250c385f78e059caaad7f67efb7dbd038106 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 24 Jul 2025 10:46:31 -0400 Subject: [PATCH 191/468] revert uri->url back to uri --- .../v2/Decision_Point_Value_Selection-2-0-0.schema.json | 6 +++--- src/ssvc/selection.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index de646fd0..d7c1c08d 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -124,10 +124,10 @@ "additionalProperties": false, "description": "A reference to a resource that provides additional context about the decision points or selections.\nThis object is intentionally minimal and contains only the URL and an optional description.", "properties": { - "urL": { + "uri": { "format": "uri", "minLength": 1, - "title": "Url", + "title": "Uri", "type": "string" }, "description": { @@ -136,7 +136,7 @@ } }, "required": [ - "urL" + "uri" ], "title": "Reference", "type": "object" diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index b1687d4c..574cfd8f 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -168,7 +168,7 @@ class Reference(BaseModel): model_config = ConfigDict(extra="forbid") - urL: AnyUrl + uri: AnyUrl description: str # override schema generation to ensure that description is not required From 5eb833e8bfd7755f7b3405fff2c70170fdc38690 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 24 Jul 2025 11:07:58 -0400 Subject: [PATCH 192/468] update schema description to reflect recent developments --- .../v2/Decision_Point_Value_Selection-2-0-0.schema.json | 2 +- src/ssvc/selection.py | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index d7c1c08d..d4afed52 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -2,7 +2,7 @@ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://certcc.github.io/SSVC/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json", "title": "Decision Point Value Selection List", - "description": "This schema defines the structure for selecting SSVC Decision Points and their evaluated values for a given vulnerability. Each vulnerability can have multiple Decision Points, and each Decision Point can have multiple selected values when full certainty is not available.", + "description": "This schema defines the structure for representing selected values from SSVC Decision Points. Each selection list can have multiple selection objects, each representing a decision point, and each selection object can have multiple selected values when full certainty (i.e., a singular value selection) is not available.", "type": "object", "properties": { "timestamp": { diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 574cfd8f..fe07103a 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -310,9 +310,10 @@ def model_json_schema(cls, **kwargs): "https://certcc.github.io/SSVC/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json" ) schema["description"] = ( - "This schema defines the structure for selecting SSVC Decision Points and their evaluated values " - "for a given vulnerability. Each vulnerability can have multiple Decision Points, and each " - "Decision Point can have multiple selected values when full certainty is not available." + "This schema defines the structure for representing selected values from SSVC Decision Points. " + "Each selection list can have multiple selection objects, each representing a decision point, and each " + "selection object can have multiple selected values when full certainty (i.e., a singular value selection) " + "is not available." ) non_required_fields = [ From 9faaf9a2d0731ec0b92d8b8dedbd73a0fd54acea Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 24 Jul 2025 11:24:16 -0400 Subject: [PATCH 193/468] fix a bug in namespace validator that may have prevented extensions to registered namespaces (not starting with x_) --- docs/reference/code/selection.md | 3 +++ mkdocs.yml | 3 ++- src/ssvc/namespaces.py | 10 ++++++++++ 3 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 docs/reference/code/selection.md diff --git a/docs/reference/code/selection.md b/docs/reference/code/selection.md new file mode 100644 index 00000000..f1a2c466 --- /dev/null +++ b/docs/reference/code/selection.md @@ -0,0 +1,3 @@ +# Selections + +::: ssvc.selection diff --git a/mkdocs.yml b/mkdocs.yml index 80638cda..95671f67 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -106,10 +106,11 @@ nav: - Target Distribution: 'reference/decision_points/cvss/target_distribution.md' - Code: - Intro: 'reference/code/index.md' + - Namespaces: 'reference/code/namespaces.md' + - Selections: 'reference/code/selection.md' - CSV Analyzer: 'reference/code/analyze_csv.md' - Policy Generator: 'reference/code/policy_generator.md' - Outcomes: 'reference/code/outcomes.md' - - Namespaces: 'reference/code/namespaces.md' - Doctools: 'reference/code/doctools.md' - Learning SSVC: - Tutorials: 'tutorials/index.md' diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 0c1592b3..11baf0b5 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -74,8 +74,18 @@ def validate(cls, value: str) -> str: """ if value in cls.__members__.values(): + # value is explicitly registered in the enum + return value + if any( + [value.startswith(registered) for registered in cls.__members__.values()] + ) and NS_PATTERN.match(value): + # value is a valid namespace that starts with one of the registered namespaces + # and meets the pattern requirements for extensions + # this allows for custom extensions of registered namespaces without needing to register them in the enum return value if value.startswith(X_PFX) and NS_PATTERN.match(value): + # value starts with the experimental prefix and meets the pattern requirements + # this allows for custom namespaces that are not registered in the enum return value raise ValueError( f"Invalid namespace: {value}. Must be one of {[ns.value for ns in cls]} or start with '{X_PFX}'." From afecc432876686fff2504916b48873cbf86a24cf Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 24 Jul 2025 11:41:47 -0400 Subject: [PATCH 194/468] refine ns validator --- src/ssvc/namespaces.py | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 11baf0b5..58dfec2f 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -73,22 +73,26 @@ def validate(cls, value: str) -> str: ValueError: if the value is not a valid namespace """ - if value in cls.__members__.values(): - # value is explicitly registered in the enum - return value - if any( - [value.startswith(registered) for registered in cls.__members__.values()] - ) and NS_PATTERN.match(value): - # value is a valid namespace that starts with one of the registered namespaces - # and meets the pattern requirements for extensions - # this allows for custom extensions of registered namespaces without needing to register them in the enum - return value - if value.startswith(X_PFX) and NS_PATTERN.match(value): - # value starts with the experimental prefix and meets the pattern requirements - # this allows for custom namespaces that are not registered in the enum - return value + valid = NS_PATTERN.match(value) + + if valid: + # pattern matches, so we can proceed with further checks + # partition always returns three parts: the part before the separator, the separator itself, and the part after the separator + (base_ns, _, extension) = value.partition("/") + # and we don't care about the extension beyond the pattern match above + # so base_ns is either the full value or the part before the first slash + + if base_ns in cls.__members__.values(): + # base_ns is a registered namespaces + return value + + elif base_ns.startswith(X_PFX): + # base_ns might start with x_ + return value + + # if you got here, the value is not a valid namespace raise ValueError( - f"Invalid namespace: {value}. Must be one of {[ns.value for ns in cls]} or start with '{X_PFX}'." + f"Invalid namespace: '{value}' Must be one of {[ns.value for ns in cls]} or start with '{X_PFX}'." ) From ab2ed9478ef9f56ec93aa2d0778b4b25591fac25 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 28 Jul 2025 15:16:51 -0400 Subject: [PATCH 195/468] Update data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- .../Decision_Point_Value_Selection-2-0-0.schema.json | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index d4afed52..d2a96b4b 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -81,6 +81,16 @@ "description": "A report on which the selections were based", "uri": "https://example.com/report" } + ], + [ + { + "description": "A code section on which the selections were based", + "uri": "https://git.example.com/some-relevant-path/code#L21-42" + }, + { + "description": "A code section on which calls the vulnerable function", + "uri": "https://git.example.com/some-relevant-path/callingcode#L91-16" + } ] ], "items": { From 1e77dcd676fe43d7f18e3fd6803105cffabbceba Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 28 Jul 2025 15:36:15 -0400 Subject: [PATCH 196/468] Update docs/adr/0012-ssvc-namespaces.md Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- docs/adr/0012-ssvc-namespaces.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/adr/0012-ssvc-namespaces.md b/docs/adr/0012-ssvc-namespaces.md index 01e64b6b..a9458ec1 100644 --- a/docs/adr/0012-ssvc-namespaces.md +++ b/docs/adr/0012-ssvc-namespaces.md @@ -70,7 +70,7 @@ interpretation of a decision point in a specific context. !!! example - An ISAO might want to refine the meaning of decision point values for their + An ISAO (Information Sharing and Analyzing Organization) might want to refine the meaning of decision point values for their constituency, and could use `ssvc//example.isao` as the namespace for their collection of extensions. From c36eb645c43ad5bfe5d385a4896c39a5e1dbe4b5 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 28 Jul 2025 15:36:45 -0400 Subject: [PATCH 197/468] Update src/test/test_namespaces_pattern.py Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- src/test/test_namespaces_pattern.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index f24d9019..716aa6f3 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -88,6 +88,7 @@ def setUp(self): "ab", # too short "x_", # too short after prefix "x_x_some-weird-private-one", # double x_ not allowed + "x_example.test///org.example#fragment", # three slashes in a row (was an mistake in ABNF previously) ] def test_ns_pattern(self): From 538020d8ae25609bd2a053b614c19ce30b2d7f9c Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 28 Jul 2025 15:37:04 -0400 Subject: [PATCH 198/468] Update src/ssvc/selection.py Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- src/ssvc/selection.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index fe07103a..26c0d29a 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -350,10 +350,10 @@ def model_json_schema(cls, **kwargs): "description", "schemaVersion", "type", - "properties", + "$defs", "required", + "properties", "additionalProperties", - "$defs", ] # create a new dict with the preferred order of fields first From e84a4069a0d4c511880fd4ea687142529c8d50f1 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 28 Jul 2025 15:38:48 -0400 Subject: [PATCH 199/468] Update docs/reference/code/namespaces.md Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- docs/reference/code/namespaces.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index defe180b..ed2ffc02 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -140,6 +140,7 @@ we expect that this will rarely lead to conflicts in practice. - Unregistered namespaces must use the `x_` prefix. - Following the `x_` prefix, unregistered namespaces must use reverse domain name notation to ensure uniqueness. - Aside from the required `x_` prefix, unregistered namespaces must contain only alphanumeric characters, dots (`.`), and dashes (`-`). + - For any domain using other characters, DNS Punycode must be used !!! warning "Namespace Conflicts" From 8c0f98343b577fa89dc48fef477ae6ac54cb0818 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 28 Jul 2025 15:39:30 -0400 Subject: [PATCH 200/468] Update docs/reference/code/namespaces.md Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- docs/reference/code/namespaces.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index ed2ffc02..ee54eb91 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -138,7 +138,7 @@ we expect that this will rarely lead to conflicts in practice. Unregistered namespaces must follow the following structure: - Unregistered namespaces must use the `x_` prefix. - - Following the `x_` prefix, unregistered namespaces must use reverse domain name notation to ensure uniqueness. + - Following the `x_` prefix, unregistered namespaces must use reverse domain name notation of a domain under their control to ensure uniqueness. - Aside from the required `x_` prefix, unregistered namespaces must contain only alphanumeric characters, dots (`.`), and dashes (`-`). - For any domain using other characters, DNS Punycode must be used From 9b2a83a4fdbb544c13edd1b3d32610acc94534f8 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 28 Jul 2025 15:40:12 -0400 Subject: [PATCH 201/468] Update docs/reference/code/namespaces.md Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- docs/reference/code/namespaces.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index ee54eb91..f8f2dbff 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -145,8 +145,8 @@ we expect that this will rarely lead to conflicts in practice. !!! warning "Namespace Conflicts" - Conflicts are possible in the x_ prefix space. - In the previous example, Organizations A and B could both choose to use + Conflicts are possible in the x_ prefix space - especially as the control over a domain may be transferred. + Also in tests, Organizations A and B could both choose to use `x_example.test`, and there are no guarantees of global uniqueness for the decision points in the `x_example.test` namespace. From 9a48b01bbbb7847ca48b9cd53e8a610c018616b9 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 28 Jul 2025 15:40:39 -0400 Subject: [PATCH 202/468] Update docs/reference/code/namespaces.md Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- docs/reference/code/namespaces.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index f8f2dbff..e32a8edb 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -181,6 +181,12 @@ constituencies or to provide translations of existing decision points. as described above instead of an extension. Extensions are not intended to be used to create new decision points. +!!! question "Why is that important?" + + The way extensions are build enables tools to process the decision points even if + they do not know the defined extension. As long as the tool knows the base + namespace, it can process the decision point. + #### Namespace Extension Structure The first extension segment is reserved for an optional BCP-47 language tag, which may be left empty. From 250824060ea530b208f6ef3b88d9c57703be2b60 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 28 Jul 2025 15:41:26 -0400 Subject: [PATCH 203/468] Update docs/reference/code/namespaces.md Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- docs/reference/code/namespaces.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index e32a8edb..40c94f09 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -195,7 +195,7 @@ When empty, the default language (`en-US`) is implied. Subsequent extension segments must begin with a reverse domain name notation string, and may contain alphanumeric characters (upper or lower case), dots (`.`), and dashes (`-`). A single fragment identifier (`#`) may be included in an extension segment, but it is optional. -Fragment identifiers can be used to indicate a specific interpretation or context for the extension. +Fragment segments can be used to indicate a specific interpretation or context for the extension. The following diagram illustrates the structure of namespace extensions: ```mermaid From 0cedd6582c3c3fb639c8e6766f54303d4e08249d Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 28 Jul 2025 15:41:47 -0400 Subject: [PATCH 204/468] Update docs/reference/code/namespaces.md Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- docs/reference/code/namespaces.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index 40c94f09..763a4362 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -196,7 +196,7 @@ Subsequent extension segments must begin with a reverse domain name notation str and may contain alphanumeric characters (upper or lower case), dots (`.`), and dashes (`-`). A single fragment identifier (`#`) may be included in an extension segment, but it is optional. Fragment segments can be used to indicate a specific interpretation or context for the extension. - +Note: Without a fragment segment, all decision points of an organization fall into one bucket, which is in most cases not intended. Therefore, the use of a fragment segment is recommended. The following diagram illustrates the structure of namespace extensions: ```mermaid --- From 6949295d9cd1c1b8fe65e98046af8d21ab43a28d Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 28 Jul 2025 15:42:13 -0400 Subject: [PATCH 205/468] Update docs/reference/code/namespaces.md Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- docs/reference/code/namespaces.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index 763a4362..55bed10a 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -235,7 +235,7 @@ base_ns -->|/| first - Multiple extension segments are allowed. - If any extension segments are present, the first segment must be a valid BCP-47 language tag or an empty string. - When the first segment is left as an empty string, the default language (`en-US`) is implied. - - Subsequent extension segments must begin with a reverse domain name notation string. + - Subsequent extension segments must begin with a reverse domain name notation string or be a valid, non-empty BCP-47 language tag. - A fragment identifier (`#`) may be included in extension segments, but it is optional. - Extension segments may contain alphanumeric characters (upper or lower case), dots (`.`), and dashes (`-`), and zero or one hash (`#`). - Extensions must not alter the decision point key, version number, or value keys for any decision point they are derived from. From eccf7ca378723fd5dadeccef1a0758792df342d3 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 28 Jul 2025 15:44:31 -0400 Subject: [PATCH 206/468] Update namespaces.md --- docs/reference/code/namespaces.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index 55bed10a..42fb50c3 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -294,7 +294,7 @@ segment of the extension. !!! tip "Use BCP-47 Language Tags" Regardless where they appear in the extension strings, BCP-47 language tags - must be for any language-based extension. + must be used for any language-based extension. Note, however that we do not strictly enforce this recommendation in the SSVC codebase outside of the first extension segment. From 74463f1bcf5b7a030705731272790c4b50cac742 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 28 Jul 2025 15:49:41 -0400 Subject: [PATCH 207/468] forbid extras --- src/ssvc/selection.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 26c0d29a..de8b473f 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -57,6 +57,8 @@ class MinimalDecisionPointValue(_Base, _Keyed, BaseModel): Other required fields in the DecisionPointValue object, such as name and description, are optional here. """ + model_config = ConfigDict(extra="forbid") + @model_validator(mode="before") def set_optional_fields(cls, data): if "name" not in data: From 215da4e36ff87e8a53b8f8677bf9f5a3780ddf93 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 28 Jul 2025 15:56:20 -0400 Subject: [PATCH 208/468] Update docs/reference/code/namespaces.md Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- docs/reference/code/namespaces.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index 42fb50c3..53a0775c 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -295,7 +295,7 @@ segment of the extension. Regardless where they appear in the extension strings, BCP-47 language tags must be used for any language-based extension. - Note, however that we do not strictly enforce this recommendation in the + Note, however that we do not yet strictly enforce this recommendation in the SSVC codebase outside of the first extension segment. !!! example "Translation of a custom extension" From 0d87c536d743dfdf2f876753096341e3062ffb0e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Jul 2025 20:15:09 +0000 Subject: [PATCH 209/468] Bump the mkdocs group with 2 updates Bumps the mkdocs group with 2 updates: [mkdocs-material](https://github.com/squidfunk/mkdocs-material) and [mkdocstrings](https://github.com/mkdocstrings/mkdocstrings). Updates `mkdocs-material` from 9.6.15 to 9.6.16 - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.15...9.6.16) Updates `mkdocstrings` from 0.29.1 to 0.30.0 - [Release notes](https://github.com/mkdocstrings/mkdocstrings/releases) - [Changelog](https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md) - [Commits](https://github.com/mkdocstrings/mkdocstrings/compare/0.29.1...0.30.0) --- updated-dependencies: - dependency-name: mkdocs-material dependency-version: 9.6.16 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: mkdocs - dependency-name: mkdocstrings dependency-version: 0.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: mkdocs ... Signed-off-by: dependabot[bot] --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index 3100fdcf..2e08435e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,9 +2,9 @@ mkdocs==1.6.1 mkdocs-bibtex==4.4.0 mkdocs-include-markdown-plugin==7.1.6 mkdocs-table-reader-plugin==3.1.0 -mkdocs-material==9.6.15 +mkdocs-material==9.6.16 mkdocs-material-extensions==1.3.1 -mkdocstrings==0.29.1 +mkdocstrings==0.30.0 mkdocstrings-python==1.16.12 mkdocs-print-site-plugin==2.7.3 markdown-exec==1.11.0 From 77dfd2e3debc4f7feae4d449bda5791bca831122 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Aug 2025 14:16:16 -0400 Subject: [PATCH 210/468] Bump mkdocs-print-site-plugin from 2.7.3 to 2.8 in the mkdocs group (#840) Bumps the mkdocs group with 1 update: [mkdocs-print-site-plugin](https://github.com/timvink/mkdocs-print-site-plugin). Updates `mkdocs-print-site-plugin` from 2.7.3 to 2.8 - [Release notes](https://github.com/timvink/mkdocs-print-site-plugin/releases) - [Commits](https://github.com/timvink/mkdocs-print-site-plugin/compare/v2.7.3...v2.8) --- updated-dependencies: - dependency-name: mkdocs-print-site-plugin dependency-version: '2.8' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: mkdocs ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 2e08435e..a664977e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,7 +6,7 @@ mkdocs-material==9.6.16 mkdocs-material-extensions==1.3.1 mkdocstrings==0.30.0 mkdocstrings-python==1.16.12 -mkdocs-print-site-plugin==2.7.3 +mkdocs-print-site-plugin==2.8 markdown-exec==1.11.0 thefuzz==0.22.1 pandas==2.3.1 From 1fb7e2a1fd7385c4cfd67da0294aac8f363a85f2 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 5 Aug 2025 14:16:45 -0400 Subject: [PATCH 211/468] Initial Decision Table object (#795) * add decision table object * fix unit tests * make sure the `make docker_test` target always builds fresh * eliminate semver warning * fix pydantic data type warning * make csv export smaller (avoid redundancy in row elements) * refactoring & make tests pass * remove superfluous mapping module * Refine decision table object, refactor methods into functions, add docstrings, fix unit tests * increase unit test coverage * add type hints * add feature importance and topology checks * fix tests * update tests * fix test * refactor DecisionPointGroup to use a dict rather than tuple as its main structure. Note this will require changes to the schema too. * refactor dp_groups to be a dict rather than tuple of decision points. Refine decision table object * add obfuscator methods to decision tables and dp groups objects this is based on discussion in #795. Not sure if we're going to keep this or not. * pep8 * update DPG schema and fix tests * remove obsolete experimental code * pep8 cleanup * refactor decision table so it doesn't explicitly need a decision point group * fix a bug in csv_analyzer that was assuming target values were always in ascending order. * try out the decision table object with a few known tables * reformat * use dashes for schema version * fix tests * bump schema version, refine doctools schema dumper, revise key description and examples * adjust key pattern to explicitly grandfather `T*` while limiting other keys to alphanumerics and underscores. * update tests * update current schema link * decouple _Versioned and _SchemaVersioned * relocate `ssvc._schemaVersion` to `ssvc.utils.defaults.SCHEMA_VERSION` * add default setter for schemaVersion while retaining it as required in JSON schema * refactor mixins to use standardized _GenericSsvcObject * update JSON schema * reorder mixins * add lookup methods * docstrings and clean up * black cleanup * add decision point schema generation to doctools.py * update json examples * mark schema validation tests as expected failures for now * refactor importer into separate module * refactor doctools for more schema dumps * update decision point schema * remove old registry * update schema tests and doctools to dump dp group schema * decrement schema version * move "title" to top of each schema object * add min_length to name, description * Revert "add min_length to name, description" This reverts commit cf036a157cc658b9ee5843b6ac83ec21756d4ddc. * rename 'description' to 'summary' in reference object * escape forward slashes in regex * update schemas after merge * remove ABNF from documentation. Until we have a way to generate this, it's unmaintainable. * update docstring * fix documentation generators * bump linkchecker python version * add test for Reference object * add AIVSS namespace and base class for decision points * add AIVSS Model Robustness (MR) decision points and a basic table to roll them up. * move "IN_KEV" decision point to cisa namespace. (+1 squashed commit) Squashed commits: [862a597] remove old in_kev json * create ethical implications set * add data sensitivity set * add decision criticality set * registry should reject duplicate object IDs when they point to different objects * rekey Decision Criticality and Data Confidentiality add financial impact, safety critical, operational disruption, reputational damage add decision criticality decision point and table * add Adaptability set * add adversarial attack surface set * make decision table defs more consistent * add lifecycle vuls set * add governance set * remove extraneous prints * refactor graph constructor into its own method (+1 squashed commit) Squashed commits: [de65f97] refactor csv analyzer to use more efficient graph algorithm * fix test * add a low medium high generic outcome (+1 squashed commit) Squashed commits: [32ceaf2] add a low medium high generic outcome * add a low medium high generic outcome (+1 squashed commit) Squashed commits: [32ceaf2] add a low medium high generic outcome * add logging to doctools * add unit tests * dump the right schema. also add keys to decision tables * add keys to decision tables * remove extraneous stuff from accidental merge * use basic objects in constructing registry * add decision tables to doc tools dumpers * dump registry from doctools.py --- .github/workflows/link_checker.yml | 2 +- Makefile | 2 + .../do_schedule_delegate_delete_1_0_0.json | 30 + .../basic/lowmediumhigh_1_0_0.json | 25 + .../decision_points/basic/moscow_1_0_0.json | 30 + .../basic/value_complexity_1_0_0.json | 30 + .../decision_points/basic/yesno_1_0_0.json | 20 + .../cisa/cisa_levels_1_0_0.json | 8 +- .../{ssvc => cisa}/in_kev_1_0_0.json | 8 +- .../cisa/mission_prevalence_1_0_0.json | 8 +- .../cvss/access_complexity_1_0_0.json | 8 +- .../cvss/access_complexity_2_0_0.json | 8 +- .../cvss/access_vector_1_0_0.json | 8 +- .../cvss/access_vector_2_0_0.json | 8 +- .../cvss/attack_complexity_3_0_0.json | 8 +- .../cvss/attack_complexity_3_0_1.json | 8 +- .../cvss/attack_requirements_1_0_0.json | 8 +- .../cvss/attack_vector_3_0_0.json | 8 +- .../cvss/attack_vector_3_0_1.json | 8 +- .../cvss/authentication_1_0_0.json | 8 +- .../cvss/authentication_2_0_0.json | 8 +- .../cvss/automatable_1_0_0.json | 8 +- .../cvss/availability_impact_1_0_0.json | 8 +- .../cvss/availability_impact_2_0_0.json | 8 +- ...impact_to_the_subsequent_system_1_0_0.json | 8 +- ...impact_to_the_vulnerable_system_3_0_0.json | 8 +- .../cvss/availability_requirement_1_0_0.json | 8 +- .../cvss/availability_requirement_1_1_0.json | 8 +- .../cvss/availability_requirement_1_1_1.json | 8 +- .../collateral_damage_potential_1_0_0.json | 8 +- .../collateral_damage_potential_2_0_0.json | 8 +- .../cvss/confidentiality_impact_1_0_0.json | 8 +- .../cvss/confidentiality_impact_2_0_0.json | 8 +- ...impact_to_the_subsequent_system_1_0_0.json | 8 +- ...impact_to_the_vulnerable_system_3_0_0.json | 8 +- .../confidentiality_requirement_1_0_0.json | 8 +- .../confidentiality_requirement_1_1_0.json | 8 +- .../confidentiality_requirement_1_1_1.json | 8 +- ...alitative_severity_rating_scale_1_0_0.json | 8 +- .../cvss/equivalence_set_1_1_0_0.json | 8 +- .../cvss/equivalence_set_2_1_0_0.json | 8 +- .../cvss/equivalence_set_3_1_0_0.json | 8 +- .../cvss/equivalence_set_4_1_0_0.json | 8 +- .../cvss/equivalence_set_5_1_0_0.json | 8 +- .../cvss/equivalence_set_6_1_0_0.json | 8 +- .../cvss/exploit_code_maturity_1_2_0.json | 8 +- .../cvss/exploit_maturity_2_0_0.json | 8 +- .../cvss/exploitability_1_0_0.json | 8 +- .../cvss/exploitability_1_1_0.json | 8 +- .../cvss/impact_bias_1_0_0.json | 8 +- .../cvss/integrity_impact_1_0_0.json | 8 +- .../cvss/integrity_impact_2_0_0.json | 8 +- ...impact_to_the_subsequent_system_1_0_0.json | 8 +- ...impact_to_the_vulnerable_system_3_0_0.json | 8 +- .../cvss/integrity_requirement_1_0_0.json | 8 +- .../cvss/integrity_requirement_1_1_0.json | 8 +- .../cvss/integrity_requirement_1_1_1.json | 8 +- .../modified_attack_complexity_3_0_0.json | 8 +- .../modified_attack_complexity_3_0_1.json | 8 +- .../modified_attack_requirements_1_0_0.json | 8 +- .../cvss/modified_attack_vector_3_0_0.json | 8 +- .../cvss/modified_attack_vector_3_0_1.json | 8 +- .../modified_availability_impact_2_0_0.json | 8 +- ...impact_to_the_subsequent_system_1_0_0.json | 8 +- ...impact_to_the_subsequent_system_1_0_1.json | 8 +- ...impact_to_the_vulnerable_system_3_0_0.json | 8 +- ...modified_confidentiality_impact_2_0_0.json | 8 +- ...impact_to_the_subsequent_system_1_0_0.json | 8 +- ...impact_to_the_subsequent_system_1_0_1.json | 8 +- ...impact_to_the_vulnerable_system_3_0_0.json | 8 +- .../cvss/modified_integrity_impact_2_0_0.json | 8 +- ...impact_to_the_subsequent_system_1_0_0.json | 8 +- ...impact_to_the_subsequent_system_1_0_1.json | 8 +- ...impact_to_the_vulnerable_system_3_0_0.json | 8 +- .../modified_privileges_required_1_0_0.json | 8 +- .../modified_privileges_required_1_0_1.json | 8 +- .../cvss/modified_scope_1_0_0.json | 8 +- .../cvss/modified_user_interaction_1_0_0.json | 8 +- .../cvss/modified_user_interaction_2_0_0.json | 8 +- .../cvss/privileges_required_1_0_0.json | 8 +- .../cvss/privileges_required_1_0_1.json | 8 +- .../cvss/provider_urgency_1_0_0.json | 8 +- .../decision_points/cvss/recovery_1_0_0.json | 8 +- .../cvss/remediation_level_1_0_0.json | 8 +- .../cvss/remediation_level_1_1_0.json | 8 +- .../cvss/report_confidence_1_0_0.json | 8 +- .../cvss/report_confidence_1_1_0.json | 8 +- .../cvss/report_confidence_2_0_0.json | 8 +- .../decision_points/cvss/safety_1_0_0.json | 8 +- .../decision_points/cvss/scope_1_0_0.json | 8 +- .../cvss/target_distribution_1_0_0.json | 8 +- .../cvss/target_distribution_1_1_0.json | 8 +- .../cvss/user_interaction_1_0_0.json | 8 +- .../cvss/user_interaction_2_0_0.json | 8 +- .../cvss/value_density_1_0_0.json | 8 +- .../vulnerability_response_effort_1_0_0.json | 8 +- .../ssvc/automatable_2_0_0.json | 8 +- .../ssvc/critical_software_1_0_0.json | 8 +- .../ssvc/decline_track_coordinate_1_0_0.json | 8 +- ...cheduled_out_of_cycle_immediate_1_0_0.json | 8 +- .../ssvc/exploitation_1_0_0.json | 8 +- .../ssvc/exploitation_1_1_0.json | 8 +- .../ssvc/high_value_asset_1_0_0.json | 8 +- .../ssvc/human_impact_2_0_0.json | 8 +- .../ssvc/human_impact_2_0_1.json | 8 +- .../mission_and_well_being_impact_1_0_0.json | 8 +- .../ssvc/mission_impact_1_0_0.json | 8 +- .../ssvc/mission_impact_2_0_0.json | 8 +- .../ssvc/public_safety_impact_2_0_0.json | 8 +- .../ssvc/public_safety_impact_2_0_1.json | 8 +- .../ssvc/public_value_added_1_0_0.json | 8 +- .../ssvc/public_well_being_impact_1_0_0.json | 8 +- .../ssvc/publish_do_not_publish_1_0_0.json | 8 +- .../ssvc/report_credibility_1_0_0.json | 8 +- .../ssvc/report_public_1_0_0.json | 8 +- .../ssvc/safety_impact_1_0_0.json | 8 +- .../ssvc/safety_impact_2_0_0.json | 8 +- .../ssvc/supplier_cardinality_1_0_0.json | 8 +- .../ssvc/supplier_contacted_1_0_0.json | 8 +- .../ssvc/supplier_engagement_1_0_0.json | 8 +- .../ssvc/supplier_involvement_1_0_0.json | 8 +- .../ssvc/system_exposure_1_0_0.json | 8 +- .../ssvc/system_exposure_1_0_1.json | 8 +- .../ssvc/technical_impact_1_0_0.json | 8 +- .../decision_points/ssvc/utility_1_0_0.json | 8 +- .../decision_points/ssvc/utility_1_0_1.json | 8 +- .../ssvc/value_density_1_0_0.json | 8 +- .../decision_points/ssvc/virulence_1_0_0.json | 8 +- .../x_com_yahooinc/theparanoids_1_0_0.json | 40 + .../ssvc/human_impact_1_0_0.json | 208 + ...lier_patch_development_priority_1_0_0.json | 385 + .../decision_tables/ssvc/utility_1_0_0.json | 98 + data/json/ssvc_object_registry.json | 7422 +++++++++++++++++ .../schema/current/Decision_Point.schema.json | 2 +- .../current/Decision_Point_Group.schema.json | 2 +- .../schema/current/Decision_Table.schema.json | 1 + .../v1/Decision_Point_Group-1-1-0.schema.json | 60 + .../v2/Decision_Point-2-0-0.schema.json | 117 + .../v2/Decision_Point_Group-2-0-0.schema.json | 162 + ...on_Point_Value_Selection-2-0-0.schema.json | 274 +- .../v2/Decision_Table-2-0-0.schema.json | 215 + .../v2/Ssvc_Object_Registry-2-0-0.schema.json | 197 + docs/howto/acuity_ramp.md | 10 +- docs/howto/bootstrap/use.md | 6 +- docs/reference/code/namespaces.md | 55 - docs/ssvc_overview.md | 18 +- src/ssvc/__init__.py | 13 +- src/ssvc/_mixins.py | 38 +- src/ssvc/csv_analyzer.py | 84 +- src/ssvc/decision_points/base.py | 212 +- .../decision_points/{ssvc => cisa}/in_kev.py | 4 +- src/ssvc/decision_points/cvss/helpers.py | 4 +- src/ssvc/decision_tables/__init__.py | 18 + src/ssvc/decision_tables/base.py | 694 ++ src/ssvc/decision_tables/helpers.py | 60 + src/ssvc/decision_tables/ssvc/__init__.py | 22 + src/ssvc/decision_tables/ssvc/human_impact.py | 88 + src/ssvc/decision_tables/ssvc/supplier_dt.py | 317 + src/ssvc/decision_tables/ssvc/utlity.py | 84 + src/ssvc/doctools.py | 131 +- src/ssvc/dp_groups/base.py | 128 +- src/ssvc/namespaces.py | 1 + src/ssvc/outcomes/basic/__init__.py | 26 + src/ssvc/outcomes/basic/ike.py | 66 + src/ssvc/outcomes/basic/lmh.py | 57 + src/ssvc/outcomes/basic/mscw.py | 65 + src/ssvc/outcomes/basic/value_complexity.py | 68 + src/ssvc/outcomes/basic/yn.py | 56 + src/ssvc/outcomes/x_basic/__init__.py | 20 - src/ssvc/outcomes/x_basic/ike.py | 59 - src/ssvc/outcomes/x_basic/mscw.py | 58 - src/ssvc/outcomes/x_basic/value_complexity.py | 61 - src/ssvc/outcomes/x_basic/yn.py | 49 - src/ssvc/outcomes/x_com_yahooinc/__init__.py | 23 + .../paranoids.py | 34 +- src/ssvc/outcomes/x_community/__init__.py | 17 - src/ssvc/policy_generator.py | 12 +- src/ssvc/registry/__init__.py | 61 + src/ssvc/registry/base.py | 424 + src/ssvc/registry/events.py | 44 + src/ssvc/registry_demo.py | 60 + src/ssvc/selection.py | 43 +- src/ssvc/utils/defaults.py | 16 + src/ssvc/utils/field_specs.py | 10 + src/ssvc/utils/importer.py | 82 + src/ssvc/utils/misc.py | 102 + src/ssvc/utils/patterns.py | 4 +- src/ssvc/utils/toposort.py | 141 + src/test/decision_points/test_cvss_helpers.py | 7 +- src/test/decision_points/test_dp_base.py | 133 +- src/test/decision_points/test_dp_helpers.py | 14 +- src/test/decision_tables/__init__.py | 21 + src/test/decision_tables/test_base.py | 335 + src/test/dp_groups/test_dp_groups.py | 63 +- src/test/outcomes/test_outcomes.py | 4 +- src/test/test_doctools.py | 15 +- src/test/test_mixins.py | 29 + src/test/test_policy_generator.py | 2 +- src/test/test_schema.py | 73 +- src/test/test_selections.py | 64 +- src/test/utils/__init__.py | 33 + src/test/utils/test_toposort.py | 256 + 202 files changed, 13458 insertions(+), 1526 deletions(-) create mode 100644 data/json/decision_points/basic/do_schedule_delegate_delete_1_0_0.json create mode 100644 data/json/decision_points/basic/lowmediumhigh_1_0_0.json create mode 100644 data/json/decision_points/basic/moscow_1_0_0.json create mode 100644 data/json/decision_points/basic/value_complexity_1_0_0.json create mode 100644 data/json/decision_points/basic/yesno_1_0_0.json rename data/json/decision_points/{ssvc => cisa}/in_kev_1_0_0.json (88%) create mode 100644 data/json/decision_points/x_com_yahooinc/theparanoids_1_0_0.json create mode 100644 data/json/decision_tables/ssvc/human_impact_1_0_0.json create mode 100644 data/json/decision_tables/ssvc/supplier_patch_development_priority_1_0_0.json create mode 100644 data/json/decision_tables/ssvc/utility_1_0_0.json create mode 100644 data/json/ssvc_object_registry.json create mode 120000 data/schema/current/Decision_Table.schema.json create mode 100644 data/schema/v1/Decision_Point_Group-1-1-0.schema.json create mode 100644 data/schema/v2/Decision_Point-2-0-0.schema.json create mode 100644 data/schema/v2/Decision_Point_Group-2-0-0.schema.json create mode 100644 data/schema/v2/Decision_Table-2-0-0.schema.json create mode 100644 data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json rename src/ssvc/decision_points/{ssvc => cisa}/in_kev.py (95%) create mode 100644 src/ssvc/decision_tables/__init__.py create mode 100644 src/ssvc/decision_tables/base.py create mode 100644 src/ssvc/decision_tables/helpers.py create mode 100644 src/ssvc/decision_tables/ssvc/__init__.py create mode 100644 src/ssvc/decision_tables/ssvc/human_impact.py create mode 100644 src/ssvc/decision_tables/ssvc/supplier_dt.py create mode 100644 src/ssvc/decision_tables/ssvc/utlity.py create mode 100644 src/ssvc/outcomes/basic/__init__.py create mode 100644 src/ssvc/outcomes/basic/ike.py create mode 100644 src/ssvc/outcomes/basic/lmh.py create mode 100644 src/ssvc/outcomes/basic/mscw.py create mode 100644 src/ssvc/outcomes/basic/value_complexity.py create mode 100644 src/ssvc/outcomes/basic/yn.py delete mode 100644 src/ssvc/outcomes/x_basic/__init__.py delete mode 100644 src/ssvc/outcomes/x_basic/ike.py delete mode 100644 src/ssvc/outcomes/x_basic/mscw.py delete mode 100644 src/ssvc/outcomes/x_basic/value_complexity.py delete mode 100644 src/ssvc/outcomes/x_basic/yn.py create mode 100644 src/ssvc/outcomes/x_com_yahooinc/__init__.py rename src/ssvc/outcomes/{x_community => x_com_yahooinc}/paranoids.py (55%) delete mode 100644 src/ssvc/outcomes/x_community/__init__.py create mode 100644 src/ssvc/registry/__init__.py create mode 100644 src/ssvc/registry/base.py create mode 100644 src/ssvc/registry/events.py create mode 100644 src/ssvc/registry_demo.py create mode 100644 src/ssvc/utils/importer.py create mode 100644 src/ssvc/utils/misc.py create mode 100644 src/ssvc/utils/toposort.py create mode 100644 src/test/decision_tables/__init__.py create mode 100644 src/test/decision_tables/test_base.py create mode 100644 src/test/utils/__init__.py create mode 100644 src/test/utils/test_toposort.py diff --git a/.github/workflows/link_checker.yml b/.github/workflows/link_checker.yml index 9bb6119d..6def2986 100644 --- a/.github/workflows/link_checker.yml +++ b/.github/workflows/link_checker.yml @@ -25,7 +25,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v5 with: - python-version: '3.10' + python-version: '3.12' - name: Install dependencies run: | diff --git a/Makefile b/Makefile index 45f8bb72..e8739c17 100644 --- a/Makefile +++ b/Makefile @@ -16,6 +16,8 @@ test: pytest -v src/test docker_test: + @echo "Building the latest test image..." + pushd $(DOCKER_DIR) && docker-compose build test @echo "Running tests in Docker..." pushd $(DOCKER_DIR) && docker-compose run --rm test diff --git a/data/json/decision_points/basic/do_schedule_delegate_delete_1_0_0.json b/data/json/decision_points/basic/do_schedule_delegate_delete_1_0_0.json new file mode 100644 index 00000000..b3dffaba --- /dev/null +++ b/data/json/decision_points/basic/do_schedule_delegate_delete_1_0_0.json @@ -0,0 +1,30 @@ +{ + "namespace": "basic", + "key": "IKE", + "version": "1.0.0", + "name": "Do, Schedule, Delegate, Delete", + "description": "The Eisenhower outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Delete", + "description": "Delete" + }, + { + "key": "G", + "name": "Delegate", + "description": "Delegate" + }, + { + "key": "S", + "name": "Schedule", + "description": "Schedule" + }, + { + "key": "O", + "name": "Do", + "description": "Do" + } + ] +} diff --git a/data/json/decision_points/basic/lowmediumhigh_1_0_0.json b/data/json/decision_points/basic/lowmediumhigh_1_0_0.json new file mode 100644 index 00000000..8b178ab2 --- /dev/null +++ b/data/json/decision_points/basic/lowmediumhigh_1_0_0.json @@ -0,0 +1,25 @@ +{ + "namespace": "basic", + "key": "LMH", + "version": "1.0.0", + "name": "LowMediumHigh", + "description": "A Low/Medium/High decision point / outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Low" + }, + { + "key": "M", + "name": "Medium", + "description": "Medium" + }, + { + "key": "H", + "name": "High", + "description": "High" + } + ] +} diff --git a/data/json/decision_points/basic/moscow_1_0_0.json b/data/json/decision_points/basic/moscow_1_0_0.json new file mode 100644 index 00000000..7b29da07 --- /dev/null +++ b/data/json/decision_points/basic/moscow_1_0_0.json @@ -0,0 +1,30 @@ +{ + "namespace": "basic", + "key": "MSCW", + "version": "1.0.0", + "name": "MoSCoW", + "description": "The MoSCoW (Must, Should, Could, Won't) outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "W", + "name": "Won't", + "description": "Won't" + }, + { + "key": "C", + "name": "Could", + "description": "Could" + }, + { + "key": "S", + "name": "Should", + "description": "Should" + }, + { + "key": "M", + "name": "Must", + "description": "Must" + } + ] +} diff --git a/data/json/decision_points/basic/value_complexity_1_0_0.json b/data/json/decision_points/basic/value_complexity_1_0_0.json new file mode 100644 index 00000000..d3354f2d --- /dev/null +++ b/data/json/decision_points/basic/value_complexity_1_0_0.json @@ -0,0 +1,30 @@ +{ + "namespace": "basic", + "key": "VALUE_COMPLEXITY", + "version": "1.0.0", + "name": "Value, Complexity", + "description": "The Value/Complexity outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Drop", + "description": "Drop" + }, + { + "key": "R", + "name": "Reconsider Later", + "description": "Reconsider Later" + }, + { + "key": "E", + "name": "Easy Win", + "description": "Easy Win" + }, + { + "key": "F", + "name": "Do First", + "description": "Do First" + } + ] +} diff --git a/data/json/decision_points/basic/yesno_1_0_0.json b/data/json/decision_points/basic/yesno_1_0_0.json new file mode 100644 index 00000000..b376989b --- /dev/null +++ b/data/json/decision_points/basic/yesno_1_0_0.json @@ -0,0 +1,20 @@ +{ + "namespace": "basic", + "key": "YN", + "version": "1.0.0", + "name": "YesNo", + "description": "A Yes/No decision point / outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "No" + }, + { + "key": "Y", + "name": "Yes", + "description": "Yes" + } + ] +} diff --git a/data/json/decision_points/cisa/cisa_levels_1_0_0.json b/data/json/decision_points/cisa/cisa_levels_1_0_0.json index e836c69c..fcbd7061 100644 --- a/data/json/decision_points/cisa/cisa_levels_1_0_0.json +++ b/data/json/decision_points/cisa/cisa_levels_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "CISA Levels", - "description": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", "namespace": "cisa", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "CISA", + "version": "1.0.0", + "name": "CISA Levels", + "description": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", + "schemaVersion": "2.0.0", "values": [ { "key": "T", diff --git a/data/json/decision_points/ssvc/in_kev_1_0_0.json b/data/json/decision_points/cisa/in_kev_1_0_0.json similarity index 88% rename from data/json/decision_points/ssvc/in_kev_1_0_0.json rename to data/json/decision_points/cisa/in_kev_1_0_0.json index cadc960b..dad51ecb 100644 --- a/data/json/decision_points/ssvc/in_kev_1_0_0.json +++ b/data/json/decision_points/cisa/in_kev_1_0_0.json @@ -1,10 +1,10 @@ { + "namespace": "cisa", + "key": "KEV", + "version": "1.0.0", "name": "In KEV", "description": "Denotes whether a vulnerability is in the CISA Known Exploited Vulnerabilities (KEV) list.", - "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", - "key": "KEV", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cisa/mission_prevalence_1_0_0.json b/data/json/decision_points/cisa/mission_prevalence_1_0_0.json index 50a06e4b..c3b8285b 100644 --- a/data/json/decision_points/cisa/mission_prevalence_1_0_0.json +++ b/data/json/decision_points/cisa/mission_prevalence_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Mission Prevalence", - "description": "Prevalence of the mission essential functions", "namespace": "cisa", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "MP", + "version": "1.0.0", + "name": "Mission Prevalence", + "description": "Prevalence of the mission essential functions", + "schemaVersion": "2.0.0", "values": [ { "key": "M", diff --git a/data/json/decision_points/cvss/access_complexity_1_0_0.json b/data/json/decision_points/cvss/access_complexity_1_0_0.json index b07e7595..d890c949 100644 --- a/data/json/decision_points/cvss/access_complexity_1_0_0.json +++ b/data/json/decision_points/cvss/access_complexity_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Access Complexity", - "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "AC", + "version": "1.0.0", + "name": "Access Complexity", + "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/access_complexity_2_0_0.json b/data/json/decision_points/cvss/access_complexity_2_0_0.json index 15fec7b8..8b1e2dfe 100644 --- a/data/json/decision_points/cvss/access_complexity_2_0_0.json +++ b/data/json/decision_points/cvss/access_complexity_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "Access Complexity", - "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", "namespace": "cvss", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "AC", + "version": "2.0.0", + "name": "Access Complexity", + "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/access_vector_1_0_0.json b/data/json/decision_points/cvss/access_vector_1_0_0.json index 55d6d8c6..89c5976a 100644 --- a/data/json/decision_points/cvss/access_vector_1_0_0.json +++ b/data/json/decision_points/cvss/access_vector_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Access Vector", - "description": "This metric measures whether or not the vulnerability is exploitable locally or remotely.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "AV", + "version": "1.0.0", + "name": "Access Vector", + "description": "This metric measures whether or not the vulnerability is exploitable locally or remotely.", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/access_vector_2_0_0.json b/data/json/decision_points/cvss/access_vector_2_0_0.json index 14918e5c..48ec3f7b 100644 --- a/data/json/decision_points/cvss/access_vector_2_0_0.json +++ b/data/json/decision_points/cvss/access_vector_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "Access Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible.", "namespace": "cvss", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "AV", + "version": "2.0.0", + "name": "Access Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible.", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/attack_complexity_3_0_0.json b/data/json/decision_points/cvss/attack_complexity_3_0_0.json index e2ef4655..d4d3a781 100644 --- a/data/json/decision_points/cvss/attack_complexity_3_0_0.json +++ b/data/json/decision_points/cvss/attack_complexity_3_0_0.json @@ -1,10 +1,10 @@ { - "name": "Attack Complexity", - "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "namespace": "cvss", - "version": "3.0.0", - "schemaVersion": "1-0-1", "key": "AC", + "version": "3.0.0", + "name": "Attack Complexity", + "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/attack_complexity_3_0_1.json b/data/json/decision_points/cvss/attack_complexity_3_0_1.json index a3469f1b..a7f795f2 100644 --- a/data/json/decision_points/cvss/attack_complexity_3_0_1.json +++ b/data/json/decision_points/cvss/attack_complexity_3_0_1.json @@ -1,10 +1,10 @@ { - "name": "Attack Complexity", - "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "namespace": "cvss", - "version": "3.0.1", - "schemaVersion": "1-0-1", "key": "AC", + "version": "3.0.1", + "name": "Attack Complexity", + "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/attack_requirements_1_0_0.json b/data/json/decision_points/cvss/attack_requirements_1_0_0.json index eaff05de..3682f723 100644 --- a/data/json/decision_points/cvss/attack_requirements_1_0_0.json +++ b/data/json/decision_points/cvss/attack_requirements_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Attack Requirements", - "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "AT", + "version": "1.0.0", + "name": "Attack Requirements", + "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/attack_vector_3_0_0.json b/data/json/decision_points/cvss/attack_vector_3_0_0.json index 3db17af6..a369277a 100644 --- a/data/json/decision_points/cvss/attack_vector_3_0_0.json +++ b/data/json/decision_points/cvss/attack_vector_3_0_0.json @@ -1,10 +1,10 @@ { - "name": "Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. ", "namespace": "cvss", - "version": "3.0.0", - "schemaVersion": "1-0-1", "key": "AV", + "version": "3.0.0", + "name": "Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. ", + "schemaVersion": "2.0.0", "values": [ { "key": "P", diff --git a/data/json/decision_points/cvss/attack_vector_3_0_1.json b/data/json/decision_points/cvss/attack_vector_3_0_1.json index fe2baea6..c5843891 100644 --- a/data/json/decision_points/cvss/attack_vector_3_0_1.json +++ b/data/json/decision_points/cvss/attack_vector_3_0_1.json @@ -1,10 +1,10 @@ { - "name": "Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", "namespace": "cvss", - "version": "3.0.1", - "schemaVersion": "1-0-1", "key": "AV", + "version": "3.0.1", + "name": "Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", + "schemaVersion": "2.0.0", "values": [ { "key": "P", diff --git a/data/json/decision_points/cvss/authentication_1_0_0.json b/data/json/decision_points/cvss/authentication_1_0_0.json index a2bedd42..2faea2b0 100644 --- a/data/json/decision_points/cvss/authentication_1_0_0.json +++ b/data/json/decision_points/cvss/authentication_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Authentication", - "description": "This metric measures whether or not an attacker needs to be authenticated to the target system in order to exploit the vulnerability.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "Au", + "version": "1.0.0", + "name": "Authentication", + "description": "This metric measures whether or not an attacker needs to be authenticated to the target system in order to exploit the vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/authentication_2_0_0.json b/data/json/decision_points/cvss/authentication_2_0_0.json index f618747f..b95dc185 100644 --- a/data/json/decision_points/cvss/authentication_2_0_0.json +++ b/data/json/decision_points/cvss/authentication_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "Authentication", - "description": "This metric measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability. This metric does not gauge the strength or complexity of the authentication process, only that an attacker is required to provide credentials before an exploit may occur. The possible values for this metric are listed in Table 3. The fewer authentication instances that are required, the higher the vulnerability score.", "namespace": "cvss", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "Au", + "version": "2.0.0", + "name": "Authentication", + "description": "This metric measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability. This metric does not gauge the strength or complexity of the authentication process, only that an attacker is required to provide credentials before an exploit may occur. The possible values for this metric are listed in Table 3. The fewer authentication instances that are required, the higher the vulnerability score.", + "schemaVersion": "2.0.0", "values": [ { "key": "M", diff --git a/data/json/decision_points/cvss/automatable_1_0_0.json b/data/json/decision_points/cvss/automatable_1_0_0.json index 03956092..65751950 100644 --- a/data/json/decision_points/cvss/automatable_1_0_0.json +++ b/data/json/decision_points/cvss/automatable_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Automatable", - "description": "The \"Automatable\" metric captures the answer to the question \"Can an attacker automate exploitation events for this vulnerability across multiple targets?\" based on steps 1-4 of the kill chain.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "AU", + "version": "1.0.0", + "name": "Automatable", + "description": "The \"Automatable\" metric captures the answer to the question \"Can an attacker automate exploitation events for this vulnerability across multiple targets?\" based on steps 1-4 of the kill chain.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/availability_impact_1_0_0.json b/data/json/decision_points/cvss/availability_impact_1_0_0.json index ad667d01..db9dcfce 100644 --- a/data/json/decision_points/cvss/availability_impact_1_0_0.json +++ b/data/json/decision_points/cvss/availability_impact_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Availability Impact", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the target system.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "A", + "version": "1.0.0", + "name": "Availability Impact", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the target system.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/availability_impact_2_0_0.json b/data/json/decision_points/cvss/availability_impact_2_0_0.json index 7fd162ed..2dc9723d 100644 --- a/data/json/decision_points/cvss/availability_impact_2_0_0.json +++ b/data/json/decision_points/cvss/availability_impact_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "Availability Impact", - "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", "namespace": "cvss", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "A", + "version": "2.0.0", + "name": "Availability Impact", + "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/availability_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/availability_impact_to_the_subsequent_system_1_0_0.json index 79369891..4aec18d9 100644 --- a/data/json/decision_points/cvss/availability_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/availability_impact_to_the_subsequent_system_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Availability Impact to the Subsequent System", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "SA", + "version": "1.0.0", + "name": "Availability Impact to the Subsequent System", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/availability_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/availability_impact_to_the_vulnerable_system_3_0_0.json index 4e999e21..e72867d5 100644 --- a/data/json/decision_points/cvss/availability_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/availability_impact_to_the_vulnerable_system_3_0_0.json @@ -1,10 +1,10 @@ { - "name": "Availability Impact to the Vulnerable System", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "namespace": "cvss", - "version": "3.0.0", - "schemaVersion": "1-0-1", "key": "VA", + "version": "3.0.0", + "name": "Availability Impact to the Vulnerable System", + "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/availability_requirement_1_0_0.json b/data/json/decision_points/cvss/availability_requirement_1_0_0.json index 01bd1da6..01e98283 100644 --- a/data/json/decision_points/cvss/availability_requirement_1_0_0.json +++ b/data/json/decision_points/cvss/availability_requirement_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Availability Requirement", - "description": "This metric measures the impact to the availability of a successfully exploited vulnerability.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "AR", + "version": "1.0.0", + "name": "Availability Requirement", + "description": "This metric measures the impact to the availability of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/availability_requirement_1_1_0.json b/data/json/decision_points/cvss/availability_requirement_1_1_0.json index 28045aa0..400a6ee6 100644 --- a/data/json/decision_points/cvss/availability_requirement_1_1_0.json +++ b/data/json/decision_points/cvss/availability_requirement_1_1_0.json @@ -1,10 +1,10 @@ { - "name": "Availability Requirement", - "description": "This metric measures the impact to the availability of a successfully exploited vulnerability.", "namespace": "cvss", - "version": "1.1.0", - "schemaVersion": "1-0-1", "key": "AR", + "version": "1.1.0", + "name": "Availability Requirement", + "description": "This metric measures the impact to the availability of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/availability_requirement_1_1_1.json b/data/json/decision_points/cvss/availability_requirement_1_1_1.json index cb041336..2188b155 100644 --- a/data/json/decision_points/cvss/availability_requirement_1_1_1.json +++ b/data/json/decision_points/cvss/availability_requirement_1_1_1.json @@ -1,10 +1,10 @@ { - "name": "Availability Requirement", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability.", "namespace": "cvss", - "version": "1.1.1", - "schemaVersion": "1-0-1", "key": "AR", + "version": "1.1.1", + "name": "Availability Requirement", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability.", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/collateral_damage_potential_1_0_0.json b/data/json/decision_points/cvss/collateral_damage_potential_1_0_0.json index 19666f0f..0b40ec7a 100644 --- a/data/json/decision_points/cvss/collateral_damage_potential_1_0_0.json +++ b/data/json/decision_points/cvss/collateral_damage_potential_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Collateral Damage Potential", - "description": "This metric measures the potential for a loss in physical equipment, property damage or loss of life or limb.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "CDP", + "version": "1.0.0", + "name": "Collateral Damage Potential", + "description": "This metric measures the potential for a loss in physical equipment, property damage or loss of life or limb.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/collateral_damage_potential_2_0_0.json b/data/json/decision_points/cvss/collateral_damage_potential_2_0_0.json index 00206e66..8b3e106e 100644 --- a/data/json/decision_points/cvss/collateral_damage_potential_2_0_0.json +++ b/data/json/decision_points/cvss/collateral_damage_potential_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "Collateral Damage Potential", - "description": "This metric measures the potential for loss of life or physical assets.", "namespace": "cvss", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "CDP", + "version": "2.0.0", + "name": "Collateral Damage Potential", + "description": "This metric measures the potential for loss of life or physical assets.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/confidentiality_impact_1_0_0.json b/data/json/decision_points/cvss/confidentiality_impact_1_0_0.json index 8f9ad138..5634d799 100644 --- a/data/json/decision_points/cvss/confidentiality_impact_1_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_impact_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Confidentiality Impact", - "description": "This metric measures the impact on confidentiality of a successful exploit of the vulnerability on the target system.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "C", + "version": "1.0.0", + "name": "Confidentiality Impact", + "description": "This metric measures the impact on confidentiality of a successful exploit of the vulnerability on the target system.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/confidentiality_impact_2_0_0.json b/data/json/decision_points/cvss/confidentiality_impact_2_0_0.json index 6f8c6c64..44f31e5a 100644 --- a/data/json/decision_points/cvss/confidentiality_impact_2_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_impact_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "Confidentiality Impact", - "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", "namespace": "cvss", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "C", + "version": "2.0.0", + "name": "Confidentiality Impact", + "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/confidentiality_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/confidentiality_impact_to_the_subsequent_system_1_0_0.json index 1b2041aa..37208528 100644 --- a/data/json/decision_points/cvss/confidentiality_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_impact_to_the_subsequent_system_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "SC", + "version": "1.0.0", + "name": "Confidentiality Impact to the Subsequent System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/confidentiality_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/confidentiality_impact_to_the_vulnerable_system_3_0_0.json index 6fc61ef9..33b141c1 100644 --- a/data/json/decision_points/cvss/confidentiality_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_impact_to_the_vulnerable_system_3_0_0.json @@ -1,10 +1,10 @@ { - "name": "Confidentiality Impact to the Vulnerable System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "namespace": "cvss", - "version": "3.0.0", - "schemaVersion": "1-0-1", "key": "VC", + "version": "3.0.0", + "name": "Confidentiality Impact to the Vulnerable System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/confidentiality_requirement_1_0_0.json b/data/json/decision_points/cvss/confidentiality_requirement_1_0_0.json index 04b9e92d..ad330ec3 100644 --- a/data/json/decision_points/cvss/confidentiality_requirement_1_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_requirement_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Confidentiality Requirement", - "description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "CR", + "version": "1.0.0", + "name": "Confidentiality Requirement", + "description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/confidentiality_requirement_1_1_0.json b/data/json/decision_points/cvss/confidentiality_requirement_1_1_0.json index 87453bab..ab170f65 100644 --- a/data/json/decision_points/cvss/confidentiality_requirement_1_1_0.json +++ b/data/json/decision_points/cvss/confidentiality_requirement_1_1_0.json @@ -1,10 +1,10 @@ { - "name": "Confidentiality Requirement", - "description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", "namespace": "cvss", - "version": "1.1.0", - "schemaVersion": "1-0-1", "key": "CR", + "version": "1.1.0", + "name": "Confidentiality Requirement", + "description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/confidentiality_requirement_1_1_1.json b/data/json/decision_points/cvss/confidentiality_requirement_1_1_1.json index 1c71ed0d..e78267b6 100644 --- a/data/json/decision_points/cvss/confidentiality_requirement_1_1_1.json +++ b/data/json/decision_points/cvss/confidentiality_requirement_1_1_1.json @@ -1,10 +1,10 @@ { - "name": "Confidentiality Requirement", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", "namespace": "cvss", - "version": "1.1.1", - "schemaVersion": "1-0-1", "key": "CR", + "version": "1.1.1", + "name": "Confidentiality Requirement", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/cvss_qualitative_severity_rating_scale_1_0_0.json b/data/json/decision_points/cvss/cvss_qualitative_severity_rating_scale_1_0_0.json index 82135a43..dca56b8b 100644 --- a/data/json/decision_points/cvss/cvss_qualitative_severity_rating_scale_1_0_0.json +++ b/data/json/decision_points/cvss/cvss_qualitative_severity_rating_scale_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "CVSS Qualitative Severity Rating Scale", - "description": "The CVSS Qualitative Severity Rating Scale group.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "CVSS", + "version": "1.0.0", + "name": "CVSS Qualitative Severity Rating Scale", + "description": "The CVSS Qualitative Severity Rating Scale group.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/equivalence_set_1_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_1_1_0_0.json index e4563635..4eefa33a 100644 --- a/data/json/decision_points/cvss/equivalence_set_1_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_1_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Equivalence Set 1", - "description": "AV/PR/UI with 3 levels specified in Table 24", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "EQ1", + "version": "1.0.0", + "name": "Equivalence Set 1", + "description": "AV/PR/UI with 3 levels specified in Table 24", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/equivalence_set_2_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_2_1_0_0.json index db8745ce..ee665375 100644 --- a/data/json/decision_points/cvss/equivalence_set_2_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_2_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Equivalence Set 2", - "description": "AC/AT with 2 levels specified in Table 25", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "EQ2", + "version": "1.0.0", + "name": "Equivalence Set 2", + "description": "AC/AT with 2 levels specified in Table 25", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/equivalence_set_3_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_3_1_0_0.json index 4b1aaf2b..9d224fd9 100644 --- a/data/json/decision_points/cvss/equivalence_set_3_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_3_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Equivalence Set 3", - "description": "VC/VI/VA with 3 levels specified in Table 26", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "EQ3", + "version": "1.0.0", + "name": "Equivalence Set 3", + "description": "VC/VI/VA with 3 levels specified in Table 26", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/equivalence_set_4_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_4_1_0_0.json index d732ec5b..b0daf241 100644 --- a/data/json/decision_points/cvss/equivalence_set_4_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_4_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Equivalence Set 4", - "description": "SC/SI/SA with 3 levels specified in Table 27", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "EQ4", + "version": "1.0.0", + "name": "Equivalence Set 4", + "description": "SC/SI/SA with 3 levels specified in Table 27", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/equivalence_set_5_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_5_1_0_0.json index f79d20a7..f0116db6 100644 --- a/data/json/decision_points/cvss/equivalence_set_5_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_5_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Equivalence Set 5", - "description": "E with 3 levels specified in Table 28", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "EQ5", + "version": "1.0.0", + "name": "Equivalence Set 5", + "description": "E with 3 levels specified in Table 28", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/equivalence_set_6_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_6_1_0_0.json index 631acd7b..a1790231 100644 --- a/data/json/decision_points/cvss/equivalence_set_6_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_6_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Equivalence Set 6", - "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "EQ6", + "version": "1.0.0", + "name": "Equivalence Set 6", + "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/exploit_code_maturity_1_2_0.json b/data/json/decision_points/cvss/exploit_code_maturity_1_2_0.json index a4e59e23..0722a613 100644 --- a/data/json/decision_points/cvss/exploit_code_maturity_1_2_0.json +++ b/data/json/decision_points/cvss/exploit_code_maturity_1_2_0.json @@ -1,10 +1,10 @@ { - "name": "Exploit Code Maturity", - "description": "measures the likelihood of the vulnerability being attacked, and is typically based on the current state of exploit techniques, exploit code availability, or active, 'in-the-wild' exploitation", "namespace": "cvss", - "version": "1.2.0", - "schemaVersion": "1-0-1", "key": "E", + "version": "1.2.0", + "name": "Exploit Code Maturity", + "description": "measures the likelihood of the vulnerability being attacked, and is typically based on the current state of exploit techniques, exploit code availability, or active, 'in-the-wild' exploitation", + "schemaVersion": "2.0.0", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/exploit_maturity_2_0_0.json b/data/json/decision_points/cvss/exploit_maturity_2_0_0.json index 28eeebd3..1c6985a7 100644 --- a/data/json/decision_points/cvss/exploit_maturity_2_0_0.json +++ b/data/json/decision_points/cvss/exploit_maturity_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "Exploit Maturity", - "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation.", "namespace": "cvss", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "E", + "version": "2.0.0", + "name": "Exploit Maturity", + "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation.", + "schemaVersion": "2.0.0", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/exploitability_1_0_0.json b/data/json/decision_points/cvss/exploitability_1_0_0.json index 707f297d..acb0cf98 100644 --- a/data/json/decision_points/cvss/exploitability_1_0_0.json +++ b/data/json/decision_points/cvss/exploitability_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Exploitability", - "description": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "E", + "version": "1.0.0", + "name": "Exploitability", + "description": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", + "schemaVersion": "2.0.0", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/exploitability_1_1_0.json b/data/json/decision_points/cvss/exploitability_1_1_0.json index add3fd28..02685cba 100644 --- a/data/json/decision_points/cvss/exploitability_1_1_0.json +++ b/data/json/decision_points/cvss/exploitability_1_1_0.json @@ -1,10 +1,10 @@ { - "name": "Exploitability", - "description": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", "namespace": "cvss", - "version": "1.1.0", - "schemaVersion": "1-0-1", "key": "E", + "version": "1.1.0", + "name": "Exploitability", + "description": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", + "schemaVersion": "2.0.0", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/impact_bias_1_0_0.json b/data/json/decision_points/cvss/impact_bias_1_0_0.json index fc7316eb..f2a9e366 100644 --- a/data/json/decision_points/cvss/impact_bias_1_0_0.json +++ b/data/json/decision_points/cvss/impact_bias_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Impact Bias", - "description": "This metric measures the impact bias of the vulnerability.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "IB", + "version": "1.0.0", + "name": "Impact Bias", + "description": "This metric measures the impact bias of the vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/integrity_impact_1_0_0.json b/data/json/decision_points/cvss/integrity_impact_1_0_0.json index 5880fcf4..8b380ad7 100644 --- a/data/json/decision_points/cvss/integrity_impact_1_0_0.json +++ b/data/json/decision_points/cvss/integrity_impact_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Integrity Impact", - "description": "This metric measures the impact on integrity a successful exploit of the vulnerability will have on the target system.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "I", + "version": "1.0.0", + "name": "Integrity Impact", + "description": "This metric measures the impact on integrity a successful exploit of the vulnerability will have on the target system.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/integrity_impact_2_0_0.json b/data/json/decision_points/cvss/integrity_impact_2_0_0.json index ecb0fd66..89dc794b 100644 --- a/data/json/decision_points/cvss/integrity_impact_2_0_0.json +++ b/data/json/decision_points/cvss/integrity_impact_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "Integrity Impact", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "namespace": "cvss", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "I", + "version": "2.0.0", + "name": "Integrity Impact", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/integrity_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/integrity_impact_to_the_subsequent_system_1_0_0.json index 80c99790..32c37517 100644 --- a/data/json/decision_points/cvss/integrity_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/integrity_impact_to_the_subsequent_system_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Integrity Impact to the Subsequent System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "SI", + "version": "1.0.0", + "name": "Integrity Impact to the Subsequent System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/integrity_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/integrity_impact_to_the_vulnerable_system_3_0_0.json index 745ee9e1..291d15b8 100644 --- a/data/json/decision_points/cvss/integrity_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/integrity_impact_to_the_vulnerable_system_3_0_0.json @@ -1,10 +1,10 @@ { - "name": "Integrity Impact to the Vulnerable System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "namespace": "cvss", - "version": "3.0.0", - "schemaVersion": "1-0-1", "key": "VI", + "version": "3.0.0", + "name": "Integrity Impact to the Vulnerable System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/integrity_requirement_1_0_0.json b/data/json/decision_points/cvss/integrity_requirement_1_0_0.json index f49d6438..e19b1609 100644 --- a/data/json/decision_points/cvss/integrity_requirement_1_0_0.json +++ b/data/json/decision_points/cvss/integrity_requirement_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Integrity Requirement", - "description": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "IR", + "version": "1.0.0", + "name": "Integrity Requirement", + "description": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/integrity_requirement_1_1_0.json b/data/json/decision_points/cvss/integrity_requirement_1_1_0.json index 7378845f..0eb8f298 100644 --- a/data/json/decision_points/cvss/integrity_requirement_1_1_0.json +++ b/data/json/decision_points/cvss/integrity_requirement_1_1_0.json @@ -1,10 +1,10 @@ { - "name": "Integrity Requirement", - "description": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", "namespace": "cvss", - "version": "1.1.0", - "schemaVersion": "1-0-1", "key": "IR", + "version": "1.1.0", + "name": "Integrity Requirement", + "description": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/integrity_requirement_1_1_1.json b/data/json/decision_points/cvss/integrity_requirement_1_1_1.json index 05fd2858..a09b6123 100644 --- a/data/json/decision_points/cvss/integrity_requirement_1_1_1.json +++ b/data/json/decision_points/cvss/integrity_requirement_1_1_1.json @@ -1,10 +1,10 @@ { - "name": "Integrity Requirement", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", "namespace": "cvss", - "version": "1.1.1", - "schemaVersion": "1-0-1", "key": "IR", + "version": "1.1.1", + "name": "Integrity Requirement", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json b/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json index 6e8df236..08b6e2d3 100644 --- a/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json +++ b/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json @@ -1,10 +1,10 @@ { - "name": "Modified Attack Complexity", - "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "namespace": "cvss", - "version": "3.0.0", - "schemaVersion": "1-0-1", "key": "MAC", + "version": "3.0.0", + "name": "Modified Attack Complexity", + "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json b/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json index a8bee010..126c124f 100644 --- a/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json +++ b/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json @@ -1,10 +1,10 @@ { - "name": "Modified Attack Complexity", - "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "namespace": "cvss", - "version": "3.0.1", - "schemaVersion": "1-0-1", "key": "MAC", + "version": "3.0.1", + "name": "Modified Attack Complexity", + "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json b/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json index 4f446155..8918444c 100644 --- a/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json +++ b/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Modified Attack Requirements", - "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "MAT", + "version": "1.0.0", + "name": "Modified Attack Requirements", + "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_attack_vector_3_0_0.json b/data/json/decision_points/cvss/modified_attack_vector_3_0_0.json index cd8261e7..20797e81 100644 --- a/data/json/decision_points/cvss/modified_attack_vector_3_0_0.json +++ b/data/json/decision_points/cvss/modified_attack_vector_3_0_0.json @@ -1,10 +1,10 @@ { - "name": "Modified Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. ", "namespace": "cvss", - "version": "3.0.0", - "schemaVersion": "1-0-1", "key": "MAV", + "version": "3.0.0", + "name": "Modified Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. ", + "schemaVersion": "2.0.0", "values": [ { "key": "P", diff --git a/data/json/decision_points/cvss/modified_attack_vector_3_0_1.json b/data/json/decision_points/cvss/modified_attack_vector_3_0_1.json index 35995809..b7ffc2cf 100644 --- a/data/json/decision_points/cvss/modified_attack_vector_3_0_1.json +++ b/data/json/decision_points/cvss/modified_attack_vector_3_0_1.json @@ -1,10 +1,10 @@ { - "name": "Modified Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", "namespace": "cvss", - "version": "3.0.1", - "schemaVersion": "1-0-1", "key": "MAV", + "version": "3.0.1", + "name": "Modified Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", + "schemaVersion": "2.0.0", "values": [ { "key": "P", diff --git a/data/json/decision_points/cvss/modified_availability_impact_2_0_0.json b/data/json/decision_points/cvss/modified_availability_impact_2_0_0.json index efea9be1..62dc1ba9 100644 --- a/data/json/decision_points/cvss/modified_availability_impact_2_0_0.json +++ b/data/json/decision_points/cvss/modified_availability_impact_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "Modified Availability Impact", - "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", "namespace": "cvss", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "MA", + "version": "2.0.0", + "name": "Modified Availability Impact", + "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json index 1bd3acd8..69f0c877 100644 --- a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Modified Availability Impact to the Subsequent System", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "MSA", + "version": "1.0.0", + "name": "Modified Availability Impact to the Subsequent System", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_1.json b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_1.json index bed5818f..f50c62e2 100644 --- a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_1.json +++ b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_1.json @@ -1,10 +1,10 @@ { - "name": "Modified Availability Impact to the Subsequent System", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "namespace": "cvss", - "version": "1.0.1", - "schemaVersion": "1-0-1", "key": "MSA", + "version": "1.0.1", + "name": "Modified Availability Impact to the Subsequent System", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_availability_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/modified_availability_impact_to_the_vulnerable_system_3_0_0.json index 689120d5..59d90019 100644 --- a/data/json/decision_points/cvss/modified_availability_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/modified_availability_impact_to_the_vulnerable_system_3_0_0.json @@ -1,10 +1,10 @@ { - "name": "Modified Availability Impact to the Vulnerable System", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "namespace": "cvss", - "version": "3.0.0", - "schemaVersion": "1-0-1", "key": "MVA", + "version": "3.0.0", + "name": "Modified Availability Impact to the Vulnerable System", + "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_confidentiality_impact_2_0_0.json b/data/json/decision_points/cvss/modified_confidentiality_impact_2_0_0.json index ef523bac..b202d8e6 100644 --- a/data/json/decision_points/cvss/modified_confidentiality_impact_2_0_0.json +++ b/data/json/decision_points/cvss/modified_confidentiality_impact_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "Modified Confidentiality Impact", - "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", "namespace": "cvss", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "MC", + "version": "2.0.0", + "name": "Modified Confidentiality Impact", + "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json index ea677a2a..f54dbe39 100644 --- a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Modified Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "MSC", + "version": "1.0.0", + "name": "Modified Confidentiality Impact to the Subsequent System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_1.json b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_1.json index 3e4adaa2..591b0d95 100644 --- a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_1.json +++ b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_1.json @@ -1,10 +1,10 @@ { - "name": "Modified Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "namespace": "cvss", - "version": "1.0.1", - "schemaVersion": "1-0-1", "key": "MSC", + "version": "1.0.1", + "name": "Modified Confidentiality Impact to the Subsequent System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_vulnerable_system_3_0_0.json index b3f09692..85ae8d10 100644 --- a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_vulnerable_system_3_0_0.json @@ -1,10 +1,10 @@ { - "name": "Modified Confidentiality Impact to the Vulnerable System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "namespace": "cvss", - "version": "3.0.0", - "schemaVersion": "1-0-1", "key": "MVC", + "version": "3.0.0", + "name": "Modified Confidentiality Impact to the Vulnerable System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_integrity_impact_2_0_0.json b/data/json/decision_points/cvss/modified_integrity_impact_2_0_0.json index 0e010de0..deef28d3 100644 --- a/data/json/decision_points/cvss/modified_integrity_impact_2_0_0.json +++ b/data/json/decision_points/cvss/modified_integrity_impact_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "Modified Integrity Impact", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "namespace": "cvss", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "MI", + "version": "2.0.0", + "name": "Modified Integrity Impact", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json index 6af70ddc..7f159510 100644 --- a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Modified Integrity Impact to the Subsequent System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "MSI", + "version": "1.0.0", + "name": "Modified Integrity Impact to the Subsequent System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_1.json b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_1.json index 7e0c391a..448c1035 100644 --- a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_1.json +++ b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_1.json @@ -1,10 +1,10 @@ { - "name": "Modified Integrity Impact to the Subsequent System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "namespace": "cvss", - "version": "1.0.1", - "schemaVersion": "1-0-1", "key": "MSI", + "version": "1.0.1", + "name": "Modified Integrity Impact to the Subsequent System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_integrity_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/modified_integrity_impact_to_the_vulnerable_system_3_0_0.json index 76f318a2..4cdf393a 100644 --- a/data/json/decision_points/cvss/modified_integrity_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/modified_integrity_impact_to_the_vulnerable_system_3_0_0.json @@ -1,10 +1,10 @@ { - "name": "Modified Integrity Impact to the Vulnerable System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "namespace": "cvss", - "version": "3.0.0", - "schemaVersion": "1-0-1", "key": "MVI", + "version": "3.0.0", + "name": "Modified Integrity Impact to the Vulnerable System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_privileges_required_1_0_0.json b/data/json/decision_points/cvss/modified_privileges_required_1_0_0.json index 4aa2e7fe..e7242d88 100644 --- a/data/json/decision_points/cvss/modified_privileges_required_1_0_0.json +++ b/data/json/decision_points/cvss/modified_privileges_required_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Modified Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "MPR", + "version": "1.0.0", + "name": "Modified Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "H", diff --git a/data/json/decision_points/cvss/modified_privileges_required_1_0_1.json b/data/json/decision_points/cvss/modified_privileges_required_1_0_1.json index 9edb12a4..8f693d5a 100644 --- a/data/json/decision_points/cvss/modified_privileges_required_1_0_1.json +++ b/data/json/decision_points/cvss/modified_privileges_required_1_0_1.json @@ -1,10 +1,10 @@ { - "name": "Modified Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "namespace": "cvss", - "version": "1.0.1", - "schemaVersion": "1-0-1", "key": "MPR", + "version": "1.0.1", + "name": "Modified Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", + "schemaVersion": "2.0.0", "values": [ { "key": "H", diff --git a/data/json/decision_points/cvss/modified_scope_1_0_0.json b/data/json/decision_points/cvss/modified_scope_1_0_0.json index 7eb01d1c..15685974 100644 --- a/data/json/decision_points/cvss/modified_scope_1_0_0.json +++ b/data/json/decision_points/cvss/modified_scope_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Modified Scope", - "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "MS", + "version": "1.0.0", + "name": "Modified Scope", + "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", + "schemaVersion": "2.0.0", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/modified_user_interaction_1_0_0.json b/data/json/decision_points/cvss/modified_user_interaction_1_0_0.json index dab50cf5..61eaea70 100644 --- a/data/json/decision_points/cvss/modified_user_interaction_1_0_0.json +++ b/data/json/decision_points/cvss/modified_user_interaction_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Modified User Interaction", - "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "MUI", + "version": "1.0.0", + "name": "Modified User Interaction", + "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", + "schemaVersion": "2.0.0", "values": [ { "key": "R", diff --git a/data/json/decision_points/cvss/modified_user_interaction_2_0_0.json b/data/json/decision_points/cvss/modified_user_interaction_2_0_0.json index 2fbfe36b..826233f7 100644 --- a/data/json/decision_points/cvss/modified_user_interaction_2_0_0.json +++ b/data/json/decision_points/cvss/modified_user_interaction_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "Modified User Interaction", - "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "namespace": "cvss", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "MUI", + "version": "2.0.0", + "name": "Modified User Interaction", + "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", + "schemaVersion": "2.0.0", "values": [ { "key": "A", diff --git a/data/json/decision_points/cvss/privileges_required_1_0_0.json b/data/json/decision_points/cvss/privileges_required_1_0_0.json index 0f918c46..a4134d43 100644 --- a/data/json/decision_points/cvss/privileges_required_1_0_0.json +++ b/data/json/decision_points/cvss/privileges_required_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "PR", + "version": "1.0.0", + "name": "Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "H", diff --git a/data/json/decision_points/cvss/privileges_required_1_0_1.json b/data/json/decision_points/cvss/privileges_required_1_0_1.json index 698e4dc3..c74a9b3c 100644 --- a/data/json/decision_points/cvss/privileges_required_1_0_1.json +++ b/data/json/decision_points/cvss/privileges_required_1_0_1.json @@ -1,10 +1,10 @@ { - "name": "Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "namespace": "cvss", - "version": "1.0.1", - "schemaVersion": "1-0-1", "key": "PR", + "version": "1.0.1", + "name": "Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", + "schemaVersion": "2.0.0", "values": [ { "key": "H", diff --git a/data/json/decision_points/cvss/provider_urgency_1_0_0.json b/data/json/decision_points/cvss/provider_urgency_1_0_0.json index 6a319c77..f3db62ce 100644 --- a/data/json/decision_points/cvss/provider_urgency_1_0_0.json +++ b/data/json/decision_points/cvss/provider_urgency_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Provider Urgency", - "description": "Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional \"pass-through\" Supplemental Metric called Provider Urgency is available.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "U", + "version": "1.0.0", + "name": "Provider Urgency", + "description": "Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional \"pass-through\" Supplemental Metric called Provider Urgency is available.", + "schemaVersion": "2.0.0", "values": [ { "key": "X", diff --git a/data/json/decision_points/cvss/recovery_1_0_0.json b/data/json/decision_points/cvss/recovery_1_0_0.json index b8597662..42f1c7c1 100644 --- a/data/json/decision_points/cvss/recovery_1_0_0.json +++ b/data/json/decision_points/cvss/recovery_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Recovery", - "description": "The Recovery metric describes the resilience of a system to recover services, in terms of performance and availability, after an attack has been performed.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "R", + "version": "1.0.0", + "name": "Recovery", + "description": "The Recovery metric describes the resilience of a system to recover services, in terms of performance and availability, after an attack has been performed.", + "schemaVersion": "2.0.0", "values": [ { "key": "X", diff --git a/data/json/decision_points/cvss/remediation_level_1_0_0.json b/data/json/decision_points/cvss/remediation_level_1_0_0.json index cc5a3866..7f440814 100644 --- a/data/json/decision_points/cvss/remediation_level_1_0_0.json +++ b/data/json/decision_points/cvss/remediation_level_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Remediation Level", - "description": "This metric measures the remediation status of a vulnerability.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "RL", + "version": "1.0.0", + "name": "Remediation Level", + "description": "This metric measures the remediation status of a vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "OF", diff --git a/data/json/decision_points/cvss/remediation_level_1_1_0.json b/data/json/decision_points/cvss/remediation_level_1_1_0.json index eda1100a..0b33e7c2 100644 --- a/data/json/decision_points/cvss/remediation_level_1_1_0.json +++ b/data/json/decision_points/cvss/remediation_level_1_1_0.json @@ -1,10 +1,10 @@ { - "name": "Remediation Level", - "description": "This metric measures the remediation status of a vulnerability.", "namespace": "cvss", - "version": "1.1.0", - "schemaVersion": "1-0-1", "key": "RL", + "version": "1.1.0", + "name": "Remediation Level", + "description": "This metric measures the remediation status of a vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "OF", diff --git a/data/json/decision_points/cvss/report_confidence_1_0_0.json b/data/json/decision_points/cvss/report_confidence_1_0_0.json index 0dc24b8b..2d9489bb 100644 --- a/data/json/decision_points/cvss/report_confidence_1_0_0.json +++ b/data/json/decision_points/cvss/report_confidence_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Report Confidence", - "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "RC", + "version": "1.0.0", + "name": "Report Confidence", + "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", + "schemaVersion": "2.0.0", "values": [ { "key": "UC", diff --git a/data/json/decision_points/cvss/report_confidence_1_1_0.json b/data/json/decision_points/cvss/report_confidence_1_1_0.json index c3c2b7aa..ccbd5185 100644 --- a/data/json/decision_points/cvss/report_confidence_1_1_0.json +++ b/data/json/decision_points/cvss/report_confidence_1_1_0.json @@ -1,10 +1,10 @@ { - "name": "Report Confidence", - "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "namespace": "cvss", - "version": "1.1.0", - "schemaVersion": "1-0-1", "key": "RC", + "version": "1.1.0", + "name": "Report Confidence", + "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", + "schemaVersion": "2.0.0", "values": [ { "key": "UC", diff --git a/data/json/decision_points/cvss/report_confidence_2_0_0.json b/data/json/decision_points/cvss/report_confidence_2_0_0.json index cf6cf0ca..2d1a51b8 100644 --- a/data/json/decision_points/cvss/report_confidence_2_0_0.json +++ b/data/json/decision_points/cvss/report_confidence_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "Report Confidence", - "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "namespace": "cvss", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "RC", + "version": "2.0.0", + "name": "Report Confidence", + "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", + "schemaVersion": "2.0.0", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/safety_1_0_0.json b/data/json/decision_points/cvss/safety_1_0_0.json index b1505feb..06ff99ce 100644 --- a/data/json/decision_points/cvss/safety_1_0_0.json +++ b/data/json/decision_points/cvss/safety_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Safety", - "description": "The Safety decision point is a measure of the potential for harm to humans or the environment.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "SF", + "version": "1.0.0", + "name": "Safety", + "description": "The Safety decision point is a measure of the potential for harm to humans or the environment.", + "schemaVersion": "2.0.0", "values": [ { "key": "X", diff --git a/data/json/decision_points/cvss/scope_1_0_0.json b/data/json/decision_points/cvss/scope_1_0_0.json index 0025ac97..f0f8e16b 100644 --- a/data/json/decision_points/cvss/scope_1_0_0.json +++ b/data/json/decision_points/cvss/scope_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Scope", - "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "S", + "version": "1.0.0", + "name": "Scope", + "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", + "schemaVersion": "2.0.0", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/target_distribution_1_0_0.json b/data/json/decision_points/cvss/target_distribution_1_0_0.json index 97b94297..f9c3e3c8 100644 --- a/data/json/decision_points/cvss/target_distribution_1_0_0.json +++ b/data/json/decision_points/cvss/target_distribution_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Target Distribution", - "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "TD", + "version": "1.0.0", + "name": "Target Distribution", + "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/target_distribution_1_1_0.json b/data/json/decision_points/cvss/target_distribution_1_1_0.json index 5e0d93f0..820c76c5 100644 --- a/data/json/decision_points/cvss/target_distribution_1_1_0.json +++ b/data/json/decision_points/cvss/target_distribution_1_1_0.json @@ -1,10 +1,10 @@ { - "name": "Target Distribution", - "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", "namespace": "cvss", - "version": "1.1.0", - "schemaVersion": "1-0-1", "key": "TD", + "version": "1.1.0", + "name": "Target Distribution", + "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/user_interaction_1_0_0.json b/data/json/decision_points/cvss/user_interaction_1_0_0.json index eb4e9bfb..9e99caf3 100644 --- a/data/json/decision_points/cvss/user_interaction_1_0_0.json +++ b/data/json/decision_points/cvss/user_interaction_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "User Interaction", - "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "UI", + "version": "1.0.0", + "name": "User Interaction", + "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", + "schemaVersion": "2.0.0", "values": [ { "key": "R", diff --git a/data/json/decision_points/cvss/user_interaction_2_0_0.json b/data/json/decision_points/cvss/user_interaction_2_0_0.json index 160107aa..fff2dc8b 100644 --- a/data/json/decision_points/cvss/user_interaction_2_0_0.json +++ b/data/json/decision_points/cvss/user_interaction_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "User Interaction", - "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "namespace": "cvss", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "UI", + "version": "2.0.0", + "name": "User Interaction", + "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", + "schemaVersion": "2.0.0", "values": [ { "key": "A", diff --git a/data/json/decision_points/cvss/value_density_1_0_0.json b/data/json/decision_points/cvss/value_density_1_0_0.json index 1ca1a355..6a09e1e2 100644 --- a/data/json/decision_points/cvss/value_density_1_0_0.json +++ b/data/json/decision_points/cvss/value_density_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Value Density", - "description": "Value Density describes the resources that the attacker will gain control over with a single exploitation event. It has two possible values, diffuse and concentrated.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "V", + "version": "1.0.0", + "name": "Value Density", + "description": "Value Density describes the resources that the attacker will gain control over with a single exploitation event. It has two possible values, diffuse and concentrated.", + "schemaVersion": "2.0.0", "values": [ { "key": "X", diff --git a/data/json/decision_points/cvss/vulnerability_response_effort_1_0_0.json b/data/json/decision_points/cvss/vulnerability_response_effort_1_0_0.json index bb334844..12b26541 100644 --- a/data/json/decision_points/cvss/vulnerability_response_effort_1_0_0.json +++ b/data/json/decision_points/cvss/vulnerability_response_effort_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Vulnerability Response Effort", - "description": "The intention of the Vulnerability Response Effort metric is to provide supplemental information on how difficult it is for consumers to provide an initial response to the impact of vulnerabilities for deployed products and services in their infrastructure. The consumer can then take this additional information on effort required into consideration when applying mitigations and/or scheduling remediation.", "namespace": "cvss", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "RE", + "version": "1.0.0", + "name": "Vulnerability Response Effort", + "description": "The intention of the Vulnerability Response Effort metric is to provide supplemental information on how difficult it is for consumers to provide an initial response to the impact of vulnerabilities for deployed products and services in their infrastructure. The consumer can then take this additional information on effort required into consideration when applying mitigations and/or scheduling remediation.", + "schemaVersion": "2.0.0", "values": [ { "key": "X", diff --git a/data/json/decision_points/ssvc/automatable_2_0_0.json b/data/json/decision_points/ssvc/automatable_2_0_0.json index 5a0528d8..874297d0 100644 --- a/data/json/decision_points/ssvc/automatable_2_0_0.json +++ b/data/json/decision_points/ssvc/automatable_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "Automatable", - "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", "namespace": "ssvc", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "A", + "version": "2.0.0", + "name": "Automatable", + "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/ssvc/critical_software_1_0_0.json b/data/json/decision_points/ssvc/critical_software_1_0_0.json index 232c633d..1373b380 100644 --- a/data/json/decision_points/ssvc/critical_software_1_0_0.json +++ b/data/json/decision_points/ssvc/critical_software_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Critical Software", - "description": "Denotes whether a system meets a critical software definition.", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "CS", + "version": "1.0.0", + "name": "Critical Software", + "description": "Denotes whether a system meets a critical software definition.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/ssvc/decline_track_coordinate_1_0_0.json b/data/json/decision_points/ssvc/decline_track_coordinate_1_0_0.json index fc7aae55..87e7fa38 100644 --- a/data/json/decision_points/ssvc/decline_track_coordinate_1_0_0.json +++ b/data/json/decision_points/ssvc/decline_track_coordinate_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Decline, Track, Coordinate", - "description": "The coordinate outcome group.", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "COORDINATE", + "version": "1.0.0", + "name": "Decline, Track, Coordinate", + "description": "The coordinate outcome group.", + "schemaVersion": "2.0.0", "values": [ { "key": "D", diff --git a/data/json/decision_points/ssvc/defer_scheduled_out_of_cycle_immediate_1_0_0.json b/data/json/decision_points/ssvc/defer_scheduled_out_of_cycle_immediate_1_0_0.json index 2474d981..49a60a1f 100644 --- a/data/json/decision_points/ssvc/defer_scheduled_out_of_cycle_immediate_1_0_0.json +++ b/data/json/decision_points/ssvc/defer_scheduled_out_of_cycle_immediate_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Defer, Scheduled, Out-of-Cycle, Immediate", - "description": "The original SSVC outcome group.", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "DSOI", + "version": "1.0.0", + "name": "Defer, Scheduled, Out-of-Cycle, Immediate", + "description": "The original SSVC outcome group.", + "schemaVersion": "2.0.0", "values": [ { "key": "D", diff --git a/data/json/decision_points/ssvc/exploitation_1_0_0.json b/data/json/decision_points/ssvc/exploitation_1_0_0.json index d1cf71b2..3fd20507 100644 --- a/data/json/decision_points/ssvc/exploitation_1_0_0.json +++ b/data/json/decision_points/ssvc/exploitation_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "E", + "version": "1.0.0", + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/ssvc/exploitation_1_1_0.json b/data/json/decision_points/ssvc/exploitation_1_1_0.json index e54d2ace..dbd8670f 100644 --- a/data/json/decision_points/ssvc/exploitation_1_1_0.json +++ b/data/json/decision_points/ssvc/exploitation_1_1_0.json @@ -1,10 +1,10 @@ { - "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", "namespace": "ssvc", - "version": "1.1.0", - "schemaVersion": "1-0-1", "key": "E", + "version": "1.1.0", + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/ssvc/high_value_asset_1_0_0.json b/data/json/decision_points/ssvc/high_value_asset_1_0_0.json index a0e94922..610e3006 100644 --- a/data/json/decision_points/ssvc/high_value_asset_1_0_0.json +++ b/data/json/decision_points/ssvc/high_value_asset_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "High Value Asset", - "description": "Denotes whether a system meets a high value asset definition.", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "HVA", + "version": "1.0.0", + "name": "High Value Asset", + "description": "Denotes whether a system meets a high value asset definition.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/ssvc/human_impact_2_0_0.json b/data/json/decision_points/ssvc/human_impact_2_0_0.json index 80af1b78..10f837dc 100644 --- a/data/json/decision_points/ssvc/human_impact_2_0_0.json +++ b/data/json/decision_points/ssvc/human_impact_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", "namespace": "ssvc", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "HI", + "version": "2.0.0", + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/ssvc/human_impact_2_0_1.json b/data/json/decision_points/ssvc/human_impact_2_0_1.json index 3942e93a..80224c2f 100644 --- a/data/json/decision_points/ssvc/human_impact_2_0_1.json +++ b/data/json/decision_points/ssvc/human_impact_2_0_1.json @@ -1,10 +1,10 @@ { - "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", "namespace": "ssvc", - "version": "2.0.1", - "schemaVersion": "1-0-1", "key": "HI", + "version": "2.0.1", + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/ssvc/mission_and_well_being_impact_1_0_0.json b/data/json/decision_points/ssvc/mission_and_well_being_impact_1_0_0.json index 95de41e6..ec9a3b92 100644 --- a/data/json/decision_points/ssvc/mission_and_well_being_impact_1_0_0.json +++ b/data/json/decision_points/ssvc/mission_and_well_being_impact_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Mission and Well-Being Impact", - "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "MWI", + "version": "1.0.0", + "name": "Mission and Well-Being Impact", + "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/ssvc/mission_impact_1_0_0.json b/data/json/decision_points/ssvc/mission_impact_1_0_0.json index ac6b2915..3d5b93d5 100644 --- a/data/json/decision_points/ssvc/mission_impact_1_0_0.json +++ b/data/json/decision_points/ssvc/mission_impact_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Mission Impact", - "description": "Impact on Mission Essential Functions of the Organization", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "MI", + "version": "1.0.0", + "name": "Mission Impact", + "description": "Impact on Mission Essential Functions of the Organization", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/ssvc/mission_impact_2_0_0.json b/data/json/decision_points/ssvc/mission_impact_2_0_0.json index b0a3fc77..527b8201 100644 --- a/data/json/decision_points/ssvc/mission_impact_2_0_0.json +++ b/data/json/decision_points/ssvc/mission_impact_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "Mission Impact", - "description": "Impact on Mission Essential Functions of the Organization", "namespace": "ssvc", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "MI", + "version": "2.0.0", + "name": "Mission Impact", + "description": "Impact on Mission Essential Functions of the Organization", + "schemaVersion": "2.0.0", "values": [ { "key": "D", diff --git a/data/json/decision_points/ssvc/public_safety_impact_2_0_0.json b/data/json/decision_points/ssvc/public_safety_impact_2_0_0.json index 74b06423..6730bfdf 100644 --- a/data/json/decision_points/ssvc/public_safety_impact_2_0_0.json +++ b/data/json/decision_points/ssvc/public_safety_impact_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", "namespace": "ssvc", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "PSI", + "version": "2.0.0", + "name": "Public Safety Impact", + "description": "A coarse-grained representation of impact to public safety.", + "schemaVersion": "2.0.0", "values": [ { "key": "M", diff --git a/data/json/decision_points/ssvc/public_safety_impact_2_0_1.json b/data/json/decision_points/ssvc/public_safety_impact_2_0_1.json index 7c60c4ef..729bed14 100644 --- a/data/json/decision_points/ssvc/public_safety_impact_2_0_1.json +++ b/data/json/decision_points/ssvc/public_safety_impact_2_0_1.json @@ -1,10 +1,10 @@ { - "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", "namespace": "ssvc", - "version": "2.0.1", - "schemaVersion": "1-0-1", "key": "PSI", + "version": "2.0.1", + "name": "Public Safety Impact", + "description": "A coarse-grained representation of impact to public safety.", + "schemaVersion": "2.0.0", "values": [ { "key": "M", diff --git a/data/json/decision_points/ssvc/public_value_added_1_0_0.json b/data/json/decision_points/ssvc/public_value_added_1_0_0.json index ae508569..c1f2f7b7 100644 --- a/data/json/decision_points/ssvc/public_value_added_1_0_0.json +++ b/data/json/decision_points/ssvc/public_value_added_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Public Value Added", - "description": "How much value would a publication from the coordinator benefit the broader community?", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "PVA", + "version": "1.0.0", + "name": "Public Value Added", + "description": "How much value would a publication from the coordinator benefit the broader community?", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/ssvc/public_well_being_impact_1_0_0.json b/data/json/decision_points/ssvc/public_well_being_impact_1_0_0.json index 7994e948..2d1adc9c 100644 --- a/data/json/decision_points/ssvc/public_well_being_impact_1_0_0.json +++ b/data/json/decision_points/ssvc/public_well_being_impact_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Public Well-Being Impact", - "description": "A coarse-grained representation of impact to public well-being.", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "PWI", + "version": "1.0.0", + "name": "Public Well-Being Impact", + "description": "A coarse-grained representation of impact to public well-being.", + "schemaVersion": "2.0.0", "values": [ { "key": "M", diff --git a/data/json/decision_points/ssvc/publish_do_not_publish_1_0_0.json b/data/json/decision_points/ssvc/publish_do_not_publish_1_0_0.json index aa5d01fc..641c55d2 100644 --- a/data/json/decision_points/ssvc/publish_do_not_publish_1_0_0.json +++ b/data/json/decision_points/ssvc/publish_do_not_publish_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Publish, Do Not Publish", - "description": "The publish outcome group.", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "PUBLISH", + "version": "1.0.0", + "name": "Publish, Do Not Publish", + "description": "The publish outcome group.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/ssvc/report_credibility_1_0_0.json b/data/json/decision_points/ssvc/report_credibility_1_0_0.json index 8cf756bd..bb45bb12 100644 --- a/data/json/decision_points/ssvc/report_credibility_1_0_0.json +++ b/data/json/decision_points/ssvc/report_credibility_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Report Credibility", - "description": "Is the report credible?", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "RC", + "version": "1.0.0", + "name": "Report Credibility", + "description": "Is the report credible?", + "schemaVersion": "2.0.0", "values": [ { "key": "NC", diff --git a/data/json/decision_points/ssvc/report_public_1_0_0.json b/data/json/decision_points/ssvc/report_public_1_0_0.json index 5c4d19d8..c6c8b699 100644 --- a/data/json/decision_points/ssvc/report_public_1_0_0.json +++ b/data/json/decision_points/ssvc/report_public_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Report Public", - "description": "Is a viable report of the details of the vulnerability already publicly available?", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "RP", + "version": "1.0.0", + "name": "Report Public", + "description": "Is a viable report of the details of the vulnerability already publicly available?", + "schemaVersion": "2.0.0", "values": [ { "key": "Y", diff --git a/data/json/decision_points/ssvc/safety_impact_1_0_0.json b/data/json/decision_points/ssvc/safety_impact_1_0_0.json index fe240916..a9d923cb 100644 --- a/data/json/decision_points/ssvc/safety_impact_1_0_0.json +++ b/data/json/decision_points/ssvc/safety_impact_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Safety Impact", - "description": "The safety impact of the vulnerability.", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "SI", + "version": "1.0.0", + "name": "Safety Impact", + "description": "The safety impact of the vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/ssvc/safety_impact_2_0_0.json b/data/json/decision_points/ssvc/safety_impact_2_0_0.json index 4f839fb8..073067a3 100644 --- a/data/json/decision_points/ssvc/safety_impact_2_0_0.json +++ b/data/json/decision_points/ssvc/safety_impact_2_0_0.json @@ -1,10 +1,10 @@ { - "name": "Safety Impact", - "description": "The safety impact of the vulnerability. (based on IEC 61508)", "namespace": "ssvc", - "version": "2.0.0", - "schemaVersion": "1-0-1", "key": "SI", + "version": "2.0.0", + "name": "Safety Impact", + "description": "The safety impact of the vulnerability. (based on IEC 61508)", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/ssvc/supplier_cardinality_1_0_0.json b/data/json/decision_points/ssvc/supplier_cardinality_1_0_0.json index ec1df5a8..c291caf8 100644 --- a/data/json/decision_points/ssvc/supplier_cardinality_1_0_0.json +++ b/data/json/decision_points/ssvc/supplier_cardinality_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Supplier Cardinality", - "description": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "SC", + "version": "1.0.0", + "name": "Supplier Cardinality", + "description": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", + "schemaVersion": "2.0.0", "values": [ { "key": "O", diff --git a/data/json/decision_points/ssvc/supplier_contacted_1_0_0.json b/data/json/decision_points/ssvc/supplier_contacted_1_0_0.json index ee1cfb50..dbd2cdc5 100644 --- a/data/json/decision_points/ssvc/supplier_contacted_1_0_0.json +++ b/data/json/decision_points/ssvc/supplier_contacted_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Supplier Contacted", - "description": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "SCON", + "version": "1.0.0", + "name": "Supplier Contacted", + "description": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", + "schemaVersion": "2.0.0", "values": [ { "key": "N", diff --git a/data/json/decision_points/ssvc/supplier_engagement_1_0_0.json b/data/json/decision_points/ssvc/supplier_engagement_1_0_0.json index d9f704b0..5142fcb9 100644 --- a/data/json/decision_points/ssvc/supplier_engagement_1_0_0.json +++ b/data/json/decision_points/ssvc/supplier_engagement_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Supplier Engagement", - "description": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "SE", + "version": "1.0.0", + "name": "Supplier Engagement", + "description": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", + "schemaVersion": "2.0.0", "values": [ { "key": "A", diff --git a/data/json/decision_points/ssvc/supplier_involvement_1_0_0.json b/data/json/decision_points/ssvc/supplier_involvement_1_0_0.json index b1e48b02..cee58610 100644 --- a/data/json/decision_points/ssvc/supplier_involvement_1_0_0.json +++ b/data/json/decision_points/ssvc/supplier_involvement_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Supplier Involvement", - "description": "What is the state of the supplier’s work on addressing the vulnerability?", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "SINV", + "version": "1.0.0", + "name": "Supplier Involvement", + "description": "What is the state of the supplier’s work on addressing the vulnerability?", + "schemaVersion": "2.0.0", "values": [ { "key": "FR", diff --git a/data/json/decision_points/ssvc/system_exposure_1_0_0.json b/data/json/decision_points/ssvc/system_exposure_1_0_0.json index c72411b5..089fa443 100644 --- a/data/json/decision_points/ssvc/system_exposure_1_0_0.json +++ b/data/json/decision_points/ssvc/system_exposure_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "System Exposure", - "description": "The Accessible Attack Surface of the Affected System or Service", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "EXP", + "version": "1.0.0", + "name": "System Exposure", + "description": "The Accessible Attack Surface of the Affected System or Service", + "schemaVersion": "2.0.0", "values": [ { "key": "S", diff --git a/data/json/decision_points/ssvc/system_exposure_1_0_1.json b/data/json/decision_points/ssvc/system_exposure_1_0_1.json index 4babf60e..23095082 100644 --- a/data/json/decision_points/ssvc/system_exposure_1_0_1.json +++ b/data/json/decision_points/ssvc/system_exposure_1_0_1.json @@ -1,10 +1,10 @@ { - "name": "System Exposure", - "description": "The Accessible Attack Surface of the Affected System or Service", "namespace": "ssvc", - "version": "1.0.1", - "schemaVersion": "1-0-1", "key": "EXP", + "version": "1.0.1", + "name": "System Exposure", + "description": "The Accessible Attack Surface of the Affected System or Service", + "schemaVersion": "2.0.0", "values": [ { "key": "S", diff --git a/data/json/decision_points/ssvc/technical_impact_1_0_0.json b/data/json/decision_points/ssvc/technical_impact_1_0_0.json index 92ecdb4e..a23475e4 100644 --- a/data/json/decision_points/ssvc/technical_impact_1_0_0.json +++ b/data/json/decision_points/ssvc/technical_impact_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Technical Impact", - "description": "The technical impact of the vulnerability.", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "TI", + "version": "1.0.0", + "name": "Technical Impact", + "description": "The technical impact of the vulnerability.", + "schemaVersion": "2.0.0", "values": [ { "key": "P", diff --git a/data/json/decision_points/ssvc/utility_1_0_0.json b/data/json/decision_points/ssvc/utility_1_0_0.json index 71d0ca5f..463c772e 100644 --- a/data/json/decision_points/ssvc/utility_1_0_0.json +++ b/data/json/decision_points/ssvc/utility_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "U", + "version": "1.0.0", + "name": "Utility", + "description": "The Usefulness of the Exploit to the Adversary", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/ssvc/utility_1_0_1.json b/data/json/decision_points/ssvc/utility_1_0_1.json index 5c22b7fe..4e2e50d4 100644 --- a/data/json/decision_points/ssvc/utility_1_0_1.json +++ b/data/json/decision_points/ssvc/utility_1_0_1.json @@ -1,10 +1,10 @@ { - "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", "namespace": "ssvc", - "version": "1.0.1", - "schemaVersion": "1-0-1", "key": "U", + "version": "1.0.1", + "name": "Utility", + "description": "The Usefulness of the Exploit to the Adversary", + "schemaVersion": "2.0.0", "values": [ { "key": "L", diff --git a/data/json/decision_points/ssvc/value_density_1_0_0.json b/data/json/decision_points/ssvc/value_density_1_0_0.json index 4658a012..263f4087 100644 --- a/data/json/decision_points/ssvc/value_density_1_0_0.json +++ b/data/json/decision_points/ssvc/value_density_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Value Density", - "description": "The concentration of value in the target", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "VD", + "version": "1.0.0", + "name": "Value Density", + "description": "The concentration of value in the target", + "schemaVersion": "2.0.0", "values": [ { "key": "D", diff --git a/data/json/decision_points/ssvc/virulence_1_0_0.json b/data/json/decision_points/ssvc/virulence_1_0_0.json index b08d9539..37571357 100644 --- a/data/json/decision_points/ssvc/virulence_1_0_0.json +++ b/data/json/decision_points/ssvc/virulence_1_0_0.json @@ -1,10 +1,10 @@ { - "name": "Virulence", - "description": "The speed at which the vulnerability can be exploited.", "namespace": "ssvc", - "version": "1.0.0", - "schemaVersion": "1-0-1", "key": "V", + "version": "1.0.0", + "name": "Virulence", + "description": "The speed at which the vulnerability can be exploited.", + "schemaVersion": "2.0.0", "values": [ { "key": "S", diff --git a/data/json/decision_points/x_com_yahooinc/theparanoids_1_0_0.json b/data/json/decision_points/x_com_yahooinc/theparanoids_1_0_0.json new file mode 100644 index 00000000..4bb333e5 --- /dev/null +++ b/data/json/decision_points/x_com_yahooinc/theparanoids_1_0_0.json @@ -0,0 +1,40 @@ +{ + "namespace": "x_com.yahooinc", + "key": "PARANOIDS", + "version": "1.0.0", + "name": "theParanoids", + "description": "PrioritizedRiskRemediation outcome group based on TheParanoids.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "5", + "name": "Track 5", + "description": "Track" + }, + { + "key": "4", + "name": "Track Closely 4", + "description": "Track Closely" + }, + { + "key": "3", + "name": "Attend 3", + "description": "Attend" + }, + { + "key": "2", + "name": "Attend 2", + "description": "Attend" + }, + { + "key": "1", + "name": "Act 1", + "description": "Act" + }, + { + "key": "0", + "name": "Act ASAP 0", + "description": "Act ASAP" + } + ] +} diff --git a/data/json/decision_tables/ssvc/human_impact_1_0_0.json b/data/json/decision_tables/ssvc/human_impact_1_0_0.json new file mode 100644 index 00000000..ea714a23 --- /dev/null +++ b/data/json/decision_tables/ssvc/human_impact_1_0_0.json @@ -0,0 +1,208 @@ +{ + "namespace": "ssvc", + "key": "DT_HI", + "version": "1.0.0", + "name": "Human Impact", + "description": "Human Impact decision table for SSVC", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:SI:1.0.0": { + "namespace": "ssvc", + "key": "SI", + "version": "1.0.0", + "name": "Safety Impact", + "description": "The safety impact of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "The effect is below the threshold for all aspects described in Minor." + }, + { + "key": "M", + "name": "Minor", + "description": "Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + }, + { + "key": "J", + "name": "Major", + "description": "Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + }, + { + "key": "H", + "name": "Hazardous", + "description": "Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A." + }, + { + "key": "C", + "name": "Catastrophic", + "description": "Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A." + } + ] + }, + "ssvc:MI:2.0.0": { + "namespace": "ssvc", + "key": "MI", + "version": "2.0.0", + "name": "Mission Impact", + "description": "Impact on Mission Essential Functions of the Organization", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Degraded", + "description": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" + }, + { + "key": "MSC", + "name": "MEF Support Crippled", + "description": "Activities that directly support essential functions are crippled; essential functions continue for a time" + }, + { + "key": "MEF", + "name": "MEF Failure", + "description": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + }, + { + "key": "MF", + "name": "Mission Failure", + "description": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + } + ] + }, + "ssvc:HI:2.0.1": { + "namespace": "ssvc", + "key": "HI", + "version": "2.0.1", + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + }, + { + "key": "M", + "name": "Medium", + "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + }, + { + "key": "H", + "name": "High", + "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + { + "key": "VH", + "name": "Very High", + "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + } + ] + } + }, + "outcome": "ssvc:HI:2.0.1", + "mapping": [ + { + "ssvc:SI:1.0.0": "N", + "ssvc:MI:2.0.0": "D", + "ssvc:HI:2.0.1": "L" + }, + { + "ssvc:SI:1.0.0": "N", + "ssvc:MI:2.0.0": "MSC", + "ssvc:HI:2.0.1": "L" + }, + { + "ssvc:SI:1.0.0": "N", + "ssvc:MI:2.0.0": "MEF", + "ssvc:HI:2.0.1": "M" + }, + { + "ssvc:SI:1.0.0": "N", + "ssvc:MI:2.0.0": "MF", + "ssvc:HI:2.0.1": "VH" + }, + { + "ssvc:SI:1.0.0": "M", + "ssvc:MI:2.0.0": "D", + "ssvc:HI:2.0.1": "L" + }, + { + "ssvc:SI:1.0.0": "M", + "ssvc:MI:2.0.0": "MSC", + "ssvc:HI:2.0.1": "L" + }, + { + "ssvc:SI:1.0.0": "M", + "ssvc:MI:2.0.0": "MEF", + "ssvc:HI:2.0.1": "M" + }, + { + "ssvc:SI:1.0.0": "M", + "ssvc:MI:2.0.0": "MF", + "ssvc:HI:2.0.1": "VH" + }, + { + "ssvc:SI:1.0.0": "J", + "ssvc:MI:2.0.0": "D", + "ssvc:HI:2.0.1": "M" + }, + { + "ssvc:SI:1.0.0": "J", + "ssvc:MI:2.0.0": "MSC", + "ssvc:HI:2.0.1": "M" + }, + { + "ssvc:SI:1.0.0": "J", + "ssvc:MI:2.0.0": "MEF", + "ssvc:HI:2.0.1": "H" + }, + { + "ssvc:SI:1.0.0": "J", + "ssvc:MI:2.0.0": "MF", + "ssvc:HI:2.0.1": "VH" + }, + { + "ssvc:SI:1.0.0": "H", + "ssvc:MI:2.0.0": "D", + "ssvc:HI:2.0.1": "H" + }, + { + "ssvc:SI:1.0.0": "H", + "ssvc:MI:2.0.0": "MSC", + "ssvc:HI:2.0.1": "H" + }, + { + "ssvc:SI:1.0.0": "H", + "ssvc:MI:2.0.0": "MEF", + "ssvc:HI:2.0.1": "H" + }, + { + "ssvc:SI:1.0.0": "H", + "ssvc:MI:2.0.0": "MF", + "ssvc:HI:2.0.1": "VH" + }, + { + "ssvc:SI:1.0.0": "C", + "ssvc:MI:2.0.0": "D", + "ssvc:HI:2.0.1": "VH" + }, + { + "ssvc:SI:1.0.0": "C", + "ssvc:MI:2.0.0": "MSC", + "ssvc:HI:2.0.1": "VH" + }, + { + "ssvc:SI:1.0.0": "C", + "ssvc:MI:2.0.0": "MEF", + "ssvc:HI:2.0.1": "VH" + }, + { + "ssvc:SI:1.0.0": "C", + "ssvc:MI:2.0.0": "MF", + "ssvc:HI:2.0.1": "VH" + } + ] +} diff --git a/data/json/decision_tables/ssvc/supplier_patch_development_priority_1_0_0.json b/data/json/decision_tables/ssvc/supplier_patch_development_priority_1_0_0.json new file mode 100644 index 00000000..97355890 --- /dev/null +++ b/data/json/decision_tables/ssvc/supplier_patch_development_priority_1_0_0.json @@ -0,0 +1,385 @@ +{ + "namespace": "ssvc", + "key": "DT_SP", + "version": "1.0.0", + "name": "Supplier Patch Development Priority", + "description": "Decision table for evaluating supplier patch development priority in SSVC", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:E:1.1.0": { + "namespace": "ssvc", + "key": "E", + "version": "1.1.0", + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + }, + { + "key": "P", + "name": "Public PoC", + "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + }, + { + "key": "A", + "name": "Active", + "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + } + ] + }, + "ssvc:U:1.0.1": { + "namespace": "ssvc", + "key": "U", + "version": "1.0.1", + "name": "Utility", + "description": "The Usefulness of the Exploit to the Adversary", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Laborious", + "description": "Automatable:No AND Value Density:Diffuse" + }, + { + "key": "E", + "name": "Efficient", + "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + }, + { + "key": "S", + "name": "Super Effective", + "description": "Automatable:Yes AND Value Density:Concentrated" + } + ] + }, + "ssvc:TI:1.0.0": { + "namespace": "ssvc", + "key": "TI", + "version": "1.0.0", + "name": "Technical Impact", + "description": "The technical impact of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "P", + "name": "Partial", + "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." + }, + { + "key": "T", + "name": "Total", + "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." + } + ] + }, + "ssvc:PSI:2.0.1": { + "namespace": "ssvc", + "key": "PSI", + "version": "2.0.1", + "name": "Public Safety Impact", + "description": "A coarse-grained representation of impact to public safety.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "M", + "name": "Minimal", + "description": "Safety Impact:Negligible" + }, + { + "key": "S", + "name": "Significant", + "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + } + ] + }, + "ssvc:DSOI:1.0.0": { + "namespace": "ssvc", + "key": "DSOI", + "version": "1.0.0", + "name": "Defer, Scheduled, Out-of-Cycle, Immediate", + "description": "The original SSVC outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Defer", + "description": "Defer" + }, + { + "key": "S", + "name": "Scheduled", + "description": "Scheduled" + }, + { + "key": "O", + "name": "Out-of-Cycle", + "description": "Out-of-Cycle" + }, + { + "key": "I", + "name": "Immediate", + "description": "Immediate" + } + ] + } + }, + "outcome": "ssvc:DSOI:1.0.0", + "mapping": [ + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + } + ] +} diff --git a/data/json/decision_tables/ssvc/utility_1_0_0.json b/data/json/decision_tables/ssvc/utility_1_0_0.json new file mode 100644 index 00000000..30602fa0 --- /dev/null +++ b/data/json/decision_tables/ssvc/utility_1_0_0.json @@ -0,0 +1,98 @@ +{ + "namespace": "ssvc", + "key": "DT_U", + "version": "1.0.0", + "name": "Utility", + "description": "Utility decision table for SSVC", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:A:2.0.0": { + "namespace": "ssvc", + "key": "A", + "version": "2.0.0", + "name": "Automatable", + "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + }, + { + "key": "Y", + "name": "Yes", + "description": "Attackers can reliably automate steps 1-4 of the kill chain." + } + ] + }, + "ssvc:VD:1.0.0": { + "namespace": "ssvc", + "key": "VD", + "version": "1.0.0", + "name": "Value Density", + "description": "The concentration of value in the target", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Diffuse", + "description": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." + }, + { + "key": "C", + "name": "Concentrated", + "description": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." + } + ] + }, + "ssvc:U:1.0.1": { + "namespace": "ssvc", + "key": "U", + "version": "1.0.1", + "name": "Utility", + "description": "The Usefulness of the Exploit to the Adversary", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Laborious", + "description": "Automatable:No AND Value Density:Diffuse" + }, + { + "key": "E", + "name": "Efficient", + "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + }, + { + "key": "S", + "name": "Super Effective", + "description": "Automatable:Yes AND Value Density:Concentrated" + } + ] + } + }, + "outcome": "ssvc:U:1.0.1", + "mapping": [ + { + "ssvc:A:2.0.0": "N", + "ssvc:VD:1.0.0": "D", + "ssvc:U:1.0.1": "L" + }, + { + "ssvc:A:2.0.0": "N", + "ssvc:VD:1.0.0": "C", + "ssvc:U:1.0.1": "E" + }, + { + "ssvc:A:2.0.0": "Y", + "ssvc:VD:1.0.0": "D", + "ssvc:U:1.0.1": "E" + }, + { + "ssvc:A:2.0.0": "Y", + "ssvc:VD:1.0.0": "C", + "ssvc:U:1.0.1": "S" + } + ] +} diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json new file mode 100644 index 00000000..b77299c3 --- /dev/null +++ b/data/json/ssvc_object_registry.json @@ -0,0 +1,7422 @@ +{ + "name": "SSVC Object Registry", + "description": "A registry for SSVC objects organized by type, namespace, key, and version.", + "schemaVersion": "2.0.0", + "types": { + "DecisionPoint": { + "type": "DecisionPoint", + "namespaces": { + "cisa": { + "namespace": "cisa", + "keys": { + "KEV": { + "key": "KEV", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cisa", + "key": "KEV", + "version": "1.0.0", + "name": "In KEV", + "description": "Denotes whether a vulnerability is in the CISA Known Exploited Vulnerabilities (KEV) list.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "Vulnerability is not listed in KEV." + }, + { + "key": "Y", + "name": "Yes", + "description": "Vulnerability is listed in KEV." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "No", + "description": "Vulnerability is not listed in KEV." + }, + "Y": { + "key": "Y", + "name": "Yes", + "description": "Vulnerability is listed in KEV." + } + } + } + } + }, + "MP": { + "key": "MP", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cisa", + "key": "MP", + "version": "1.0.0", + "name": "Mission Prevalence", + "description": "Prevalence of the mission essential functions", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "M", + "name": "Minimal", + "description": "Neither Support nor Essential apply. The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions." + }, + { + "key": "S", + "name": "Support", + "description": "The vulnerable component only supports MEFs for two or more entities." + }, + { + "key": "E", + "name": "Essential", + "description": "The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure." + } + ] + }, + "values": { + "M": { + "key": "M", + "name": "Minimal", + "description": "Neither Support nor Essential apply. The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions." + }, + "S": { + "key": "S", + "name": "Support", + "description": "The vulnerable component only supports MEFs for two or more entities." + }, + "E": { + "key": "E", + "name": "Essential", + "description": "The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure." + } + } + } + } + }, + "CISA": { + "key": "CISA", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cisa", + "key": "CISA", + "version": "1.0.0", + "name": "CISA Levels", + "description": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "T", + "name": "Track", + "description": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." + }, + { + "key": "T*", + "name": "Track*", + "description": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." + }, + { + "key": "A", + "name": "Attend", + "description": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." + }, + { + "key": "A", + "name": "Act", + "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." + } + ] + }, + "values": { + "T": { + "key": "T", + "name": "Track", + "description": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." + }, + "T*": { + "key": "T*", + "name": "Track*", + "description": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." + }, + "A": { + "key": "A", + "name": "Act", + "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." + } + } + } + } + } + } + }, + "cvss": { + "namespace": "cvss", + "keys": { + "AC": { + "key": "AC", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "AC", + "version": "1.0.0", + "name": "Access Complexity", + "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable." + }, + { + "key": "H", + "name": "High", + "description": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)" + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable." + }, + "H": { + "key": "H", + "name": "High", + "description": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)" + } + } + }, + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "AC", + "version": "2.0.0", + "name": "Access Complexity", + "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Specialized access conditions or extenuating circumstances do not exist." + }, + { + "key": "M", + "name": "Medium", + "description": "The access conditions are somewhat specialized." + }, + { + "key": "H", + "name": "High", + "description": "Specialized access conditions exist." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Specialized access conditions or extenuating circumstances do not exist." + }, + "M": { + "key": "M", + "name": "Medium", + "description": "The access conditions are somewhat specialized." + }, + "H": { + "key": "H", + "name": "High", + "description": "Specialized access conditions exist." + } + } + }, + "3.0.0": { + "version": "3.0.0", + "obj": { + "namespace": "cvss", + "key": "AC", + "version": "3.0.0", + "name": "Attack Complexity", + "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." + }, + { + "key": "H", + "name": "High", + "description": "A successful attack depends on conditions beyond the attacker's control." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." + }, + "H": { + "key": "H", + "name": "High", + "description": "A successful attack depends on conditions beyond the attacker's control." + } + } + }, + "3.0.1": { + "version": "3.0.1", + "obj": { + "namespace": "cvss", + "key": "AC", + "version": "3.0.1", + "name": "Attack Complexity", + "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + }, + { + "key": "H", + "name": "High", + "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + }, + "H": { + "key": "H", + "name": "High", + "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + } + } + } + } + }, + "AT": { + "key": "AT", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "AT", + "version": "1.0.0", + "name": "Attack Requirements", + "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + }, + { + "key": "P", + "name": "Present", + "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + }, + "P": { + "key": "P", + "name": "Present", + "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + } + } + } + } + }, + "AV": { + "key": "AV", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "AV", + "version": "1.0.0", + "name": "Access Vector", + "description": "This metric measures whether or not the vulnerability is exploitable locally or remotely.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Local", + "description": "The vulnerability is only exploitable locally (i.e., it requires physical access or authenticated login to the target system)" + }, + { + "key": "R", + "name": "Remote", + "description": "The vulnerability is exploitable remotely." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Local", + "description": "The vulnerability is only exploitable locally (i.e., it requires physical access or authenticated login to the target system)" + }, + "R": { + "key": "R", + "name": "Remote", + "description": "The vulnerability is exploitable remotely." + } + } + }, + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "AV", + "version": "2.0.0", + "name": "Access Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Local", + "description": "A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account." + }, + { + "key": "A", + "name": "Adjacent Network", + "description": "A vulnerability exploitable with adjacent network access requires the attacker to have access to either the broadcast or collision domain of the vulnerable software." + }, + { + "key": "N", + "name": "Network", + "description": "A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed 'remotely exploitable'." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Local", + "description": "A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account." + }, + "A": { + "key": "A", + "name": "Adjacent Network", + "description": "A vulnerability exploitable with adjacent network access requires the attacker to have access to either the broadcast or collision domain of the vulnerable software." + }, + "N": { + "key": "N", + "name": "Network", + "description": "A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed 'remotely exploitable'." + } + } + }, + "3.0.0": { + "version": "3.0.0", + "obj": { + "namespace": "cvss", + "key": "AV", + "version": "3.0.0", + "name": "Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. ", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "P", + "name": "Physical", + "description": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." + }, + { + "key": "L", + "name": "Local", + "description": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." + }, + { + "key": "A", + "name": "Adjacent", + "description": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + }, + { + "key": "N", + "name": "Network", + "description": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." + } + ] + }, + "values": { + "P": { + "key": "P", + "name": "Physical", + "description": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." + }, + "L": { + "key": "L", + "name": "Local", + "description": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." + }, + "A": { + "key": "A", + "name": "Adjacent", + "description": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + }, + "N": { + "key": "N", + "name": "Network", + "description": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." + } + } + }, + "3.0.1": { + "version": "3.0.1", + "obj": { + "namespace": "cvss", + "key": "AV", + "version": "3.0.1", + "name": "Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "P", + "name": "Physical", + "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + }, + { + "key": "L", + "name": "Local", + "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + }, + { + "key": "A", + "name": "Adjacent", + "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + }, + { + "key": "N", + "name": "Network", + "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + } + ] + }, + "values": { + "P": { + "key": "P", + "name": "Physical", + "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + }, + "L": { + "key": "L", + "name": "Local", + "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + }, + "A": { + "key": "A", + "name": "Adjacent", + "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + }, + "N": { + "key": "N", + "name": "Network", + "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + } + } + } + } + }, + "Au": { + "key": "Au", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "Au", + "version": "1.0.0", + "name": "Authentication", + "description": "This metric measures whether or not an attacker needs to be authenticated to the target system in order to exploit the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Not Required", + "description": "Authentication is not required to access or exploit the vulnerability." + }, + { + "key": "R", + "name": "Required", + "description": "Authentication is required to access and exploit the vulnerability." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "Not Required", + "description": "Authentication is not required to access or exploit the vulnerability." + }, + "R": { + "key": "R", + "name": "Required", + "description": "Authentication is required to access and exploit the vulnerability." + } + } + }, + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "Au", + "version": "2.0.0", + "name": "Authentication", + "description": "This metric measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability. This metric does not gauge the strength or complexity of the authentication process, only that an attacker is required to provide credentials before an exploit may occur. The possible values for this metric are listed in Table 3. The fewer authentication instances that are required, the higher the vulnerability score.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "M", + "name": "Multiple", + "description": "Exploiting the vulnerability requires that the attacker authenticate two or more times, even if the same credentials are used each time." + }, + { + "key": "S", + "name": "Single", + "description": "The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface)." + }, + { + "key": "N", + "name": "None", + "description": "Authentication is not required to exploit the vulnerability." + } + ] + }, + "values": { + "M": { + "key": "M", + "name": "Multiple", + "description": "Exploiting the vulnerability requires that the attacker authenticate two or more times, even if the same credentials are used each time." + }, + "S": { + "key": "S", + "name": "Single", + "description": "The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface)." + }, + "N": { + "key": "N", + "name": "None", + "description": "Authentication is not required to exploit the vulnerability." + } + } + } + } + }, + "A": { + "key": "A", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "A", + "version": "1.0.0", + "name": "Availability Impact", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the target system.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "No impact on availability." + }, + { + "key": "P", + "name": "Partial", + "description": "Considerable lag in or interruptions in resource availability. For example, a network-based flood attack that reduces available bandwidth to a web server farm to such an extent that only a small number of connections successfully complete." + }, + { + "key": "C", + "name": "Complete", + "description": "Total shutdown of the affected resource. The attacker can render the resource completely unavailable." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "No impact on availability." + }, + "P": { + "key": "P", + "name": "Partial", + "description": "Considerable lag in or interruptions in resource availability. For example, a network-based flood attack that reduces available bandwidth to a web server farm to such an extent that only a small number of connections successfully complete." + }, + "C": { + "key": "C", + "name": "Complete", + "description": "Total shutdown of the affected resource. The attacker can render the resource completely unavailable." + } + } + }, + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "A", + "version": "2.0.0", + "name": "Availability Impact", + "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no impact to the availability of the system." + }, + { + "key": "L", + "name": "Low", + "description": "There is reduced performance or interruptions in resource availability." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no impact to the availability of the system." + }, + "L": { + "key": "L", + "name": "Low", + "description": "There is reduced performance or interruptions in resource availability." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + } + } + } + } + }, + "VA": { + "key": "VA", + "versions": { + "3.0.0": { + "version": "3.0.0", + "obj": { + "namespace": "cvss", + "key": "VA", + "version": "3.0.0", + "name": "Availability Impact to the Vulnerable System", + "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no impact to availability within the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no impact to availability within the Vulnerable System." + }, + "L": { + "key": "L", + "name": "Low", + "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + } + } + } + } + }, + "AR": { + "key": "AR", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "AR", + "version": "1.0.0", + "name": "Availability Requirement", + "description": "This metric measures the impact to the availability of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "ND", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "H": { + "key": "H", + "name": "High", + "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "ND": { + "key": "ND", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "1.1.0": { + "version": "1.1.0", + "obj": { + "namespace": "cvss", + "key": "AR", + "version": "1.1.0", + "name": "Availability Requirement", + "description": "This metric measures the impact to the availability of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "H": { + "key": "H", + "name": "High", + "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "1.1.1": { + "version": "1.1.1", + "obj": { + "namespace": "cvss", + "key": "AR", + "version": "1.1.1", + "name": "Availability Requirement", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "H": { + "key": "H", + "name": "High", + "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "CDP": { + "key": "CDP", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "CDP", + "version": "1.0.0", + "name": "Collateral Damage Potential", + "description": "This metric measures the potential for a loss in physical equipment, property damage or loss of life or limb.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no potential for physical or property damage." + }, + { + "key": "L", + "name": "Low", + "description": "A successful exploit of this vulnerability may result in light physical or property damage or loss. The system itself may be damaged or destroyed." + }, + { + "key": "M", + "name": "Medium", + "description": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." + }, + { + "key": "H", + "name": "High", + "description": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no potential for physical or property damage." + }, + "L": { + "key": "L", + "name": "Low", + "description": "A successful exploit of this vulnerability may result in light physical or property damage or loss. The system itself may be damaged or destroyed." + }, + "M": { + "key": "M", + "name": "Medium", + "description": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." + }, + "H": { + "key": "H", + "name": "High", + "description": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." + } + } + }, + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "CDP", + "version": "2.0.0", + "name": "Collateral Damage Potential", + "description": "This metric measures the potential for loss of life or physical assets.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no potential for loss of life, physical assets, productivity or revenue." + }, + { + "key": "LM", + "name": "Low-Medium", + "description": "A successful exploit of this vulnerability may result in moderate physical or property damage or loss." + }, + { + "key": "MH", + "name": "Medium-High", + "description": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." + }, + { + "key": "H", + "name": "High", + "description": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." + }, + { + "key": "ND", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no potential for loss of life, physical assets, productivity or revenue." + }, + "LM": { + "key": "LM", + "name": "Low-Medium", + "description": "A successful exploit of this vulnerability may result in moderate physical or property damage or loss." + }, + "MH": { + "key": "MH", + "name": "Medium-High", + "description": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." + }, + "H": { + "key": "H", + "name": "High", + "description": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." + }, + "ND": { + "key": "ND", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "C": { + "key": "C", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "C", + "version": "1.0.0", + "name": "Confidentiality Impact", + "description": "This metric measures the impact on confidentiality of a successful exploit of the vulnerability on the target system.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "No impact on confidentiality." + }, + { + "key": "P", + "name": "Partial", + "description": "There is considerable informational disclosure. Access to critical system files is possible. There is a loss of important information, but the attacker doesn't have control over what is obtainable or the scope of the loss is constrained." + }, + { + "key": "C", + "name": "Complete", + "description": "A total compromise of critical system information. A complete loss of system protection resulting in all critical system files being revealed. The attacker has sovereign control to read all of the system's data (memory, files, etc)." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "No impact on confidentiality." + }, + "P": { + "key": "P", + "name": "Partial", + "description": "There is considerable informational disclosure. Access to critical system files is possible. There is a loss of important information, but the attacker doesn't have control over what is obtainable or the scope of the loss is constrained." + }, + "C": { + "key": "C", + "name": "Complete", + "description": "A total compromise of critical system information. A complete loss of system protection resulting in all critical system files being revealed. The attacker has sovereign control to read all of the system's data (memory, files, etc)." + } + } + }, + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "C", + "version": "2.0.0", + "name": "Confidentiality Impact", + "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of confidentiality within the impacted component." + }, + { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no loss of confidentiality within the impacted component." + }, + "L": { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + } + } + } + } + }, + "VC": { + "key": "VC", + "versions": { + "3.0.0": { + "version": "3.0.0", + "obj": { + "namespace": "cvss", + "key": "VC", + "version": "3.0.0", + "name": "Confidentiality Impact to the Vulnerable System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of confidentiality within the impacted component." + }, + { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no loss of confidentiality within the impacted component." + }, + "L": { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + } + } + } + } + }, + "CR": { + "key": "CR", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "CR", + "version": "1.0.0", + "name": "Confidentiality Requirement", + "description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "ND", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "H": { + "key": "H", + "name": "High", + "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "ND": { + "key": "ND", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "1.1.0": { + "version": "1.1.0", + "obj": { + "namespace": "cvss", + "key": "CR", + "version": "1.1.0", + "name": "Confidentiality Requirement", + "description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "H": { + "key": "H", + "name": "High", + "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "1.1.1": { + "version": "1.1.1", + "obj": { + "namespace": "cvss", + "key": "CR", + "version": "1.1.1", + "name": "Confidentiality Requirement", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "H": { + "key": "H", + "name": "High", + "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "EQ1": { + "key": "EQ1", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "EQ1", + "version": "1.0.0", + "name": "Equivalence Set 1", + "description": "AV/PR/UI with 3 levels specified in Table 24", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: AV:P or not(AV:N or PR:N or UI:N)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" + }, + { + "key": "H", + "name": "High", + "description": "0: AV:N and PR:N and UI:N" + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "2: AV:P or not(AV:N or PR:N or UI:N)" + }, + "M": { + "key": "M", + "name": "Medium", + "description": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" + }, + "H": { + "key": "H", + "name": "High", + "description": "0: AV:N and PR:N and UI:N" + } + } + } + } + }, + "EQ2": { + "key": "EQ2", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "EQ2", + "version": "1.0.0", + "name": "Equivalence Set 2", + "description": "AC/AT with 2 levels specified in Table 25", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "1: not (AC:L and AT:N)" + }, + { + "key": "H", + "name": "High", + "description": "0: AC:L and AT:N" + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "1: not (AC:L and AT:N)" + }, + "H": { + "key": "H", + "name": "High", + "description": "0: AC:L and AT:N" + } + } + } + } + }, + "EQ3": { + "key": "EQ3", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "EQ3", + "version": "1.0.0", + "name": "Equivalence Set 3", + "description": "VC/VI/VA with 3 levels specified in Table 26", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: not (VC:H or VI:H or VA:H)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: VC:H and VI:H" + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "2: not (VC:H or VI:H or VA:H)" + }, + "M": { + "key": "M", + "name": "Medium", + "description": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" + }, + "H": { + "key": "H", + "name": "High", + "description": "0: VC:H and VI:H" + } + } + } + } + }, + "EQ4": { + "key": "EQ4", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "EQ4", + "version": "1.0.0", + "name": "Equivalence Set 4", + "description": "SC/SI/SA with 3 levels specified in Table 27", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: MSI:S or MSA:S" + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" + }, + "M": { + "key": "M", + "name": "Medium", + "description": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" + }, + "H": { + "key": "H", + "name": "High", + "description": "0: MSI:S or MSA:S" + } + } + } + } + }, + "EQ5": { + "key": "EQ5", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "EQ5", + "version": "1.0.0", + "name": "Equivalence Set 5", + "description": "E with 3 levels specified in Table 28", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: E:U" + }, + { + "key": "M", + "name": "Medium", + "description": "1: E:P" + }, + { + "key": "H", + "name": "High", + "description": "0: E:A" + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "2: E:U" + }, + "M": { + "key": "M", + "name": "Medium", + "description": "1: E:P" + }, + "H": { + "key": "H", + "name": "High", + "description": "0: E:A" + } + } + } + } + }, + "EQ6": { + "key": "EQ6", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "EQ6", + "version": "1.0.0", + "name": "Equivalence Set 6", + "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" + }, + "H": { + "key": "H", + "name": "High", + "description": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" + } + } + } + } + }, + "E": { + "key": "E", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "E", + "version": "1.0.0", + "name": "Exploitability", + "description": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "U", + "name": "Unproven", + "description": "No exploit code is yet available or an exploit method is entirely theoretical." + }, + { + "key": "P", + "name": "Proof of Concept", + "description": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." + }, + { + "key": "F", + "name": "Functional", + "description": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." + }, + { + "key": "H", + "name": "High", + "description": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." + } + ] + }, + "values": { + "U": { + "key": "U", + "name": "Unproven", + "description": "No exploit code is yet available or an exploit method is entirely theoretical." + }, + "P": { + "key": "P", + "name": "Proof of Concept", + "description": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." + }, + "F": { + "key": "F", + "name": "Functional", + "description": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." + }, + "H": { + "key": "H", + "name": "High", + "description": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." + } + } + }, + "1.1.0": { + "version": "1.1.0", + "obj": { + "namespace": "cvss", + "key": "E", + "version": "1.1.0", + "name": "Exploitability", + "description": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "U", + "name": "Unproven", + "description": "No exploit code is yet available or an exploit method is entirely theoretical." + }, + { + "key": "P", + "name": "Proof of Concept", + "description": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." + }, + { + "key": "F", + "name": "Functional", + "description": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." + }, + { + "key": "H", + "name": "High", + "description": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." + }, + { + "key": "ND", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "U": { + "key": "U", + "name": "Unproven", + "description": "No exploit code is yet available or an exploit method is entirely theoretical." + }, + "P": { + "key": "P", + "name": "Proof of Concept", + "description": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." + }, + "F": { + "key": "F", + "name": "Functional", + "description": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." + }, + "H": { + "key": "H", + "name": "High", + "description": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." + }, + "ND": { + "key": "ND", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "1.2.0": { + "version": "1.2.0", + "obj": { + "namespace": "cvss", + "key": "E", + "version": "1.2.0", + "name": "Exploit Code Maturity", + "description": "measures the likelihood of the vulnerability being attacked, and is typically based on the current state of exploit techniques, exploit code availability, or active, 'in-the-wild' exploitation", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "U", + "name": "Unproven", + "description": "No exploit code is available, or an exploit is theoretical." + }, + { + "key": "POC", + "name": "Proof-of-Concept", + "description": "Proof-of-concept exploit code is available, or an attack demonstration is not practical for most systems. The code or technique is not functional in all situations and may require substantial modification by a skilled attacker." + }, + { + "key": "F", + "name": "Functional", + "description": "Functional exploit code is available. The code works in most situations where the vulnerability exists." + }, + { + "key": "H", + "name": "High", + "description": "Functional autonomous code exists, or no exploit is required (manual trigger) and details are widely available. Exploit code works in every situation, or is actively being delivered via an autonomous agent (such as a worm or virus). Network-connected systems are likely to encounter scanning or exploitation attempts. Exploit development has reached the level of reliable, widely-available, easy-to-use automated tools." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "U": { + "key": "U", + "name": "Unproven", + "description": "No exploit code is available, or an exploit is theoretical." + }, + "POC": { + "key": "POC", + "name": "Proof-of-Concept", + "description": "Proof-of-concept exploit code is available, or an attack demonstration is not practical for most systems. The code or technique is not functional in all situations and may require substantial modification by a skilled attacker." + }, + "F": { + "key": "F", + "name": "Functional", + "description": "Functional exploit code is available. The code works in most situations where the vulnerability exists." + }, + "H": { + "key": "H", + "name": "High", + "description": "Functional autonomous code exists, or no exploit is required (manual trigger) and details are widely available. Exploit code works in every situation, or is actively being delivered via an autonomous agent (such as a worm or virus). Network-connected systems are likely to encounter scanning or exploitation attempts. Exploit development has reached the level of reliable, widely-available, easy-to-use automated tools." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "E", + "version": "2.0.0", + "name": "Exploit Maturity", + "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "U", + "name": "Unreported", + "description": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + }, + { + "key": "P", + "name": "Proof-of-Concept", + "description": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + }, + { + "key": "A", + "name": "Attacked", + "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "U": { + "key": "U", + "name": "Unreported", + "description": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + }, + "P": { + "key": "P", + "name": "Proof-of-Concept", + "description": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + }, + "A": { + "key": "A", + "name": "Attacked", + "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "IB": { + "key": "IB", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "IB", + "version": "1.0.0", + "name": "Impact Bias", + "description": "This metric measures the impact bias of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Normal", + "description": "Confidentiality Impact, Integrity Impact, and Availability Impact are all assigned the same weight." + }, + { + "key": "C", + "name": "Confidentiality", + "description": "Confidentiality impact is assigned greater weight than Integrity Impact or Availability Impact." + }, + { + "key": "I", + "name": "Integrity", + "description": "Integrity Impact is assigned greater weight than Confidentiality Impact or Availability Impact." + }, + { + "key": "A", + "name": "Availability", + "description": "Availability Impact is assigned greater weight than Confidentiality Impact or Integrity Impact." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "Normal", + "description": "Confidentiality Impact, Integrity Impact, and Availability Impact are all assigned the same weight." + }, + "C": { + "key": "C", + "name": "Confidentiality", + "description": "Confidentiality impact is assigned greater weight than Integrity Impact or Availability Impact." + }, + "I": { + "key": "I", + "name": "Integrity", + "description": "Integrity Impact is assigned greater weight than Confidentiality Impact or Availability Impact." + }, + "A": { + "key": "A", + "name": "Availability", + "description": "Availability Impact is assigned greater weight than Confidentiality Impact or Integrity Impact." + } + } + } + } + }, + "I": { + "key": "I", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "I", + "version": "1.0.0", + "name": "Integrity Impact", + "description": "This metric measures the impact on integrity a successful exploit of the vulnerability will have on the target system.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "No impact on integrity." + }, + { + "key": "P", + "name": "Partial", + "description": "Considerable breach in integrity. Modification of critical system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is constrained. For example, key system or program files may be overwritten or modified, but at random or in a limited context or scope." + }, + { + "key": "C", + "name": "Complete", + "description": "A total compromise of system integrity. There is a complete loss of system protection resulting in the entire system being compromised. The attacker has sovereign control to modify any system files." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "No impact on integrity." + }, + "P": { + "key": "P", + "name": "Partial", + "description": "Considerable breach in integrity. Modification of critical system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is constrained. For example, key system or program files may be overwritten or modified, but at random or in a limited context or scope." + }, + "C": { + "key": "C", + "name": "Complete", + "description": "A total compromise of system integrity. There is a complete loss of system protection resulting in the entire system being compromised. The attacker has sovereign control to modify any system files." + } + } + }, + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "I", + "version": "2.0.0", + "name": "Integrity Impact", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no impact to the integrity of the system." + }, + { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no impact to the integrity of the system." + }, + "L": { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection." + } + } + } + } + }, + "VI": { + "key": "VI", + "versions": { + "3.0.0": { + "version": "3.0.0", + "obj": { + "namespace": "cvss", + "key": "VI", + "version": "3.0.0", + "name": "Integrity Impact to the Vulnerable System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of integrity within the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no loss of integrity within the Vulnerable System." + }, + "L": { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection." + } + } + } + } + }, + "IR": { + "key": "IR", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "IR", + "version": "1.0.0", + "name": "Integrity Requirement", + "description": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "ND", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "H": { + "key": "H", + "name": "High", + "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "ND": { + "key": "ND", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "1.1.0": { + "version": "1.1.0", + "obj": { + "namespace": "cvss", + "key": "IR", + "version": "1.1.0", + "name": "Integrity Requirement", + "description": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "H": { + "key": "H", + "name": "High", + "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "1.1.1": { + "version": "1.1.1", + "obj": { + "namespace": "cvss", + "key": "IR", + "version": "1.1.1", + "name": "Integrity Requirement", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "H": { + "key": "H", + "name": "High", + "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "PR": { + "key": "PR", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "PR", + "version": "1.0.0", + "name": "Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." + }, + { + "key": "L", + "name": "Low", + "description": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." + }, + { + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + } + ] + }, + "values": { + "H": { + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." + }, + "L": { + "key": "L", + "name": "Low", + "description": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." + }, + "N": { + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + } + } + }, + "1.0.1": { + "version": "1.0.1", + "obj": { + "namespace": "cvss", + "key": "PR", + "version": "1.0.1", + "name": "Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + }, + { + "key": "L", + "name": "Low", + "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + }, + { + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + } + ] + }, + "values": { + "H": { + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + }, + "L": { + "key": "L", + "name": "Low", + "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + }, + "N": { + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + } + } + } + } + }, + "QS": { + "key": "QS", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "QS", + "version": "1.0.0", + "name": "CVSS Qualitative Severity Rating Scale", + "description": "The CVSS Qualitative Severity Rating Scale provides a categorical representation of a CVSS Score.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "No severity rating (0.0)" + }, + { + "key": "L", + "name": "Low", + "description": "Low (0.1 - 3.9)" + }, + { + "key": "M", + "name": "Medium", + "description": "Medium (4.0 - 6.9)" + }, + { + "key": "H", + "name": "High", + "description": "High (7.0 - 8.9)" + }, + { + "key": "C", + "name": "Critical", + "description": "Critical (9.0 - 10.0)" + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "No severity rating (0.0)" + }, + "L": { + "key": "L", + "name": "Low", + "description": "Low (0.1 - 3.9)" + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Medium (4.0 - 6.9)" + }, + "H": { + "key": "H", + "name": "High", + "description": "High (7.0 - 8.9)" + }, + "C": { + "key": "C", + "name": "Critical", + "description": "Critical (9.0 - 10.0)" + } + } + } + } + }, + "RL": { + "key": "RL", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "RL", + "version": "1.0.0", + "name": "Remediation Level", + "description": "This metric measures the remediation status of a vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "OF", + "name": "Official Fix", + "description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." + }, + { + "key": "TF", + "name": "Temporary Fix", + "description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + }, + { + "key": "W", + "name": "Workaround", + "description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + }, + { + "key": "U", + "name": "Unavailable", + "description": "There is either no solution available or it is impossible to apply." + } + ] + }, + "values": { + "OF": { + "key": "OF", + "name": "Official Fix", + "description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." + }, + "TF": { + "key": "TF", + "name": "Temporary Fix", + "description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + }, + "W": { + "key": "W", + "name": "Workaround", + "description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + }, + "U": { + "key": "U", + "name": "Unavailable", + "description": "There is either no solution available or it is impossible to apply." + } + } + }, + "1.1.0": { + "version": "1.1.0", + "obj": { + "namespace": "cvss", + "key": "RL", + "version": "1.1.0", + "name": "Remediation Level", + "description": "This metric measures the remediation status of a vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "OF", + "name": "Official Fix", + "description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." + }, + { + "key": "TF", + "name": "Temporary Fix", + "description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + }, + { + "key": "W", + "name": "Workaround", + "description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + }, + { + "key": "U", + "name": "Unavailable", + "description": "There is either no solution available or it is impossible to apply." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "OF": { + "key": "OF", + "name": "Official Fix", + "description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." + }, + "TF": { + "key": "TF", + "name": "Temporary Fix", + "description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + }, + "W": { + "key": "W", + "name": "Workaround", + "description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + }, + "U": { + "key": "U", + "name": "Unavailable", + "description": "There is either no solution available or it is impossible to apply." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "RC": { + "key": "RC", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "RC", + "version": "1.0.0", + "name": "Report Confidence", + "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "UC", + "name": "Unconfirmed", + "description": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." + }, + { + "key": "UR", + "name": "Uncorroborated", + "description": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + }, + { + "key": "C", + "name": "Confirmed", + "description": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." + } + ] + }, + "values": { + "UC": { + "key": "UC", + "name": "Unconfirmed", + "description": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." + }, + "UR": { + "key": "UR", + "name": "Uncorroborated", + "description": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + }, + "C": { + "key": "C", + "name": "Confirmed", + "description": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." + } + } + }, + "1.1.0": { + "version": "1.1.0", + "obj": { + "namespace": "cvss", + "key": "RC", + "version": "1.1.0", + "name": "Report Confidence", + "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "UC", + "name": "Unconfirmed", + "description": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." + }, + { + "key": "UR", + "name": "Uncorroborated", + "description": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + }, + { + "key": "C", + "name": "Confirmed", + "description": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." + }, + { + "key": "ND", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "UC": { + "key": "UC", + "name": "Unconfirmed", + "description": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." + }, + "UR": { + "key": "UR", + "name": "Uncorroborated", + "description": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + }, + "C": { + "key": "C", + "name": "Confirmed", + "description": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." + }, + "ND": { + "key": "ND", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "RC", + "version": "2.0.0", + "name": "Report Confidence", + "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "U", + "name": "Unknown", + "description": "There are reports of impacts that indicate a vulnerability is present. The reports indicate that the cause of the vulnerability is unknown, or reports may differ on the cause or impacts of the vulnerability. Reporters are uncertain of the true nature of the vulnerability, and there is little confidence in the validity of the reports or whether a static Base score can be applied given the differences described." + }, + { + "key": "R", + "name": "Reasonable", + "description": "Significant details are published, but researchers either do not have full confidence in the root cause, or do not have access to source code to fully confirm all of the interactions that may lead to the result. Reasonable confidence exists, however, that the bug is reproducible and at least one impact is able to be verified (proof-of-concept exploits may provide this)." + }, + { + "key": "C", + "name": "Confirmed", + "description": "Detailed reports exist, or functional reproduction is possible (functional exploits may provide this). Source code is available to independently verify the assertions of the research, or the author or vendor of the affected code has confirmed the presence of the vulnerability." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "U": { + "key": "U", + "name": "Unknown", + "description": "There are reports of impacts that indicate a vulnerability is present. The reports indicate that the cause of the vulnerability is unknown, or reports may differ on the cause or impacts of the vulnerability. Reporters are uncertain of the true nature of the vulnerability, and there is little confidence in the validity of the reports or whether a static Base score can be applied given the differences described." + }, + "R": { + "key": "R", + "name": "Reasonable", + "description": "Significant details are published, but researchers either do not have full confidence in the root cause, or do not have access to source code to fully confirm all of the interactions that may lead to the result. Reasonable confidence exists, however, that the bug is reproducible and at least one impact is able to be verified (proof-of-concept exploits may provide this)." + }, + "C": { + "key": "C", + "name": "Confirmed", + "description": "Detailed reports exist, or functional reproduction is possible (functional exploits may provide this). Source code is available to independently verify the assertions of the research, or the author or vendor of the affected code has confirmed the presence of the vulnerability." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "S": { + "key": "S", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "S", + "version": "1.0.0", + "name": "Scope", + "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "U", + "name": "Unchanged", + "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + }, + { + "key": "C", + "name": "Changed", + "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + } + ] + }, + "values": { + "U": { + "key": "U", + "name": "Unchanged", + "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + }, + "C": { + "key": "C", + "name": "Changed", + "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + } + } + } + } + }, + "SA": { + "key": "SA", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "SA", + "version": "1.0.0", + "name": "Availability Impact to the Subsequent System", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + }, + "L": { + "key": "L", + "name": "Low", + "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + } + } + } + } + }, + "SC": { + "key": "SC", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "SC", + "version": "1.0.0", + "name": "Confidentiality Impact to the Subsequent System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "Negligible", + "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + }, + "L": { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + } + } + } + } + }, + "SI": { + "key": "SI", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "SI", + "version": "1.0.0", + "name": "Integrity Impact to the Subsequent System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + }, + "L": { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + } + } + } + } + }, + "AU": { + "key": "AU", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "AU", + "version": "1.0.0", + "name": "Automatable", + "description": "The \"Automatable\" metric captures the answer to the question \"Can an attacker automate exploitation events for this vulnerability across multiple targets?\" based on steps 1-4 of the kill chain.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + }, + { + "key": "Y", + "name": "Yes", + "description": "Attackers can reliably automate all 4 steps of the kill chain. These steps are reconnaissance, weaponization, delivery, and exploitation (e.g., the vulnerability is \"wormable\")." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "No", + "description": "Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + }, + "Y": { + "key": "Y", + "name": "Yes", + "description": "Attackers can reliably automate all 4 steps of the kill chain. These steps are reconnaissance, weaponization, delivery, and exploitation (e.g., the vulnerability is \"wormable\")." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "U": { + "key": "U", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "U", + "version": "1.0.0", + "name": "Provider Urgency", + "description": "Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional \"pass-through\" Supplemental Metric called Provider Urgency is available.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + }, + { + "key": "C", + "name": "Clear", + "description": "Provider has assessed the impact of this vulnerability as having no urgency (Informational)." + }, + { + "key": "G", + "name": "Green", + "description": "Provider has assessed the impact of this vulnerability as having a reduced urgency." + }, + { + "key": "A", + "name": "Amber", + "description": "Provider has assessed the impact of this vulnerability as having a moderate urgency." + }, + { + "key": "R", + "name": "Red", + "description": "Provider has assessed the impact of this vulnerability as having the highest urgency." + } + ] + }, + "values": { + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + }, + "C": { + "key": "C", + "name": "Clear", + "description": "Provider has assessed the impact of this vulnerability as having no urgency (Informational)." + }, + "G": { + "key": "G", + "name": "Green", + "description": "Provider has assessed the impact of this vulnerability as having a reduced urgency." + }, + "A": { + "key": "A", + "name": "Amber", + "description": "Provider has assessed the impact of this vulnerability as having a moderate urgency." + }, + "R": { + "key": "R", + "name": "Red", + "description": "Provider has assessed the impact of this vulnerability as having the highest urgency." + } + } + } + } + }, + "R": { + "key": "R", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "R", + "version": "1.0.0", + "name": "Recovery", + "description": "The Recovery metric describes the resilience of a system to recover services, in terms of performance and availability, after an attack has been performed.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + }, + { + "key": "A", + "name": "Automatic", + "description": "The system recovers services automatically after an attack has been performed." + }, + { + "key": "U", + "name": "User", + "description": "The system requires manual intervention by the user to recover services, after an attack has been performed." + }, + { + "key": "I", + "name": "Irrecoverable", + "description": "The system services are irrecoverable by the user, after an attack has been performed." + } + ] + }, + "values": { + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + }, + "A": { + "key": "A", + "name": "Automatic", + "description": "The system recovers services automatically after an attack has been performed." + }, + "U": { + "key": "U", + "name": "User", + "description": "The system requires manual intervention by the user to recover services, after an attack has been performed." + }, + "I": { + "key": "I", + "name": "Irrecoverable", + "description": "The system services are irrecoverable by the user, after an attack has been performed." + } + } + } + } + }, + "SF": { + "key": "SF", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "SF", + "version": "1.0.0", + "name": "Safety", + "description": "The Safety decision point is a measure of the potential for harm to humans or the environment.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + }, + { + "key": "P", + "name": "Present", + "description": "Consequences of the vulnerability meet definition of IEC 61508 consequence categories of \"marginal,\" \"critical,\" or \"catastrophic.\"" + }, + { + "key": "N", + "name": "Negligible", + "description": "Consequences of the vulnerability meet definition of IEC 61508 consequence category \"negligible.\"" + } + ] + }, + "values": { + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + }, + "P": { + "key": "P", + "name": "Present", + "description": "Consequences of the vulnerability meet definition of IEC 61508 consequence categories of \"marginal,\" \"critical,\" or \"catastrophic.\"" + }, + "N": { + "key": "N", + "name": "Negligible", + "description": "Consequences of the vulnerability meet definition of IEC 61508 consequence category \"negligible.\"" + } + } + } + } + }, + "V": { + "key": "V", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "V", + "version": "1.0.0", + "name": "Value Density", + "description": "Value Density describes the resources that the attacker will gain control over with a single exploitation event. It has two possible values, diffuse and concentrated.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + }, + { + "key": "D", + "name": "Diffuse", + "description": "The vulnerable system has limited resources. That is, the resources that the attacker will gain control over with a single exploitation event are relatively small." + }, + { + "key": "C", + "name": "Concentrated", + "description": "The vulnerable system is rich in resources. Heuristically, such systems are often the direct responsibility of \"system operators\" rather than users." + } + ] + }, + "values": { + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + }, + "D": { + "key": "D", + "name": "Diffuse", + "description": "The vulnerable system has limited resources. That is, the resources that the attacker will gain control over with a single exploitation event are relatively small." + }, + "C": { + "key": "C", + "name": "Concentrated", + "description": "The vulnerable system is rich in resources. Heuristically, such systems are often the direct responsibility of \"system operators\" rather than users." + } + } + } + } + }, + "RE": { + "key": "RE", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "RE", + "version": "1.0.0", + "name": "Vulnerability Response Effort", + "description": "The intention of the Vulnerability Response Effort metric is to provide supplemental information on how difficult it is for consumers to provide an initial response to the impact of vulnerabilities for deployed products and services in their infrastructure. The consumer can then take this additional information on effort required into consideration when applying mitigations and/or scheduling remediation.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + }, + { + "key": "L", + "name": "Low", + "description": "The effort required to respond to a vulnerability is low/trivial." + }, + { + "key": "M", + "name": "Moderate", + "description": "The actions required to respond to a vulnerability require some effort on behalf of the consumer and could cause minimal service impact to implement." + }, + { + "key": "H", + "name": "High", + "description": "The actions required to respond to a vulnerability are significant and/or difficult, and may possibly lead to an extended, scheduled service impact. This would need to be considered for scheduling purposes including honoring any embargo on deployment of the selected response. Alternatively, response to the vulnerability in the field is not possible remotely. The only resolution to the vulnerability involves physical replacement (e.g. units deployed would have to be recalled for a depot level repair or replacement)." + } + ] + }, + "values": { + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + }, + "L": { + "key": "L", + "name": "Low", + "description": "The effort required to respond to a vulnerability is low/trivial." + }, + "M": { + "key": "M", + "name": "Moderate", + "description": "The actions required to respond to a vulnerability require some effort on behalf of the consumer and could cause minimal service impact to implement." + }, + "H": { + "key": "H", + "name": "High", + "description": "The actions required to respond to a vulnerability are significant and/or difficult, and may possibly lead to an extended, scheduled service impact. This would need to be considered for scheduling purposes including honoring any embargo on deployment of the selected response. Alternatively, response to the vulnerability in the field is not possible remotely. The only resolution to the vulnerability involves physical replacement (e.g. units deployed would have to be recalled for a depot level repair or replacement)." + } + } + } + } + }, + "TD": { + "key": "TD", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "TD", + "version": "1.0.0", + "name": "Target Distribution", + "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." + }, + { + "key": "L", + "name": "Low", + "description": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + }, + { + "key": "M", + "name": "Medium", + "description": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + }, + { + "key": "H", + "name": "High", + "description": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." + }, + "L": { + "key": "L", + "name": "Low", + "description": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + }, + "H": { + "key": "H", + "name": "High", + "description": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + } + } + }, + "1.1.0": { + "version": "1.1.0", + "obj": { + "namespace": "cvss", + "key": "TD", + "version": "1.1.0", + "name": "Target Distribution", + "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." + }, + { + "key": "L", + "name": "Low", + "description": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + }, + { + "key": "M", + "name": "Medium", + "description": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + }, + { + "key": "H", + "name": "High", + "description": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." + }, + "L": { + "key": "L", + "name": "Low", + "description": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + }, + "H": { + "key": "H", + "name": "High", + "description": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "UI": { + "key": "UI", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "UI", + "version": "1.0.0", + "name": "User Interaction", + "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "R", + "name": "Required", + "description": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + }, + { + "key": "N", + "name": "None", + "description": "The vulnerable system can be exploited without interaction from any user." + } + ] + }, + "values": { + "R": { + "key": "R", + "name": "Required", + "description": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + }, + "N": { + "key": "N", + "name": "None", + "description": "The vulnerable system can be exploited without interaction from any user." + } + } + }, + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "UI", + "version": "2.0.0", + "name": "User Interaction", + "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "A", + "name": "Active", + "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + }, + { + "key": "P", + "name": "Passive", + "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + }, + { + "key": "N", + "name": "None", + "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + } + ] + }, + "values": { + "A": { + "key": "A", + "name": "Active", + "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + }, + "P": { + "key": "P", + "name": "Passive", + "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + }, + "N": { + "key": "N", + "name": "None", + "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + } + } + } + } + }, + "CVSS": { + "key": "CVSS", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "CVSS", + "version": "1.0.0", + "name": "CVSS Qualitative Severity Rating Scale", + "description": "The CVSS Qualitative Severity Rating Scale group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "None (0.0)" + }, + { + "key": "L", + "name": "Low", + "description": "Low (0.1-3.9)" + }, + { + "key": "M", + "name": "Medium", + "description": "Medium (4.0-6.9)" + }, + { + "key": "H", + "name": "High", + "description": "High (7.0-8.9)" + }, + { + "key": "C", + "name": "Critical", + "description": "Critical (9.0-10.0)" + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "None (0.0)" + }, + "L": { + "key": "L", + "name": "Low", + "description": "Low (0.1-3.9)" + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Medium (4.0-6.9)" + }, + "H": { + "key": "H", + "name": "High", + "description": "High (7.0-8.9)" + }, + "C": { + "key": "C", + "name": "Critical", + "description": "Critical (9.0-10.0)" + } + } + } + } + }, + "MAV": { + "key": "MAV", + "versions": { + "3.0.0": { + "version": "3.0.0", + "obj": { + "namespace": "cvss", + "key": "MAV", + "version": "3.0.0", + "name": "Modified Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. ", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "P", + "name": "Physical", + "description": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." + }, + { + "key": "L", + "name": "Local", + "description": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." + }, + { + "key": "A", + "name": "Adjacent", + "description": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + }, + { + "key": "N", + "name": "Network", + "description": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "P": { + "key": "P", + "name": "Physical", + "description": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." + }, + "L": { + "key": "L", + "name": "Local", + "description": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." + }, + "A": { + "key": "A", + "name": "Adjacent", + "description": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + }, + "N": { + "key": "N", + "name": "Network", + "description": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "3.0.1": { + "version": "3.0.1", + "obj": { + "namespace": "cvss", + "key": "MAV", + "version": "3.0.1", + "name": "Modified Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "P", + "name": "Physical", + "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + }, + { + "key": "L", + "name": "Local", + "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + }, + { + "key": "A", + "name": "Adjacent", + "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + }, + { + "key": "N", + "name": "Network", + "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "P": { + "key": "P", + "name": "Physical", + "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + }, + "L": { + "key": "L", + "name": "Local", + "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + }, + "A": { + "key": "A", + "name": "Adjacent", + "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + }, + "N": { + "key": "N", + "name": "Network", + "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "MAC": { + "key": "MAC", + "versions": { + "3.0.0": { + "version": "3.0.0", + "obj": { + "namespace": "cvss", + "key": "MAC", + "version": "3.0.0", + "name": "Modified Attack Complexity", + "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." + }, + { + "key": "H", + "name": "High", + "description": "A successful attack depends on conditions beyond the attacker's control." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." + }, + "H": { + "key": "H", + "name": "High", + "description": "A successful attack depends on conditions beyond the attacker's control." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "3.0.1": { + "version": "3.0.1", + "obj": { + "namespace": "cvss", + "key": "MAC", + "version": "3.0.1", + "name": "Modified Attack Complexity", + "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + }, + { + "key": "H", + "name": "High", + "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + }, + "H": { + "key": "H", + "name": "High", + "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "MPR": { + "key": "MPR", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "MPR", + "version": "1.0.0", + "name": "Modified Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." + }, + { + "key": "L", + "name": "Low", + "description": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." + }, + { + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "H": { + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." + }, + "L": { + "key": "L", + "name": "Low", + "description": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." + }, + "N": { + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "1.0.1": { + "version": "1.0.1", + "obj": { + "namespace": "cvss", + "key": "MPR", + "version": "1.0.1", + "name": "Modified Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + }, + { + "key": "L", + "name": "Low", + "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + }, + { + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "H": { + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + }, + "L": { + "key": "L", + "name": "Low", + "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + }, + "N": { + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "MUI": { + "key": "MUI", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "MUI", + "version": "1.0.0", + "name": "Modified User Interaction", + "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "R", + "name": "Required", + "description": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + }, + { + "key": "N", + "name": "None", + "description": "The vulnerable system can be exploited without interaction from any user." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "R": { + "key": "R", + "name": "Required", + "description": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + }, + "N": { + "key": "N", + "name": "None", + "description": "The vulnerable system can be exploited without interaction from any user." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "MUI", + "version": "2.0.0", + "name": "Modified User Interaction", + "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "A", + "name": "Active", + "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + }, + { + "key": "P", + "name": "Passive", + "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + }, + { + "key": "N", + "name": "None", + "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "A": { + "key": "A", + "name": "Active", + "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + }, + "P": { + "key": "P", + "name": "Passive", + "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + }, + "N": { + "key": "N", + "name": "None", + "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "MS": { + "key": "MS", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "MS", + "version": "1.0.0", + "name": "Modified Scope", + "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "U", + "name": "Unchanged", + "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + }, + { + "key": "C", + "name": "Changed", + "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "U": { + "key": "U", + "name": "Unchanged", + "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + }, + "C": { + "key": "C", + "name": "Changed", + "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "MC": { + "key": "MC", + "versions": { + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "MC", + "version": "2.0.0", + "name": "Modified Confidentiality Impact", + "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of confidentiality within the impacted component." + }, + { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no loss of confidentiality within the impacted component." + }, + "L": { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "MI": { + "key": "MI", + "versions": { + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "MI", + "version": "2.0.0", + "name": "Modified Integrity Impact", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no impact to the integrity of the system." + }, + { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no impact to the integrity of the system." + }, + "L": { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "MA": { + "key": "MA", + "versions": { + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "MA", + "version": "2.0.0", + "name": "Modified Availability Impact", + "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no impact to the availability of the system." + }, + { + "key": "L", + "name": "Low", + "description": "There is reduced performance or interruptions in resource availability." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no impact to the availability of the system." + }, + "L": { + "key": "L", + "name": "Low", + "description": "There is reduced performance or interruptions in resource availability." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "MAT": { + "key": "MAT", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "MAT", + "version": "1.0.0", + "name": "Modified Attack Requirements", + "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + }, + { + "key": "P", + "name": "Present", + "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + }, + "P": { + "key": "P", + "name": "Present", + "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "MVC": { + "key": "MVC", + "versions": { + "3.0.0": { + "version": "3.0.0", + "obj": { + "namespace": "cvss", + "key": "MVC", + "version": "3.0.0", + "name": "Modified Confidentiality Impact to the Vulnerable System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of confidentiality within the impacted component." + }, + { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no loss of confidentiality within the impacted component." + }, + "L": { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "MVI": { + "key": "MVI", + "versions": { + "3.0.0": { + "version": "3.0.0", + "obj": { + "namespace": "cvss", + "key": "MVI", + "version": "3.0.0", + "name": "Modified Integrity Impact to the Vulnerable System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of integrity within the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no loss of integrity within the Vulnerable System." + }, + "L": { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "MVA": { + "key": "MVA", + "versions": { + "3.0.0": { + "version": "3.0.0", + "obj": { + "namespace": "cvss", + "key": "MVA", + "version": "3.0.0", + "name": "Modified Availability Impact to the Vulnerable System", + "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no impact to availability within the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no impact to availability within the Vulnerable System." + }, + "L": { + "key": "L", + "name": "Low", + "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "MSC": { + "key": "MSC", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "MSC", + "version": "1.0.0", + "name": "Modified Confidentiality Impact to the Subsequent System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "Negligible", + "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + }, + "L": { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "1.0.1": { + "version": "1.0.1", + "obj": { + "namespace": "cvss", + "key": "MSC", + "version": "1.0.1", + "name": "Modified Confidentiality Impact to the Subsequent System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "Negligible", + "description": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + }, + "L": { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "MSI": { + "key": "MSI", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "MSI", + "version": "1.0.0", + "name": "Modified Integrity Impact to the Subsequent System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + }, + "L": { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "1.0.1": { + "version": "1.0.1", + "obj": { + "namespace": "cvss", + "key": "MSI", + "version": "1.0.1", + "name": "Modified Integrity Impact to the Subsequent System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + }, + { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "Negligible", + "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + }, + "L": { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + }, + "S": { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + } + } + } + } + }, + "MSA": { + "key": "MSA", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "MSA", + "version": "1.0.0", + "name": "Modified Availability Impact to the Subsequent System", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + }, + "L": { + "key": "L", + "name": "Low", + "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "1.0.1": { + "version": "1.0.1", + "obj": { + "namespace": "cvss", + "key": "MSA", + "version": "1.0.1", + "name": "Modified Availability Impact to the Subsequent System", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "Negligible", + "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + }, + "L": { + "key": "L", + "name": "Low", + "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + } + } + }, + "ssvc": { + "namespace": "ssvc", + "keys": { + "V": { + "key": "V", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "V", + "version": "1.0.0", + "name": "Virulence", + "description": "The speed at which the vulnerability can be exploited.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "S", + "name": "Slow", + "description": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + }, + { + "key": "R", + "name": "Rapid", + "description": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote code execution or command injection, the default response should be rapid." + } + ] + }, + "values": { + "S": { + "key": "S", + "name": "Slow", + "description": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + }, + "R": { + "key": "R", + "name": "Rapid", + "description": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote code execution or command injection, the default response should be rapid." + } + } + } + } + }, + "A": { + "key": "A", + "versions": { + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "ssvc", + "key": "A", + "version": "2.0.0", + "name": "Automatable", + "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + }, + { + "key": "Y", + "name": "Yes", + "description": "Attackers can reliably automate steps 1-4 of the kill chain." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "No", + "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + }, + "Y": { + "key": "Y", + "name": "Yes", + "description": "Attackers can reliably automate steps 1-4 of the kill chain." + } + } + } + } + }, + "CS": { + "key": "CS", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "CS", + "version": "1.0.0", + "name": "Critical Software", + "description": "Denotes whether a system meets a critical software definition.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "System does not meet a critical software definition." + }, + { + "key": "Y", + "name": "Yes", + "description": "System meets a critical software definition." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "No", + "description": "System does not meet a critical software definition." + }, + "Y": { + "key": "Y", + "name": "Yes", + "description": "System meets a critical software definition." + } + } + } + } + }, + "E": { + "key": "E", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "E", + "version": "1.0.0", + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + }, + { + "key": "P", + "name": "PoC", + "description": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation." + }, + { + "key": "A", + "name": "Active", + "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + }, + "P": { + "key": "P", + "name": "PoC", + "description": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation." + }, + "A": { + "key": "A", + "name": "Active", + "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + } + } + }, + "1.1.0": { + "version": "1.1.0", + "obj": { + "namespace": "ssvc", + "key": "E", + "version": "1.1.0", + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + }, + { + "key": "P", + "name": "Public PoC", + "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + }, + { + "key": "A", + "name": "Active", + "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + }, + "P": { + "key": "P", + "name": "Public PoC", + "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + }, + "A": { + "key": "A", + "name": "Active", + "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + } + } + } + } + }, + "HVA": { + "key": "HVA", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "HVA", + "version": "1.0.0", + "name": "High Value Asset", + "description": "Denotes whether a system meets a high value asset definition.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "System does not meet a high value asset definition." + }, + { + "key": "Y", + "name": "Yes", + "description": "System meets a high value asset definition." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "No", + "description": "System does not meet a high value asset definition." + }, + "Y": { + "key": "Y", + "name": "Yes", + "description": "System meets a high value asset definition." + } + } + } + } + }, + "MWI": { + "key": "MWI", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "MWI", + "version": "1.0.0", + "name": "Mission and Well-Being Impact", + "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" + }, + { + "key": "M", + "name": "Medium", + "description": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" + }, + { + "key": "H", + "name": "High", + "description": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" + }, + "H": { + "key": "H", + "name": "High", + "description": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" + } + } + } + } + }, + "HI": { + "key": "HI", + "versions": { + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "ssvc", + "key": "HI", + "version": "2.0.0", + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)" + }, + { + "key": "M", + "name": "Medium", + "description": "(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))" + }, + { + "key": "H", + "name": "High", + "description": "(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)" + }, + { + "key": "VH", + "name": "Very High", + "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)" + }, + "M": { + "key": "M", + "name": "Medium", + "description": "(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))" + }, + "H": { + "key": "H", + "name": "High", + "description": "(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)" + }, + "VH": { + "key": "VH", + "name": "Very High", + "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + } + } + }, + "2.0.1": { + "version": "2.0.1", + "obj": { + "namespace": "ssvc", + "key": "HI", + "version": "2.0.1", + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + }, + { + "key": "M", + "name": "Medium", + "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + }, + { + "key": "H", + "name": "High", + "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + { + "key": "VH", + "name": "Very High", + "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + }, + "M": { + "key": "M", + "name": "Medium", + "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + }, + "H": { + "key": "H", + "name": "High", + "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + "VH": { + "key": "VH", + "name": "Very High", + "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + } + } + } + } + }, + "MI": { + "key": "MI", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "MI", + "version": "1.0.0", + "name": "Mission Impact", + "description": "Impact on Mission Essential Functions of the Organization", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "Little to no impact" + }, + { + "key": "NED", + "name": "Non-Essential Degraded", + "description": "Degradation of non-essential functions; chronic degradation would eventually harm essential functions" + }, + { + "key": "MSC", + "name": "MEF Support Crippled", + "description": "Activities that directly support essential functions are crippled; essential functions continue for a time" + }, + { + "key": "MEF", + "name": "MEF Failure", + "description": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + }, + { + "key": "MF", + "name": "Mission Failure", + "description": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "Little to no impact" + }, + "NED": { + "key": "NED", + "name": "Non-Essential Degraded", + "description": "Degradation of non-essential functions; chronic degradation would eventually harm essential functions" + }, + "MSC": { + "key": "MSC", + "name": "MEF Support Crippled", + "description": "Activities that directly support essential functions are crippled; essential functions continue for a time" + }, + "MEF": { + "key": "MEF", + "name": "MEF Failure", + "description": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + }, + "MF": { + "key": "MF", + "name": "Mission Failure", + "description": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + } + } + }, + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "ssvc", + "key": "MI", + "version": "2.0.0", + "name": "Mission Impact", + "description": "Impact on Mission Essential Functions of the Organization", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Degraded", + "description": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" + }, + { + "key": "MSC", + "name": "MEF Support Crippled", + "description": "Activities that directly support essential functions are crippled; essential functions continue for a time" + }, + { + "key": "MEF", + "name": "MEF Failure", + "description": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + }, + { + "key": "MF", + "name": "Mission Failure", + "description": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + } + ] + }, + "values": { + "D": { + "key": "D", + "name": "Degraded", + "description": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" + }, + "MSC": { + "key": "MSC", + "name": "MEF Support Crippled", + "description": "Activities that directly support essential functions are crippled; essential functions continue for a time" + }, + "MEF": { + "key": "MEF", + "name": "MEF Failure", + "description": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + }, + "MF": { + "key": "MF", + "name": "Mission Failure", + "description": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + } + } + } + } + }, + "PWI": { + "key": "PWI", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "PWI", + "version": "1.0.0", + "name": "Public Well-Being Impact", + "description": "A coarse-grained representation of impact to public well-being.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "M", + "name": "Minimal", + "description": "The effect is below the threshold for all aspects described in material. " + }, + { + "key": "M", + "name": "Material", + "description": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. " + }, + { + "key": "I", + "name": "Irreversible", + "description": "Any one or more of these conditions hold. Physical harm: One or both of the following are true: (a) Multiple fatalities are likely.(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) are imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse. Psychological: N/A " + } + ] + }, + "values": { + "M": { + "key": "M", + "name": "Material", + "description": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. " + }, + "I": { + "key": "I", + "name": "Irreversible", + "description": "Any one or more of these conditions hold. Physical harm: One or both of the following are true: (a) Multiple fatalities are likely.(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) are imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse. Psychological: N/A " + } + } + } + } + }, + "PSI": { + "key": "PSI", + "versions": { + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "ssvc", + "key": "PSI", + "version": "2.0.0", + "name": "Public Safety Impact", + "description": "A coarse-grained representation of impact to public safety.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "M", + "name": "Minimal", + "description": "Safety Impact:(None OR Minor)" + }, + { + "key": "S", + "name": "Significant", + "description": "Safety Impact:(Major OR Hazardous OR Catastrophic)" + } + ] + }, + "values": { + "M": { + "key": "M", + "name": "Minimal", + "description": "Safety Impact:(None OR Minor)" + }, + "S": { + "key": "S", + "name": "Significant", + "description": "Safety Impact:(Major OR Hazardous OR Catastrophic)" + } + } + }, + "2.0.1": { + "version": "2.0.1", + "obj": { + "namespace": "ssvc", + "key": "PSI", + "version": "2.0.1", + "name": "Public Safety Impact", + "description": "A coarse-grained representation of impact to public safety.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "M", + "name": "Minimal", + "description": "Safety Impact:Negligible" + }, + { + "key": "S", + "name": "Significant", + "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + } + ] + }, + "values": { + "M": { + "key": "M", + "name": "Minimal", + "description": "Safety Impact:Negligible" + }, + "S": { + "key": "S", + "name": "Significant", + "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + } + } + } + } + }, + "PVA": { + "key": "PVA", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "PVA", + "version": "1.0.0", + "name": "Public Value Added", + "description": "How much value would a publication from the coordinator benefit the broader community?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Limited", + "description": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." + }, + { + "key": "A", + "name": "Ampliative", + "description": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." + }, + { + "key": "P", + "name": "Precedence", + "description": "The publication would be the first publicly available, or be coincident with the first publicly available." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Limited", + "description": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." + }, + "A": { + "key": "A", + "name": "Ampliative", + "description": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." + }, + "P": { + "key": "P", + "name": "Precedence", + "description": "The publication would be the first publicly available, or be coincident with the first publicly available." + } + } + } + } + }, + "RC": { + "key": "RC", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "RC", + "version": "1.0.0", + "name": "Report Credibility", + "description": "Is the report credible?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "NC", + "name": "Not Credible", + "description": "The report is not credible." + }, + { + "key": "C", + "name": "Credible", + "description": "The report is credible." + } + ] + }, + "values": { + "NC": { + "key": "NC", + "name": "Not Credible", + "description": "The report is not credible." + }, + "C": { + "key": "C", + "name": "Credible", + "description": "The report is credible." + } + } + } + } + }, + "RP": { + "key": "RP", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "RP", + "version": "1.0.0", + "name": "Report Public", + "description": "Is a viable report of the details of the vulnerability already publicly available?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "Y", + "name": "Yes", + "description": "A public report of the vulnerability exists." + }, + { + "key": "N", + "name": "No", + "description": "No public report of the vulnerability exists." + } + ] + }, + "values": { + "Y": { + "key": "Y", + "name": "Yes", + "description": "A public report of the vulnerability exists." + }, + "N": { + "key": "N", + "name": "No", + "description": "No public report of the vulnerability exists." + } + } + } + } + }, + "SI": { + "key": "SI", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "SI", + "version": "1.0.0", + "name": "Safety Impact", + "description": "The safety impact of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "The effect is below the threshold for all aspects described in Minor." + }, + { + "key": "M", + "name": "Minor", + "description": "Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + }, + { + "key": "J", + "name": "Major", + "description": "Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + }, + { + "key": "H", + "name": "Hazardous", + "description": "Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A." + }, + { + "key": "C", + "name": "Catastrophic", + "description": "Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "The effect is below the threshold for all aspects described in Minor." + }, + "M": { + "key": "M", + "name": "Minor", + "description": "Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + }, + "J": { + "key": "J", + "name": "Major", + "description": "Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + }, + "H": { + "key": "H", + "name": "Hazardous", + "description": "Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A." + }, + "C": { + "key": "C", + "name": "Catastrophic", + "description": "Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A." + } + } + }, + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "ssvc", + "key": "SI", + "version": "2.0.0", + "name": "Safety Impact", + "description": "The safety impact of the vulnerability. (based on IEC 61508)", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + }, + { + "key": "M", + "name": "Marginal", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + }, + { + "key": "R", + "name": "Critical", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." + }, + { + "key": "C", + "name": "Catastrophic", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "Negligible", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + }, + "M": { + "key": "M", + "name": "Marginal", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + }, + "R": { + "key": "R", + "name": "Critical", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." + }, + "C": { + "key": "C", + "name": "Catastrophic", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." + } + } + } + } + }, + "SC": { + "key": "SC", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "SC", + "version": "1.0.0", + "name": "Supplier Cardinality", + "description": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "O", + "name": "One", + "description": "There is only one supplier of the vulnerable component." + }, + { + "key": "M", + "name": "Multiple", + "description": "There are multiple suppliers of the vulnerable component." + } + ] + }, + "values": { + "O": { + "key": "O", + "name": "One", + "description": "There is only one supplier of the vulnerable component." + }, + "M": { + "key": "M", + "name": "Multiple", + "description": "There are multiple suppliers of the vulnerable component." + } + } + } + } + }, + "SCON": { + "key": "SCON", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "SCON", + "version": "1.0.0", + "name": "Supplier Contacted", + "description": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "The supplier has not been contacted." + }, + { + "key": "Y", + "name": "Yes", + "description": "The supplier has been contacted." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "No", + "description": "The supplier has not been contacted." + }, + "Y": { + "key": "Y", + "name": "Yes", + "description": "The supplier has been contacted." + } + } + } + } + }, + "SE": { + "key": "SE", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "SE", + "version": "1.0.0", + "name": "Supplier Engagement", + "description": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "A", + "name": "Active", + "description": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." + }, + { + "key": "U", + "name": "Unresponsive", + "description": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." + } + ] + }, + "values": { + "A": { + "key": "A", + "name": "Active", + "description": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." + }, + "U": { + "key": "U", + "name": "Unresponsive", + "description": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." + } + } + } + } + }, + "SINV": { + "key": "SINV", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "SINV", + "version": "1.0.0", + "name": "Supplier Involvement", + "description": "What is the state of the supplier’s work on addressing the vulnerability?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "FR", + "name": "Fix Ready", + "description": "The supplier has provided a patch or fix." + }, + { + "key": "C", + "name": "Cooperative", + "description": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." + }, + { + "key": "UU", + "name": "Uncooperative/Unresponsive", + "description": "The supplier has not responded, declined to generate a remediation, or no longer exists." + } + ] + }, + "values": { + "FR": { + "key": "FR", + "name": "Fix Ready", + "description": "The supplier has provided a patch or fix." + }, + "C": { + "key": "C", + "name": "Cooperative", + "description": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." + }, + "UU": { + "key": "UU", + "name": "Uncooperative/Unresponsive", + "description": "The supplier has not responded, declined to generate a remediation, or no longer exists." + } + } + } + } + }, + "EXP": { + "key": "EXP", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "EXP", + "version": "1.0.0", + "name": "System Exposure", + "description": "The Accessible Attack Surface of the Affected System or Service", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "S", + "name": "Small", + "description": "Local service or program; highly controlled network" + }, + { + "key": "C", + "name": "Controlled", + "description": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + }, + { + "key": "U", + "name": "Unavoidable", + "description": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + } + ] + }, + "values": { + "S": { + "key": "S", + "name": "Small", + "description": "Local service or program; highly controlled network" + }, + "C": { + "key": "C", + "name": "Controlled", + "description": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + }, + "U": { + "key": "U", + "name": "Unavoidable", + "description": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + } + } + }, + "1.0.1": { + "version": "1.0.1", + "obj": { + "namespace": "ssvc", + "key": "EXP", + "version": "1.0.1", + "name": "System Exposure", + "description": "The Accessible Attack Surface of the Affected System or Service", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "S", + "name": "Small", + "description": "Local service or program; highly controlled network" + }, + { + "key": "C", + "name": "Controlled", + "description": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + }, + { + "key": "O", + "name": "Open", + "description": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + } + ] + }, + "values": { + "S": { + "key": "S", + "name": "Small", + "description": "Local service or program; highly controlled network" + }, + "C": { + "key": "C", + "name": "Controlled", + "description": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + }, + "O": { + "key": "O", + "name": "Open", + "description": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + } + } + } + } + }, + "TI": { + "key": "TI", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "TI", + "version": "1.0.0", + "name": "Technical Impact", + "description": "The technical impact of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "P", + "name": "Partial", + "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." + }, + { + "key": "T", + "name": "Total", + "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." + } + ] + }, + "values": { + "P": { + "key": "P", + "name": "Partial", + "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." + }, + "T": { + "key": "T", + "name": "Total", + "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." + } + } + } + } + }, + "U": { + "key": "U", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "U", + "version": "1.0.0", + "name": "Utility", + "description": "The Usefulness of the Exploit to the Adversary", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Laborious", + "description": "Virulence:Slow and Value Density:Diffuse" + }, + { + "key": "E", + "name": "Efficient", + "description": "Virulence:Rapid and Value Density:Diffuse OR Virulence:Slow and Value Density:Concentrated" + }, + { + "key": "S", + "name": "Super Effective", + "description": "Virulence:Rapid and Value Density:Concentrated" + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Laborious", + "description": "Virulence:Slow and Value Density:Diffuse" + }, + "E": { + "key": "E", + "name": "Efficient", + "description": "Virulence:Rapid and Value Density:Diffuse OR Virulence:Slow and Value Density:Concentrated" + }, + "S": { + "key": "S", + "name": "Super Effective", + "description": "Virulence:Rapid and Value Density:Concentrated" + } + } + }, + "1.0.1": { + "version": "1.0.1", + "obj": { + "namespace": "ssvc", + "key": "U", + "version": "1.0.1", + "name": "Utility", + "description": "The Usefulness of the Exploit to the Adversary", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Laborious", + "description": "Automatable:No AND Value Density:Diffuse" + }, + { + "key": "E", + "name": "Efficient", + "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + }, + { + "key": "S", + "name": "Super Effective", + "description": "Automatable:Yes AND Value Density:Concentrated" + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Laborious", + "description": "Automatable:No AND Value Density:Diffuse" + }, + "E": { + "key": "E", + "name": "Efficient", + "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + }, + "S": { + "key": "S", + "name": "Super Effective", + "description": "Automatable:Yes AND Value Density:Concentrated" + } + } + } + } + }, + "VD": { + "key": "VD", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "VD", + "version": "1.0.0", + "name": "Value Density", + "description": "The concentration of value in the target", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Diffuse", + "description": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." + }, + { + "key": "C", + "name": "Concentrated", + "description": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." + } + ] + }, + "values": { + "D": { + "key": "D", + "name": "Diffuse", + "description": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." + }, + "C": { + "key": "C", + "name": "Concentrated", + "description": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." + } + } + } + } + }, + "COORDINATE": { + "key": "COORDINATE", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "COORDINATE", + "version": "1.0.0", + "name": "Decline, Track, Coordinate", + "description": "The coordinate outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Decline", + "description": "Decline" + }, + { + "key": "T", + "name": "Track", + "description": "Track" + }, + { + "key": "C", + "name": "Coordinate", + "description": "Coordinate" + } + ] + }, + "values": { + "D": { + "key": "D", + "name": "Decline", + "description": "Decline" + }, + "T": { + "key": "T", + "name": "Track", + "description": "Track" + }, + "C": { + "key": "C", + "name": "Coordinate", + "description": "Coordinate" + } + } + } + } + }, + "DSOI": { + "key": "DSOI", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "DSOI", + "version": "1.0.0", + "name": "Defer, Scheduled, Out-of-Cycle, Immediate", + "description": "The original SSVC outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Defer", + "description": "Defer" + }, + { + "key": "S", + "name": "Scheduled", + "description": "Scheduled" + }, + { + "key": "O", + "name": "Out-of-Cycle", + "description": "Out-of-Cycle" + }, + { + "key": "I", + "name": "Immediate", + "description": "Immediate" + } + ] + }, + "values": { + "D": { + "key": "D", + "name": "Defer", + "description": "Defer" + }, + "S": { + "key": "S", + "name": "Scheduled", + "description": "Scheduled" + }, + "O": { + "key": "O", + "name": "Out-of-Cycle", + "description": "Out-of-Cycle" + }, + "I": { + "key": "I", + "name": "Immediate", + "description": "Immediate" + } + } + } + } + }, + "PUBLISH": { + "key": "PUBLISH", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "PUBLISH", + "version": "1.0.0", + "name": "Publish, Do Not Publish", + "description": "The publish outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Do Not Publish", + "description": "Do Not Publish" + }, + { + "key": "P", + "name": "Publish", + "description": "Publish" + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "Do Not Publish", + "description": "Do Not Publish" + }, + "P": { + "key": "P", + "name": "Publish", + "description": "Publish" + } + } + } + } + } + } + }, + "basic": { + "namespace": "basic", + "keys": { + "IKE": { + "key": "IKE", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "basic", + "key": "IKE", + "version": "1.0.0", + "name": "Do, Schedule, Delegate, Delete", + "description": "The Eisenhower outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Delete", + "description": "Delete" + }, + { + "key": "G", + "name": "Delegate", + "description": "Delegate" + }, + { + "key": "S", + "name": "Schedule", + "description": "Schedule" + }, + { + "key": "O", + "name": "Do", + "description": "Do" + } + ] + }, + "values": { + "D": { + "key": "D", + "name": "Delete", + "description": "Delete" + }, + "G": { + "key": "G", + "name": "Delegate", + "description": "Delegate" + }, + "S": { + "key": "S", + "name": "Schedule", + "description": "Schedule" + }, + "O": { + "key": "O", + "name": "Do", + "description": "Do" + } + } + } + } + }, + "MSCW": { + "key": "MSCW", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "basic", + "key": "MSCW", + "version": "1.0.0", + "name": "MoSCoW", + "description": "The MoSCoW (Must, Should, Could, Won't) outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "W", + "name": "Won't", + "description": "Won't" + }, + { + "key": "C", + "name": "Could", + "description": "Could" + }, + { + "key": "S", + "name": "Should", + "description": "Should" + }, + { + "key": "M", + "name": "Must", + "description": "Must" + } + ] + }, + "values": { + "W": { + "key": "W", + "name": "Won't", + "description": "Won't" + }, + "C": { + "key": "C", + "name": "Could", + "description": "Could" + }, + "S": { + "key": "S", + "name": "Should", + "description": "Should" + }, + "M": { + "key": "M", + "name": "Must", + "description": "Must" + } + } + } + } + }, + "VALUE_COMPLEXITY": { + "key": "VALUE_COMPLEXITY", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "basic", + "key": "VALUE_COMPLEXITY", + "version": "1.0.0", + "name": "Value, Complexity", + "description": "The Value/Complexity outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Drop", + "description": "Drop" + }, + { + "key": "R", + "name": "Reconsider Later", + "description": "Reconsider Later" + }, + { + "key": "E", + "name": "Easy Win", + "description": "Easy Win" + }, + { + "key": "F", + "name": "Do First", + "description": "Do First" + } + ] + }, + "values": { + "D": { + "key": "D", + "name": "Drop", + "description": "Drop" + }, + "R": { + "key": "R", + "name": "Reconsider Later", + "description": "Reconsider Later" + }, + "E": { + "key": "E", + "name": "Easy Win", + "description": "Easy Win" + }, + "F": { + "key": "F", + "name": "Do First", + "description": "Do First" + } + } + } + } + }, + "YN": { + "key": "YN", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "basic", + "key": "YN", + "version": "1.0.0", + "name": "YesNo", + "description": "A Yes/No decision point / outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "No" + }, + { + "key": "Y", + "name": "Yes", + "description": "Yes" + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "No", + "description": "No" + }, + "Y": { + "key": "Y", + "name": "Yes", + "description": "Yes" + } + } + } + } + }, + "LMH": { + "key": "LMH", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "basic", + "key": "LMH", + "version": "1.0.0", + "name": "LowMediumHigh", + "description": "A Low/Medium/High decision point / outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Low" + }, + { + "key": "M", + "name": "Medium", + "description": "Medium" + }, + { + "key": "H", + "name": "High", + "description": "High" + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Low" + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Medium" + }, + "H": { + "key": "H", + "name": "High", + "description": "High" + } + } + } + } + } + } + }, + "x_com.yahooinc": { + "namespace": "x_com.yahooinc", + "keys": { + "PARANOIDS": { + "key": "PARANOIDS", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "x_com.yahooinc", + "key": "PARANOIDS", + "version": "1.0.0", + "name": "theParanoids", + "description": "PrioritizedRiskRemediation outcome group based on TheParanoids.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "5", + "name": "Track 5", + "description": "Track" + }, + { + "key": "4", + "name": "Track Closely 4", + "description": "Track Closely" + }, + { + "key": "3", + "name": "Attend 3", + "description": "Attend" + }, + { + "key": "2", + "name": "Attend 2", + "description": "Attend" + }, + { + "key": "1", + "name": "Act 1", + "description": "Act" + }, + { + "key": "0", + "name": "Act ASAP 0", + "description": "Act ASAP" + } + ] + }, + "values": { + "5": { + "key": "5", + "name": "Track 5", + "description": "Track" + }, + "4": { + "key": "4", + "name": "Track Closely 4", + "description": "Track Closely" + }, + "3": { + "key": "3", + "name": "Attend 3", + "description": "Attend" + }, + "2": { + "key": "2", + "name": "Attend 2", + "description": "Attend" + }, + "1": { + "key": "1", + "name": "Act 1", + "description": "Act" + }, + "0": { + "key": "0", + "name": "Act ASAP 0", + "description": "Act ASAP" + } + } + } + } + } + } + } + } + }, + "DecisionTable": { + "type": "DecisionTable", + "namespaces": { + "ssvc": { + "namespace": "ssvc", + "keys": { + "DT_HI": { + "key": "DT_HI", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "DT_HI", + "version": "1.0.0", + "name": "Human Impact", + "description": "Human Impact decision table for SSVC", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:SI:1.0.0": { + "namespace": "ssvc", + "key": "SI", + "version": "1.0.0", + "name": "Safety Impact", + "description": "The safety impact of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "The effect is below the threshold for all aspects described in Minor." + }, + { + "key": "M", + "name": "Minor", + "description": "Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + }, + { + "key": "J", + "name": "Major", + "description": "Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + }, + { + "key": "H", + "name": "Hazardous", + "description": "Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A." + }, + { + "key": "C", + "name": "Catastrophic", + "description": "Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A." + } + ] + }, + "ssvc:MI:2.0.0": { + "namespace": "ssvc", + "key": "MI", + "version": "2.0.0", + "name": "Mission Impact", + "description": "Impact on Mission Essential Functions of the Organization", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Degraded", + "description": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" + }, + { + "key": "MSC", + "name": "MEF Support Crippled", + "description": "Activities that directly support essential functions are crippled; essential functions continue for a time" + }, + { + "key": "MEF", + "name": "MEF Failure", + "description": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + }, + { + "key": "MF", + "name": "Mission Failure", + "description": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + } + ] + }, + "ssvc:HI:2.0.1": { + "namespace": "ssvc", + "key": "HI", + "version": "2.0.1", + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + }, + { + "key": "M", + "name": "Medium", + "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + }, + { + "key": "H", + "name": "High", + "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + { + "key": "VH", + "name": "Very High", + "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + } + ] + } + }, + "outcome": "ssvc:HI:2.0.1", + "mapping": [ + { + "ssvc:SI:1.0.0": "N", + "ssvc:MI:2.0.0": "D", + "ssvc:HI:2.0.1": "L" + }, + { + "ssvc:SI:1.0.0": "N", + "ssvc:MI:2.0.0": "MSC", + "ssvc:HI:2.0.1": "L" + }, + { + "ssvc:SI:1.0.0": "N", + "ssvc:MI:2.0.0": "MEF", + "ssvc:HI:2.0.1": "M" + }, + { + "ssvc:SI:1.0.0": "N", + "ssvc:MI:2.0.0": "MF", + "ssvc:HI:2.0.1": "VH" + }, + { + "ssvc:SI:1.0.0": "M", + "ssvc:MI:2.0.0": "D", + "ssvc:HI:2.0.1": "L" + }, + { + "ssvc:SI:1.0.0": "M", + "ssvc:MI:2.0.0": "MSC", + "ssvc:HI:2.0.1": "L" + }, + { + "ssvc:SI:1.0.0": "M", + "ssvc:MI:2.0.0": "MEF", + "ssvc:HI:2.0.1": "M" + }, + { + "ssvc:SI:1.0.0": "M", + "ssvc:MI:2.0.0": "MF", + "ssvc:HI:2.0.1": "VH" + }, + { + "ssvc:SI:1.0.0": "J", + "ssvc:MI:2.0.0": "D", + "ssvc:HI:2.0.1": "M" + }, + { + "ssvc:SI:1.0.0": "J", + "ssvc:MI:2.0.0": "MSC", + "ssvc:HI:2.0.1": "M" + }, + { + "ssvc:SI:1.0.0": "J", + "ssvc:MI:2.0.0": "MEF", + "ssvc:HI:2.0.1": "H" + }, + { + "ssvc:SI:1.0.0": "J", + "ssvc:MI:2.0.0": "MF", + "ssvc:HI:2.0.1": "VH" + }, + { + "ssvc:SI:1.0.0": "H", + "ssvc:MI:2.0.0": "D", + "ssvc:HI:2.0.1": "H" + }, + { + "ssvc:SI:1.0.0": "H", + "ssvc:MI:2.0.0": "MSC", + "ssvc:HI:2.0.1": "H" + }, + { + "ssvc:SI:1.0.0": "H", + "ssvc:MI:2.0.0": "MEF", + "ssvc:HI:2.0.1": "H" + }, + { + "ssvc:SI:1.0.0": "H", + "ssvc:MI:2.0.0": "MF", + "ssvc:HI:2.0.1": "VH" + }, + { + "ssvc:SI:1.0.0": "C", + "ssvc:MI:2.0.0": "D", + "ssvc:HI:2.0.1": "VH" + }, + { + "ssvc:SI:1.0.0": "C", + "ssvc:MI:2.0.0": "MSC", + "ssvc:HI:2.0.1": "VH" + }, + { + "ssvc:SI:1.0.0": "C", + "ssvc:MI:2.0.0": "MEF", + "ssvc:HI:2.0.1": "VH" + }, + { + "ssvc:SI:1.0.0": "C", + "ssvc:MI:2.0.0": "MF", + "ssvc:HI:2.0.1": "VH" + } + ] + } + } + } + }, + "DT_SP": { + "key": "DT_SP", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "DT_SP", + "version": "1.0.0", + "name": "Supplier Patch Development Priority", + "description": "Decision table for evaluating supplier patch development priority in SSVC", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:E:1.1.0": { + "namespace": "ssvc", + "key": "E", + "version": "1.1.0", + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + }, + { + "key": "P", + "name": "Public PoC", + "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + }, + { + "key": "A", + "name": "Active", + "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + } + ] + }, + "ssvc:U:1.0.1": { + "namespace": "ssvc", + "key": "U", + "version": "1.0.1", + "name": "Utility", + "description": "The Usefulness of the Exploit to the Adversary", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Laborious", + "description": "Automatable:No AND Value Density:Diffuse" + }, + { + "key": "E", + "name": "Efficient", + "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + }, + { + "key": "S", + "name": "Super Effective", + "description": "Automatable:Yes AND Value Density:Concentrated" + } + ] + }, + "ssvc:TI:1.0.0": { + "namespace": "ssvc", + "key": "TI", + "version": "1.0.0", + "name": "Technical Impact", + "description": "The technical impact of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "P", + "name": "Partial", + "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." + }, + { + "key": "T", + "name": "Total", + "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." + } + ] + }, + "ssvc:PSI:2.0.1": { + "namespace": "ssvc", + "key": "PSI", + "version": "2.0.1", + "name": "Public Safety Impact", + "description": "A coarse-grained representation of impact to public safety.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "M", + "name": "Minimal", + "description": "Safety Impact:Negligible" + }, + { + "key": "S", + "name": "Significant", + "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + } + ] + }, + "ssvc:DSOI:1.0.0": { + "namespace": "ssvc", + "key": "DSOI", + "version": "1.0.0", + "name": "Defer, Scheduled, Out-of-Cycle, Immediate", + "description": "The original SSVC outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Defer", + "description": "Defer" + }, + { + "key": "S", + "name": "Scheduled", + "description": "Scheduled" + }, + { + "key": "O", + "name": "Out-of-Cycle", + "description": "Out-of-Cycle" + }, + { + "key": "I", + "name": "Immediate", + "description": "Immediate" + } + ] + } + }, + "outcome": "ssvc:DSOI:1.0.0", + "mapping": [ + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + } + ] + } + } + } + }, + "DT_U": { + "key": "DT_U", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "DT_U", + "version": "1.0.0", + "name": "Utility", + "description": "Utility decision table for SSVC", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:A:2.0.0": { + "namespace": "ssvc", + "key": "A", + "version": "2.0.0", + "name": "Automatable", + "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + }, + { + "key": "Y", + "name": "Yes", + "description": "Attackers can reliably automate steps 1-4 of the kill chain." + } + ] + }, + "ssvc:VD:1.0.0": { + "namespace": "ssvc", + "key": "VD", + "version": "1.0.0", + "name": "Value Density", + "description": "The concentration of value in the target", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Diffuse", + "description": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." + }, + { + "key": "C", + "name": "Concentrated", + "description": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." + } + ] + }, + "ssvc:U:1.0.1": { + "namespace": "ssvc", + "key": "U", + "version": "1.0.1", + "name": "Utility", + "description": "The Usefulness of the Exploit to the Adversary", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Laborious", + "description": "Automatable:No AND Value Density:Diffuse" + }, + { + "key": "E", + "name": "Efficient", + "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + }, + { + "key": "S", + "name": "Super Effective", + "description": "Automatable:Yes AND Value Density:Concentrated" + } + ] + } + }, + "outcome": "ssvc:U:1.0.1", + "mapping": [ + { + "ssvc:A:2.0.0": "N", + "ssvc:VD:1.0.0": "D", + "ssvc:U:1.0.1": "L" + }, + { + "ssvc:A:2.0.0": "N", + "ssvc:VD:1.0.0": "C", + "ssvc:U:1.0.1": "E" + }, + { + "ssvc:A:2.0.0": "Y", + "ssvc:VD:1.0.0": "D", + "ssvc:U:1.0.1": "E" + }, + { + "ssvc:A:2.0.0": "Y", + "ssvc:VD:1.0.0": "C", + "ssvc:U:1.0.1": "S" + } + ] + } + } + } + } + } + } + } + } + } +} diff --git a/data/schema/current/Decision_Point.schema.json b/data/schema/current/Decision_Point.schema.json index b1e5866a..7ced5970 120000 --- a/data/schema/current/Decision_Point.schema.json +++ b/data/schema/current/Decision_Point.schema.json @@ -1 +1 @@ -../v1/Decision_Point-1-0-1.schema.json \ No newline at end of file +../v2/Decision_Point-2-0-0.schema.json \ No newline at end of file diff --git a/data/schema/current/Decision_Point_Group.schema.json b/data/schema/current/Decision_Point_Group.schema.json index 22a4f53a..1507d00b 120000 --- a/data/schema/current/Decision_Point_Group.schema.json +++ b/data/schema/current/Decision_Point_Group.schema.json @@ -1 +1 @@ -../v1/Decision_Point_Group-1-0-1.schema.json \ No newline at end of file +../v1/Decision_Point_Group-1-1-0.schema.json \ No newline at end of file diff --git a/data/schema/current/Decision_Table.schema.json b/data/schema/current/Decision_Table.schema.json new file mode 120000 index 00000000..28cbc1c8 --- /dev/null +++ b/data/schema/current/Decision_Table.schema.json @@ -0,0 +1 @@ +../v2/Decision_Table-2-0-0.schema.json \ No newline at end of file diff --git a/data/schema/v1/Decision_Point_Group-1-1-0.schema.json b/data/schema/v1/Decision_Point_Group-1-1-0.schema.json new file mode 100644 index 00000000..a30d2ad2 --- /dev/null +++ b/data/schema/v1/Decision_Point_Group-1-1-0.schema.json @@ -0,0 +1,60 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "title": "Decision Points Group schema definition.", + "$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Group-1-1-0.schema.json", + "description": "Decision Point Groups are sets of decision points pinned to specific versions of those decision points. These groups may change over time.", + "$defs": { + "schemaVersion": { + "description": "Schema version used to represent Decision Point Group.", + "type": "string", + "enum": [ + "1-0-1" + ] + }, + "decision_point_group": { + "type": "object", + "additionalProperties": false, + "properties": { + "schemaVersion": { + "$ref": "#/$defs/schemaVersion" + }, + "version": { + "$ref": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point-1-0-1.schema.json#/$defs/decision_point/properties/version" + }, + "name": { + "type": "string", + "description": "A short label that captures the description of the Decision Point Group.", + "minLength": 1, + "examples": [ + "SSVC Supplier", + "Coordinator Triage", + "SSVC Deployer" + ] + }, + "description": { + "type": "string", + "description": "A full description of the Decision Point Group.", + "minLength": 1, + "examples": [ + "These decision points used by the Coordinator during publication." + ] + }, + "decision_points": { + "type": "object", + "additionalProperties": { + "$ref": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point-1-0-1.schema.json" + }, + "description": "A set of decision points that are part of this Decision Point Group." + } + }, + "required": [ + "version", + "name", + "description", + "decision_points", + "schemaVersion" + ] + } + }, + "$ref": "#/$defs/decision_point_group" +} \ No newline at end of file diff --git a/data/schema/v2/Decision_Point-2-0-0.schema.json b/data/schema/v2/Decision_Point-2-0-0.schema.json new file mode 100644 index 00000000..070cb211 --- /dev/null +++ b/data/schema/v2/Decision_Point-2-0-0.schema.json @@ -0,0 +1,117 @@ +{ + "title": "DecisionPoint", + "description": "Models a single decision point as a list of values.\n\nDecision points should have the following attributes:\n\n- name (str): The name of the decision point\n- description (str): A description of the decision point\n- version (str): A semantic version string for the decision point\n- namespace (str): The namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point\n- key (str): A key (a short, unique string within the namespace) that can be used to identify the decision point in a shorthand way\n- values (tuple): A tuple of DecisionPointValue objects", + "type": "object", + "$defs": { + "DecisionPointValue": { + "title": "DecisionPointValue", + "description": "Models a single value option for a decision point.\n\nEach value should have the following attributes:\n\n- name (str): A name\n- description (str): A description\n- key (str): A key (a short, unique string) that can be used to identify the value in a shorthand way\n- _comment (str): An optional comment that will be included in the object.", + "properties": { + "key": { + "title": "Key", + "description": "A short, non-empty string identifier for the object. Keys must start with an alphanumeric, contain only alphanumerics and `_`, and end with an alphanumeric.(`T*` is explicitly grandfathered in as a valid key, but should not be used for new objects.)", + "examples": [ + "E", + "A", + "SI", + "L", + "M", + "H", + "Mixed_case_OK", + "alph4num3ric" + ], + "minLength": 1, + "pattern": "^(([a-zA-Z0-9])|([a-zA-Z0-9][a-zA-Z0-9_]*[a-zA-Z0-9])|(T\\*))$", + "type": "string" + }, + "name": { + "title": "Name", + "type": "string" + }, + "description": { + "title": "Description", + "type": "string" + } + }, + "required": [ + "key", + "name", + "description" + ], + "type": "object" + } + }, + "properties": { + "namespace": { + "title": "Namespace", + "description": "The namespace of the SSVC object.", + "examples": [ + "ssvc", + "cisa", + "x_com.example//com.example#private", + "ssvc/de-DE/example.organization#reference-arch-1" + ], + "maxLength": 1000, + "minLength": 3, + "pattern": "^(?=.{3,1000}$)(?:x_(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*)(?:(?:\\/(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])\\/|\\/\\/)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?(?:\\/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?)*)?$", + "type": "string" + }, + "key": { + "title": "Key", + "description": "A short, non-empty string identifier for the object. Keys must start with an alphanumeric, contain only alphanumerics and `_`, and end with an alphanumeric.(`T*` is explicitly grandfathered in as a valid key, but should not be used for new objects.)", + "examples": [ + "E", + "A", + "SI", + "L", + "M", + "H", + "Mixed_case_OK", + "alph4num3ric" + ], + "minLength": 1, + "pattern": "^(([a-zA-Z0-9])|([a-zA-Z0-9][a-zA-Z0-9_]*[a-zA-Z0-9])|(T\\*))$", + "type": "string" + }, + "version": { + "title": "Version", + "default": "0.0.1", + "description": "The version of the SSVC object. This must be a valid semantic version string.", + "examples": [ + "1.0.0", + "2.1.3" + ], + "minLength": 5, + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "type": "string" + }, + "name": { + "title": "Name", + "type": "string" + }, + "description": { + "title": "Description", + "type": "string" + }, + "schemaVersion": { + "title": "Schemaversion", + "const": "2.0.0", + "type": "string" + }, + "values": { + "title": "Values", + "items": { + "$ref": "#/$defs/DecisionPointValue" + }, + "type": "array" + } + }, + "required": [ + "namespace", + "key", + "name", + "description", + "schemaVersion", + "values" + ] +} diff --git a/data/schema/v2/Decision_Point_Group-2-0-0.schema.json b/data/schema/v2/Decision_Point_Group-2-0-0.schema.json new file mode 100644 index 00000000..da2ad297 --- /dev/null +++ b/data/schema/v2/Decision_Point_Group-2-0-0.schema.json @@ -0,0 +1,162 @@ +{ + "title": "DecisionPointGroup", + "description": "Models a group of decision points as a dictionary, keyed by their ID.", + "type": "object", + "$defs": { + "DecisionPoint": { + "title": "DecisionPoint", + "description": "Models a single decision point as a list of values.\n\nDecision points should have the following attributes:\n\n- name (str): The name of the decision point\n- description (str): A description of the decision point\n- version (str): A semantic version string for the decision point\n- namespace (str): The namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point\n- key (str): A key (a short, unique string within the namespace) that can be used to identify the decision point in a shorthand way\n- values (tuple): A tuple of DecisionPointValue objects", + "properties": { + "namespace": { + "title": "Namespace", + "description": "The namespace of the SSVC object.", + "examples": [ + "ssvc", + "cisa", + "x_com.example//com.example#private", + "ssvc/de-DE/example.organization#reference-arch-1" + ], + "maxLength": 1000, + "minLength": 3, + "pattern": "^(?=.{3,1000}$)(?:x_(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*)(?:(?:\\/(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])\\/|\\/\\/)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?(?:\\/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?)*)?$", + "type": "string" + }, + "key": { + "title": "Key", + "description": "A short, non-empty string identifier for the object. Keys must start with an alphanumeric, contain only alphanumerics and `_`, and end with an alphanumeric.(`T*` is explicitly grandfathered in as a valid key, but should not be used for new objects.)", + "examples": [ + "E", + "A", + "SI", + "L", + "M", + "H", + "Mixed_case_OK", + "alph4num3ric" + ], + "minLength": 1, + "pattern": "^(([a-zA-Z0-9])|([a-zA-Z0-9][a-zA-Z0-9_]*[a-zA-Z0-9])|(T\\*))$", + "type": "string" + }, + "version": { + "title": "Version", + "default": "0.0.1", + "description": "The version of the SSVC object. This must be a valid semantic version string.", + "examples": [ + "1.0.0", + "2.1.3" + ], + "minLength": 5, + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "type": "string" + }, + "name": { + "title": "Name", + "type": "string" + }, + "description": { + "title": "Description", + "type": "string" + }, + "schemaVersion": { + "title": "Schemaversion", + "const": "2.0.0", + "type": "string" + }, + "values": { + "title": "Values", + "items": { + "$ref": "#/$defs/DecisionPointValue" + }, + "type": "array" + } + }, + "required": [ + "namespace", + "key", + "name", + "description", + "schemaVersion", + "values" + ], + "type": "object" + }, + "DecisionPointValue": { + "title": "DecisionPointValue", + "description": "Models a single value option for a decision point.\n\nEach value should have the following attributes:\n\n- name (str): A name\n- description (str): A description\n- key (str): A key (a short, unique string) that can be used to identify the value in a shorthand way\n- _comment (str): An optional comment that will be included in the object.", + "properties": { + "key": { + "title": "Key", + "description": "A short, non-empty string identifier for the object. Keys must start with an alphanumeric, contain only alphanumerics and `_`, and end with an alphanumeric.(`T*` is explicitly grandfathered in as a valid key, but should not be used for new objects.)", + "examples": [ + "E", + "A", + "SI", + "L", + "M", + "H", + "Mixed_case_OK", + "alph4num3ric" + ], + "minLength": 1, + "pattern": "^(([a-zA-Z0-9])|([a-zA-Z0-9][a-zA-Z0-9_]*[a-zA-Z0-9])|(T\\*))$", + "type": "string" + }, + "name": { + "title": "Name", + "type": "string" + }, + "description": { + "title": "Description", + "type": "string" + } + }, + "required": [ + "key", + "name", + "description" + ], + "type": "object" + } + }, + "properties": { + "version": { + "title": "Version", + "default": "0.0.1", + "description": "The version of the SSVC object. This must be a valid semantic version string.", + "examples": [ + "1.0.0", + "2.1.3" + ], + "minLength": 5, + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "type": "string" + }, + "schemaVersion": { + "title": "Schemaversion", + "const": "2.0.0", + "type": "string" + }, + "name": { + "title": "Name", + "type": "string" + }, + "description": { + "title": "Description", + "type": "string" + }, + "decision_points": { + "title": "Decision Points", + "additionalProperties": { + "$ref": "#/$defs/DecisionPoint" + }, + "type": "object" + } + }, + "required": [ + "schemaVersion", + "name", + "description", + "decision_points" + ] +} diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index d2a96b4b..7bbf67d4 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -1,120 +1,15 @@ { + "title": "Decision Point Value Selection List", "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://certcc.github.io/SSVC/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json", - "title": "Decision Point Value Selection List", "description": "This schema defines the structure for representing selected values from SSVC Decision Points. Each selection list can have multiple selection objects, each representing a decision point, and each selection object can have multiple selected values when full certainty (i.e., a singular value selection) is not available.", "type": "object", - "properties": { - "timestamp": { - "description": "Timestamp of the selections, in RFC 3339 format.", - "examples": [ - "2025-01-01T12:00:00Z", - "2025-01-02T15:30:45-04:00" - ], - "format": "date-time", - "title": "Timestamp", - "type": "string" - }, - "schemaVersion": { - "const": "2.0.0", - "description": "The schema version of this selection list.", - "title": "Schemaversion", - "type": "string" - }, - "target_ids": { - "description": "Optional list of identifiers for the item or items (vulnerabilities, reports, advisories, systems, assets, etc.) being evaluated by these selections.", - "examples": [ - [ - "CVE-1900-0000" - ], - [ - "VU#999999", - "GHSA-0123-4567-89ab" - ] - ], - "items": { - "type": "string" - }, - "minItems": 1, - "title": "Target Ids", - "type": "array" - }, - "selections": { - "description": "List of selections made from decision points. Each selection item corresponds to value keys contained in a specific decision point identified by its namespace, key, and version. Note that selection objects are deliberately minimal objects and do not contain the full decision point details.", - "items": { - "$ref": "#/$defs/Selection" - }, - "minItems": 1, - "title": "Selections", - "type": "array" - }, - "resources": { - "description": "A list of references to resources that provide additional context about the decision points found in this selection.", - "examples": [ - [ - { - "description": "Documentation for a set of decision points", - "uri": "https://example.com/decision_points" - }, - { - "description": "JSON representation of decision point 2", - "uri": "https://example.org/definitions/dp2.json" - }, - { - "description": "A JSON file containing extension decision points in the x_com.example namespace", - "uri": "https://example.com/ssvc/x_com.example/decision_points.json" - } - ] - ], - "items": { - "$ref": "#/$defs/Reference" - }, - "minItems": 1, - "title": "Resources", - "type": "array" - }, - "references": { - "description": "A list of references to resources that provide additional context about the specific values selected.", - "examples": [ - [ - { - "description": "A report on which the selections were based", - "uri": "https://example.com/report" - } - ], - [ - { - "description": "A code section on which the selections were based", - "uri": "https://git.example.com/some-relevant-path/code#L21-42" - }, - { - "description": "A code section on which calls the vulnerable function", - "uri": "https://git.example.com/some-relevant-path/callingcode#L91-16" - } - ] - ], - "items": { - "$ref": "#/$defs/Reference" - }, - "minItems": 1, - "title": "References", - "type": "array" - } - }, - "required": [ - "timestamp", - "schemaVersion", - "selections" - ], - "additionalProperties": false, "$defs": { "MinimalDecisionPointValue": { + "title": "MinimalDecisionPointValue", + "additionalProperties": false, "description": "A minimal representation of a decision point value.\nIntended to parallel the DecisionPointValue object, but with fewer required fields.\nA decision point value is uniquely identified within a decision point by its key.\nGlobally, the combination of Decision Point namespace, key, and version coupled with the value key\nuniquely identifies a value across all decision points and values.\nOther required fields in the DecisionPointValue object, such as name and description, are optional here.", "properties": { - "key": { - "title": "Key", - "type": "string" - }, "name": { "title": "Name", "type": "string" @@ -122,48 +17,59 @@ "description": { "title": "Description", "type": "string" + }, + "key": { + "title": "Key", + "description": "A short, non-empty string identifier for the object. Keys must start with an alphanumeric, contain only alphanumerics and `_`, and end with an alphanumeric.(`T*` is explicitly grandfathered in as a valid key, but should not be used for new objects.)", + "examples": [ + "E", + "A", + "SI", + "L", + "M", + "H", + "Mixed_case_OK", + "alph4num3ric" + ], + "minLength": 1, + "pattern": "^(([a-zA-Z0-9])|([a-zA-Z0-9][a-zA-Z0-9_]*[a-zA-Z0-9])|(T\\*))$", + "type": "string" } }, "required": [ "key" ], - "title": "MinimalDecisionPointValue", "type": "object" }, "Reference": { + "title": "Reference", "additionalProperties": false, "description": "A reference to a resource that provides additional context about the decision points or selections.\nThis object is intentionally minimal and contains only the URL and an optional description.", "properties": { "uri": { + "title": "Uri", "format": "uri", "minLength": 1, - "title": "Uri", "type": "string" }, - "description": { - "title": "Description", + "summary": { + "title": "Summary", "type": "string" } }, "required": [ - "uri" + "uri", + "summary" ], - "title": "Reference", "type": "object" }, "Selection": { + "title": "Selection", "additionalProperties": false, "description": "A minimal selection object that contains the decision point ID and the selected values.\nWhile the Selection object parallels the DecisionPoint object, it is intentionally minimal, with\nfewer required fields and no additional metadata, as it is meant to represent a selection made from a\npreviously defined decision point. The expectation is that a Selection object will usually have\nfewer values than the original decision point, as it represents a specific evaluation\nat a specific time and may therefore rule out some values that were previously considered.\nOther fields like name and description may be copied from the decision point, but are not required.", "properties": { - "name": { - "title": "Name", - "type": "string" - }, - "description": { - "title": "Description", - "type": "string" - }, "namespace": { + "title": "Namespace", "description": "The namespace of the SSVC object.", "examples": [ "ssvc", @@ -173,15 +79,28 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(?:x_(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*)(?:(?:/(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])/|//)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?(?:/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?)*)?$", - "title": "Namespace", + "pattern": "^(?=.{3,1000}$)(?:x_(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*)(?:(?:\\/(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])\\/|\\/\\/)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?(?:\\/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?)*)?$", "type": "string" }, "key": { "title": "Key", + "description": "A short, non-empty string identifier for the object. Keys must start with an alphanumeric, contain only alphanumerics and `_`, and end with an alphanumeric.(`T*` is explicitly grandfathered in as a valid key, but should not be used for new objects.)", + "examples": [ + "E", + "A", + "SI", + "L", + "M", + "H", + "Mixed_case_OK", + "alph4num3ric" + ], + "minLength": 1, + "pattern": "^(([a-zA-Z0-9])|([a-zA-Z0-9][a-zA-Z0-9_]*[a-zA-Z0-9])|(T\\*))$", "type": "string" }, "version": { + "title": "Version", "description": "The version of the SSVC object. This must be a valid semantic version string.", "examples": [ "1.0.0", @@ -189,10 +108,18 @@ ], "minLength": 5, "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", - "title": "Version", + "type": "string" + }, + "name": { + "title": "Name", + "type": "string" + }, + "description": { + "title": "Description", "type": "string" }, "values": { + "title": "Values", "description": "A list of selected value keys from the decision point values.", "examples": [ [ @@ -219,7 +146,6 @@ "$ref": "#/$defs/MinimalDecisionPointValue" }, "minItems": 1, - "title": "Values", "type": "array" } }, @@ -229,8 +155,100 @@ "version", "values" ], - "title": "Selection", "type": "object" } - } + }, + "properties": { + "timestamp": { + "title": "Timestamp", + "description": "Timestamp of the selections, in RFC 3339 format.", + "examples": [ + "2025-01-01T12:00:00Z", + "2025-01-02T15:30:45-04:00" + ], + "format": "date-time", + "type": "string" + }, + "schemaVersion": { + "title": "Schemaversion", + "const": "2.0.0", + "description": "The schema version of this selection list.", + "type": "string" + }, + "target_ids": { + "title": "Target Ids", + "description": "Optional list of identifiers for the item or items (vulnerabilities, reports, advisories, systems, assets, etc.) being evaluated by these selections.", + "examples": [ + [ + "CVE-1900-0000" + ], + [ + "VU#999999", + "GHSA-0123-4567-89ab" + ] + ], + "items": { + "type": "string" + }, + "minItems": 1, + "type": "array" + }, + "selections": { + "title": "Selections", + "description": "List of selections made from decision points. Each selection item corresponds to value keys contained in a specific decision point identified by its namespace, key, and version. Note that selection objects are deliberately minimal objects and do not contain the full decision point details.", + "items": { + "$ref": "#/$defs/Selection" + }, + "minItems": 1, + "type": "array" + }, + "resources": { + "title": "Resources", + "description": "A list of references to resources that provide additional context about the decision points found in this selection.", + "examples": [ + [ + { + "summary": "Documentation for a set of decision points", + "uri": "https://example.com/decision_points" + }, + { + "summary": "JSON representation of decision point 2", + "uri": "https://example.org/definitions/dp2.json" + }, + { + "summary": "A JSON file containing extension decision points in the x_com.example namespace", + "uri": "https://example.com/ssvc/x_com.example/decision_points.json" + } + ] + ], + "items": { + "$ref": "#/$defs/Reference" + }, + "minItems": 1, + "type": "array" + }, + "references": { + "title": "References", + "description": "A list of references to resources that provide additional context about the specific values selected.", + "examples": [ + [ + { + "summary": "A report on which the selections were based", + "uri": "https://example.com/report" + } + ] + ], + "items": { + "$ref": "#/$defs/Reference" + }, + "minItems": 1, + "type": "array" + } + }, + "required": [ + "timestamp", + "schemaVersion", + "selections" + ], + "additionalProperties": false } diff --git a/data/schema/v2/Decision_Table-2-0-0.schema.json b/data/schema/v2/Decision_Table-2-0-0.schema.json new file mode 100644 index 00000000..c6ea1d33 --- /dev/null +++ b/data/schema/v2/Decision_Table-2-0-0.schema.json @@ -0,0 +1,215 @@ +{ + "title": "DecisionTable", + "description": "DecisionTable: A flexible, serializable SSVC decision table model.\n\nThis model represents a decision table that can be used to map combinations of decision point values\nto outcomes. It allows for flexible mapping and can be used with helper methods to generate DataFrame and CSV representations\nof the decision table.\n\nAttributes:", + "type": "object", + "$defs": { + "DecisionPoint": { + "title": "DecisionPoint", + "description": "Models a single decision point as a list of values.\n\nDecision points should have the following attributes:\n\n- name (str): The name of the decision point\n- description (str): A description of the decision point\n- version (str): A semantic version string for the decision point\n- namespace (str): The namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point\n- key (str): A key (a short, unique string within the namespace) that can be used to identify the decision point in a shorthand way\n- values (tuple): A tuple of DecisionPointValue objects", + "properties": { + "namespace": { + "title": "Namespace", + "description": "The namespace of the SSVC object.", + "examples": [ + "ssvc", + "cisa", + "x_com.example//com.example#private", + "ssvc/de-DE/example.organization#reference-arch-1" + ], + "maxLength": 1000, + "minLength": 3, + "pattern": "^(?=.{3,1000}$)(?:x_(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*)(?:(?:\\/(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])\\/|\\/\\/)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?(?:\\/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?)*)?$", + "type": "string" + }, + "key": { + "title": "Key", + "description": "A short, non-empty string identifier for the object. Keys must start with an alphanumeric, contain only alphanumerics and `_`, and end with an alphanumeric.(`T*` is explicitly grandfathered in as a valid key, but should not be used for new objects.)", + "examples": [ + "E", + "A", + "SI", + "L", + "M", + "H", + "Mixed_case_OK", + "alph4num3ric" + ], + "minLength": 1, + "pattern": "^(([a-zA-Z0-9])|([a-zA-Z0-9][a-zA-Z0-9_]*[a-zA-Z0-9])|(T\\*))$", + "type": "string" + }, + "version": { + "title": "Version", + "default": "0.0.1", + "description": "The version of the SSVC object. This must be a valid semantic version string.", + "examples": [ + "1.0.0", + "2.1.3" + ], + "minLength": 5, + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "type": "string" + }, + "name": { + "title": "Name", + "type": "string" + }, + "description": { + "title": "Description", + "type": "string" + }, + "schemaVersion": { + "title": "Schemaversion", + "const": "2.0.0", + "type": "string" + }, + "values": { + "title": "Values", + "items": { + "$ref": "#/$defs/DecisionPointValue" + }, + "type": "array" + } + }, + "required": [ + "namespace", + "key", + "name", + "description", + "schemaVersion", + "values" + ], + "type": "object" + }, + "DecisionPointValue": { + "title": "DecisionPointValue", + "description": "Models a single value option for a decision point.\n\nEach value should have the following attributes:\n\n- name (str): A name\n- description (str): A description\n- key (str): A key (a short, unique string) that can be used to identify the value in a shorthand way\n- _comment (str): An optional comment that will be included in the object.", + "properties": { + "key": { + "title": "Key", + "description": "A short, non-empty string identifier for the object. Keys must start with an alphanumeric, contain only alphanumerics and `_`, and end with an alphanumeric.(`T*` is explicitly grandfathered in as a valid key, but should not be used for new objects.)", + "examples": [ + "E", + "A", + "SI", + "L", + "M", + "H", + "Mixed_case_OK", + "alph4num3ric" + ], + "minLength": 1, + "pattern": "^(([a-zA-Z0-9])|([a-zA-Z0-9][a-zA-Z0-9_]*[a-zA-Z0-9])|(T\\*))$", + "type": "string" + }, + "name": { + "title": "Name", + "type": "string" + }, + "description": { + "title": "Description", + "type": "string" + } + }, + "required": [ + "key", + "name", + "description" + ], + "type": "object" + } + }, + "properties": { + "namespace": { + "title": "Namespace", + "description": "The namespace of the SSVC object.", + "examples": [ + "ssvc", + "cisa", + "x_com.example//com.example#private", + "ssvc/de-DE/example.organization#reference-arch-1" + ], + "maxLength": 1000, + "minLength": 3, + "pattern": "^(?=.{3,1000}$)(?:x_(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*)(?:(?:\\/(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])\\/|\\/\\/)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?(?:\\/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?)*)?$", + "type": "string" + }, + "key": { + "title": "Key", + "description": "A short, non-empty string identifier for the object. Keys must start with an alphanumeric, contain only alphanumerics and `_`, and end with an alphanumeric.(`T*` is explicitly grandfathered in as a valid key, but should not be used for new objects.)", + "examples": [ + "E", + "A", + "SI", + "L", + "M", + "H", + "Mixed_case_OK", + "alph4num3ric" + ], + "minLength": 1, + "pattern": "^(([a-zA-Z0-9])|([a-zA-Z0-9][a-zA-Z0-9_]*[a-zA-Z0-9])|(T\\*))$", + "type": "string" + }, + "version": { + "title": "Version", + "default": "0.0.1", + "description": "The version of the SSVC object. This must be a valid semantic version string.", + "examples": [ + "1.0.0", + "2.1.3" + ], + "minLength": 5, + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "type": "string" + }, + "name": { + "title": "Name", + "type": "string" + }, + "description": { + "title": "Description", + "type": "string" + }, + "schemaVersion": { + "title": "Schemaversion", + "const": "2.0.0", + "type": "string" + }, + "decision_points": { + "title": "Decision Points", + "additionalProperties": { + "$ref": "#/$defs/DecisionPoint" + }, + "description": "A non-empty dictionary of decision points Decision point IDs are recommended as keys.", + "minProperties": 1, + "type": "object" + }, + "outcome": { + "title": "Outcome", + "description": "The key of the decision point in `self.decision_points` that represents the outcome of the decision table.", + "minLength": 1, + "type": "string" + }, + "mapping": { + "title": "Mapping", + "description": "Mapping of decision point values to outcomes.", + "items": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "namespace", + "key", + "name", + "description", + "schemaVersion", + "decision_points", + "outcome" + ] +} diff --git a/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json b/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json new file mode 100644 index 00000000..7b869afb --- /dev/null +++ b/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json @@ -0,0 +1,197 @@ +{ + "title": "SsvcObjectRegistry", + "type": "object", + "$defs": { + "Key": { + "title": "Key", + "properties": { + "key": { + "title": "Key", + "type": "string" + }, + "versions": { + "title": "Versions", + "additionalProperties": { + "anyOf": [ + { + "$ref": "#/$defs/NonValuedVersion" + }, + { + "$ref": "#/$defs/ValuedVersion" + } + ] + }, + "description": "A dictionary mapping version strings to versioned objects.", + "type": "object" + } + }, + "required": [ + "key" + ], + "type": "object" + }, + "Namespace": { + "title": "Namespace", + "properties": { + "namespace": { + "title": "Namespace", + "type": "string" + }, + "keys": { + "title": "Keys", + "additionalProperties": { + "$ref": "#/$defs/Key" + }, + "description": "A dictionary mapping keys to Key objects within this namespace.", + "type": "object" + } + }, + "required": [ + "namespace" + ], + "type": "object" + }, + "NonValuedVersion": { + "title": "NonValuedVersion", + "properties": { + "version": { + "title": "Version", + "description": "The version of the SSVC object. This must be a valid semantic version string.", + "examples": [ + "1.0.0", + "2.1.3" + ], + "minLength": 5, + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "type": "string" + }, + "obj": { + "title": "Obj" + } + }, + "required": [ + "version", + "obj" + ], + "type": "object" + }, + "NsType": { + "title": "NsType", + "properties": { + "type": { + "title": "Type", + "type": "string" + }, + "namespaces": { + "title": "Namespaces", + "additionalProperties": { + "$ref": "#/$defs/Namespace" + }, + "description": "A dictionary mapping namespace strings to Namespace objects.", + "type": "object" + } + }, + "required": [ + "type" + ], + "type": "object" + }, + "ValuedVersion": { + "title": "ValuedVersion", + "properties": { + "version": { + "title": "Version", + "description": "The version of the SSVC object. This must be a valid semantic version string.", + "examples": [ + "1.0.0", + "2.1.3" + ], + "minLength": 5, + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "type": "string" + }, + "obj": { + "title": "Obj" + }, + "values": { + "title": "Values", + "additionalProperties": { + "$ref": "#/$defs/_KeyedBaseModel" + }, + "description": "A dictionary mapping value keys to _Valued objects.", + "type": "object" + } + }, + "required": [ + "version", + "obj" + ], + "type": "object" + }, + "_KeyedBaseModel": { + "title": "_KeyedBaseModel", + "properties": { + "key": { + "title": "Key", + "description": "A short, non-empty string identifier for the object. Keys must start with an alphanumeric, contain only alphanumerics and `_`, and end with an alphanumeric.(`T*` is explicitly grandfathered in as a valid key, but should not be used for new objects.)", + "examples": [ + "E", + "A", + "SI", + "L", + "M", + "H", + "Mixed_case_OK", + "alph4num3ric" + ], + "minLength": 1, + "pattern": "^(([a-zA-Z0-9])|([a-zA-Z0-9][a-zA-Z0-9_]*[a-zA-Z0-9])|(T\\*))$", + "type": "string" + }, + "name": { + "title": "Name", + "type": "string" + }, + "description": { + "title": "Description", + "type": "string" + } + }, + "required": [ + "key", + "name", + "description" + ], + "type": "object" + } + }, + "properties": { + "name": { + "title": "Name", + "type": "string" + }, + "description": { + "title": "Description", + "type": "string" + }, + "schemaVersion": { + "title": "Schemaversion", + "const": "2.0.0", + "description": "The schema version of this selection list.", + "type": "string" + }, + "types": { + "title": "Types", + "additionalProperties": { + "$ref": "#/$defs/NsType" + }, + "description": "A dictionary mapping type names to NsType objects.", + "type": "object" + } + }, + "required": [ + "name", + "description", + "schemaVersion" + ] +} diff --git a/docs/howto/acuity_ramp.md b/docs/howto/acuity_ramp.md index ef1ae271..314c2059 100644 --- a/docs/howto/acuity_ramp.md +++ b/docs/howto/acuity_ramp.md @@ -92,7 +92,7 @@ data collection and analysis capabilities increase. We demonstrate this with the into their decision model. ```python exec="true" idprefix="" - from ssvc.decision_points.exploitation import LATEST + from ssvc.decision_points.ssvc.exploitation import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -105,7 +105,7 @@ data collection and analysis capabilities increase. We demonstrate this with the incorporate the `SYSTEM_EXPOSURE_1_0_1` decision point into their decision model. ```python exec="true" idprefix="" - from ssvc.decision_points.system_exposure import LATEST + from ssvc.decision_points.ssvc.system_exposure import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -121,7 +121,7 @@ data collection and analysis capabilities increase. We demonstrate this with the or by translating CVSS v3 or v4 scores into a value for this decision point. ```python exec="true" idprefix="" - from ssvc.decision_points.automatable import LATEST + from ssvc.decision_points.ssvc.automatable import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -134,8 +134,8 @@ data collection and analysis capabilities increase. We demonstrate this with the `MISSION_IMPACT_2` and `SAFETY_IMPACT_1` decision points into their decision model. ```python exec="true" idprefix="" - from ssvc.decision_points.mission_impact import LATEST as MI - from ssvc.decision_points.safety_impact import LATEST as SI + from ssvc.decision_points.ssvc.mission_impact import LATEST as MI + from ssvc.decision_points.ssvc.safety_impact import LATEST as SI from ssvc.doc_helpers import example_block diff --git a/docs/howto/bootstrap/use.md b/docs/howto/bootstrap/use.md index 6b75cba6..9093c196 100644 --- a/docs/howto/bootstrap/use.md +++ b/docs/howto/bootstrap/use.md @@ -138,7 +138,7 @@ If the analyst knows nothing, all states are possible. For example, [Utility](../../reference/decision_points/utility.md) may be [laborious](../../reference/decision_points/utility.md), [efficient](../../reference/decision_points/utility.md), or [super effective](../../reference/decision_points/system_exposure.md). ```python exec="true" idprefix="" - from ssvc.decision_points.utility import LATEST + from ssvc.decision_points.ssvc.utility import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) @@ -155,14 +155,14 @@ The merit in this “list all values” approach emerges when the stakeholder kn Extending the previous example, say the analyst knows that [*Value Density*](../../reference/decision_points/value_density.md) is [diffuse](../../reference/decision_points/value_density.md) but does not know the value for [Automatability](../../reference/decision_points/automatable.md). ```python exec="true" idprefix="" - from ssvc.decision_points.value_density import LATEST + from ssvc.decision_points.ssvc.value_density import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) ``` ```python exec="true" idprefix="" - from ssvc.decision_points.automatable import LATEST + from ssvc.decision_points.ssvc.automatable import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST)) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index 53a0775c..ec1844a0 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -357,61 +357,6 @@ based on the implementation in `src/ssvc/namespaces.py` and the NS_PATTERN regul - are separated by single forward slashes (`/`) - Multiple extension segments are allowed -!!! info "ABNF Notation" - - ```abnf - namespace = base-ns [extensions] - ; Overall namespace must be 3–1000 characters - ; (Enforced via regex length lookahead) - - base-ns = x-base / std-base - x-base = "x_" ns-core - std-base = ns-core - - ; ns-core starts with a lowercase letter and may have '.' or '-' separators. - ; Consecutive '.' or '-' are not allowed. - ns-core = LOWER ALNUMLOW *("." / "-" 1*ALNUMLOW) - - extensions = lang-ext [ *("/" ext-seg) ] - - ; Language extension: either // (empty language extension) - ; or // (BCP-47 language code) - lang-ext = "//" / ( "/" bcp47 "/" ) - - ; Extension segment between slashes. - ; - Must start with ALPHA - ; - May have '.' or '-' separators - ; - Optional '#' section, at most one per segment - ; - No consecutive '.' or '-' - ext-seg = ALPHA ALNUM * - ( ("." / "-") 1*ALNUM ) * - [ "#" 1*ALNUM * ( ("." / "-") 1*ALNUM ) ] - - ; BCP-47 tag (based on the regex expansion) - bcp47 = ( 2*3ALPHA - [ "-" 3ALPHA *2( "-" 3ALPHA ) ] - / 4*8ALPHA ) - [ "-" 4ALPHA ] - [ "-" ( 2ALPHA / 3DIGIT ) ] - * ( "-" ( 5*8ALNUM / DIGIT 3ALNUM ) ) - * ( "-" %x41-57.59-5A.61-7A.7C-7E "-" 2*8ALNUM ) - [ "-" %x58.78 1*( "-" 1*8ALNUM ) ] - / %x58.78 1*( "-" 1*8ALNUM ) - / %x49.69 "-" %x44.64 %x45.65 %x46.66 %x41.61 %x55.75 %x4C.6C %x54.74 - / %x49.69 "-" %x4D.6D %x49.69 %x4E.6E %x47.67 %x4F.6F - - ; Character sets - LOWER = %x61-7A ; a-z - ALPHA = %x41-5A / %x61-7A ; A-Z / a-z - DIGIT = %x30-39 ; 0-9 - ALNUM = ALPHA / DIGIT - ALNUMLOW = LOWER / DIGIT - - ; Constraints: - ; - No consecutive "." or "-" in ns-core or ext-seg. - ; - Each ext-seg can contain at most one "#". - ; - Overall namespace is 3–1000 chars. - ``` ## The `ssvc.namespaces` module diff --git a/docs/ssvc_overview.md b/docs/ssvc_overview.md index a917798f..74cdaeef 100644 --- a/docs/ssvc_overview.md +++ b/docs/ssvc_overview.md @@ -73,7 +73,7 @@ height = "700" /> *Exploitation* refers to how much evidence currently exists that the vulnerability is being exploited. This value is mutable because new evidence of exploit can arise at any time. ```python exec="true" idprefix="" -from ssvc.decision_points.exploitation import LATEST +from ssvc.decision_points.ssvc.exploitation import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST, include_json=False)) @@ -90,7 +90,7 @@ print(example_block(LATEST, include_json=False)) We define the following combinations to determine *Utility* values: ```python exec="true" idprefix="" -from ssvc.decision_points.utility import LATEST +from ssvc.decision_points.ssvc.utility import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST, include_json=False)) @@ -107,7 +107,7 @@ print(example_block(LATEST, include_json=False)) If the answer is 'no' to all of the above questions, then the attack is presumed to gain *Partial* control of the system. Examples of *Partial* control include denial of service and memory address information leaks. ```python exec="true" idprefix="" -from ssvc.decision_points.technical_impact import LATEST +from ssvc.decision_points.ssvc.technical_impact import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST, include_json=False)) @@ -118,7 +118,7 @@ print(example_block(LATEST, include_json=False)) *Public Safety Impact* is a reduction of the more expansive *Safety Impact* decision point to *Signficant* or *Minimal*. If the highest category of *Safety Impact* is Marginal, Critical, or Catastrophic, then the *Public Safety Impact* is *Significant*. If no types of harm are more severe than Neglible, then the *Public Safety Impact* is *Minimal*. ```python exec="true" idprefix="" -from ssvc.decision_points.public_safety_impact import LATEST +from ssvc.decision_points.ssvc.public_safety_impact import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST, include_json=False)) @@ -129,7 +129,7 @@ print(example_block(LATEST, include_json=False)) *Safety Impact* ```python exec="true" idprefix="" -from ssvc.decision_points.safety_impact import LATEST +from ssvc.decision_points.ssvc.safety_impact import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST, include_json=False)) @@ -158,7 +158,7 @@ If a system is not 'Open', we suggest the following questions to guide your deci - If the vulnerable component is in a third party library that is unreachable because the feature is unused in the surrounding product, choose *small*. ```python exec="true" idprefix="" -from ssvc.decision_points.system_exposure import LATEST +from ssvc.decision_points.ssvc.system_exposure import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST, include_json=False)) @@ -178,7 +178,7 @@ For easy reference, the information on *Safety Impact* is again provided here: *Safety Impact* is expansive to include impacts of physical harm, operator resiliency, system resiliency, environment, financial, and psychological harm. We used IEC 61508 to guide determinations of Negligible, Marginal, Critical, and Catastrophic impact on the aforementioned types of harm. Only one type of harm needs to qualify per category. Use the highest qualifying category to determine safety impact. ```python exec="true" idprefix="" -from ssvc.decision_points.safety_impact import LATEST +from ssvc.decision_points.ssvc.safety_impact import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST, include_json=False)) @@ -187,7 +187,7 @@ print(example_block(LATEST, include_json=False)) *Mission Impact* is the impact on the Mission Essential Functions of the organization. A **mission essential function (MEF)** is a function “directly related to accomplishing the organization’s mission as set forth in its statutory or executive charter” [@FCD2_2017, page A-1]. ```python exec="true" idprefix="" -from ssvc.decision_points.mission_impact import LATEST +from ssvc.decision_points.ssvc.mission_impact import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST, include_json=False)) @@ -196,7 +196,7 @@ print(example_block(LATEST, include_json=False)) We define the following combinations of *Safety Impact* and *Mission Impact* values to determine *Human Impact* values: ```python exec="true" idprefix="" -from ssvc.decision_points.human_impact import LATEST +from ssvc.decision_points.ssvc.human_impact import LATEST from ssvc.doc_helpers import example_block print(example_block(LATEST, include_json=False)) diff --git a/src/ssvc/__init__.py b/src/ssvc/__init__.py index 38ef27d3..8da8d785 100644 --- a/src/ssvc/__init__.py +++ b/src/ssvc/__init__.py @@ -19,5 +19,16 @@ """ Provides SSVC modules. """ +from ssvc.utils.defaults import IMPORTABLES +from ssvc.utils.importer import import_modules -_schemaVersion = "1-0-1" +# import all submodules from ssvc.decision_points and ssvc.outcomes to populate the registries +# automatically walk through the decision_points and outcomes directories +# dive into each submodule and import all its parts +import_modules(IMPORTABLES, include_children=True) + +if __name__ == "__main__": + # confirms that the registries are populated + from ssvc.registry import REGISTRY + + print(REGISTRY.model_dump_json(indent=2)) diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index 76583603..50ee3791 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -28,9 +28,8 @@ from pydantic import BaseModel, ConfigDict, Field, field_validator, model_validator from semver import Version -from ssvc import _schemaVersion from ssvc.namespaces import NameSpace -from ssvc.utils.defaults import DEFAULT_VERSION +from ssvc.utils.defaults import DEFAULT_VERSION, SCHEMA_VERSION from ssvc.utils.field_specs import NamespaceString, VersionString @@ -59,12 +58,21 @@ def validate_version(cls, value: str) -> str: return version.__str__() -class _SchemaVersioned(_Versioned, BaseModel): +class _SchemaVersioned(BaseModel): """ Mixin class for version """ - schemaVersion: str = _schemaVersion + schemaVersion: str = Field(..., description="Schema version of the SSVC object") + + @model_validator(mode="before") + def set_schema_version(cls, data): + """ + Set the schema version to the default if not provided. + """ + if "schemaVersion" not in data: + data["schemaVersion"] = SCHEMA_VERSION + return data class _Namespaced(BaseModel): @@ -102,7 +110,15 @@ class _Keyed(BaseModel): Mixin class for keyed SSVC objects. """ - key: str + # should start with uppercase alphanumeric followed by any case alphanumeric or underscores, no spaces + key: str = Field( + ..., + description="A short, non-empty string identifier for the object. Keys must start with an alphanumeric, contain only alphanumerics and `_`, and end with an alphanumeric." + "(`T*` is explicitly grandfathered in as a valid key, but should not be used for new objects.)", + pattern=r"^(([a-zA-Z0-9])|([a-zA-Z0-9][a-zA-Z0-9_]*[a-zA-Z0-9])|(T\*))$", + min_length=1, + examples=["E", "A", "SI", "L", "M", "H", "Mixed_case_OK", "alph4num3ric"], + ) class _Valued(BaseModel): @@ -170,6 +186,18 @@ class _Base(BaseModel): description: str +class _KeyedBaseModel(_Base, _Keyed, BaseModel): + pass + + +class _GenericSsvcObject(_Base, _Versioned, _Keyed, _Namespaced, BaseModel): + """ + Generic mixin class for SSVC objects that need to be namespaced, keyed, and versioned. + """ + + pass + + def main(): pass diff --git a/src/ssvc/csv_analyzer.py b/src/ssvc/csv_analyzer.py index 890dad78..c2fc1909 100644 --- a/src/ssvc/csv_analyzer.py +++ b/src/ssvc/csv_analyzer.py @@ -38,7 +38,7 @@ ``` Higher values imply more important features. - """ +""" # Copyright (c) 2023-2025 Carnegie Mellon University. # NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE @@ -63,14 +63,14 @@ import logging import re import sys -from itertools import product -import networkx as nx import pandas as pd import sklearn.inspection from sklearn.base import clone from sklearn.tree import DecisionTreeClassifier +from ssvc.utils.toposort import graph_from_value_tuples + logger = logging.getLogger(__name__) # set an option to avoid a deprecation warning @@ -326,72 +326,58 @@ def permute_feature_importance(df: pd.DataFrame, target: str) -> pd.DataFrame: return imp -def check_topological_order(df, target): +def check_topological_order( + df: pd.DataFrame, target: str, target_value_order: list[str] = None +) -> list[dict]: # split df into features and target X, y = _prepare_data(df, target) - # convert outcome to numeric codes - codes = list(enumerate(y.unique())) + if target_value_order is None: + # convert outcome to numeric codes + codes = list(enumerate(y.unique())) + else: + # use the provided order for the target values + codes = list(enumerate(target_value_order)) + mapper = {v: k for (k, v) in codes} y = y.replace(mapper) + node_tuples = [] + for col in X.columns: + # get the unique values in the column, sort them, and convert to tuple + vals = tuple(sorted(X[col].unique())) + node_tuples.append(vals) + logger.debug(f"Node tuples: {node_tuples}") # create a graph of the nodes, assign the outcome value to each node # and then check that the graph is topologically sorted # (i.e. no edges point backwards) - G = nx.DiGraph() - # each row of X is a single node + + G = graph_from_value_tuples(node_tuples) + + # create a dict to lookup node outcomes from nodes + node_outcomes = {} for i, row in enumerate(X.iterrows()): rownum, rowval = row # cast the row to a tuple so we can use it as a node node = tuple(rowval) - G.add_node(node, outcome=y.iloc[i]) - - # add edges - for u, v in product(G.nodes, G.nodes): - # skip self edges - if u == v: - continue - - # u is less than v if all elements of u are less than or equal to v - if all(u[i] <= v[i] for i in range(len(u))): - # and at least one element of u is less than v - if any(u[i] < v[i] for i in range(len(u))): - # add edge if not already there - if not G.has_edge(u, v): - G.add_edge(u, v) - - # v is less than u if all elements of v are less than or equal to u - if all(v[i] <= u[i] for i in range(len(v))): - # and at least one element of v is less than u - if any(v[i] < u[i] for i in range(len(v))): - # add edge if not already there - if not G.has_edge(v, u): - G.add_edge(v, u) - - # take the transitive reduction of G to remove redundant edges - # this will remove all edges that are implied by other edges - # and leave only the minimal set of edges - # H is thus a Hasse diagram of G - H = nx.transitive_reduction(G) - - # networkx transitive reduction doesn't copy the node data - # so we need to copy it from G to H - for u in H.nodes: - H.nodes[u]["outcome"] = G.nodes[u]["outcome"] - - logger.debug(f"Original graph: {len(G.nodes)} nodes with {len(G.edges)} edges") - logger.debug(f"Reduced graph: {len(H.nodes)} nodes with {len(H.edges)} edges") + node_outcomes[node] = y.iloc[i] + + for u in G.nodes: + # assign the outcome value to each node + G.nodes[u]["outcome"] = node_outcomes.get(u, None) + + logger.debug(f"Graph has {len(G.nodes)} nodes with {len(G.edges)} edges") problems = [] # check if the outcome is topologically sorted - for u, v in H.edges: - if H.nodes[u]["outcome"] > H.nodes[v]["outcome"]: + for u, v in G.edges: + if G.nodes[u]["outcome"] > G.nodes[v]["outcome"]: problem = { "u": u, "v": v, - "u_outcome": H.nodes[u]["outcome"], - "v_outcome": H.nodes[v]["outcome"], + "u_outcome": G.nodes[u]["outcome"], + "v_outcome": G.nodes[v]["outcome"], } problems.append(problem) diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index 30eb2261..92aa96cf 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -23,107 +23,26 @@ # DM24-0278 import logging +from typing import Literal -from pydantic import BaseModel, ConfigDict, Field, model_validator +from pydantic import BaseModel, ConfigDict, model_validator from ssvc._mixins import ( - _Base, _Commented, - _Keyed, - _Namespaced, + _GenericSsvcObject, + _KeyedBaseModel, _SchemaVersioned, _Valued, - _Versioned, ) +from ssvc.registry.events import notify_registration from ssvc.utils.defaults import FIELD_DELIMITER logger = logging.getLogger(__name__) +SCHEMA_VERSION = "2.0.0" -REGISTERED_DECISION_POINTS = [] - -class Registry(BaseModel): - registry: dict[str, object] = Field(default_factory=dict) - - def __iter__(self) -> object: - return iter(self.registry.values()) - - def __getitem__(self, key: str) -> object: - return self.registry[key] - - def __setitem__(self, key: str, value: object) -> None: - - if key in self.registry: - # are the values the same? - registered = self.registry[key].model_dump_json() - value_dumped = value.model_dump_json() - if registered == value_dumped: - logger.warning(f"Duplicate key {key} with the same value, ignoring.") - return - - logger.warning(f"Duplicate key {key}:") - logger.warning(f"\t{registered}") - logger.warning(f"\t{value_dumped}") - raise KeyError(f"Duplicate key {key}") - - self.registry[key] = value - - def __contains__(self, key: str) -> bool: - return key in self.registry - - def reset_registry(self) -> None: - self.registry = {} - - # convenience alias - def clear(self) -> None: - self.reset_registry() - - -class DecisionPointRegistry(Registry, BaseModel): - """ - A dictionary of decision points. - """ - - registry: dict[str, "DecisionPoint"] = Field(default_factory=dict) - - -class DecisionPointValueRegistry(Registry, BaseModel): - """ - A dictionary of decision point values. - """ - - registry: dict[str, "DecisionPointValue"] = Field(default_factory=dict) - - -def register(dp): - """ - Register a decision point. - """ - - # register the values - for value_str, value_summary in dp.value_summaries_dict.items(): - DPV_REGISTRY[value_str] = value_summary - - key = dp.str - DP_REGISTRY[key] = dp - REGISTERED_DECISION_POINTS.append(dp) - - -def _reset_registered(): - """ - Reset the registered decision points. - """ - global DPV_REGISTRY - global DP_REGISTRY - global REGISTERED_DECISION_POINTS - - DPV_REGISTRY.reset_registry() - DP_REGISTRY.reset_registry() - REGISTERED_DECISION_POINTS = [] - - -class DecisionPointValue(_Base, _Keyed, _Commented, BaseModel): +class DecisionPointValue(_Commented, _KeyedBaseModel, BaseModel): """ Models a single value option for a decision point. @@ -139,33 +58,12 @@ def __str__(self): return self.name -class ValueSummary(_Versioned, _Keyed, _Namespaced, BaseModel): - """ - A ValueSummary is a simple object that represents a single value for a decision point. - It includes the parent decision point's key, version, namespace, and the value key. - These can be used to reference a specific value in a decision point. - """ - - value: str - - def __str__(self): - s = FIELD_DELIMITER.join([self.namespace, self.key, self.version, self.value]) - return s - - @property - def str(self): - """ - Return the ValueSummary as a string. - - Returns: - str: A string representation of the ValueSummary, in the format "namespace:key:version:value". - - """ - return self.__str__() - - class DecisionPoint( - _Valued, _Keyed, _SchemaVersioned, _Namespaced, _Base, _Commented, BaseModel + _Valued, + _SchemaVersioned, + _GenericSsvcObject, + _Commented, + BaseModel, ): """ Models a single decision point as a list of values. @@ -180,6 +78,17 @@ class DecisionPoint( - values (tuple): A tuple of DecisionPointValue objects """ + schemaVersion: Literal[SCHEMA_VERSION] + + @model_validator(mode="before") + def _set_schema_version(cls, data: dict) -> dict: + """ + Set the schema version to the default if not provided. + """ + if "schemaVersion" not in data: + data["schemaVersion"] = SCHEMA_VERSION + return data + values: tuple[DecisionPointValue, ...] model_config = ConfigDict(revalidate_instances="always") @@ -188,12 +97,31 @@ def __str__(self): return FIELD_DELIMITER.join([self.namespace, self.key, self.version]) @property - def id(self): + def id(self) -> str: + f""" + Return an identity string for the DecisionPoint, combining namespace, key, and version into a global unique identifier. + + Returns: + str: A string representation of the DecisionPoint in the format "namespace{FIELD_DELIMITER}key{FIELD_DELIMITER}version". """ - Return an identity string for the DecisionPoint. + id_parts = (self.namespace, self.key, self.version) + + return FIELD_DELIMITER.join(id_parts) + + @property + def value_dict(self) -> dict[str, DecisionPointValue]: """ + Return a list of value IDs for the DecisionPoint. - return FIELD_DELIMITER.join([self.namespace, self.key, self.version]) + Returns: + list: A list of strings, each representing a value ID in the format "namespace:key:version:value". + + """ + value_dict = {} + for value in self.values: + value_id = FIELD_DELIMITER.join([self.id, value.key]) + value_dict[value_id] = value + return value_dict @property def str(self) -> str: @@ -208,58 +136,16 @@ def str(self) -> str: @model_validator(mode="after") def _register(self): - """ - Register the decision point. - """ - register(self) + """Register the decision point.""" + notify_registration(self) return self @property - def value_summaries(self) -> list[ValueSummary]: + def value_summaries(self) -> list[str]: """ Return a list of value summaries. """ - return list(self.value_summaries_dict.values()) - - @property - def value_summaries_dict(self) -> dict[str, ValueSummary]: - """ - Return a dictionary of value summaries keyed by the value key. - """ - summaries = {} - for value in self.values: - summary = ValueSummary( - key=self.key, - version=self.version, - namespace=self.namespace, - value=value.key, - ) - key = summary.str - summaries[key] = summary - - return summaries - - @property - def value_summaries_str(self): - """ - Return a list of value summaries as strings. - - Returns: - list: A list of strings, each representing a value summary in the format "namespace:key:version:value". - - """ - return list(self.value_summaries_dict.keys()) - - @property - def enumerated_values(self) -> dict[int, str]: - """ - Return a list of enumerated values. - """ - return {i: v.str for i, v in enumerate(self.value_summaries)} - - -DP_REGISTRY = DecisionPointRegistry() -DPV_REGISTRY = DecisionPointRegistry() + return list(self.value_dict.keys()) def main(): diff --git a/src/ssvc/decision_points/ssvc/in_kev.py b/src/ssvc/decision_points/cisa/in_kev.py similarity index 95% rename from src/ssvc/decision_points/ssvc/in_kev.py rename to src/ssvc/decision_points/cisa/in_kev.py index 0e8c83bd..8d6b366e 100644 --- a/src/ssvc/decision_points/ssvc/in_kev.py +++ b/src/ssvc/decision_points/cisa/in_kev.py @@ -22,8 +22,8 @@ # DM24-0278 from ssvc.decision_points.base import DecisionPointValue +from ssvc.decision_points.cisa.base import CisaDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -from ssvc.decision_points.ssvc.base import SsvcDecisionPoint YES = DecisionPointValue( name="Yes", @@ -37,7 +37,7 @@ description="Vulnerability is not listed in KEV.", ) -IN_KEV_1 = SsvcDecisionPoint( +IN_KEV_1 = CisaDecisionPoint( name="In KEV", description="Denotes whether a vulnerability is in the CISA Known Exploited Vulnerabilities (KEV) list.", key="KEV", diff --git a/src/ssvc/decision_points/cvss/helpers.py b/src/ssvc/decision_points/cvss/helpers.py index c2677735..d0799a9d 100644 --- a/src/ssvc/decision_points/cvss/helpers.py +++ b/src/ssvc/decision_points/cvss/helpers.py @@ -96,7 +96,9 @@ def _modify_4(dp: DecisionPoint): v["name"] = "Negligible" v["description"] = v["description"].replace(" no ", " negligible ") # we need to bump the version for this change - _dp_dict["version"] = semver.bump_patch(_dp_dict["version"]) + version = _dp_dict["version"] + ver = semver.Version.parse(version) + _dp_dict["version"] = str(semver.Version.bump_patch(ver)) break # Note: For MSI, There is also a highest severity level, Safety (S), in addition to the same values as the diff --git a/src/ssvc/decision_tables/__init__.py b/src/ssvc/decision_tables/__init__.py new file mode 100644 index 00000000..7dcc6391 --- /dev/null +++ b/src/ssvc/decision_tables/__init__.py @@ -0,0 +1,18 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py new file mode 100644 index 00000000..b28ec001 --- /dev/null +++ b/src/ssvc/decision_tables/base.py @@ -0,0 +1,694 @@ +#!/usr/bin/env python +""" +DecisionTable: A flexible, serializable SSVC decision table model. +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import logging +from itertools import product +from typing import ClassVar, Literal + +import pandas as pd +from pydantic import BaseModel, Field, field_validator, model_validator + +from ssvc._mixins import _Commented, _GenericSsvcObject, _SchemaVersioned +from ssvc.decision_points.base import DecisionPoint +from ssvc.registry.events import notify_registration +from ssvc.utils.field_specs import DecisionPointDict +from ssvc.utils.misc import obfuscate_dict +from ssvc.utils.toposort import dplist_to_toposort + +logger = logging.getLogger(__name__) + + +def dpdict_to_combination_list( + dpdict: dict[str, DecisionPoint], + exclude: list[str] = [], +) -> list[dict[str, str]]: + """ + Generate all combinations of decision point values as dictionaries. + Each combination is a dictionary with decision point IDs as keys and value keys as values. + """ + dpg_vals = [] + for dp in dpdict.values(): + if dp.id in exclude: + # skip this decision point if it is in the exclude list + continue + vals = [] + for value in dp.values: + row = {dp.id: value.key} + vals.append(row) + dpg_vals.append(vals) + + # now we have a list of lists of dicts, we need to the combinations + combos = [] + for prod in product(*dpg_vals): + # prod is a tuple of dicts, we need to merge them + merged = {} + for d in prod: + merged.update(d) + combos.append(merged) + return combos + + +SCHEMA_VERSION: str = "2.0.0" + + +class DecisionTable( + _SchemaVersioned, _GenericSsvcObject, _Commented, BaseModel +): + """ + DecisionTable: A flexible, serializable SSVC decision table model. + + This model represents a decision table that can be used to map combinations of decision point values + to outcomes. It allows for flexible mapping and can be used with helper methods to generate DataFrame and CSV representations + of the decision table. + + Attributes: + """ + key_prefix: ClassVar[str] = "DT" + + schemaVersion: Literal[SCHEMA_VERSION] + + decision_points: DecisionPointDict + + outcome: str = Field( + ..., + description="The key of the decision point in `self.decision_points` that represents the outcome of the decision table.", + min_length=1, + ) + + # default to empty mapping list + mapping: list[dict[str, str]] = Field( + default_factory=list, + description="Mapping of decision point values to outcomes.", + ) + + @property + def id(self): + return f"{self.namespace}:{self.name}:{self.version}" + + @field_validator("key", mode="before") + @classmethod + def validate_key(cls, value: str) -> str: + key = f"{cls.key_prefix}_{value}" + return key + + # validator to set schemaVersion + @model_validator(mode="before") + def set_schema_version(cls, data): + """ + Set the schema version to 2.0.0 if it is not already set. + This ensures that the model is always compatible with the latest schema version. + """ + # we don't set this as a default because we want to ensure that the schema + # version is required in the JSON schema + if "schemaVersion" not in data: + data["schemaVersion"] = SCHEMA_VERSION + return data + + @model_validator(mode="after") + def populate_mapping_if_empty(self): + """ + Populate the mapping if it is not already set. + + Returns: + self: The DecisionTable instance with the mapping populated if it was not set. If the mapping is already set, it returns the instance unchanged. + """ + # short-circuit if mapping is already set + if self.mapping: + # mapping is already set, no need to populate + logger.debug("Mapping is already set, skipping population.") + return self + + outcome_key = self.outcome + + dps = [dp for dpid, dp in self.decision_points.items() if dpid != outcome_key] + mapping = dplist_to_toposort(dps) + + # mapping is a list of dicts + # but mapping doesn't have the outcome key yet + # add the key with None as the value + for row in mapping: + # row is a dict with decision point values + # we need to add the outcome key + if outcome_key in row: + # if the outcome key is already in the row, we should not overwrite it + logger.warning( + f"Outcome key '{outcome_key}' already exists in row, skipping." + ) + row[outcome_key] = None + + # distribute outcomes evenly across the mapping + og: DecisionPoint = self.decision_points[outcome_key] + + mapping = distribute_outcomes_evenly(mapping, og) + + # set the mapping + self.mapping = mapping + return self + + @model_validator(mode="after") + def check_mapping_keys(self): + """ + Validate that each item in the mapping has the correct keys. + Keys for each item should match the keys of the decision point group. + + Returns: + self: The DecisionTable instance with validated mapping keys. + Raises: + TypeError: If any item in the mapping is not a dictionary. + ValueError: If any item in the mapping does not have the expected keys. + """ + # we expect the keys of each item in the mapping to match the decision point group keys + expected = set(self.decision_points.keys()) + + for i, d in enumerate(self.mapping): + if not isinstance(d, dict): + raise TypeError(f"Item {i} is not a dict") + actual_keys = set(d.keys()) + if actual_keys != expected: + raise ValueError( + f"Item {i} has keys {actual_keys}, expected {expected}" + ) + return self + + @model_validator(mode="after") + def validate_mapping(self): + """ + Validate the mapping after it has been populated. + + This method checks that the mapping is consistent with the decision points and outcomes defined in the table. + It raises a ValueError if the mapping is not valid. + + Returns: + self: The DecisionTable instance with validated mapping. + """ + if not self.mapping: + raise ValueError("Mapping must be set before validation.") + + # Check that each MappingRow has the correct number of decision point values + for row in self.mapping: + if set(row.keys()) != set(self.decision_points.keys()): + raise ValueError( + "MappingRow does not have the correct keys. " + "Keys must match the decision point group keys." + ) + + # Verify the topological order of the decision points (if u 0: + logger.warning("Topological order check found problems:") + for problem in problems: + logger.warning(f"Problem: {problem}") + raise ValueError("Topological order check failed. See logs for details.") + else: + logger.debug("Topological order check passed with no problems.") + + # reject if any irrelevant columns are present in the mapping + fi = feature_importance(self) + irrelevant_features = fi[fi["feature_importance"] <= 0] + if not irrelevant_features.empty: + logger.warning( + "Mapping contains irrelevant features: " + f"{', '.join(irrelevant_features['feature'].tolist())}" + ) + raise ValueError( + "Mapping contains irrelevant features. " + "Please remove them before proceeding." + ) + + return self + + @model_validator(mode="after") + def _register(self): + """Register the decision point table.""" + notify_registration(self) + return self + + + def obfuscate(self) -> "DecisionTable": + """ + Obfuscate the decision table by renaming the dict keys. + """ + obfuscated_dpdict, translator = obfuscate_dict(self.decision_points) + + new_table = self.model_copy(deep=True) + new_table.decision_points = obfuscated_dpdict + new_table.outcome = translator.get(self.outcome, self.outcome) + # replace all the keys in mapping dicts + new_table.mapping = [] + for row in self.mapping: + new_row = {} + for key in row.keys(): + new_key = translator[key] + new_row[new_key] = row[key] + new_table.mapping.append(new_row) + + return new_table + + +def decision_table_to_df(dt: DecisionTable, longform=False) -> pd.DataFrame: + """ + Export the decision table to a pandas DataFrame. + + This is just a wrapper around the shortform and longform export functions. + + Args: + dt (DecisionTable): The decision table to export. + longform (bool): Whether to export in long form or short form. Defaults to False (short form). + Returns: + pd.DataFrame: The mapping table as a pandas DataFrame. + + """ + if longform: + return decision_table_to_longform_df(dt) + return decision_table_to_shortform_df(dt) + + +def decision_table_to_shortform_df(dt: DecisionTable) -> pd.DataFrame: + """ + Export the mapping to pandas DataFrame. + + Columns: one per decision point, one for outcome. Column names are namespace:key:version. + Individual decision point and outcome values are represented by their value key. + + Example: + Table values might look like: + + ```csv + ssvc:SINV:1.0.0,ssvc:E:1.0.0,ssvc:PVA:1.0.0,basic:MSCW:1.0.0 + FR,N,L,W + FR,N,A,W + FR,N,P,W + FR,P,L,W + FR,P,A,W + FR,P,P,W + FR,A,L,W + FR,A,A,C + ``` + etc. + + Returns: + df: pd.DataFrame: The mapping as a pandas DataFrame. + + Raises: + ValueError: If the decision table has no mapping to export. + """ + if not dt.mapping: + raise ValueError("Decision Table has no mapping to export.") + + df = pd.DataFrame(dt.mapping) + return df + + +def decision_table_to_csv(dt: DecisionTable, **kwargs) -> str: + """Wrapper around to_df to export to CSV string. + Args: + dt (DecisionTable): The decision table to export. + kwargs: Additional keyword arguments to pass to pandas.DataFrame.to_csv(). + + Returns: + str: The mapping table as a CSV string. + """ + return decision_table_to_df(dt).to_csv(**kwargs) + + +def distribute_outcomes_evenly( + mapping: list[dict[str, str]], outcome_group: DecisionPoint +) -> list[dict[str, str]]: + """ + Distribute the given outcome_values across the mapping item dicts in sorted order. + Overwrites the outcome value in each mapping dict item with the corresponding outcome value. + The earliest mappings get the lowest outcome value, the latest get the highest. + If the mapping count is not divisible by the number of outcomes, the last outcome(s) get the remainder. + Returns a new list of dicts with outcome values assigned. + + Args: + mapping (list[dict[str,str]]): The mapping to distribute outcomes across. + outcome_values (list[str]): The list of outcome values to distribute. + Returns: + list[dict[str,str]]: A new list of dicts with outcome values assigned. + """ + outcome_values = [ov.key for ov in outcome_group.values] + + if not outcome_values: + raise ValueError("No outcome values provided for distribution.") + + og_id = outcome_group.id + + n = len(mapping) + k = len(outcome_values) + base = n // k + rem = n % k + new_mapping = [] + idx = 0 + for i, outcome in enumerate(outcome_values): + count = base + (1 if i < rem else 0) + for _ in range(count): + if idx >= n: + break + row = mapping[idx] + row[og_id] = outcome + new_mapping.append(row) + idx += 1 + return new_mapping + + +def decision_table_to_longform_df(dt: DecisionTable) -> pd.DataFrame: + """ + Given a DecisionTable, convert it to a long-form DataFrame. + The DataFrame will have one row per decision point value combination, with columns for each decision point and the outcome. + The column names will be the decision point names with their versions, and the values will be the value names. + If the decsion point is from a namespace other than "ssvc", the column name will include the namespace in parentheses. + + + Example: + Column Heading format: `{decision_point_name} v{version} ({namespace})` + + ```csv + row,Supplier Involvement v1.0.0,Exploitation v1.0.0,Public Value Added v1.0.0,MoSCoW v1.0.0 (basic) + 0,fix ready,none,limited,won't + 1,fix ready,none,ampliative,won't + 2,fix ready,none,precedence,won't + ``` + + Args: + df (pd.DataFrame): The input DataFrame from `to_df()`. + + Returns: + pd.DataFrame: The converted DataFrame. + + """ + + df = decision_table_to_shortform_df(dt) + + def _col_check(col: str) -> bool: + """ + Check if the column is a valid decision point or outcome column. + Args: + col: a colon-separated string representing a decision point or outcome column in the format `namespace:dp_key:version`. + + Returns: + bool: True if the column is a valid decision point or outcome column, False otherwise. + + """ + # late-binding import to avoid circular import issues + from ssvc.registry import REGISTRY + + ns, dp_key, version = col.split(":") + + return ( + REGISTRY.lookup_version( + objtype="DecisionPoint", + namespace=ns, + key=dp_key, + version=version, + ) + is not None + ) + + # Replace cell values using DPV_REGISTRY + for col in df.columns: + logger.debug(f"Converting column: {col}") + + ns, dp_key, version = col.split(":") + + if _col_check(col): + dp_id = col + newcol = df[col].apply(_replace_value_keys, dp_id=dp_id) + df[col] = newcol + + # lowercase all cell values + df = df.apply(lambda col: col.map(lambda x: x.lower() if isinstance(x, str) else x)) + + # Rename columns using DP_REGISTRY + + rename_map = {col: _rename_column(col) for col in df.columns if _col_check(col)} + + df = df.rename( + columns=rename_map, + ) + + return df + + +def _replace_value_keys(value_key: str, dp_id: str) -> str: + """Helper function to replace value keys with their names from DPV_REGISTRY. + Args: + value_key (str): The value key to replace. + dp_id (str): The decision point ID to use for the lookup. + Returns: + str: The name of the value if found in DPV_REGISTRY + Raises: + KeyError: If the value_key is not found in DPV_REGISTRY for the given dp_id. + """ + key = f"{dp_id}:{value_key}" + + objtype = "DecisionPoint" + from ssvc.registry import REGISTRY + + newval = REGISTRY.lookup_by_id(objtype, key) + + logger.debug(f"Replacing value key: {key} with {newval}") + + return newval.name + + +def _rename_column(col: str) -> str: + """Helper function to rename a column based on the DP_REGISTRY. + Args: + col (str): The column name to rename. + Returns: + str: The renamed column. + """ + from ssvc.registry import REGISTRY + + # col should be in the format "namespace:dp_key:version" + dp = REGISTRY.lookup_by_id(objtype="DecisionPoint", objid=col) + + if dp is None: + raise KeyError(f"Column {col} not found in DP_REGISTRY.") + + dp = dp.obj + + new_col = f"{dp.name} v{dp.version}" + + # If the namespace is "ssvc", we don't include it in the column name + if dp.namespace == "ssvc": + return new_col + + # If the namespace is not "ssvc", include it in the column name + return f"{new_col} ({dp.namespace})" + + +def _get_target_column_name(colname: str) -> str: + """ + Helper function to convert a column name to a target column name for use with older csv_analyzer functions. + This function converts the column name to lowercase and replaces non-alphanumeric characters with underscores. + """ + colname = colname.lower() + colname = "".join(c if c.isalnum() else "_" for c in colname) + return colname + + +def feature_importance(dt: DecisionTable) -> pd.DataFrame: + """ + Calculate feature importance for the decision table. + Args: + dt: + + Returns: + + """ + from ssvc.csv_analyzer import drop_col_feature_importance + + logger.debug("Calculating feature importance for the decision table.") + + df = decision_table_to_shortform_df(dt) + # target is the last column in the DataFrame, which is the outcome column + target = _get_target_column_name(df.columns[-1]) + + return drop_col_feature_importance(df, target=target) + + +def interpret_feature_importance(dt: DecisionTable) -> pd.DataFrame: + """ + Interpret the feature importance for the decision table. + This function is a wrapper around the feature_importance function to provide a more user-friendly output. + It sorts the features by importance and adds a commentary column that describes the importance of each feature, + calling out the most important features, those above median importance, low to medium importance features, + low importance features, and irrelevant features. The commentary is based on the computed feature importance scores. + + This function is useful for understanding which decision points and their values are most influential in the decision-making process of the table, + and can help in identifying which features can be considered for removal or further investigation. + + Args: + dt (DecisionTable): The decision table to analyze. + Returns: + pd.DataFrame: A DataFrame containing the feature importance scores. + """ + + fi_df = feature_importance(dt) + + logger.debug("Interpreting feature importance for the decision table.") + col = "feature_importance" + fi_df = fi_df.sort_values(by=col, ascending=False) + # add a column for commentary + # low importance are those with importance< 0.1 * max(importance) + # irrelevant features are those with importance <= 0 + max_importance = fi_df[col].max() + logger.debug(f"Max importance: {max_importance}") + median_importance = fi_df[col].median() + logger.debug(f"Median importance: {median_importance}") + low_threshold = 0.1 * fi_df[col].max() + logger.debug(f"Low threshold: {low_threshold}") + irrelevant_threshold = 0.0 + + def _label_importance(importance: float) -> str: + """ + Label the importance of a feature based on its importance score. + The values are computed in relation to the + Args: + importance: + + Returns: + + """ + comments = [] + + if importance == max_importance: + comments.append("Most important feature") + elif importance > median_importance: + comments.append("Medium-high importance feature") + elif importance == median_importance: + comments.append("Median importance feature") + elif low_threshold <= importance < median_importance: + comments.append("Low-medium importance feature") + elif irrelevant_threshold < importance < low_threshold: + comments.append("Low importance feature") + elif importance <= irrelevant_threshold: + comments.append("Irrelevant feature") + + return "; ".join(comments) + + logger.debug("Adding feature importance commentary.") + fi_df["Commentary"] = fi_df[col].apply(_label_importance) + + return fi_df.reset_index(drop=True) + + +def check_topological_order(dt: DecisionTable) -> list[dict]: + """ + Check the topological order of the decision table. + This function uses the `check_topological_order` function from the csv_analyzer module to verify the topological order of the decision table. + It returns a list of dictionaries containing any problems found in the topological order check. + + Args: + dt: DecisionTable: The decision table to check. + + Returns: + list[dict]: A list of dictionaries containing any problems found in the topological order check. + Problems are defined as any pair of mappings `(u,v)` where `u < v` but `u_outcome > v_outcome`. + + Each dictionary contains the following keys: + "u": The lower decision point value + "v": The higher decision point value + "u_outcome": The outcome of the lower decision point value + "v_outcome": The outcome of the higher decision point value + + """ + from ssvc.csv_analyzer import check_topological_order + + logger.debug("Checking topological order of the decision table.") + df = decision_table_to_shortform_df(dt) + target = _get_target_column_name(df.columns[-1]) + target_values = dt.decision_points[dt.outcome].values + target_value_order = [v.key for v in target_values] + return check_topological_order( + df, target=target, target_value_order=target_value_order + ) + + +def main() -> None: + from ssvc.dp_groups.ssvc.coordinator_publication import LATEST as dpg + from ssvc.outcomes.basic.mscw import LATEST as outcomes + import os + import json + + rootlogger = logging.getLogger() + rootlogger.setLevel(logging.DEBUG) + hdlr = logging.StreamHandler() + rootlogger.addHandler(hdlr) + + dpg.add(outcomes) + + table = DecisionTable( + name="Test Table", + description="A test decision table", + namespace="x_test", + decision_points=dpg.decision_points, + outcome=outcomes.id, + ) + + csv_str = decision_table_to_csv(table, index=False) + print("## Shortform CSV representation of the decision table:") + print() + print("```csv") + print(csv_str) + print("```") + + converted_df = decision_table_to_longform_df(table) + print("## Longform DataFrame representation of the decision table:") + print() + print("```csv") + print(converted_df.to_csv(index=True, index_label="row")) + print("```") + + print(feature_importance(table)) + print(interpret_feature_importance(table)) + print(check_topological_order(table)) + + print("## JSON representation of the decision table:") + print() + print("```json") + print(table.model_dump_json(indent=2)) + print("```") + + print("## Obfuscated JSON representation of the decision table:") + obfuscated = table.obfuscate() + print(obfuscated.model_dump_json(indent=2)) + + # write json schema to file + file_loc = os.path.dirname(__file__) + + schemafile = "../../../data/schema/v2/Decision_Table-2-0-0.schema.json" + schemafile = os.path.abspath(os.path.join(file_loc, schemafile)) + print("Writing JSON schema to file:", schemafile) + + if not os.path.exists(os.path.dirname(schemafile)): + os.makedirs(os.path.dirname(schemafile)) + + with open(schemafile, "w") as f: + json.dump(DecisionTable.model_json_schema(), f, indent=2) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/decision_tables/helpers.py b/src/ssvc/decision_tables/helpers.py new file mode 100644 index 00000000..19cbcaba --- /dev/null +++ b/src/ssvc/decision_tables/helpers.py @@ -0,0 +1,60 @@ +#!/usr/bin/env python +""" +Provides helper functions for decision tables in SSVC. +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_tables.base import decision_table_to_longform_df + + +def write_csv( + decision_table: "DecisionTable", + csvfile: str, + child_tree: bool = False, + index: bool = False, +): + import os + + # write longform csv to file + file_path = os.path.abspath(__file__) + project_base_path = os.path.abspath( + os.path.join(os.path.dirname(file_path), "..", "..", "..") + ) + + parts = ["data", "csvs"] + if child_tree: + parts.append("child_trees") + + target_dir = os.path.join(project_base_path, *parts) + assert os.path.exists(target_dir), f"Target directory {target_dir} does not exist." + + csv_path = os.path.join(target_dir, csvfile) + + with open(csv_path, "w") as fp: + fp.write(decision_table_to_longform_df(decision_table).to_csv(index=index)) + + +def main(): + pass + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/decision_tables/ssvc/__init__.py b/src/ssvc/decision_tables/ssvc/__init__.py new file mode 100644 index 00000000..c9448e9c --- /dev/null +++ b/src/ssvc/decision_tables/ssvc/__init__.py @@ -0,0 +1,22 @@ +#!/usr/bin/env python +""" +Provides Decision Tables within the SSVC namespace. +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 diff --git a/src/ssvc/decision_tables/ssvc/human_impact.py b/src/ssvc/decision_tables/ssvc/human_impact.py new file mode 100644 index 00000000..71bea5a5 --- /dev/null +++ b/src/ssvc/decision_tables/ssvc/human_impact.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +""" +Models the Human Impact decision table for SSVC. +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.ssvc.human_impact import LATEST as HumanImpact +from ssvc.decision_points.ssvc.mission_impact import LATEST as MissionImpact +from ssvc.decision_points.ssvc.safety_impact import ( + SAFETY_IMPACT_1 as SituatedSafetyImpact, +) +from ssvc.decision_tables.base import DecisionTable +from ssvc.namespaces import NameSpace + +dp_dict = {dp.id: dp for dp in [SituatedSafetyImpact, MissionImpact, HumanImpact]} + +HUMAN_IMPACT_1 = DecisionTable( + namespace=NameSpace.SSVC, + key="HI", + version="1.0.0", + name="Human Impact", + description="Human Impact decision table for SSVC", + decision_points={ + dp.id: dp for dp in [SituatedSafetyImpact, MissionImpact, HumanImpact] + }, + outcome=HumanImpact.id, + mapping=[ + {"ssvc:SI:1.0.0": "N", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "L"}, + {"ssvc:SI:1.0.0": "N", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "L"}, + {"ssvc:SI:1.0.0": "N", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "M"}, + {"ssvc:SI:1.0.0": "N", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, + {"ssvc:SI:1.0.0": "M", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "L"}, + {"ssvc:SI:1.0.0": "M", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "L"}, + {"ssvc:SI:1.0.0": "M", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "M"}, + {"ssvc:SI:1.0.0": "M", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, + {"ssvc:SI:1.0.0": "J", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "M"}, + {"ssvc:SI:1.0.0": "J", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "M"}, + {"ssvc:SI:1.0.0": "J", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "H"}, + {"ssvc:SI:1.0.0": "J", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, + {"ssvc:SI:1.0.0": "H", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "H"}, + {"ssvc:SI:1.0.0": "H", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "H"}, + {"ssvc:SI:1.0.0": "H", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "H"}, + {"ssvc:SI:1.0.0": "H", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, + {"ssvc:SI:1.0.0": "C", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "VH"}, + {"ssvc:SI:1.0.0": "C", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "VH"}, + {"ssvc:SI:1.0.0": "C", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "VH"}, + {"ssvc:SI:1.0.0": "C", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, + ], +) + +VERSIONS = [ + HUMAN_IMPACT_1, +] +LATEST = HUMAN_IMPACT_1 + + +def main(): + + print("## Human Impact Decision Table Object") + print() + print(HUMAN_IMPACT_1.model_dump_json(indent=2)) + + print("## Human Impact Decision Table Longform DataFrame CSV") + print() + from ssvc.decision_tables.base import decision_table_to_longform_df + + print(decision_table_to_longform_df(HUMAN_IMPACT_1).to_csv(index=False)) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/decision_tables/ssvc/supplier_dt.py b/src/ssvc/decision_tables/ssvc/supplier_dt.py new file mode 100644 index 00000000..a1753fd8 --- /dev/null +++ b/src/ssvc/decision_tables/ssvc/supplier_dt.py @@ -0,0 +1,317 @@ +#!/usr/bin/env python +""" +file: supplier_dt +author: adh +created_at: 7/18/25 1:57 PM +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.ssvc.exploitation import LATEST as Exploitation +from ssvc.decision_points.ssvc.public_safety_impact import LATEST as PublicSafetyImpact +from ssvc.decision_points.ssvc.technical_impact import LATEST as TechnicalImpact +from ssvc.decision_points.ssvc.utility import LATEST as Utility +from ssvc.decision_tables.base import DecisionTable, decision_table_to_longform_df +from ssvc.namespaces import NameSpace +from ssvc.outcomes.ssvc.dsoi import LATEST as DSOI + +SUPPLIER_1 = DecisionTable( + namespace=NameSpace.SSVC, + key="SP", + version="1.0.0", + name="Supplier Patch Development Priority", + description="Decision table for evaluating supplier patch development priority in SSVC", + decision_points={ + dp.id: dp + for dp in [Exploitation, Utility, TechnicalImpact, PublicSafetyImpact, DSOI] + }, + outcome=DSOI.id, + mapping=[ + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "D", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "I", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "I", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I", + }, + ], +) + +VERSIONS = (SUPPLIER_1,) +LATEST = VERSIONS[-1] + + +def main(): + print("Supplier Decision Table") + print() + print(SUPPLIER_1.model_dump_json(indent=2)) + + print("Longform DataFrame CSV") + print() + print(decision_table_to_longform_df(SUPPLIER_1).to_csv(index=False)) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/decision_tables/ssvc/utlity.py b/src/ssvc/decision_tables/ssvc/utlity.py new file mode 100644 index 00000000..6293c028 --- /dev/null +++ b/src/ssvc/decision_tables/ssvc/utlity.py @@ -0,0 +1,84 @@ +#!/usr/bin/env python +""" +Models the Utility decision table for SSVC. +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.ssvc.automatable import LATEST as Automatable +from ssvc.decision_points.ssvc.utility import LATEST as Utility +from ssvc.decision_points.ssvc.value_density import LATEST as ValueDensity +from ssvc.decision_tables.base import DecisionTable, decision_table_to_longform_df +from ssvc.decision_tables.helpers import write_csv +from ssvc.namespaces import NameSpace + +UTILITY_1 = DecisionTable( + namespace =NameSpace.SSVC, + key='U', + version='1.0.0', + name='Utility', + description='Utility decision table for SSVC', + decision_points={dp.id: dp for dp in [Automatable,ValueDensity,Utility]}, + outcome = Utility.id, + mapping = [ + { + "ssvc:A:2.0.0": "N", + "ssvc:VD:1.0.0": "D", + "ssvc:U:1.0.1": "L" + }, + { + "ssvc:A:2.0.0": "N", + "ssvc:VD:1.0.0": "C", + "ssvc:U:1.0.1": "E" + }, + { + "ssvc:A:2.0.0": "Y", + "ssvc:VD:1.0.0": "D", + "ssvc:U:1.0.1": "E" + }, + { + "ssvc:A:2.0.0": "Y", + "ssvc:VD:1.0.0": "C", + "ssvc:U:1.0.1": "S" + } + ] +) + +VERSIONS = (UTILITY_1,) +LATEST = VERSIONS[-1] + + +def main(): + print("## Utility Decision Table Object") + print() + print(UTILITY_1.model_dump_json(indent=2)) + + print("## Utility Decision Table Longform DataFrame CSV") + print() + print(decision_table_to_longform_df(UTILITY_1).to_csv(index=False)) + + csvfile = "utility.csv" + write_csv(UTILITY_1,csvfile) + + + + +if __name__ == '__main__': + main() diff --git a/src/ssvc/doctools.py b/src/ssvc/doctools.py index 3dfca898..40631c89 100755 --- a/src/ssvc/doctools.py +++ b/src/ssvc/doctools.py @@ -31,7 +31,7 @@ To regenerate the existing docs, use the following command: - python -m ssvc.doctools --overwrite --jsondir data/json/decision_points + python -m ssvc.doctools --overwrite --jsondir data/json """ import importlib @@ -42,10 +42,13 @@ from ssvc.decision_points.base import ( DecisionPoint, - REGISTERED_DECISION_POINTS, ) from ssvc.decision_points.ssvc.base import SsvcDecisionPoint +from ssvc.decision_tables.base import DecisionTable +from ssvc.registry import REGISTRY +from ssvc.registry.base import SsvcObjectRegistry from ssvc.selection import SelectionList +from ssvc.utils.misc import order_schema logger = logging.getLogger(__name__) @@ -79,7 +82,7 @@ def find_modules_to_import( return imported_modules -def _filename_friendly(name: str) -> str: +def _filename_friendly(name: str, replacement="_") -> str: """ Given a string, return a version that is friendly for use in a filename. @@ -90,10 +93,10 @@ def _filename_friendly(name: str) -> str: str: A version of the string that is friendly for use in a filename. """ # replace all non-alphanumeric characters with underscores and convert to lowercase - name = re.sub(r"[^a-zA-Z0-9]", "_", name) + name = re.sub(r"[^a-zA-Z0-9]", replacement, name) name = name.lower() # replace any sequence of underscores with a single underscore - name = re.sub(r"_+", "_", name) + name = re.sub(rf"{replacement}+", replacement, name) return name @@ -198,21 +201,87 @@ def dump_json(basename: str, dp: DecisionPoint, jsondir: str, overwrite: bool) - return str(json_file) -def dump_selection_schema(filepath: str) -> None: - """ - Dump the schema for the SelectionList model to a file. - Args: - filepath: The path to the file to write the schema to. - Returns: - None - """ - logger.info(f"Dumping schema to {filepath}") - schema = SelectionList.model_json_schema() +def dump_schema(filepath: str, schema: dict) -> None: + schema = order_schema(schema) + logger.info(f"Writing schema to {filepath}") with open(filepath, "w") as f: json.dump(schema, f, indent=2) - f.write("\n") # newline at end of file + f.write("\n") + +def dump_schemas(jsondir): + import ssvc.selection + import ssvc.decision_tables.base + + # dump the selection schema + schemadir = os.path.abspath(os.path.join(jsondir, "..", "schema", "v2")) + schemapaths: list[dict(str, str)] = [] + + # selection schema + schemafile = f"Decision_Point_Value_Selection-{_filename_friendly(ssvc.selection.SCHEMA_VERSION, replacement="-")}.schema.json" + schemapath = os.path.join(schemadir, schemafile) + selection_schema = SelectionList.model_json_schema() + schemapaths.append({"filepath": schemapath, "schema": selection_schema}) + + # registry schema + registry_schema_file = f"Ssvc_Object_Registry-{_filename_friendly(ssvc.registry.base.SCHEMA_VERSION, replacement='-')}.schema.json" + registry_schema_path = os.path.join(schemadir, registry_schema_file) + registry_schema = SsvcObjectRegistry.model_json_schema() + schemapaths.append({"filepath": registry_schema_path, "schema": registry_schema}) + + # decision point schema + dp_schema_file = f"Decision_Point-{_filename_friendly(ssvc.decision_points.base.SCHEMA_VERSION, replacement='-')}.schema.json" + dp_schema_path = os.path.join(schemadir, dp_schema_file) + dp_schema = DecisionPoint.model_json_schema() + schemapaths.append({"filepath": dp_schema_path, "schema": dp_schema}) + + # decision table schema + decision_table_schema_file = f"Decision_Table-{_filename_friendly(ssvc.decision_tables.base.SCHEMA_VERSION, replacement='-')}.schema.json" + decision_table_schema_path = os.path.join(schemadir, decision_table_schema_file) + decision_table_schema = DecisionTable.model_json_schema() + schemapaths.append({"filepath": decision_table_schema_path, "schema": decision_table_schema}) + + # decision point group schema + dp_group_schema_file = f"Decision_Point_Group-{_filename_friendly(ssvc.dp_groups.base.SCHEMA_VERSION, replacement='-')}.schema.json" + dp_group_schema_path = os.path.join(schemadir, dp_group_schema_file) + dp_group_schema = ssvc.dp_groups.base.DecisionPointGroup.model_json_schema() + schemapaths.append({"filepath": dp_group_schema_path, "schema": dp_group_schema}) + + with EnsureDirExists(schemadir): + for d in schemapaths: + path = d["filepath"] + schema = d["schema"] + dump_schema(filepath=path, schema=schema) + +def dump_decision_table(jsondir: str, dt: DecisionTable, overwrite: bool) -> None: + # make dp.name safe for use in a filename + basename = _filename_friendly(dt.name) + f"_{_filename_friendly(dt.version)}" + + filename = f"{basename}.json" + parts = [ + jsondir, + ] + parts.append(_filename_friendly(dt.namespace)) + dirname = os.path.join(*parts) + + parts.append(filename) + + json_file = os.path.join(*parts) + + if overwrite: + remove_if_exists(json_file) + with EnsureDirExists(dirname): + try: + logger.info(f"Writing {json_file}") + with open(json_file, "x") as f: + f.write(dt.model_dump_json(indent=2)) + f.write("\n") # newline at end of file + except FileExistsError: + logger.warning( + f"File {json_file} already exists, use --overwrite to replace" + ) + return str(json_file) def main(): @@ -244,6 +313,7 @@ def main(): jsondir = args.jsondir dp_dir = os.path.join(os.path.abspath(jsondir), "decision_points") + dt_dir = os.path.join(os.path.abspath(jsondir), "decision_tables") find_modules_to_import("./src/ssvc/decision_points", "ssvc.decision_points") find_modules_to_import("./src/ssvc/outcomes", "ssvc.outcomes") @@ -253,15 +323,30 @@ def main(): import ssvc.dp_groups.cvss.collections # noqa: F401 # for each decision point: - for dp in REGISTERED_DECISION_POINTS: + for dp in REGISTRY.get_all("DecisionPoint"): dump_decision_point(dp_dir, dp, overwrite) - # dump the selection schema - schemadir = os.path.abspath(os.path.join(jsondir, "..", "schema", "v2")) - schemafile = os.path.join( - schemadir, "Decision_Point_Value_Selection-2-0-0.schema.json" - ) - dump_selection_schema(schemafile) + # for each decision table: + for dt in REGISTRY.get_all("DecisionTable"): + dump_decision_table(dt_dir, dt, overwrite) + + # dump the registry + registry_json = os.path.join(jsondir, "ssvc_object_registry.json") + if overwrite: + remove_if_exists(registry_json) + with EnsureDirExists(jsondir): + try: + logger.info(f"Writing {registry_json}") + with open(registry_json, "x") as f: + f.write(REGISTRY.model_dump_json(indent=2)) + f.write("\n") # newline at end of file + except FileExistsError: + logger.warning( + f"File {registry_json} already exists, use --overwrite to replace" + ) + + dump_schemas(jsondir) + if __name__ == "__main__": diff --git a/src/ssvc/dp_groups/base.py b/src/ssvc/dp_groups/base.py index 4f496a83..65a3cbc6 100644 --- a/src/ssvc/dp_groups/base.py +++ b/src/ssvc/dp_groups/base.py @@ -22,71 +22,91 @@ """ Provides a DecisionPointGroup object for use in SSVC. """ +from collections.abc import MutableMapping +from typing import Literal -import itertools -from typing import Generator +from pydantic import BaseModel, model_validator -from pydantic import BaseModel - -from ssvc._mixins import _Base, _SchemaVersioned +from ssvc._mixins import _Base, _SchemaVersioned, _Versioned from ssvc.decision_points.base import ( DecisionPoint, - ValueSummary, ) +SCHEMA_VERSION = "2.0.0" + -class DecisionPointGroup(_Base, _SchemaVersioned, BaseModel): +class DecisionPointGroup( + _Base, _SchemaVersioned, _Versioned, BaseModel, MutableMapping +): """ - Models a group of decision points. + Models a group of decision points as a dictionary, keyed by their ID. """ - decision_points: tuple[DecisionPoint, ...] + decision_points: dict[str, DecisionPoint] - def __iter__(self) -> Generator[DecisionPoint, None, None]: + schemaVersion: Literal[SCHEMA_VERSION] + + @model_validator(mode="before") + @classmethod + def set_schema_version(cls, data): """ - Allow iteration over the decision points in the group. + Set the schema version to the current version if not already set. """ + if "schemaVersion" not in data: + data["schemaVersion"] = SCHEMA_VERSION + return data + + @model_validator(mode="before") + @classmethod + def transform_decision_points(cls, data): + if isinstance(data, dict) and "decision_points" in data: + # If decision_points is a list/tuple, convert to dictionary + # this allows us to handle the older way of defining decision point groups + dp_value = data["decision_points"] + if isinstance(dp_value, (list, tuple)): + data["decision_points"] = {dp.id: dp for dp in dp_value} + return data + + # dunder methods to allow dict-like access in conjunction with MutableMapping abstract base class + def __getitem__(self, key): + return self.decision_points[key] + + def __setitem__(self, key, value): + if not isinstance(value, DecisionPoint): + raise TypeError("Value must be a DecisionPoint") + self.decision_points[key] = value + + def __delitem__(self, key): + del self.decision_points[key] + + def __iter__(self): return iter(self.decision_points) - def __len__(self) -> int: - """ - Allow len() to be called on the group. - """ + def __len__(self): return len(self.decision_points) - @property - def decision_points_dict(self) -> dict[str, DecisionPoint]: + def add(self, decision_point: DecisionPoint) -> None: """ - Return a dictionary of decision points keyed by their name. + Add a decision point to the group. """ - return {dp.str: dp for dp in self.decision_points} + if decision_point.id in self.decision_points: + # are they the same? + existing_dp = self.decision_points[decision_point.id] + if existing_dp == decision_point: + # this is a no-op, they are the same + return + # otherwise, raise an error + raise ValueError( + f"Decision point {decision_point.id} already exists in the group." + ) - @property - def decision_points_str(self) -> list[str]: - """ - Return a list of decision point names. - """ - return list(self.decision_points_dict.keys()) - - def combination_strings(self) -> Generator[tuple[str, ...], None, None]: - """ - Return a list of tuples of the value short strings for all combinations of the decision points. - """ - for combo in self.combinations(): - yield tuple(str(x) for x in combo) - - def combinations(self) -> Generator[tuple[ValueSummary, ...], None, None]: - """ - Return a list of tuples of the value summaries for all combinations of the decision points. - """ - value_tuples = [dp.value_summaries for dp in self.decision_points] - for combo in itertools.product(*value_tuples): - yield combo + # set the decision point in the dictionary + self.decision_points[decision_point.id] = decision_point def get_all_decision_points_from( *groups: list[DecisionPointGroup], -) -> tuple[DecisionPoint, ...]: +) -> list[DecisionPoint]: """ Given a list of DecisionPointGroup objects, return a list of all the unique DecisionPoint objects contained in those groups. @@ -95,25 +115,19 @@ def get_all_decision_points_from( groups (list): A list of SsvcDecisionPointGroup objects. Returns: - list: A list of SsvcDecisionPoint objects. + list: A list of unique SsvcDecisionPoint objects. """ - dps = [] - seen = set() + # each group has a decision_points dict, we need to collect all the decision points + new_dict = {} for group in groups: - for dp in group.decision_points: - if dp in dps: - # skip duplicates - continue - key = (dp.name, dp.version) - if key in seen: - # skip duplicates - continue - # keep non-duplicates - dps.append(dp) - seen.add(key) - - return tuple(dps) + # we could have just done a dict update, but want to ensure uniqueness + # even if the decision point groups use non-standard keys for their + # decision points dict. So we'll build a new dict with known consistent keys. + for dp in group.decision_points.values(): + new_dict[dp.id] = dp + # now we have a dictionary of all decision points, we can return them as a tuple + return list(new_dict.values()) def main(): diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 58dfec2f..186583e4 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -56,6 +56,7 @@ class NameSpace(StrEnum): SSVC = auto() CVSS = auto() CISA = auto() + BASIC = auto() @classmethod def validate(cls, value: str) -> str: diff --git a/src/ssvc/outcomes/basic/__init__.py b/src/ssvc/outcomes/basic/__init__.py new file mode 100644 index 00000000..482460e8 --- /dev/null +++ b/src/ssvc/outcomes/basic/__init__.py @@ -0,0 +1,26 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +""" +Provides SSVC outcome groups for the `basic` namespace +""" + +from .ike import LATEST as EISENHOWER +from .mscw import LATEST as MSCW +from .value_complexity import LATEST as VALUE_COMPLEXITY +from .yn import LATEST as YES_NO diff --git a/src/ssvc/outcomes/basic/ike.py b/src/ssvc/outcomes/basic/ike.py new file mode 100644 index 00000000..485b91e3 --- /dev/null +++ b/src/ssvc/outcomes/basic/ike.py @@ -0,0 +1,66 @@ +#!/usr/bin/env python + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +""" +Provides the Eisenhower outcome group for the `basic` namespace. +""" + +from ssvc.decision_points.base import ( + DecisionPoint, + DecisionPointValue as DecisionPointValue, +) +from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.namespaces import NameSpace + +_DELETE = DecisionPointValue(name="Delete", key="D", description="Delete") + +_DELEGATE = DecisionPointValue(name="Delegate", key="G", description="Delegate") + +_SCHEDULE = DecisionPointValue(name="Schedule", key="S", description="Schedule") + +_DO = DecisionPointValue(name="Do", key="O", description="Do") + +EISENHOWER = DecisionPoint( + name="Do, Schedule, Delegate, Delete", + key="IKE", + description="The Eisenhower outcome group.", + namespace=NameSpace.BASIC, + version="1.0.0", + values=( + _DELETE, + _DELEGATE, + _SCHEDULE, + _DO, + ), +) +""" +The Eisenhower outcome group. +""" + +VERSIONS = (EISENHOWER,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/outcomes/basic/lmh.py b/src/ssvc/outcomes/basic/lmh.py new file mode 100644 index 00000000..943b91d6 --- /dev/null +++ b/src/ssvc/outcomes/basic/lmh.py @@ -0,0 +1,57 @@ +#!/usr/bin/env python +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.base import ( + DecisionPoint, + DecisionPointValue as DecisionPointValue, +) +from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.namespaces import NameSpace + +_LOW = DecisionPointValue(name="Low", key="L", description="Low") +_MEDIUM = DecisionPointValue(name="Medium", key="M", description="Medium") +_HIGH = DecisionPointValue(name="High", key="H", description="High") + +V1_0_0 = DecisionPoint( + name="LowMediumHigh", + key="LMH", + description="A Low/Medium/High decision point / outcome group.", + version="1.0.0", + namespace=NameSpace.BASIC, + values=( + _LOW, + _MEDIUM, + _HIGH, + ), +) +""" +The LowMedHigh outcome group. +""" + +VERSIONS = (V1_0_0,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/outcomes/basic/mscw.py b/src/ssvc/outcomes/basic/mscw.py new file mode 100644 index 00000000..45cb4501 --- /dev/null +++ b/src/ssvc/outcomes/basic/mscw.py @@ -0,0 +1,65 @@ +#!/usr/bin/env python +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +""" +Provides the MoSCoW (Must, Should, Could, Won't) outcome group for the `basic` namespace +""" + +from ssvc.decision_points.base import ( + DecisionPoint, + DecisionPointValue as DecisionPointValue, +) +from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.namespaces import NameSpace + +_WONT = DecisionPointValue(name="Won't", key="W", description="Won't") + +_COULD = DecisionPointValue(name="Could", key="C", description="Could") + +_SHOULD = DecisionPointValue(name="Should", key="S", description="Should") + +_MUST = DecisionPointValue(name="Must", key="M", description="Must") + +MSCW = DecisionPoint( + name="MoSCoW", + key="MSCW", + description="The MoSCoW (Must, Should, Could, Won't) outcome group.", + version="1.0.0", + namespace=NameSpace.BASIC, + values=( + _WONT, + _COULD, + _SHOULD, + _MUST, + ), +) +""" +The MoSCoW outcome group. +""" + +VERSIONS = (MSCW,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/outcomes/basic/value_complexity.py b/src/ssvc/outcomes/basic/value_complexity.py new file mode 100644 index 00000000..2f6fef04 --- /dev/null +++ b/src/ssvc/outcomes/basic/value_complexity.py @@ -0,0 +1,68 @@ +#!/usr/bin/env python + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +""" +Provides the Value/Complexity outcome group for the `basic` namespace. +""" + +from ssvc.decision_points.base import ( + DecisionPoint, + DecisionPointValue as DecisionPointValue, +) +from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.namespaces import NameSpace + +_DROP = DecisionPointValue(name="Drop", key="D", description="Drop") + +_RECONSIDER = DecisionPointValue( + name="Reconsider Later", key="R", description="Reconsider Later" +) + +_EASY_WIN = DecisionPointValue(name="Easy Win", key="E", description="Easy Win") + +_DO_FIRST = DecisionPointValue(name="Do First", key="F", description="Do First") + +VALUE_COMPLEXITY = DecisionPoint( + name="Value, Complexity", + key="VALUE_COMPLEXITY", + description="The Value/Complexity outcome group.", + version="1.0.0", + namespace=NameSpace.BASIC, + values=( + _DROP, + _RECONSIDER, + _EASY_WIN, + _DO_FIRST, + ), +) +""" +The Value/Complexity outcome group. +""" + +VERSIONS = (VALUE_COMPLEXITY,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/outcomes/basic/yn.py b/src/ssvc/outcomes/basic/yn.py new file mode 100644 index 00000000..62b7d9c1 --- /dev/null +++ b/src/ssvc/outcomes/basic/yn.py @@ -0,0 +1,56 @@ +#!/usr/bin/env python +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.base import ( + DecisionPoint, + DecisionPointValue as DecisionPointValue, +) +from ssvc.decision_points.helpers import print_versions_and_diffs +from ssvc.namespaces import NameSpace + +_NO = DecisionPointValue(name="No", key="N", description="No") + +_YES = DecisionPointValue(name="Yes", key="Y", description="Yes") + +YES_NO = DecisionPoint( + name="YesNo", + key="YN", + description="A Yes/No decision point / outcome group.", + version="1.0.0", + namespace=NameSpace.BASIC, + values=( + _NO, + _YES, + ), +) +""" +The Yes/No outcome group. +""" + +VERSIONS = (YES_NO,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/outcomes/x_basic/__init__.py b/src/ssvc/outcomes/x_basic/__init__.py deleted file mode 100644 index 73ac8ef9..00000000 --- a/src/ssvc/outcomes/x_basic/__init__.py +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University -""" -Provides SSVC outcome groups for the `x_basic` namespace -""" - -from .ike import LATEST as EISENHOWER -from .mscw import LATEST as MSCW -from .value_complexity import LATEST as VALUE_COMPLEXITY -from .yn import LATEST as YES_NO diff --git a/src/ssvc/outcomes/x_basic/ike.py b/src/ssvc/outcomes/x_basic/ike.py deleted file mode 100644 index 0a56e9ee..00000000 --- a/src/ssvc/outcomes/x_basic/ike.py +++ /dev/null @@ -1,59 +0,0 @@ -#!/usr/bin/env python - -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University -""" -Provides the Eisenhower outcome group for the `x_basic` namespace. -""" - -from ssvc.decision_points.base import ( - DecisionPoint, - DecisionPointValue as DecisionPointValue, -) -from ssvc.decision_points.helpers import print_versions_and_diffs - -_DELETE = DecisionPointValue(name="Delete", key="D", description="Delete") - -_DELEGATE = DecisionPointValue(name="Delegate", key="G", description="Delegate") - -_SCHEDULE = DecisionPointValue(name="Schedule", key="S", description="Schedule") - -_DO = DecisionPointValue(name="Do", key="O", description="Do") - -EISENHOWER = DecisionPoint( - name="Do, Schedule, Delegate, Delete", - key="IKE", - description="The Eisenhower outcome group.", - namespace="x_basic", - version="1.0.0", - values=( - _DELETE, - _DELEGATE, - _SCHEDULE, - _DO, - ), -) -""" -The Eisenhower outcome group. -""" - -VERSIONS = (EISENHOWER,) -LATEST = VERSIONS[-1] - - -def main(): - print_versions_and_diffs(VERSIONS) - - -if __name__ == "__main__": - main() diff --git a/src/ssvc/outcomes/x_basic/mscw.py b/src/ssvc/outcomes/x_basic/mscw.py deleted file mode 100644 index b74ef04e..00000000 --- a/src/ssvc/outcomes/x_basic/mscw.py +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/env python -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University -""" -Provides the MSCW (Must, Should, Could, Won't) outcome group for the `x_basic` namespace -""" - -from ssvc.decision_points.base import ( - DecisionPoint, - DecisionPointValue as DecisionPointValue, -) -from ssvc.decision_points.helpers import print_versions_and_diffs - -_WONT = DecisionPointValue(name="Won't", key="W", description="Won't") - -_COULD = DecisionPointValue(name="Could", key="C", description="Could") - -_SHOULD = DecisionPointValue(name="Should", key="S", description="Should") - -_MUST = DecisionPointValue(name="Must", key="M", description="Must") - -MSCW = DecisionPoint( - name="MoSCoW", - key="MSCW", - description="The MoSCoW (Must, Should, Could, Won't) outcome group.", - version="1.0.0", - namespace="x_basic", - values=( - _WONT, - _COULD, - _SHOULD, - _MUST, - ), -) -""" -The MoSCoW outcome group. -""" - -VERSIONS = (MSCW,) -LATEST = VERSIONS[-1] - - -def main(): - print_versions_and_diffs(VERSIONS) - - -if __name__ == "__main__": - main() diff --git a/src/ssvc/outcomes/x_basic/value_complexity.py b/src/ssvc/outcomes/x_basic/value_complexity.py deleted file mode 100644 index 08a61eb6..00000000 --- a/src/ssvc/outcomes/x_basic/value_complexity.py +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/bin/env python - -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University -""" -Provides the Value/Complexity outcome group for the `x_basic` namespace. -""" - -from ssvc.decision_points.base import ( - DecisionPoint, - DecisionPointValue as DecisionPointValue, -) -from ssvc.decision_points.helpers import print_versions_and_diffs - -_DROP = DecisionPointValue(name="Drop", key="D", description="Drop") - -_RECONSIDER = DecisionPointValue( - name="Reconsider Later", key="R", description="Reconsider Later" -) - -_EASY_WIN = DecisionPointValue(name="Easy Win", key="E", description="Easy Win") - -_DO_FIRST = DecisionPointValue(name="Do First", key="F", description="Do First") - -VALUE_COMPLEXITY = DecisionPoint( - name="Value, Complexity", - key="VALUE_COMPLEXITY", - description="The Value/Complexity outcome group.", - version="1.0.0", - namespace="x_basic", - values=( - _DROP, - _RECONSIDER, - _EASY_WIN, - _DO_FIRST, - ), -) -""" -The Value/Complexity outcome group. -""" - -VERSIONS = (VALUE_COMPLEXITY,) -LATEST = VERSIONS[-1] - - -def main(): - print_versions_and_diffs(VERSIONS) - - -if __name__ == "__main__": - main() diff --git a/src/ssvc/outcomes/x_basic/yn.py b/src/ssvc/outcomes/x_basic/yn.py deleted file mode 100644 index 39dddfb2..00000000 --- a/src/ssvc/outcomes/x_basic/yn.py +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/env python -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University - -from ssvc.decision_points.base import ( - DecisionPoint, - DecisionPointValue as DecisionPointValue, -) -from ssvc.decision_points.helpers import print_versions_and_diffs - -_NO = DecisionPointValue(name="No", key="N", description="No") - -_YES = DecisionPointValue(name="Yes", key="Y", description="Yes") - -YES_NO = DecisionPoint( - name="Yes, No", - key="YN", - description="The Yes/No outcome group.", - version="1.0.0", - namespace="x_basic", - values=( - _NO, - _YES, - ), -) -""" -The Yes/No outcome group. -""" - -VERSIONS = (YES_NO,) -LATEST = VERSIONS[-1] - - -def main(): - print_versions_and_diffs(VERSIONS) - - -if __name__ == "__main__": - main() diff --git a/src/ssvc/outcomes/x_com_yahooinc/__init__.py b/src/ssvc/outcomes/x_com_yahooinc/__init__.py new file mode 100644 index 00000000..6dfa27be --- /dev/null +++ b/src/ssvc/outcomes/x_com_yahooinc/__init__.py @@ -0,0 +1,23 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +""" +Provides SSVC outcome groups for the `x_com_yahooinc` namespace. +""" + +from .paranoids import LATEST as THE_PARANOIDS diff --git a/src/ssvc/outcomes/x_community/paranoids.py b/src/ssvc/outcomes/x_com_yahooinc/paranoids.py similarity index 55% rename from src/ssvc/outcomes/x_community/paranoids.py rename to src/ssvc/outcomes/x_com_yahooinc/paranoids.py index 2a0f7f8d..140e7bf9 100644 --- a/src/ssvc/outcomes/x_community/paranoids.py +++ b/src/ssvc/outcomes/x_com_yahooinc/paranoids.py @@ -1,20 +1,26 @@ #!/usr/bin/env python -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 """ -Provides a decision point for the `x_community` namespace. +Provides a decision point for the `x_com_yahooinc` namespace. """ from ssvc.decision_points.base import ( @@ -41,7 +47,7 @@ name="theParanoids", key="PARANOIDS", description="PrioritizedRiskRemediation outcome group based on TheParanoids.", - namespace="x_community", + namespace="x_com.yahooinc", version="1.0.0", values=( _TRACK_5, diff --git a/src/ssvc/outcomes/x_community/__init__.py b/src/ssvc/outcomes/x_community/__init__.py deleted file mode 100644 index 215c5355..00000000 --- a/src/ssvc/outcomes/x_community/__init__.py +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University -""" -Provides SSVC outcome groups for the `x_community` namespace. -""" - -from .paranoids import LATEST as THE_PARANOIDS diff --git a/src/ssvc/policy_generator.py b/src/ssvc/policy_generator.py index b99b4b8e..79c83319 100644 --- a/src/ssvc/policy_generator.py +++ b/src/ssvc/policy_generator.py @@ -165,18 +165,20 @@ def _validate_paths(self): def _create_policy(self): rows = [] + dps = list(self.dpg.decision_points.values()) + for node in self.G.nodes: row = {} for i in range(len(node)): # turn the numerical indexes back into decision point names - col1 = f"{self.dpg.decision_points[i].str}" - row[col1] = self.dpg.decision_points[i].value_summaries_str[node[i]] + col1 = f"{dps[i].id}" + row[col1] = dps[i].value_summaries[node[i]] # numerical values - col2 = f"idx_{self.dpg.decision_points[i].str}" + col2 = f"idx_{dps[i].str}" row[col2] = node[i] oc_idx = self.G.nodes[node]["outcome"] - row["outcome"] = self.outcomes.value_summaries_str[oc_idx] + row["outcome"] = self.outcomes.value_summaries[oc_idx] row["idx_outcome"] = oc_idx rows.append(row) @@ -277,7 +279,7 @@ def _enumerate_dp_values(self): # for each decision point in the group, get an enumeration of the values # so [[a,b,c],[d,e],[f,g,h]] becomes [[0,1,2],[0,1],[0,1,2]] vec = [] - for dp in self.dpg.decision_points: + for dp in self.dpg.decision_points.values(): vec.append(tuple(range(len(dp.values)))) logger.debug(f"Enumerated vector: {vec}") diff --git a/src/ssvc/registry/__init__.py b/src/ssvc/registry/__init__.py new file mode 100644 index 00000000..95449cc2 --- /dev/null +++ b/src/ssvc/registry/__init__.py @@ -0,0 +1,61 @@ +""" +Provides an object registry for SSVC. +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import logging + +from ssvc.registry.base import SsvcObjectRegistry +from ssvc.registry.events import add_registration_hook + +logger = logging.getLogger(__name__) + +# create an empty registry +REGISTRY = SsvcObjectRegistry( + name="SSVC Object Registry", + description="A registry for SSVC objects organized by type, namespace, key, and version.", +) + + +def _handle_registration(obj): + """Handle object registration with type checking.""" + # Import here to avoid circular imports + try: + from ssvc.decision_points.base import DecisionPoint, DecisionPointValue + from ssvc.decision_tables.base import DecisionTable + + logger.debug(f"Handling registration for {obj.id} of type {type(obj)}") + if isinstance(obj, (DecisionPoint, DecisionPointValue, DecisionTable)): + REGISTRY.register(obj) + else: + logger.warning( + f"Object {obj.id} is not a recognized SSVC decision point type: {type(obj)}" + ) + raise TypeError(f"Object {obj.id} is not a valid SSVC decision point type.") + + except ImportError: + # Fallback registration without type checking + logger.debug(f"Handling registration for {obj.id} of type {type(obj)}") + REGISTRY.register(obj) + + +# Set up the hook +add_registration_hook(_handle_registration) diff --git a/src/ssvc/registry/base.py b/src/ssvc/registry/base.py new file mode 100644 index 00000000..b13515e3 --- /dev/null +++ b/src/ssvc/registry/base.py @@ -0,0 +1,424 @@ +#!/usr/bin/env python +""" +Work in progress on an experimental registry object for SSVC. +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import logging +from typing import Any, Literal, Optional + +from pydantic import BaseModel, Field, model_validator + +from ssvc._mixins import ( + _Base, + _GenericSsvcObject, + _KeyedBaseModel, + _SchemaVersioned, + _Valued, +) +from ssvc.utils.field_specs import VersionString + +logger = logging.getLogger(__name__) + +SCHEMA_VERSION: str = "2.0.0" +logger.debug(f"Using schema version {SCHEMA_VERSION} for SsvcObjectRegistry.") + + +def lookup_type(module: str, type_name: str): + """ + Lookup a type by its name in the specified module. + Args: + module: The module to search in. + type_name: The name of the type to lookup. + + Returns: + The type if found, otherwise None. + """ + import sys + + mod = sys.modules.get(module) + if mod is None: + return None + return getattr(mod, type_name, None) + + +def _get_obj_type(obj: object) -> str: + """ + Get the type of the object for registry purposes. + Args: + obj: The object to check. + + Returns: + str: If the object is of a recognized type, return the name of the recognized type. + Otherwise, return "other". + """ + objtype = "other" # default type if not recognized + recognized_types = [ + lookup_type("ssvc.decision_points.base", "DecisionPoint"), + lookup_type("ssvc.decision_tables.base", "DecisionTable"), + ] + for t in recognized_types: + if t is not None and isinstance(obj, t): + objtype = t.__name__ + break + return objtype + + +class NonValuedVersion(BaseModel): + version: VersionString + obj: object + + +class ValuedVersion(BaseModel): + version: VersionString + obj: object + values: dict[str, _KeyedBaseModel] = Field( + default_factory=dict, + description="A dictionary mapping value keys to _Valued objects.", + ) + + @model_validator(mode="before") + def _populate_values(cls, data): + obj = data.get("obj") + if not isinstance(obj, _Valued): + raise ValueError( + "ValuedVersion must include an `obj` that subclasses `_Valued`" + ) + return data + + def model_post_init(self, __context: Any) -> None: + # set the values dictionary from the obj + self.values = {v.key: v for v in self.obj.values} + return self + + +class Key(BaseModel): + key: str + versions: dict[str, NonValuedVersion | ValuedVersion] = Field( + default_factory=dict, + description="A dictionary mapping version strings to versioned objects.", + ) + + +class Namespace(BaseModel): + namespace: str + keys: dict[str, Key] = Field( + default_factory=dict, + description="A dictionary mapping keys to Key objects within this namespace.", + ) + + +class NsType(BaseModel): + type: str + namespaces: dict[str, Namespace] = Field( + default_factory=dict, + description="A dictionary mapping namespace strings to Namespace objects.", + ) + + +class SsvcObjectRegistry(_SchemaVersioned, _Base, BaseModel): + schemaVersion: Literal[SCHEMA_VERSION] = Field( + ..., + description="The schema version of this selection list.", + ) + + types: dict[str, NsType] = Field( + default_factory=dict, + description="A dictionary mapping type names to NsType objects.", + ) + + @model_validator(mode="before") + def set_schema_version(cls, data): + """ + Set the schema version to the default if not provided. + """ + if "schemaVersion" not in data: + data["schemaVersion"] = SCHEMA_VERSION + return data + + def lookup_objtype(self, objtype: str) -> NsType | None: + """ + Lookup an object type in the registry by its name. + Returns None if the type is not found. + + Args: + objtype (str): The name of the object type to lookup. + Returns: + NsType | None: The NsType object if found, otherwise None. + """ + return self.types.get(objtype, None) + + def lookup_namespace(self, objtype: str, namespace: str) -> Namespace | None: + """ + Lookup a namespace in the registry by object type and namespace name. + Returns None if the namespace is not found. + + Args: + objtype (str): The name of the object type. + namespace (str): The name of the namespace to lookup. + Returns: + Namespace | None: The Namespace object if found, otherwise None. + """ + otype = self.lookup_objtype(objtype) + + if otype is None: + return None + + return otype.namespaces.get(namespace, None) + + def lookup_key(self, objtype: str, namespace: str, key: str) -> Key | None: + """ + Lookup a key in the registry by object type, namespace, and key name. + Returns None if the key is not found. + + Args: + objtype (str): The name of the object type. + namespace (str): The name of the namespace. + key (str): The key to lookup. + Returns: + Key | None: The Key object if found, otherwise None. + """ + ns = self.lookup_namespace(objtype, namespace) + + if ns is None: + return None + + return ns.keys.get(key, None) + + def lookup_version( + self, objtype: str, namespace: str, key: str, version: str + ) -> NonValuedVersion | ValuedVersion | None: + """ + Lookup a version in the registry by object type, namespace, key, and version string. + Returns None if the version is not found. + Args: + objtype (str): The name of the object type. + namespace (str): The name of the namespace. + key (str): The key to lookup. + version (str): The version string to lookup. + Returns: + NonValuedVersion | ValuedVersion | None: The version object if found, otherwise None. + + """ + key_obj = self.lookup_key(objtype, namespace, key) + + if key_obj is None: + return None + + return key_obj.versions.get(version, None) + + def lookup_value( + self, objtype: str, namespace: str, key: str, version: str, value_key: str + ) -> _KeyedBaseModel | None: + """ + Lookup a value in the registry by object type, namespace, key, version, and value key. + Returns None if the value is not found. + + Args: + objtype (str): The name of the object type. + namespace (str): The name of the namespace. + key (str): The key to lookup. + version (str): The version string to lookup. + value_key (str): The key of the value to lookup. + Returns: + _KeyedBaseModel | None: The value object if found, otherwise None. + + """ + version_obj = self.lookup_version(objtype, namespace, key, version) + + if version_obj is None: + return None + + if isinstance(version_obj, ValuedVersion): + return version_obj.values.get(value_key, None) + + logger.debug(f"Object type '{objtype}' does not support values.") + return None + + def lookup( + self, + objtype: Optional[str] = None, + namespace: Optional[str] = None, + key: Optional[str] = None, + version: Optional[str] = None, + value_key: Optional[str] = None, + ) -> _GenericSsvcObject | None: + """ + Lookup an object in the registry by type, namespace, key, version, and value key. + + Args: + objtype (str): The name of the object type. + namespace (str): The name of the namespace. + key (str): The key to lookup. + version (str): The version string to lookup. + value_key (str): The key of the value to lookup. + Returns: + _GenericSsvcObject | None: The object if found, otherwise None. + + """ + # everything None just returns the whole registry + if all([x is None for x in [objtype, namespace, key, version, value_key]]): + return self + + # start at the deepest level and work up + if value_key is not None: + return self.lookup_value(objtype, namespace, key, version, value_key) + if version is not None: + return self.lookup_version(objtype, namespace, key, version) + if key is not None: + return self.lookup_key(objtype, namespace, key) + if namespace is not None: + return self.lookup_namespace(objtype, namespace) + if objtype is not None: + return self.lookup_objtype(objtype) + logger.debug("No parameters provided for lookup, returning None.") + return None + + def lookup_by_id(self, objtype: str, objid: str) -> object | None: + + value_key = None + parts = objid.split(":") + ns, objid, version = parts[0:3] + if len(parts) == 4: + value_key = parts[3] + + if value_key is not None: + return self.lookup_value(objtype, ns, objid, version, value_key) + + return self.lookup_version(objtype, ns, objid, version) + + def register(self, obj: _GenericSsvcObject) -> None: + # extract the parts we need to register + + objtype = _get_obj_type(obj) + ns = str(obj.namespace) # explicitly cast to string + k = obj.key + ver = obj.version + + # if this object already exists in the registry, see if it matches + found = self.lookup(objtype=objtype, namespace=ns, key=k, version=ver) + if found is not None: + logger.debug(f"Object {obj.id} already registered, skipping registration.") + # if this is a different object with the same id, we should throw an error + diffs = [] + should_be_version = False + found_obj = found.obj + if found_obj.name != obj.name: + diffs.append(f"Name mismatch: {found_obj.name} != {obj.name}") + else: + should_be_version = True + if found_obj.description != obj.description: + diffs.append( + f"Description mismatch: {found_obj.description} != {obj.description}" + ) + if isinstance(found_obj, _Valued): + for a, b in zip(found_obj.values, obj.values): + if a != b: + diffs.append(f"Value mismatch: {a} != {b}") + for d in diffs: + logger.warning(f"Diff found when registering {obj.id}: {d}") + + if diffs: + if should_be_version: + logger.error( + f"Object {obj.id} ({obj.name}) already registered with different attributes. Consider changing the version." + ) + else: + logger.error( + f"Object {obj.id} already registered with different attributes. " + f"Consider changing the key ({obj.key}) for '{obj.name}' to avoid collision with '{found_obj.name}'." + ) + raise ValueError( + f"Object {obj.id} already registered with different attributes: {', '.join(diffs)}" + ) + # otherwise, we just return + return + + # start at the top of the registry and work down + if objtype not in self.types: + logger.debug(f"Registering new object type '{objtype}'.") + self.types[objtype] = NsType(type=objtype) + + if ns not in self.types[objtype].namespaces: + logger.debug( + f"Registering new namespace '{ns}' for object type '{objtype}'." + ) + self.types[objtype].namespaces[ns] = Namespace(namespace=ns) + + if k not in self.types[objtype].namespaces[ns].keys: + logger.debug( + f"Registering new key '{k}' in namespace '{ns}' for object type '{objtype}'." + ) + # versions will be created empty by the Key model + self.types[objtype].namespaces[ns].keys[k] = Key(key=k) + + if ver not in self.types[objtype].namespaces[ns].keys[k].versions: + logger.debug( + f"Registering new version '{ver}' for key '{k}' in namespace '{ns}' of type '{objtype}'." + ) + if isinstance(obj, _Valued): + # values will be populated in the ValuedVersion model + self.types[objtype].namespaces[ns].keys[k].versions[ver] = ( + ValuedVersion( + version=ver, + obj=obj, + ) + ) + else: + self.types[objtype].namespaces[ns].keys[k].versions[ver] = ( + NonValuedVersion( + version=ver, + obj=obj, + ) + ) + + def reset(self, force: bool = False) -> None: + """ + Reset the registry to an empty state. + If force is True, it will clear the registry even if it has objects. + """ + if force or not self.types: + self.types = dict() + logger.debug("Registry reset.") + else: + logger.warning("Registry not reset. Use force=True to clear it.") + + def get_all(self, objtype: str) -> list[_GenericSsvcObject]: + """ + Get all objects of a specific type from the registry. + + Args: + objtype (str): The type of objects to retrieve. + + Returns: + list[_GenericSsvcObject]: A list of objects of the specified type. + """ + otype_ns = self.lookup_objtype(objtype) + if otype_ns is None: + return [] + + all_objects = [] + + for ns in otype_ns.namespaces.values(): + for key in ns.keys.values(): + for version in key.versions.values(): + all_objects.append(version.obj) + + return all_objects diff --git a/src/ssvc/registry/events.py b/src/ssvc/registry/events.py new file mode 100644 index 00000000..7f26bd44 --- /dev/null +++ b/src/ssvc/registry/events.py @@ -0,0 +1,44 @@ +#!/usr/bin/env python +""" +Provides an event system for SSVC object registration. +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +import logging + +logger = logging.getLogger(__name__) + +_registration_hooks = [] + + +def add_registration_hook(hook_func): + """Add a function to be called when objects are registered.""" + logger.debug(f"Adding registration hook: {hook_func.__name__}") + _registration_hooks.append(hook_func) + + +def notify_registration(obj): + """Notify all hooks about a new registration.""" + for hook in _registration_hooks: + try: + logger.debug(f"Notifying {hook.__name__} about registration of {obj.id}") + hook(obj) + except Exception as e: + logger.warning(f"Registration hook failed: {e}") + raise diff --git a/src/ssvc/registry_demo.py b/src/ssvc/registry_demo.py new file mode 100644 index 00000000..2dc9a6e2 --- /dev/null +++ b/src/ssvc/registry_demo.py @@ -0,0 +1,60 @@ +#!/usr/bin/env python +""" +Demonstrates the SSVC registry and schema. +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import logging + +from ssvc.registry import REGISTRY, SsvcObjectRegistry +from ssvc.utils.misc import order_schema + +logger = logging.getLogger(__name__) + +def main(): + # importing the ssvc module forces the registry to be initialized + import ssvc # noqa: F401 + + logger = logging.getLogger() + logger.setLevel(logging.DEBUG) + handler = logging.StreamHandler() + handler.setLevel(logging.DEBUG) + logger.addHandler(handler) + + print(REGISTRY.model_dump_json(indent=2)) + + print() + print() + import json + schema = SsvcObjectRegistry.model_json_schema() + schema = order_schema(schema) + print(json.dumps(schema, indent=2)) + + + print() + print("# Lookup demo") + search_for = {"objtype": "DecisionPoint", "namespace": "ssvc", "key": "EXP",} + + dp = REGISTRY.lookup(**search_for) + print(dp.model_dump_json(indent=2)) + +if __name__ == "__main__": + main() diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index de8b473f..4c5efce3 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -35,19 +35,19 @@ from ssvc._mixins import ( _Base, + _GenericSsvcObject, _Keyed, - _Namespaced, _Timestamped, _Valued, - _Versioned, ) from ssvc.decision_points.base import DecisionPoint from ssvc.utils.field_specs import TargetIdList, VersionString +from ssvc.utils.misc import order_schema SCHEMA_VERSION = "2.0.0" -class MinimalDecisionPointValue(_Base, _Keyed, BaseModel): +class MinimalDecisionPointValue(_Keyed, _Base, BaseModel): """ A minimal representation of a decision point value. Intended to parallel the DecisionPointValue object, but with fewer required fields. @@ -81,7 +81,7 @@ def validate_values(cls, data): return data -class Selection(_Valued, _Versioned, _Keyed, _Namespaced, _Base, BaseModel): +class Selection(_Valued, _GenericSsvcObject, BaseModel): """ A minimal selection object that contains the decision point ID and the selected values. While the Selection object parallels the DecisionPoint object, it is intentionally minimal, with @@ -171,12 +171,12 @@ class Reference(BaseModel): model_config = ConfigDict(extra="forbid") uri: AnyUrl - description: str + summary: str # override schema generation to ensure that description is not required def model_json_schema(cls, **kwargs): schema = super().model_json_schema(**kwargs) - not_required = ["description"] + not_required = ["summary"] if "required" in schema and isinstance(schema["required"], list): # remove description from required list if it exists schema["required"] = [ @@ -240,15 +240,15 @@ class SelectionList(_Timestamped, BaseModel): [ { "uri": "https://example.com/decision_points", - "description": "Documentation for a set of decision points", + "summary": "Documentation for a set of decision points", }, { "uri": "https://example.org/definitions/dp2.json", - "description": "JSON representation of decision point 2", + "summary": "JSON representation of decision point 2", }, { "uri": "https://example.com/ssvc/x_com.example/decision_points.json", - "description": "A JSON file containing extension decision points in the x_com.example namespace", + "summary": "A JSON file containing extension decision points in the x_com.example namespace", }, ], ], @@ -261,7 +261,7 @@ class SelectionList(_Timestamped, BaseModel): [ { "uri": "https://example.com/report", - "description": "A report on which the selections were based", + "summary": "A report on which the selections were based", }, ] ], @@ -344,28 +344,7 @@ def model_json_schema(cls, **kwargs): r for r in prop["required"] if r not in non_required_fields ] - # preferred order of fields, just setting for convention - preferred_order = [ - "$schema", - "$id", - "title", - "description", - "schemaVersion", - "type", - "$defs", - "required", - "properties", - "additionalProperties", - ] - - # create a new dict with the preferred order of fields first - ordered_fields = {k: schema[k] for k in preferred_order if k in schema} - # add the rest of the fields in their original order - for k in schema: - if k not in ordered_fields: - ordered_fields[k] = schema[k] - - return ordered_fields + return order_schema(schema) def main() -> None: diff --git a/src/ssvc/utils/defaults.py b/src/ssvc/utils/defaults.py index e864283b..730b4df3 100644 --- a/src/ssvc/utils/defaults.py +++ b/src/ssvc/utils/defaults.py @@ -40,6 +40,20 @@ FIELD_DELIMITER = ":" """The delimiter used to separate fields in SSVC object IDs.""" +SCHEMA_ORDER = ( + "title", + "$schema", + "$id", + "description", + "schemaVersion", + "type", + "$defs", + "properties", + "required", + "additionalProperties", +) +"""Preferred order of fields in SSVC JSON Schema objects.""" + def main(): pass @@ -47,3 +61,5 @@ def main(): if __name__ == "__main__": main() +SCHEMA_VERSION = "1-0-1" +IMPORTABLES = ["ssvc.decision_points", "ssvc.outcomes", "ssvc.decision_tables"] diff --git a/src/ssvc/utils/field_specs.py b/src/ssvc/utils/field_specs.py index 9c4a84df..b2f2f50f 100644 --- a/src/ssvc/utils/field_specs.py +++ b/src/ssvc/utils/field_specs.py @@ -60,6 +60,16 @@ TargetIdList = Annotated[list[str], Field(min_length=1)] """A list of target IDs, for use in Pydantic models.""" +DecisionPointDict = Annotated[ + dict[str, "DecisionPoint"], + Field( + ..., + description="A non-empty dictionary of decision points Decision point IDs are recommended as keys.", + min_length=1, + ), +] +"""A dictionary of decision points, for use in Pydantic models.""" + def main(): pass diff --git a/src/ssvc/utils/importer.py b/src/ssvc/utils/importer.py new file mode 100644 index 00000000..32c858ee --- /dev/null +++ b/src/ssvc/utils/importer.py @@ -0,0 +1,82 @@ +#!/usr/bin/env python +""" +Provides a bulk importer for SSVC object modules. +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import logging +import pkgutil + + +logger = logging.getLogger(__name__) + +# import all submodules from ssvc.decision_points and ssvc.outcomes to populate the registries +# automatically walk through the decision_points and outcomes directories +# dive into each submodule and import all its parts + + +def import_module(module_name: str) -> object: + logger.debug(f"Importing module: {module_name}") + try: + package = __import__(module_name, fromlist=["*"]) + except ImportError as e: + raise ImportError(f"Failed to import submodule {module_name}: {e}") + return package + + +def import_modules(modules: list[str], include_children=True) -> list[object]: + """ + Import specified modules dynamically. + + Args: + modules (list[str]): List of module names to import. + """ + packages = [] + for module in modules: + package = import_module(module) + packages.append(package) + + if not include_children: + # If we don't want to include children, just import the top-level module + # and short-circuit the rest + continue + + # dynamically import all submodules in the specified modules + for _, submodule_name, _ in pkgutil.walk_packages( + package.__path__, package.__name__ + "." + ): + subpkg = import_module(submodule_name) + packages.append(subpkg) + + return packages + + +def main(): + from ssvc.utils.defaults import IMPORTABLES + + pkgs = import_modules(IMPORTABLES) + + for pkg in pkgs: + logger.info(f"Imported package: {pkg.__name__}") + + +if __name__ == "__main__": + logging.basicConfig(level=logging.DEBUG) + main() diff --git a/src/ssvc/utils/misc.py b/src/ssvc/utils/misc.py new file mode 100644 index 00000000..e3044cf8 --- /dev/null +++ b/src/ssvc/utils/misc.py @@ -0,0 +1,102 @@ +#!/usr/bin/env python +""" +Provides miscellaneous utility functions for SSVC. +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import secrets + +from ssvc.utils.defaults import SCHEMA_ORDER + + +def reorder_title_first(obj): + if isinstance(obj, dict): + if "title" in obj: + reordered = {"title": obj["title"]} + for k, v in obj.items(): + if k != "title": + reordered[k] = reorder_title_first(v) + return reordered + else: + return {k: reorder_title_first(v) for k, v in obj.items()} + elif isinstance(obj, list): + return [reorder_title_first(item) for item in obj] + else: + return obj + + +def order_schema(schema: dict) -> dict: + # create a new dict with the preferred order of fields first + ordered_schema = {k: schema[k] for k in (SCHEMA_ORDER) if k in schema} + + # add the rest of the fields in their original order + other_keys = [k for k in schema if k not in ordered_schema] + for k in other_keys: + ordered_schema[k] = schema[k] + + # recursively move "title" to the front of any nested objects + ordered_schema = reorder_title_first(ordered_schema) + + return ordered_schema + + +def obfuscate_dict(data: dict) -> tuple[dict, dict]: + """Given a dictionary, obfuscate its keys by replacing them with random strings. + Returns a tuple of two dictionaries: the obfuscated dictionary and the mapping + of original keys to obfuscated keys. + + Args: + data (dict): The dictionary to obfuscate. + Returns: + tuple[dict, dict]: A tuple containing the obfuscated dictionary and a translator + dictionary mapping original keys to obfuscated keys. + """ + token_len = 4 + obfuscated_dict = {} + translator = {} + + def _generate_key() -> str: + k = secrets.token_hex(token_len) + # make the new key match NNNN-NNNN... + k = "-".join(k[i : i + token_len] for i in range(0, len(k), token_len)) + # uppercase the new key + k = k.upper() + return k + + for old_key in data.keys(): + while True: + new_key = _generate_key() + if new_key not in translator: + break + + # got a unique new_key + translator[old_key] = new_key + obfuscated_dict[new_key] = data[old_key] + + return (obfuscated_dict, translator) + + +def main(): + pass + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/utils/patterns.py b/src/ssvc/utils/patterns.py index c3cef410..4d3fc5ad 100644 --- a/src/ssvc/utils/patterns.py +++ b/src/ssvc/utils/patterns.py @@ -59,11 +59,11 @@ ) # Subsequent ext-seg(s) -SUBSEQUENT_EXT = rf"{EXT_SEGMENT_PATTERN}(?:/{EXT_SEGMENT_PATTERN})*" +SUBSEQUENT_EXT = rf"{EXT_SEGMENT_PATTERN}(?:\/{EXT_SEGMENT_PATTERN})*" # --- Language extension --- -LANG_EXT = rf"(?:/{BCP_47_PATTERN}/|//)" +LANG_EXT = rf"(?:\/{BCP_47_PATTERN}\/|\/\/)" # --- Combine all parts into the full namespace pattern --- NS_PATTERN_STR = ( diff --git a/src/ssvc/utils/toposort.py b/src/ssvc/utils/toposort.py new file mode 100644 index 00000000..2afab804 --- /dev/null +++ b/src/ssvc/utils/toposort.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +""" +file: toposort +author: adh +created_at: 7/30/25 12:45 PM +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import logging +from itertools import product + +import networkx as nx + +from ssvc.decision_points.base import DecisionPoint + +logger = logging.getLogger(__name__) + + +def graph_from_dplist(decision_points: list[DecisionPoint]) -> nx.DiGraph: + logger.debug(f"Creating graph from dplist: {[dp.id for dp in decision_points]}") + value_lookup = dplist_to_value_lookup(decision_points) + value_tuples = [tuple(v.keys()) for v in value_lookup] + logger.debug(f"Value tuples: {value_tuples}") + + return graph_from_value_tuples(value_tuples) + + +def graph_from_value_tuples(value_tuples: list[tuple[int, ...]]) -> nx.DiGraph: + logger.debug(f"Creating graph from value_tuples: {value_tuples}") + G = nx.DiGraph() + + # add nodes to the graph + nodes = list(product(*value_tuples)) + G.add_nodes_from(nodes) + + # add edges to the graph + + # For each node, try to increment one coordinate by one step + for node in nodes: + for i, val in enumerate(node): + axis = value_tuples[i] + idx = axis.index(val) + if idx + 1 < len(axis): + # Create a new node with i-th coordinate incremented + neighbor = list(node) + neighbor[i] = axis[idx + 1] + neighbor = tuple(neighbor) + if neighbor in G: + G.add_edge(node, neighbor) + + return G + + +def dplist_to_value_lookup( + decision_points: list[DecisionPoint], +) -> list[dict[int, str]]: + value_lookup = [ + {i: v.key for i, v in enumerate(dp.values)} for dp in decision_points + ] + return value_lookup + + +def dplist_to_lookup(decision_points: list[DecisionPoint]) -> dict[int, str]: + dp_lookup = {i: dp.id for i, dp in enumerate(decision_points)} + return dp_lookup + + +def lookup_value(t: tuple[int, ...], lookup: list[dict[int, str]]) -> tuple[str, ...]: + # given + # t = (0, 0, 0) + # lookup = [{0: 'V', 1: 'R', 2: 'S', 3: 'HS'}, {0: 'H', 1: 'S', 2: 'B', 3: 'N'}, {0: 'F', 1: 'R', 2: 'B', 3: 'N'}] + # return (V,H,F + l = [lookup[i][t[i]] for i in range(len(t))] + return tuple(l) + + +def tuple_to_dict(t: tuple[str, ...], lookup: dict[int, str]) -> dict[str, str]: + # given + # t = ('V', 'H', 'F') + # return {'ER': 'V', 'GM': 'H', 'RC': 'F'} + return {lookup[i]: t[i] for i in range(len(t))} + + +def dplist_to_toposort(decision_points: list[DecisionPoint]) -> list[dict[str, str]]: + logger.debug("Creating graph from list of decision points") + G = graph_from_dplist(decision_points) + logger.debug( + "Graph created, performing topological sort over decision points graph" + ) + sorted_nodes = nx.topological_sort(G) + + logger.debug("Topological sort completed, converting graph nodes to dictionaries") + sorted_list = [] + dp_lookup = dplist_to_lookup(decision_points) + value_lookup = dplist_to_value_lookup(decision_points) + for node in sorted_nodes: + vals = lookup_value(node, value_lookup) + sorted_list.append(tuple_to_dict(vals, dp_lookup)) + return sorted_list + + +def main(): + from ssvc.decision_points.cvss.attack_vector import LATEST as AT + from ssvc.decision_points.cvss.attack_complexity import LATEST as AC + from ssvc.decision_points.cvss.privileges_required import LATEST as PR + + logger = logging.getLogger() + logger.setLevel(logging.DEBUG) + + handler = logging.StreamHandler() + handler.setLevel(logging.DEBUG) + logger.addHandler(handler) + + dps = [AT, AC, PR] + + print("mapping order:") + print("===========================") + for row in dplist_to_toposort(dps): + print(row) + + +if __name__ == "__main__": + main() diff --git a/src/test/decision_points/test_cvss_helpers.py b/src/test/decision_points/test_cvss_helpers.py index 73dcad86..22d7725f 100644 --- a/src/test/decision_points/test_cvss_helpers.py +++ b/src/test/decision_points/test_cvss_helpers.py @@ -20,7 +20,7 @@ import unittest import ssvc.decision_points.cvss.helpers as h -from ssvc.decision_points.base import DPV_REGISTRY, DP_REGISTRY, DecisionPointValue +from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint @@ -57,8 +57,9 @@ def fake_ms_impacts() -> list[CvssDecisionPoint]: class TestCvssHelpers(unittest.TestCase): def setUp(self) -> None: # reset the registry - for registry in DP_REGISTRY, DPV_REGISTRY: - registry.reset_registry() + from ssvc.registry import REGISTRY + + REGISTRY.reset() self.dps = [] for i in range(3): diff --git a/src/test/decision_points/test_dp_base.py b/src/test/decision_points/test_dp_base.py index d5b1fcf5..a09cb232 100644 --- a/src/test/decision_points/test_dp_base.py +++ b/src/test/decision_points/test_dp_base.py @@ -21,14 +21,18 @@ import ssvc.decision_points.base as base import ssvc.decision_points.ssvc.base +import ssvc.registry +from ssvc.decision_points.base import FIELD_DELIMITER class MyTestCase(unittest.TestCase): def setUp(self) -> None: - base.DP_REGISTRY.reset_registry() - base.DPV_REGISTRY.reset_registry() + from ssvc.registry import REGISTRY - self.original_registry = base.REGISTERED_DECISION_POINTS.copy() + self.original_registry = list(REGISTRY.get_all("DecisionPoint")) + + # reset the registry + REGISTRY.reset() # add multiple values self.values = [] @@ -50,7 +54,9 @@ def setUp(self) -> None: def tearDown(self) -> None: # restore the original registry - base._reset_registered() + from ssvc.registry import REGISTRY + + REGISTRY.reset() def test_decision_point_basics(self): from ssvc._mixins import _Base, _Keyed, _Namespaced, _Valued, _Versioned @@ -74,57 +80,11 @@ def test_registry(self): ) self.assertIn(dp2, base.REGISTERED_DECISION_POINTS) - def test_registry_errors_on_duplicate_key(self): - # dp should already be registered from setUp - self.assertIn(self.dp, base.REGISTERED_DECISION_POINTS) - - # create a new decision point with the same key - with self.assertRaises(KeyError): - # the registry key is a combination of namespace, key, and version - - dp2 = ssvc.decision_points.ssvc.base.DecisionPoint( - name="asdfad", - description="asdfasdf", - namespace=self.dp.namespace, - key=self.dp.key, # same key as self.dp - version=self.dp.version, # same version as self.dp - values=tuple(self.values), - ) - - # should not be a problem if namespace, key or version are different - dp3 = ssvc.decision_points.ssvc.base.DecisionPoint( - name="asdfad", - description="asdfasdf", - namespace="x_example.test.extra", # different namespace - key=self.dp.key, # same key - version=self.dp.version, # same version - values=tuple(self.values), - ) - self.assertIn(dp3, base.REGISTERED_DECISION_POINTS) - # should not be a problem if key is different - dp4 = ssvc.decision_points.ssvc.base.DecisionPoint( - name="asdfad", - description="asdfasdf", - namespace=self.dp.namespace, # same namespace - key="different_key", # different key - version=self.dp.version, # same version - values=tuple(self.values), - ) - self.assertIn(dp4, base.REGISTERED_DECISION_POINTS) - # should not be a problem if version is different - dp5 = ssvc.decision_points.ssvc.base.DecisionPoint( - name="asdfad", - description="asdfasdf", - namespace=self.dp.namespace, # same namespace - key=self.dp.key, # same key - version="2.0.0", # different version - values=tuple(self.values), - ) - self.assertIn(dp5, base.REGISTERED_DECISION_POINTS) - def test_registry(self): + from ssvc.registry import REGISTRY + # just by creating the objects, they should be registered - self.assertIn(self.dp, base.REGISTERED_DECISION_POINTS) + self.assertIsNotNone(REGISTRY.lookup_by_id("DecisionPoint", self.dp.id)) dp2 = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( name="asdfad", @@ -137,7 +97,7 @@ def test_registry(self): dp2._comment = "asdfasdfasdf" - self.assertIn(dp2, base.REGISTERED_DECISION_POINTS) + self.assertIsNotNone(REGISTRY.lookup_by_id("DecisionPoint", dp2.id)) def test_ssvc_value(self): for i, obj in enumerate(self.values): @@ -184,70 +144,35 @@ def test_ssvc_decision_point_json_roundtrip(self): self.assertEqual(obj, obj2) self.assertEqual(obj.model_dump(), obj2.model_dump()) - def test_value_summaries_dict(self): + def test_value_dict(self): obj = self.dp - summaries = obj.value_summaries_dict - - # should be a dictionary - self.assertIsInstance(summaries, dict) - self.assertEqual(len(summaries), len(obj.values)) - # the summaries dict should have str(ValueSummary) as the key - # and the ValueSummary as the value - for key, summary in summaries.items(): - # confirm the key is the string representation of the ValueSummary - self.assertEqual(key, str(summary)) - - # confirm the attributes of the ValueSummary - # key, version, and namespace come from the decision point - self.assertEqual(summary.key, obj.key) - self.assertEqual(summary.version, obj.version) - self.assertEqual(summary.namespace, obj.namespace) - # value comes from the list of values, and should be a key to one of the values - value_keys = [v.key for v in obj.values] - self.assertIn(summary.value, value_keys) - - def test_value_summaries_str(self): - obj = self.dp - summaries = obj.value_summaries_str + value_dict = obj.value_dict - # should be a list - self.assertIsInstance(summaries, list) - self.assertEqual(len(summaries), len(obj.values)) + self.assertIsInstance(value_dict, dict) + self.assertEqual(len(value_dict), len(obj.values)) - # the summaries list should have str(ValueSummary) as the key - for key in summaries: - # confirm the key is the string representation of the ValueSummary - self.assertIsInstance(key, str) - - # parse the key into its parts - (ns, k, v, val) = key.split(":") - # ns, k, v should come from the decision point - self.assertEqual(ns, obj.namespace) - self.assertEqual(k, obj.key) - self.assertEqual(v, obj.version) - # val should be a key to one of the values - value_keys = [v.key for v in obj.values] - self.assertIn(val, value_keys) + # the value_dict should have the dp.id:v.key as the key + # and the DecisionPointValue as the value + for value in obj.values: + expected_key = FIELD_DELIMITER.join((obj.id, value.key)) + self.assertIn(expected_key, value_dict) + self.assertEqual(value_dict[expected_key], value) def test_value_summaries(self): obj = self.dp + # summaries are just the keys of the value_dict summaries = obj.value_summaries # should be a list self.assertIsInstance(summaries, list) self.assertEqual(len(summaries), len(obj.values)) - # the summaries list should be ValueSummary objects for summary in summaries: - self.assertIsInstance(summary, base.ValueSummary) - # key, version, and namespace come from the decision point - self.assertEqual(summary.key, obj.key) - self.assertEqual(summary.version, obj.version) - self.assertEqual(summary.namespace, obj.namespace) - # value comes from the list of values, and should be a key to one of the values - value_keys = [v.key for v in obj.values] - self.assertIn(summary.value, value_keys) + # each summary should be a string + self.assertIsInstance(summary, str) + # each summary should be the key of a value + self.assertIn(summary, obj.value_dict) if __name__ == "__main__": diff --git a/src/test/decision_points/test_dp_helpers.py b/src/test/decision_points/test_dp_helpers.py index cd30fe43..68c2aca2 100644 --- a/src/test/decision_points/test_dp_helpers.py +++ b/src/test/decision_points/test_dp_helpers.py @@ -88,20 +88,23 @@ def test_major_version(self): # * new values are added that divide previous value semantics ambiguously # remove one - self.dp2.values = self.dp2.values[:-1] + vals = list(self.dp1.values) + self.dp2.values = tuple(vals[:-1]) + results = dp_diff(self.dp1, self.dp2) text = "\n".join(results) self.assertIn("major", text) # add one - self.dp2.values = list(self.dp1.values) - self.dp2.values.append( + vals = list(self.dp1.values) + vals.append( DecisionPointValue( name="Maybe", key="maybe", description="Maybe", ) ) + self.dp2.values = tuple(vals) results = dp_diff(self.dp1, self.dp2) text = "\n".join(results) @@ -112,14 +115,15 @@ def test_minor_version_when_new_option_added(self): # * Criteria for incrementing the Major Version are not met, _AND_ # * new options are added, _OR_ # add one - self.dp2.values = list(self.dp1.values) - self.dp2.values.append( + vals = list(self.dp1.values) + vals.append( DecisionPointValue( name="Maybe", key="maybe", description="Maybe", ) ) + self.dp2.values = tuple(vals) results = dp_diff(self.dp1, self.dp2) text = "\n".join(results) diff --git a/src/test/decision_tables/__init__.py b/src/test/decision_tables/__init__.py new file mode 100644 index 00000000..9be8611d --- /dev/null +++ b/src/test/decision_tables/__init__.py @@ -0,0 +1,21 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +""" +Provides test classes for ssvc.decision_tables. +""" diff --git a/src/test/decision_tables/test_base.py b/src/test/decision_tables/test_base.py new file mode 100644 index 00000000..0215780a --- /dev/null +++ b/src/test/decision_tables/test_base.py @@ -0,0 +1,335 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +import json +import os +import tempfile +import unittest +from unittest.mock import Mock, patch + +import pandas as pd + +from ssvc.decision_points.base import DecisionPointValue +from ssvc.decision_tables.base import ( + DecisionTable, + decision_table_to_csv, + decision_table_to_df, + decision_table_to_longform_df, + dpdict_to_combination_list, +) +from ssvc.dp_groups.base import DecisionPoint +from ssvc.outcomes.base import OutcomeGroup + + +class TestDecisionTableBase(unittest.TestCase): + def setUp(self): + # create a temporary directory for testing + self.tmpdir = tempfile.TemporaryDirectory() + + # Create dummy decision point values + self.dp1v1 = DecisionPointValue(name="a", key="a", description="A value") + self.dp1v2 = DecisionPointValue(name="b", key="b", description="B value") + + self.dp2v1 = DecisionPointValue(name="x", key="x", description="X value") + self.dp2v2 = DecisionPointValue(name="y", key="y", description="Y value") + self.dp2v3 = DecisionPointValue(name="z", key="z", description="Z value") + self.dp2v4 = DecisionPointValue(name="w", key="w", description="W value") + + # Create dummy decision points and group + self.dp1 = DecisionPoint( + name="dp1", + description="description for dp1", + version="1.0.0", + namespace="x_test", + key="dp1", + values=(self.dp1v1, self.dp1v2), + ) + self.dp2 = DecisionPoint( + name="dp2", + description="description for dp2", + version="1.0.0", + namespace="x_test", + key="dp2", + values=(self.dp2v1, self.dp2v2, self.dp2v3, self.dp2v4), + ) + # Create dummy outcome group + self.ogv1 = DecisionPointValue(name="o1", key="o1", description="Outcome 1") + self.ogv2 = DecisionPointValue(name="o2", key="o2", description="Outcome 2") + self.ogv3 = DecisionPointValue(name="o3", key="o3", description="Outcome 3") + + self.og = OutcomeGroup( + name="outcome", + description="description for outcome", + version="1.0.0", + namespace="x_test", + key="outcome", + values=(self.ogv1, self.ogv2, self.ogv3), + ) + + self.dplist = [self.dp1, self.dp2, self.og] + self.dpdict = {dp.id: dp for dp in self.dplist} + + self.dt = DecisionTable( + key="TEST", + namespace="x_test", + name="Test Table", + description="Describes the test table", + decision_points=self.dpdict, + outcome=self.og.id, + ) + + def tearDown(self): + # clean up the temporary directory + self.tmpdir.cleanup() + + def test_init(self): + dt = self.dt + + self.assertEqual(dt.outcome, self.og.id) + + # default should be to populate mapping if not provided + self.assertIsNotNone(dt.mapping) + # mapping length should match product of decision point values + expected_length = len(self.dp1.values) * len(self.dp2.values) + + self.assertEqual(len(dt.mapping), expected_length), + # Check if mapping is a list of dicts + for row in dt.mapping: + self.assertIsInstance(row, dict) + # We aren't testing the actual values here, just that they are created + # correctly. The mappings will be tested in more detail in other tests. + + def test_decision_table_to_csv(self): + dt = self.dt + + csv_str = decision_table_to_csv(dt=dt) + + # write csv to a temporary file + csvfile = os.path.join(self.tmpdir.name, "test_table.csv") + with open(csvfile, "w") as f: + f.write(csv_str) + + # read the csv file into a DataFrame + # using pandas + df = pd.read_csv(csvfile) + + # does line count match expected? + expected_lines = len(dt.mapping) # for header + self.assertEqual(len(df), expected_lines) + # Check if the DataFrame has the expected columns + + expected_columns = set(self.dpdict.keys()) + colset = set(df.columns) + + # everything in expected_columns should be in colset + # (colset might have more columns, like a row index, but that's okay) + self.assertTrue( + expected_columns.issubset(colset), + "Expected columns are not a subset of DataFrame columns", + ) + + def test_model_dump_json(self): + dt = self.dt + + json_str = dt.model_dump_json() + + self.assertIn("decision_points", json_str) + self.assertIn("outcome", json_str) + self.assertIn("mapping", json_str) + + # load it as a dict to check structure + d = json.loads(json_str) + self.assertIn("decision_points", d) + self.assertIn("outcome", d) + self.assertIn("mapping", d) + # check that outcome is a string corresponding to a key in decsion point group + self.assertIsInstance(d["outcome"], str) + self.assertIn(d["outcome"], d["decision_points"]) + # Check if mapping is a list of dicts + self.assertIsInstance(d["mapping"], list) + self.assertTrue( + all(isinstance(row, dict) for row in d["mapping"]), + ) + # and that the keys of each dict match the keys of decision points + expect_keys = set(d["decision_points"].keys()) + for row in d["mapping"]: + row_keys = set(row.keys()) + self.assertEqual( + row_keys, expect_keys, "Row keys do not match expected decision points" + ) + + def test_populate_mapping_if_none(self): + dt = self.dt + + # Set an empty list to simulate no mapping + dt.mapping = ["a", "b", "c"] + dt.populate_mapping_if_empty() + self.assertEqual( + ["a", "b", "c"], + dt.mapping, + "Mapping should not change if already populated", + ) + + # Now set mapping to None to trigger population + dt.mapping = None + + # Populate the mapping + dt.populate_mapping_if_empty() + + # Check if mapping is populated + self.assertIsNotNone(dt.mapping) + self.assertGreater(len(dt.mapping), 0) + + # Check if each MappingRow has an outcome assigned + for row in dt.mapping: + self.assertIsNotNone( + row[dt.outcome], "Outcome should not be None after population" + ) + + def test_distribute_outcomes_evenly_function(self): + from ssvc.decision_tables.base import distribute_outcomes_evenly + + dt = self.dt + + # Distribute outcomes evenly + outcome_key = dt.outcome + og = dt.decision_points[outcome_key] + outcome_values = [v.key for v in og.values] + + # unset the mapping to test distribution + for row in dt.mapping: + row[outcome_key] = None + + self.assertTrue(all(row[outcome_key] is None for row in dt.mapping)) + + new_mapping = distribute_outcomes_evenly(dt.mapping, og) + + # Check if the new mapping has outcomes assigned + for row in new_mapping: + self.assertIsNotNone( + row[outcome_key], "Outcome should not be None after distribution" + ) + + # Check if the length of new mapping matches original mapping + self.assertEqual(len(new_mapping), len(dt.mapping)) + # first outcome should be assigned to first mapping row + self.assertEqual(new_mapping[0][outcome_key], outcome_values[0]) + # last outcome should be assigned to last mapping row + self.assertEqual(new_mapping[-1][outcome_key], outcome_values[-1]) + + def test_decision_table_to_longform_df(self): + dt = self.dt + + df = decision_table_to_longform_df(dt) + self.assertIsInstance(df, pd.DataFrame) + # Should have as many rows as mapping + self.assertEqual(len(df), len(dt.mapping)) + # Should have as many columns as decision points (including outcome) + expected_num_cols = len(self.dplist) + self.assertEqual(len(df.columns), expected_num_cols) + # All values should be lowercase strings + for col in df.columns: + for val in df[col]: + if isinstance(val, str): + self.assertEqual(val, val.lower()) + # Column names should contain decision point names and version + for dp in self.dplist: + self.assertTrue(any(dp.name in c for c in df.columns)) + self.assertTrue(any(self.og.name in c for c in df.columns)) + + @patch("ssvc.decision_tables.base.decision_table_to_longform_df") + @patch("ssvc.decision_tables.base.decision_table_to_shortform_df") + def test_decision_table_to_df(self, mock_shortform, mock_longform): + mock_df = pd.DataFrame( + [ + {"dp1": 0, "dp2": 0, "outcome": 0}, + {"dp1": 0, "dp2": 1, "outcome": 1}, + {"dp1": 1, "dp2": 0, "outcome": 1}, + {"dp1": 1, "dp2": 1, "outcome": 2}, + ], + ) + mock_longform.return_value = mock_df + mock_shortform.return_value = mock_df + # Create a DecisionTable instance for testing + dt = Mock() + + # default should be shortform + # reset mocks + mock_longform.reset_mock() + mock_shortform.reset_mock() + + df_default = decision_table_to_df(dt) + + self.assertTrue(df_default.equals(mock_df)) + mock_shortform.assert_called_with(dt) + mock_longform.assert_not_called() + + # Test longform + df_long = decision_table_to_df(dt, longform=True) + self.assertTrue(df_long.equals(mock_df)) + mock_longform.assert_called_with(dt) + mock_shortform.assert_called_with(dt) + + # Test shortform + mock_longform.reset_mock() + mock_shortform.reset_mock() + + df_short = decision_table_to_df(dt, longform=False) + self.assertTrue(df_short.equals(mock_df)) + mock_shortform.assert_called_once_with(dt) + mock_longform.assert_not_called() + + def test_combo_strings(self): + dps = dict(self.dpdict) # copy the decision points + del [dps[self.og.id]] # remove outcome group from decision points + + # get all the combinations + combos = dpdict_to_combination_list(dps) + + # assert that the number of combinations is the product of the number of values + # for each decision point + n_combos = 1 + for dp in dps.values(): + n_combos *= len(dp.values) + self.assertEqual(n_combos, len(combos)) + + counter = {} + for dp in dps.values(): + for v in dp.values: + counter[v.key] = 0 + + # assert that each combination is a tuple + for combo in combos: + self.assertEqual(len(dps), len(combo)) + self.assertIsInstance(combo, dict) + # assert that each value in the combination is a string + print(combo) + for value in combo.values(): + print(value) + self.assertIn(value, counter) + counter[value] += 1 + + for k, count in counter.items(): + # each count should be greater than or equal to 0 + self.assertGreaterEqual(count, 0) + # # each count should be less than or equal to the length of the combination + self.assertLessEqual(count, len(combos)) + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/dp_groups/test_dp_groups.py b/src/test/dp_groups/test_dp_groups.py index 907f3df6..e5ae99b5 100644 --- a/src/test/dp_groups/test_dp_groups.py +++ b/src/test/dp_groups/test_dp_groups.py @@ -41,6 +41,7 @@ def setUp(self) -> None: ), ) self.dps.append(dp) + self.dp_ids = [dp.id for dp in self.dps] def tearDown(self) -> None: pass @@ -57,7 +58,7 @@ def test_iter(self): # iterate over the group for dp in g: - self.assertIn(dp, self.dps) + self.assertIn(dp, self.dp_ids) def test_len(self): # add them to a decision point group @@ -71,45 +72,6 @@ def test_len(self): self.assertEqual(len(self.dps), len(list(g.decision_points))) self.assertEqual(len(self.dps), len(g)) - def test_combo_strings(self): - # add them to a decision point group - g = dpg.DecisionPointGroup( - name="Test Group", - description="Test Group", - decision_points=self.dps, - ) - - # get all the combinations - combos = list(g.combination_strings()) - - # assert that the number of combinations is the product of the number of values - # for each decision point - n_combos = 1 - for dp in self.dps: - n_combos *= len(dp.values) - self.assertEqual(n_combos, len(combos)) - - # assert that each combination is a tuple - for combo in combos: - self.assertEqual(len(self.dps), len(combo)) - self.assertIsInstance(combo, tuple) - # assert that each value in the combination is a string - for value in combo: - self.assertIsInstance(value, str) - # foo, bar, and baz should be in each combination to some degree - foo_count = sum(1 for v in combo if v.endswith("FOO")) - bar_count = sum(1 for v in combo if v.endswith("BAR")) - baz_count = sum(1 for v in combo if v.endswith("BAZ")) - for count in (foo_count, bar_count, baz_count): - # each count should be greater than or equal to 0 - self.assertGreaterEqual(count, 0) - # each count should be less than or equal to the length of the combination - self.assertLessEqual(count, len(combo)) - # the total count of foo, bar, and baz should be the same as the length of the combination - # indicating that no other values are present - total = sum((foo_count, bar_count, baz_count)) - self.assertEqual(len(combo), total) - def test_json_roundtrip(self): # add them to a decision point group g = dpg.DecisionPointGroup( @@ -134,8 +96,12 @@ def test_decision_points_dict(self): decision_points=self.dps, ) + # after init, g.decision_points should be a dict + # get the decision points as a dictionary - dp_dict = g.decision_points_dict + + dp_dict = g.decision_points + self.assertIsInstance(dp_dict, dict) # assert that the dictionary is the correct length self.assertEqual(len(self.dps), len(dp_dict)) @@ -145,21 +111,6 @@ def test_decision_points_dict(self): self.assertIn(dp.str, dp_dict) self.assertEqual(dp, dp_dict[dp.str]) - def test_decision_points_str(self): - g = dpg.DecisionPointGroup( - name="Test Group", - description="Test Group", - decision_points=self.dps, - ) - dp_str = g.decision_points_str - self.assertEqual(len(self.dps), len(dp_str)) - - for i, dp in enumerate(self.dps): - self.assertIn(dp.str, dp_str) - # check that the string is the same as the decision point's string representation - # and they are in the same order - self.assertEqual(dp.str, dp_str[i]) - if __name__ == "__main__": unittest.main() diff --git a/src/test/outcomes/test_outcomes.py b/src/test/outcomes/test_outcomes.py index 5d3245c3..ac435632 100644 --- a/src/test/outcomes/test_outcomes.py +++ b/src/test/outcomes/test_outcomes.py @@ -39,14 +39,14 @@ def test_outcome_group(self): og = OutcomeGroup( name="Outcome Group", - key="OG", + key="OGX", description="an outcome group", namespace="x_example.test", values=tuple(values), ) self.assertEqual(og.name, "Outcome Group") - self.assertEqual(og.key, "OG") + self.assertEqual(og.key, "OGX") self.assertEqual(og.description, "an outcome group") self.assertEqual(len(og), len(ALPHABET)) diff --git a/src/test/test_doctools.py b/src/test/test_doctools.py index c669f924..21bc0498 100644 --- a/src/test/test_doctools.py +++ b/src/test/test_doctools.py @@ -174,18 +174,23 @@ def test_dump_json(self): d = json.load(open(json_file)) self.assertEqual(dp.name, d["name"]) - def test_dump_selection_schema(self): - schemafile = os.path.join(self.tempdir.name, "selection_schema.json") + def test_dump_schema(self): + schemafile = os.path.join(self.tempdir.name, "dummy_schema.json") self.assertFalse(os.path.exists(schemafile)) - from ssvc.doctools import dump_selection_schema + from ssvc.doctools import dump_schema + from pydantic import BaseModel - dump_selection_schema(schemafile) + class Dummy(BaseModel): + name: str = "Name" + description: str = "Description" + + dump_schema(filepath=schemafile, schema=Dummy.model_json_schema()) self.assertTrue(os.path.exists(schemafile)) # file is loadable json d = json.load(open(schemafile)) self.assertIn("title", d) - self.assertEqual(d["title"], "Decision Point Value Selection List") + self.assertEqual("Dummy", d["title"]) self.assertIn("type", d) self.assertEqual(d["type"], "object") diff --git a/src/test/test_mixins.py b/src/test/test_mixins.py index 41c8d480..3ffc55cb 100644 --- a/src/test/test_mixins.py +++ b/src/test/test_mixins.py @@ -138,8 +138,37 @@ def test_keyed_create(self): self.assertRaises(ValidationError, _Keyed) + good_keys = ["A", "1", "F1", "T*", "Mixed_case_OK", "alph4num3ric"] + bad_keys = [ + "", # no empty string + "foo_", # no trailing underscore + "_", # no solitary underscore + "_foo", # no leading underscore + "A*", # no trailing asterisk + ] + # add other bad keys that contain special characters + # these should not be allowed in keys + for char in " ~`!@#$%^&*()-+={}[]|\\:;\"'<>,.?/": + bad_keys.append(char) + bad_keys.append("foo" + char) + bad_keys.append(char + "bar") + bad_keys.append("foo" + char + "bar") + + for key in good_keys: + with self.subTest(key=key): + obj = _Keyed(key=key) + self.assertEqual(obj.key, key) + + for key in bad_keys: + with self.subTest(key=key): + with self.assertRaises( + ValidationError, msg=f"Key '{key}' should be invalid" + ): + _Keyed(key=key) + def test_valued_create(self): values = ("foo", "bar", "baz", "quux") + obj = _Valued(values=values) # length diff --git a/src/test/test_policy_generator.py b/src/test/test_policy_generator.py index 1dcc6250..9505da3b 100644 --- a/src/test/test_policy_generator.py +++ b/src/test/test_policy_generator.py @@ -246,7 +246,7 @@ def test_emit_policy(self): stdout = f.getvalue() - for dpg in pg.dpg.decision_points: + for dpg in pg.dpg.decision_points.values(): self.assertIn(dpg.name, stdout) for og in pg.outcomes.values: self.assertIn(og.name, stdout) diff --git a/src/test/test_schema.py b/src/test/test_schema.py index 383f60d4..ff57baa8 100644 --- a/src/test/test_schema.py +++ b/src/test/test_schema.py @@ -27,21 +27,14 @@ from referencing import Registry, Resource import ssvc.decision_points # noqa F401 -from ssvc.decision_points.base import REGISTERED_DECISION_POINTS # importing these causes the decision points to register themselves from ssvc.decision_points.ssvc.critical_software import CRITICAL_SOFTWARE_1 # noqa from ssvc.decision_points.ssvc.high_value_asset import HIGH_VALUE_ASSET_1 # noqa -from ssvc.decision_points.ssvc.in_kev import IN_KEV_1 -from ssvc.dp_groups.cvss.collections import ( - CVSSv1, - CVSSv2, - CVSSv3, - CVSSv4, -) # noqa # importing these causes the decision points to register themselves from ssvc.dp_groups.ssvc.collections import SSVCv1, SSVCv2, SSVCv2_1 # noqa +from ssvc.registry import REGISTRY def retrieve_local(uri: str) -> Resource: @@ -64,6 +57,8 @@ def retrieve_local(uri: str) -> Resource: registry = Registry(retrieve=retrieve_local) +REGISTERED_DECISION_POINTS = REGISTRY.get_all("DecisionPoint") + class MyTestCase(unittest.TestCase): def setUp(self) -> None: @@ -73,36 +68,34 @@ def setUp(self) -> None: logger.addHandler(hdlr) self.logger = logger - self.dpgs = [SSVCv1, SSVCv2, SSVCv2_1, CVSSv1, CVSSv2, CVSSv3, CVSSv4] + from ssvc.registry import REGISTRY - def test_confirm_registered_decision_points(self): - dps = list(REGISTERED_DECISION_POINTS) - self.assertGreater(len(dps), 0) + self.registry = REGISTRY + self.registered_dps = list(self.registry.get_all("DecisionPoint")) - for dpg in self.dpgs: - for dp in dpg: - self.assertIn(dp, REGISTERED_DECISION_POINTS) + my_file_path = os.path.abspath(__file__) + my_dir = os.path.dirname(my_file_path) - extras = [CRITICAL_SOFTWARE_1, HIGH_VALUE_ASSET_1, IN_KEV_1] - for dp in extras: - self.assertIn(dp, REGISTERED_DECISION_POINTS) + self.schema_dir = os.path.join(my_dir, "..", "..", "data", "schema", "v2") + + def test_confirm_registered_decision_points(self): + self.assertGreater(len(self.registered_dps), 0, "No decision points registered") + # @unittest.expectedFailure def test_decision_point_validation(self): - # path relative to top level of repo - schema_url = "https://certcc.github.io/SSVC/data/schema/current/Decision_Point.schema.json" + schema_path = os.path.join(self.schema_dir, "Decision_Point-2-0-0.schema.json") + schema_path = os.path.abspath(schema_path) - decision_points = list(REGISTERED_DECISION_POINTS) - self.assertGreater(len(decision_points), 0) + with open(schema_path, "r") as f: + schema = json.load(f) - for dp in decision_points: + for dp in self.registered_dps: exp = None as_json = dp.model_dump_json() loaded = json.loads(as_json) try: - Draft202012Validator({"$ref": schema_url}, registry=registry).validate( - loaded - ) + Draft202012Validator(schema, registry=registry).validate(loaded) except jsonschema.exceptions.ValidationError as e: exp = e @@ -112,29 +105,31 @@ def test_decision_point_validation(self): ) def test_decision_point_group_validation(self): - schema_url = "https://certcc.github.io/SSVC/data/schema/current/Decision_Point_Group.schema.json" - for dpg in self.dpgs: + schema_path = os.path.join( + self.schema_dir, "Decision_Point_Group-2-0-0.schema.json" + ) + schema_path = os.path.abspath(schema_path) + + with open(schema_path, "r") as f: + schema = json.load(f) + + for dp_group in [SSVCv1, SSVCv2, SSVCv2_1]: exp = None - as_json = dpg.model_dump_json() + as_json = dp_group.model_dump_json() loaded = json.loads(as_json) try: - Draft202012Validator({"$ref": schema_url}, registry=registry).validate( - loaded - ) + Draft202012Validator(schema, registry=registry).validate(loaded) except jsonschema.exceptions.ValidationError as e: exp = e - self.assertIsNone(exp, f"Validation failed for {dpg.name} {dpg.version}") + self.assertIsNone( + exp, f"Validation failed for {dp_group.name} {dp_group.version}" + ) self.logger.debug( - f"Validation passed for Decision Point Group {dpg.name} v{dpg.version}" + f"Validation passed for Decision Point Group {dp_group.name} v{dp_group.version}" ) - @unittest.skip("Test not implemented") - def test_outcome_group_schema_validation(self): - # TODO: Implement test - self.fail() - if __name__ == "__main__": unittest.main() diff --git a/src/test/test_selections.py b/src/test/test_selections.py index f64c6819..aac0d75e 100644 --- a/src/test/test_selections.py +++ b/src/test/test_selections.py @@ -19,6 +19,7 @@ import unittest from datetime import datetime +from unittest import expectedFailure from ssvc import selection from ssvc.selection import MinimalDecisionPointValue, SelectionList @@ -172,11 +173,62 @@ def test_from_decision_point(self): def test_reference_model(self): """Test the Reference model.""" - ref = selection.Reference( - uri="https://example.com/test", description="Test description" - ) - self.assertEqual(str(ref.uri), "https://example.com/test") - self.assertEqual(ref.description, "Test description") + uris = [ + "https://example.com", + "http://example.org/path", + "ftp://ftp.example.com/file.txt", + "mailto:someone@example.com", + "tel:+1-555-555-5555", + "https://example.com:8080/path/to/resource?query=string#fragment", + "http://localhost:3000/api/v1/users", + "https://127.0.0.1/", + "https://user:pass@example.com", + "ftp://anonymous:anon@example.com/resource.txt", + "http://192.168.1.1/", + "https://[2001:db8::1]/", + "urn:isbn:8675309#page=42", + "data:text/plain;base64,SGVsbG8sIFdvcmxkIQ%3D%3D", + "custom-scheme://host/resource", + "blob:https://example.com/550e8400-e29b-41d4-a716-446655440000", + ] + + for uri in uris: + ref = selection.Reference( + uri=uri, summary="Test description" + ) + + self.assertIn(uri, str(ref.uri)) + self.assertEqual(ref.summary, "Test description") + + @expectedFailure + def test_reference_model_without_summary(self): + """Test the Reference model.""" + uris = [ + "https://example.com", + "http://example.org/path", + "ftp://ftp.example.com/file.txt", + "mailto:someone@example.com", + "tel:+1-555-555-5555", + "https://example.com:8080/path/to/resource?query=string#fragment", + "http://localhost:3000/api/v1/users", + "https://127.0.0.1/", + "https://user:pass@example.com", + "ftp://anonymous:anon@example.com/resource.txt", + "http://192.168.1.1/", + "https://[2001:db8::1]/", + "urn:isbn:8675309#page=42", + "data:text/plain;base64,SGVsbG8sIFdvcmxkIQ%3D%3D", + "custom-scheme://host/resource", + "blob:https://example.com/550e8400-e29b-41d4-a716-446655440000", + ] + + for uri in uris: + ref = selection.Reference( + uri=uri, + ) + + self.assertIn(uri, str(ref.uri)) + def test_selection_list_validators(self): """Test SelectionList validators.""" @@ -245,7 +297,7 @@ def test_add_selection_method(self): def test_selection_list_optional_fields(self): """Test SelectionList with optional fields.""" ref = selection.Reference( - uri="https://example.com/resource", description="Test resource" + uri="https://example.com/resource", summary="Test resource" ) sel_list = SelectionList( diff --git a/src/test/utils/__init__.py b/src/test/utils/__init__.py new file mode 100644 index 00000000..c28d8571 --- /dev/null +++ b/src/test/utils/__init__.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python +""" +file: __init__.py +author: adh +created_at: 8/1/25 9:31 AM +""" + + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +def main(): + pass + + +if __name__ == '__main__': + main() diff --git a/src/test/utils/test_toposort.py b/src/test/utils/test_toposort.py new file mode 100644 index 00000000..8b93f605 --- /dev/null +++ b/src/test/utils/test_toposort.py @@ -0,0 +1,256 @@ + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import itertools +import math +import unittest +from unittest.mock import patch + +import networkx as nx + +from ssvc.utils import toposort + + +def _diff(a: tuple[int, ...], b: tuple[int, ...]) -> tuple[int, ...]: + + if len(a) != len(b): + raise ValueError("Tuples must be of the same length") + + d = [x - y for x, y in zip(a, b)] + return tuple(d) + + +def _all_but_one_zero(t: tuple[int, ...]) -> bool: + """ + Check if all elements in the tuple are zero except for one element. + """ + non_zero_count = sum(1 for x in t if x != 0) + return non_zero_count == 1 and len(t) > 1 + + +def _exactly_one_one(t: tuple[int, ...]) -> bool: + """ + Check if exactly one element in the tuple is one. + """ + one_count = sum(1 for x in t if x == 1) + return one_count == 1 and len(t) > 1 + + +def _off_by_one(t: tuple[int, ...]) -> bool: + """ + Returns true if exactly one element in the tuple is one and all others are zero. + Args: + t: the tuple to check + + Returns: + bool: True if the tuple is off by one, False otherwise + + """ + if _all_but_one_zero(t) and _exactly_one_one(t): + return True + return False + + +class MyTestCase(unittest.TestCase): + def setUp(self): + from ssvc.decision_points.base import DecisionPoint, DecisionPointValue + + self.dp1 = DecisionPoint( + namespace="x_test", + name="Decision Point 1", + key="DP1", + version="1.0.0", + description="Test DP 1", + values=[ + DecisionPointValue(name="Value 1", key="V1", description="value 1 description"), + DecisionPointValue(name="Value 2", key="V2", description="value 2 description"), + ], + ) + self.dp2 = DecisionPoint( + namespace="x_test", + name="Decision Point 2", + key="DP2", + version="1.0.0", + description="Test DP 2", + values=[ + DecisionPointValue(name="Value A", key="VA", description="value A description"), + DecisionPointValue(name="Value B", key="VB", description="value B description"), + ], + ) + + self.decision_points = [self.dp1, self.dp2] + + def tearDown(self): + pass + + def test_diff(self): + a = (1, 2, 3) + b = (3, 2, 1) + expected = (-2, 0, 2) + result = _diff(a, b) + self.assertIsInstance(result, tuple) + self.assertEqual(result, expected) + + def test_diff_length_mismatch(self): + a = (1, 2) + b = (3, 2, 1) + with self.assertRaises(ValueError): + _diff(a, b) + + def test_all_but_one_zero(self): + t1 = (0, 0, 1) + t2 = (0, 0, 0) + t3 = (1, 0, 0) + t4 = (1, 1, 0) + self.assertTrue(_all_but_one_zero(t1)) + self.assertFalse(_all_but_one_zero(t2)) + self.assertTrue(_all_but_one_zero(t3)) + self.assertFalse(_all_but_one_zero(t4)) + + def test_exactly_one_one(self): + t1 = (0, 0, 1) + t2 = (0, 0, 0) + t3 = (1, 0, 0) + t4 = (1, 1, 0) + self.assertTrue(_exactly_one_one(t1)) + self.assertFalse(_exactly_one_one(t2)) + self.assertTrue(_exactly_one_one(t3)) + self.assertFalse(_exactly_one_one(t4)) + + def test_off_by_one(self): + t1 = (0, 0, 1) + t2 = (0, 0, 0) + t3 = (1, 0, 0) + t4 = (1, 1, 0) + t5 = (2, 0, 0) + self.assertTrue(_off_by_one(t1)) + self.assertFalse(_off_by_one(t2)) + self.assertTrue(_off_by_one(t3)) + self.assertFalse(_off_by_one(t4)) + self.assertFalse(_off_by_one(t5)) + + @patch('ssvc.utils.toposort.graph_from_value_tuples') + def test_graph_from_dplist(self, mock_graph_from_value_tuples): + mock_graph_from_value_tuples.return_value = nx.DiGraph() + + result = toposort.graph_from_dplist(self.decision_points) + + self.assertIsInstance(result, nx.DiGraph) + + + mock_graph_from_value_tuples.assert_called_once_with( + [tuple(range(len(self.dp1.values))), tuple(range(len(self.dp2.values)))] + ) + + + pass + + def test_graph_from_value_tuples(self): + # keep these ranges small for testing + # because we're going to do a full cartesian product + # and then square that for testing edges + # so (3 * 2 * 2) ** 2 = 144 edges + values = [tuple(range(3)), tuple(range(2)), tuple(range(2))] + + node_count = math.prod([len(v) for v in values]) + + G = toposort.graph_from_value_tuples(values) + self.assertIsInstance(G, nx.DiGraph) + self.assertEqual(len(G.nodes), node_count) # 3! = 6, 2! = 2, 2! = 2, total = 6 + 2 + 2 = 10 + + for u,v in itertools.product(G.nodes(), G.nodes()): + if _off_by_one(_diff(u, v)): + # edges should point from v to u + self.assertTrue(G.has_edge(v, u), f"Expected edge from {u} to {v} but it does not exist.") + else: + # edges should not point from v to u + self.assertFalse(G.has_edge(v, u), f"Expected no edge from {u} to {v} but it exists.") + + + def test_dplist_to_value_lookup(self): + value_lookup = toposort.dplist_to_value_lookup(self.decision_points) + + expected = [ + {0: self.dp1.values[0].key, 1: self.dp1.values[1].key}, + {0: self.dp2.values[0].key, 1: self.dp2.values[1].key}, + ] + self.assertEqual(value_lookup, expected) + + def test_dplist_to_lookup(self): + dp_lookup = toposort.dplist_to_lookup(self.decision_points) + + expected = { + 0: self.dp1.id, + 1: self.dp2.id, + } + self.assertEqual(dp_lookup, expected) + + def lookup_value(self): + value_lookup = toposort.dplist_to_value_lookup(self.decision_points) + t = (0, 1) + result = toposort.lookup_value(t, value_lookup) + expected = (self.dp1.values[0].key, self.dp2.values[1].key) + self.assertEqual(result, expected) + + def test_tuple_to_dict(self): + dp_lookup = toposort.dplist_to_lookup(self.decision_points) + value_lookup = toposort.dplist_to_value_lookup(self.decision_points) + + nodes = list(itertools.product(range(len(self.dp1.values)), range(len(self.dp2.values)))) + for node in nodes: + node = tuple(node) + vals = toposort.lookup_value(node,value_lookup) + result = toposort.tuple_to_dict(vals, dp_lookup) + + expected = { + self.dp1.id: self.dp1.values[node[0]].key, + self.dp2.id: self.dp2.values[node[1]].key, + } + self.assertEqual(result, expected) + + + def test_dplist_to_toposort(self): + dplist = self.decision_points + result = toposort.dplist_to_toposort(dplist) + # result is a list of dicts of str:str + self.assertIsInstance(result, list) + self.assertTrue(all(isinstance(item, dict) for item in result)) + self.assertTrue(all(isinstance(k, str) and isinstance(v, str) for item in result for k, v in item.items())) + + # check the shape of the result + # length of each dict should match the number of decision points + self.assertTrue(all(len(item) == len(dplist) for item in result)) + # length of result should be the product of the number of values in each decision point + expected_length = math.prod(len(dp.values) for dp in dplist) + self.assertEqual(len(result), expected_length) + + # lowest item should be V1,VA + expected_lowest = {self.dp1.id: self.dp1.values[0].key, self.dp2.id: self.dp2.values[0].key} + self.assertEqual(result[0], expected_lowest) + + # highest item should be V2,VB + expected_highest = {self.dp1.id: self.dp1.values[-1].key, self.dp2.id: self.dp2.values[-1].key} + self.assertEqual(result[-1], expected_highest) + + +if __name__ == '__main__': + unittest.main() + + From e29f1672738a078e0ec3d83b34a6a8bba1995e51 Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli Date: Thu, 7 Aug 2025 13:17:17 -0400 Subject: [PATCH 212/468] Add `DecisionTable` objects for Deployer and CISA Coordinator (#843) * Added Deployer Decision Table * Added Deployer Decision Table * CISA Coordinate 2.0.3 added * update docstrings, remove version from CISA.CO.name, apply black formatting * adds new decision table objects to registry --------- Co-authored-by: Allen D. Householder --- .../cisa/cisa_coordinate_dt_2_0_3.json | 432 ++++++++++++ ...oyer_patch_application_priority_1_0_0.json | 647 +++++++++++++++++ data/json/ssvc_object_registry.json | 655 ++++++++++++++++++ .../cisa/cisa_coordinate_dt.py | 315 +++++++++ src/ssvc/decision_tables/ssvc/deployer_dt.py | 566 +++++++++++++++ 5 files changed, 2615 insertions(+) create mode 100644 data/json/decision_tables/cisa/cisa_coordinate_dt_2_0_3.json create mode 100644 data/json/decision_tables/ssvc/deployer_patch_application_priority_1_0_0.json create mode 100644 src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py create mode 100644 src/ssvc/decision_tables/ssvc/deployer_dt.py diff --git a/data/json/decision_tables/cisa/cisa_coordinate_dt_2_0_3.json b/data/json/decision_tables/cisa/cisa_coordinate_dt_2_0_3.json new file mode 100644 index 00000000..c034dce9 --- /dev/null +++ b/data/json/decision_tables/cisa/cisa_coordinate_dt_2_0_3.json @@ -0,0 +1,432 @@ +CISA Coordinator Decision Table (2.0.3) + +{ + "namespace": "cisa", + "key": "DT_CO", + "version": "2.0.3", + "name": "CISA Coordinator (2.0.3)", + "description": "CISA Coordinator decision table for SSVC", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:E:1.1.0": { + "namespace": "ssvc", + "key": "E", + "version": "1.1.0", + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + }, + { + "key": "P", + "name": "Public PoC", + "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + }, + { + "key": "A", + "name": "Active", + "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + } + ] + }, + "ssvc:A:2.0.0": { + "namespace": "ssvc", + "key": "A", + "version": "2.0.0", + "name": "Automatable", + "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + }, + { + "key": "Y", + "name": "Yes", + "description": "Attackers can reliably automate steps 1-4 of the kill chain." + } + ] + }, + "ssvc:TI:1.0.0": { + "namespace": "ssvc", + "key": "TI", + "version": "1.0.0", + "name": "Technical Impact", + "description": "The technical impact of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "P", + "name": "Partial", + "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." + }, + { + "key": "T", + "name": "Total", + "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." + } + ] + }, + "ssvc:HI:2.0.1": { + "namespace": "ssvc", + "key": "HI", + "version": "2.0.1", + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + }, + { + "key": "M", + "name": "Medium", + "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + }, + { + "key": "H", + "name": "High", + "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + { + "key": "VH", + "name": "Very High", + "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + } + ] + }, + "cisa:CISA:1.0.0": { + "namespace": "cisa", + "key": "CISA", + "version": "1.0.0", + "name": "CISA Levels", + "description": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "T", + "name": "Track", + "description": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." + }, + { + "key": "T*", + "name": "Track*", + "description": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." + }, + { + "key": "A", + "name": "Attend", + "description": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." + }, + { + "key": "A", + "name": "Act", + "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." + } + ] + } + }, + "outcome": "cisa:CISA:1.0.0", + "mapping": [ + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "T*" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "T*" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T*" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T*" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A" + } + ] +} +Longform DataFrame CSV + +Exploitation v1.1.0,Automatable v2.0.0,Technical Impact v1.0.0,Human Impact v2.0.1,CISA Levels v1.0.0 (cisa) +none,no,partial,low,track +none,no,partial,medium,track +none,no,partial,high,track +none,no,total,low,track +none,no,total,medium,track +none,no,total,high,track* +none,yes,partial,low,track +none,yes,partial,medium,track +none,yes,partial,high,act +none,yes,total,low,track +none,yes,total,medium,track +none,yes,total,high,act +public poc,no,partial,low,track +public poc,no,partial,medium,track +public poc,no,partial,high,track* +public poc,no,total,low,track +public poc,no,total,medium,track* +public poc,no,total,high,act +public poc,yes,partial,low,track +public poc,yes,partial,medium,track +public poc,yes,partial,high,act +public poc,yes,total,low,track +public poc,yes,total,medium,track* +public poc,yes,total,high,act +active,no,partial,low,track +active,no,partial,medium,track +active,no,partial,high,act +active,no,total,low,track +active,no,total,medium,act +active,no,total,high,act +active,yes,partial,low,act +active,yes,partial,medium,act +active,yes,partial,high,act +active,yes,total,low,act +active,yes,total,medium,act +active,yes,total,high,act + diff --git a/data/json/decision_tables/ssvc/deployer_patch_application_priority_1_0_0.json b/data/json/decision_tables/ssvc/deployer_patch_application_priority_1_0_0.json new file mode 100644 index 00000000..2087649b --- /dev/null +++ b/data/json/decision_tables/ssvc/deployer_patch_application_priority_1_0_0.json @@ -0,0 +1,647 @@ +{ + "namespace": "ssvc", + "key": "DT_DP", + "version": "1.0.0", + "name": "Deployer Patch Application Priority", + "description": "Decision table for evaluating deployer's patch application priority in SSVC", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:E:1.1.0": { + "namespace": "ssvc", + "key": "E", + "version": "1.1.0", + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + }, + { + "key": "P", + "name": "Public PoC", + "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + }, + { + "key": "A", + "name": "Active", + "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + } + ] + }, + "ssvc:EXP:1.0.1": { + "namespace": "ssvc", + "key": "EXP", + "version": "1.0.1", + "name": "System Exposure", + "description": "The Accessible Attack Surface of the Affected System or Service", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "S", + "name": "Small", + "description": "Local service or program; highly controlled network" + }, + { + "key": "C", + "name": "Controlled", + "description": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + }, + { + "key": "O", + "name": "Open", + "description": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + } + ] + }, + "ssvc:A:2.0.0": { + "namespace": "ssvc", + "key": "A", + "version": "2.0.0", + "name": "Automatable", + "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + }, + { + "key": "Y", + "name": "Yes", + "description": "Attackers can reliably automate steps 1-4 of the kill chain." + } + ] + }, + "ssvc:HI:2.0.1": { + "namespace": "ssvc", + "key": "HI", + "version": "2.0.1", + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + }, + { + "key": "M", + "name": "Medium", + "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + }, + { + "key": "H", + "name": "High", + "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + { + "key": "VH", + "name": "Very High", + "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + } + ] + }, + "ssvc:DSOI:1.0.0": { + "namespace": "ssvc", + "key": "DSOI", + "version": "1.0.0", + "name": "Defer, Scheduled, Out-of-Cycle, Immediate", + "description": "The original SSVC outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Defer", + "description": "Defer" + }, + { + "key": "S", + "name": "Scheduled", + "description": "Scheduled" + }, + { + "key": "O", + "name": "Out-of-Cycle", + "description": "Out-of-Cycle" + }, + { + "key": "I", + "name": "Immediate", + "description": "Immediate" + } + ] + } + }, + "outcome": "ssvc:DSOI:1.0.0", + "mapping": [ + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "I" + } + ] +} diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index b77299c3..cda2426c 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -6699,6 +6699,661 @@ "ssvc": { "namespace": "ssvc", "keys": { + "DT_DP": { + "key": "DT_DP", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "DT_DP", + "version": "1.0.0", + "name": "Deployer Patch Application Priority", + "description": "Decision table for evaluating deployer's patch application priority in SSVC", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:E:1.1.0": { + "namespace": "ssvc", + "key": "E", + "version": "1.1.0", + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + }, + { + "key": "P", + "name": "Public PoC", + "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + }, + { + "key": "A", + "name": "Active", + "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + } + ] + }, + "ssvc:EXP:1.0.1": { + "namespace": "ssvc", + "key": "EXP", + "version": "1.0.1", + "name": "System Exposure", + "description": "The Accessible Attack Surface of the Affected System or Service", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "S", + "name": "Small", + "description": "Local service or program; highly controlled network" + }, + { + "key": "C", + "name": "Controlled", + "description": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + }, + { + "key": "O", + "name": "Open", + "description": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + } + ] + }, + "ssvc:A:2.0.0": { + "namespace": "ssvc", + "key": "A", + "version": "2.0.0", + "name": "Automatable", + "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + }, + { + "key": "Y", + "name": "Yes", + "description": "Attackers can reliably automate steps 1-4 of the kill chain." + } + ] + }, + "ssvc:HI:2.0.1": { + "namespace": "ssvc", + "key": "HI", + "version": "2.0.1", + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + }, + { + "key": "M", + "name": "Medium", + "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + }, + { + "key": "H", + "name": "High", + "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + { + "key": "VH", + "name": "Very High", + "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + } + ] + }, + "ssvc:DSOI:1.0.0": { + "namespace": "ssvc", + "key": "DSOI", + "version": "1.0.0", + "name": "Defer, Scheduled, Out-of-Cycle, Immediate", + "description": "The original SSVC outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Defer", + "description": "Defer" + }, + { + "key": "S", + "name": "Scheduled", + "description": "Scheduled" + }, + { + "key": "O", + "name": "Out-of-Cycle", + "description": "Out-of-Cycle" + }, + { + "key": "I", + "name": "Immediate", + "description": "Immediate" + } + ] + } + }, + "outcome": "ssvc:DSOI:1.0.0", + "mapping": [ + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "I" + } + ] + } + } + } + }, "DT_HI": { "key": "DT_HI", "versions": { diff --git a/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py b/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py new file mode 100644 index 00000000..04004186 --- /dev/null +++ b/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py @@ -0,0 +1,315 @@ +#!/usr/bin/env python +""" +Provides the CISA coordinator decision table. +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.ssvc.automatable import LATEST as Automatable +from ssvc.decision_points.ssvc.exploitation import LATEST as Exploitation +from ssvc.decision_points.ssvc.human_impact import LATEST as HumanImpact +from ssvc.decision_points.ssvc.technical_impact import LATEST as TechnicalImpact +from ssvc.decision_tables.base import DecisionTable, decision_table_to_longform_df +from ssvc.namespaces import NameSpace +from ssvc.outcomes.cisa.scoring import CISA as Priority + +CISA_COORDINATE_1 = DecisionTable( + namespace=NameSpace.CISA, + key="CO", + version="2.0.3", + name="CISA Coordinator", + description="CISA Coordinator decision table for SSVC", + outcome=Priority.id, + decision_points={ + dp.id: dp + for dp in [Exploitation, Automatable, TechnicalImpact, HumanImpact, Priority] + }, + mapping=[ + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "T", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "T*", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "T*", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T*", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T*", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "A", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "A", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "A", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "A", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "A", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A", + }, + ], +) + +VERSIONS = (CISA_COORDINATE_1,) +LATEST = VERSIONS[-1] + + +def main(): + print("CISA Coordinator Decision Table (2.0.3)") + print() + print(CISA_COORDINATE_1.model_dump_json(indent=2)) + + print("Longform DataFrame CSV") + print() + print(decision_table_to_longform_df(CISA_COORDINATE_1).to_csv(index=False)) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/decision_tables/ssvc/deployer_dt.py b/src/ssvc/decision_tables/ssvc/deployer_dt.py new file mode 100644 index 00000000..b93ca0fe --- /dev/null +++ b/src/ssvc/decision_tables/ssvc/deployer_dt.py @@ -0,0 +1,566 @@ +#!/usr/bin/env python +""" +Provides the Deployer Patch Application Priority decision table for SSVC. +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.ssvc.automatable import LATEST as Automatable +from ssvc.decision_points.ssvc.exploitation import LATEST as Exploitation +from ssvc.decision_points.ssvc.human_impact import LATEST as HumanImpact +from ssvc.decision_points.ssvc.system_exposure import LATEST as Exposure +from ssvc.decision_tables.base import DecisionTable, decision_table_to_longform_df +from ssvc.namespaces import NameSpace +from ssvc.outcomes.ssvc.dsoi import LATEST as DSOI + +DEPLOYER_1 = DecisionTable( + namespace=NameSpace.SSVC, + key="DP", + version="1.0.0", + name="Deployer Patch Application Priority", + description="Decision table for evaluating deployer's patch application priority in SSVC", + decision_points={ + dp.id: dp for dp in [Exploitation, Exposure, Automatable, HumanImpact, DSOI] + }, + outcome=DSOI.id, + mapping=[ + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "D", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "D", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "D", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "D", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "D", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "D", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "D", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "S", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "I", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "L", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "H", + "ssvc:DSOI:1.0.0": "I", + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.1": "VH", + "ssvc:DSOI:1.0.0": "I", + }, + ], +) + +VERSIONS = (DEPLOYER_1,) +LATEST = VERSIONS[-1] + + +def main(): + print("Deployer Decision Table") + print() + print(DEPLOYER_1.model_dump_json(indent=2)) + + print("Longform DataFrame CSV") + print() + print(decision_table_to_longform_df(DEPLOYER_1).to_csv(index=False)) + + +if __name__ == "__main__": + main() From 39233c22de49e224ea187dcc94dd55704e0edc5b Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 7 Aug 2025 13:25:17 -0400 Subject: [PATCH 213/468] Refactor registry construction (#844) * Refactor registry construction - use actual object classes instead of generic `object` inside the registry - reduce dependency on direct import of `ssvc.registry.REGISTRY` object in favor of `get_registry()` method to improve late-binding and avoid circular imports - use `model_post_init()` for registerable objects * start adding tests * fix tests * add tests * add hidden `registered` boolean to allow tests to disable registration * refactor `_Registered` as a mixin * Update src/ssvc/registry/base.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update src/ssvc/registry/base.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * refactor _Registerable tuple into one place * refactor exception-based logic to if statements * add a `lookup_latest()` method and tests --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../v2/Ssvc_Object_Registry-2-0-0.schema.json | 289 +++++-- src/ssvc/__init__.py | 6 +- src/ssvc/_mixins.py | 22 +- src/ssvc/decision_points/base.py | 27 +- src/ssvc/decision_tables/base.py | 28 +- src/ssvc/doctools.py | 16 +- src/ssvc/registry/__init__.py | 33 +- src/ssvc/registry/base.py | 721 ++++++++++++------ src/ssvc/registry_demo.py | 19 +- src/ssvc/utils/defaults.py | 11 +- src/test/decision_points/test_cvss_helpers.py | 5 +- src/test/decision_points/test_dp_base.py | 46 +- src/test/registry/__init__.py | 34 + src/test/registry/test_base.py | 346 +++++++++ src/test/test_schema.py | 18 +- 15 files changed, 1213 insertions(+), 408 deletions(-) create mode 100644 src/test/registry/__init__.py create mode 100644 src/test/registry/test_base.py diff --git a/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json b/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json index 7b869afb..ebc46088 100644 --- a/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json +++ b/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json @@ -2,8 +2,221 @@ "title": "SsvcObjectRegistry", "type": "object", "$defs": { - "Key": { - "title": "Key", + "DecisionPoint": { + "title": "DecisionPoint", + "description": "Models a single decision point as a list of values.\n\nDecision points should have the following attributes:\n\n- name (str): The name of the decision point\n- description (str): A description of the decision point\n- version (str): A semantic version string for the decision point\n- namespace (str): The namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point\n- key (str): A key (a short, unique string within the namespace) that can be used to identify the decision point in a shorthand way\n- values (tuple): A tuple of DecisionPointValue objects", + "properties": { + "namespace": { + "title": "Namespace", + "description": "The namespace of the SSVC object.", + "examples": [ + "ssvc", + "cisa", + "x_com.example//com.example#private", + "ssvc/de-DE/example.organization#reference-arch-1" + ], + "maxLength": 1000, + "minLength": 3, + "pattern": "^(?=.{3,1000}$)(?:x_(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*)(?:(?:\\/(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])\\/|\\/\\/)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?(?:\\/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?)*)?$", + "type": "string" + }, + "key": { + "title": "Key", + "description": "A short, non-empty string identifier for the object. Keys must start with an alphanumeric, contain only alphanumerics and `_`, and end with an alphanumeric.(`T*` is explicitly grandfathered in as a valid key, but should not be used for new objects.)", + "examples": [ + "E", + "A", + "SI", + "L", + "M", + "H", + "Mixed_case_OK", + "alph4num3ric" + ], + "minLength": 1, + "pattern": "^(([a-zA-Z0-9])|([a-zA-Z0-9][a-zA-Z0-9_]*[a-zA-Z0-9])|(T\\*))$", + "type": "string" + }, + "version": { + "title": "Version", + "default": "0.0.1", + "description": "The version of the SSVC object. This must be a valid semantic version string.", + "examples": [ + "1.0.0", + "2.1.3" + ], + "minLength": 5, + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "type": "string" + }, + "name": { + "title": "Name", + "type": "string" + }, + "description": { + "title": "Description", + "type": "string" + }, + "schemaVersion": { + "title": "Schemaversion", + "const": "2.0.0", + "type": "string" + }, + "values": { + "title": "Values", + "items": { + "$ref": "#/$defs/DecisionPointValue" + }, + "type": "array" + } + }, + "required": [ + "namespace", + "key", + "name", + "description", + "schemaVersion", + "values" + ], + "type": "object" + }, + "DecisionPointValue": { + "title": "DecisionPointValue", + "description": "Models a single value option for a decision point.\n\nEach value should have the following attributes:\n\n- name (str): A name\n- description (str): A description\n- key (str): A key (a short, unique string) that can be used to identify the value in a shorthand way\n- _comment (str): An optional comment that will be included in the object.", + "properties": { + "key": { + "title": "Key", + "description": "A short, non-empty string identifier for the object. Keys must start with an alphanumeric, contain only alphanumerics and `_`, and end with an alphanumeric.(`T*` is explicitly grandfathered in as a valid key, but should not be used for new objects.)", + "examples": [ + "E", + "A", + "SI", + "L", + "M", + "H", + "Mixed_case_OK", + "alph4num3ric" + ], + "minLength": 1, + "pattern": "^(([a-zA-Z0-9])|([a-zA-Z0-9][a-zA-Z0-9_]*[a-zA-Z0-9])|(T\\*))$", + "type": "string" + }, + "name": { + "title": "Name", + "type": "string" + }, + "description": { + "title": "Description", + "type": "string" + } + }, + "required": [ + "key", + "name", + "description" + ], + "type": "object" + }, + "DecisionTable": { + "title": "DecisionTable", + "description": "DecisionTable: A flexible, serializable SSVC decision table model.\n\nThis model represents a decision table that can be used to map combinations of decision point values\nto outcomes. It allows for flexible mapping and can be used with helper methods to generate DataFrame and CSV representations\nof the decision table.\n\nAttributes:", + "properties": { + "namespace": { + "title": "Namespace", + "description": "The namespace of the SSVC object.", + "examples": [ + "ssvc", + "cisa", + "x_com.example//com.example#private", + "ssvc/de-DE/example.organization#reference-arch-1" + ], + "maxLength": 1000, + "minLength": 3, + "pattern": "^(?=.{3,1000}$)(?:x_(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*)(?:(?:\\/(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])\\/|\\/\\/)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?(?:\\/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?)*)?$", + "type": "string" + }, + "key": { + "title": "Key", + "description": "A short, non-empty string identifier for the object. Keys must start with an alphanumeric, contain only alphanumerics and `_`, and end with an alphanumeric.(`T*` is explicitly grandfathered in as a valid key, but should not be used for new objects.)", + "examples": [ + "E", + "A", + "SI", + "L", + "M", + "H", + "Mixed_case_OK", + "alph4num3ric" + ], + "minLength": 1, + "pattern": "^(([a-zA-Z0-9])|([a-zA-Z0-9][a-zA-Z0-9_]*[a-zA-Z0-9])|(T\\*))$", + "type": "string" + }, + "version": { + "title": "Version", + "default": "0.0.1", + "description": "The version of the SSVC object. This must be a valid semantic version string.", + "examples": [ + "1.0.0", + "2.1.3" + ], + "minLength": 5, + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$", + "type": "string" + }, + "name": { + "title": "Name", + "type": "string" + }, + "description": { + "title": "Description", + "type": "string" + }, + "schemaVersion": { + "title": "Schemaversion", + "const": "2.0.0", + "type": "string" + }, + "decision_points": { + "title": "Decision Points", + "additionalProperties": { + "$ref": "#/$defs/DecisionPoint" + }, + "description": "A non-empty dictionary of decision points Decision point IDs are recommended as keys.", + "minProperties": 1, + "type": "object" + }, + "outcome": { + "title": "Outcome", + "description": "The key of the decision point in `self.decision_points` that represents the outcome of the decision table.", + "minLength": 1, + "type": "string" + }, + "mapping": { + "title": "Mapping", + "description": "Mapping of decision point values to outcomes.", + "items": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "type": "array" + } + }, + "required": [ + "namespace", + "key", + "name", + "description", + "schemaVersion", + "decision_points", + "outcome" + ], + "type": "object" + }, + "_Key": { + "title": "_Key", "properties": { "key": { "title": "Key", @@ -14,10 +227,10 @@ "additionalProperties": { "anyOf": [ { - "$ref": "#/$defs/NonValuedVersion" + "$ref": "#/$defs/_ValuedVersion" }, { - "$ref": "#/$defs/ValuedVersion" + "$ref": "#/$defs/_NonValuedVersion" } ] }, @@ -30,8 +243,8 @@ ], "type": "object" }, - "Namespace": { - "title": "Namespace", + "_Namespace": { + "title": "_Namespace", "properties": { "namespace": { "title": "Namespace", @@ -40,7 +253,7 @@ "keys": { "title": "Keys", "additionalProperties": { - "$ref": "#/$defs/Key" + "$ref": "#/$defs/_Key" }, "description": "A dictionary mapping keys to Key objects within this namespace.", "type": "object" @@ -51,8 +264,8 @@ ], "type": "object" }, - "NonValuedVersion": { - "title": "NonValuedVersion", + "_NonValuedVersion": { + "title": "_NonValuedVersion", "properties": { "version": { "title": "Version", @@ -66,7 +279,7 @@ "type": "string" }, "obj": { - "title": "Obj" + "$ref": "#/$defs/DecisionTable" } }, "required": [ @@ -75,8 +288,8 @@ ], "type": "object" }, - "NsType": { - "title": "NsType", + "_NsType": { + "title": "_NsType", "properties": { "type": { "title": "Type", @@ -85,9 +298,9 @@ "namespaces": { "title": "Namespaces", "additionalProperties": { - "$ref": "#/$defs/Namespace" + "$ref": "#/$defs/_Namespace" }, - "description": "A dictionary mapping namespace strings to Namespace objects.", + "description": "A dictionary mapping obj types to Namespace objects.", "type": "object" } }, @@ -96,8 +309,8 @@ ], "type": "object" }, - "ValuedVersion": { - "title": "ValuedVersion", + "_ValuedVersion": { + "title": "_ValuedVersion", "properties": { "version": { "title": "Version", @@ -111,14 +324,14 @@ "type": "string" }, "obj": { - "title": "Obj" + "$ref": "#/$defs/DecisionPoint" }, "values": { "title": "Values", "additionalProperties": { - "$ref": "#/$defs/_KeyedBaseModel" + "$ref": "#/$defs/DecisionPointValue" }, - "description": "A dictionary mapping value keys to _Valued objects.", + "description": "A dictionary mapping value keys to DecisionPointValue objects.", "type": "object" } }, @@ -127,42 +340,6 @@ "obj" ], "type": "object" - }, - "_KeyedBaseModel": { - "title": "_KeyedBaseModel", - "properties": { - "key": { - "title": "Key", - "description": "A short, non-empty string identifier for the object. Keys must start with an alphanumeric, contain only alphanumerics and `_`, and end with an alphanumeric.(`T*` is explicitly grandfathered in as a valid key, but should not be used for new objects.)", - "examples": [ - "E", - "A", - "SI", - "L", - "M", - "H", - "Mixed_case_OK", - "alph4num3ric" - ], - "minLength": 1, - "pattern": "^(([a-zA-Z0-9])|([a-zA-Z0-9][a-zA-Z0-9_]*[a-zA-Z0-9])|(T\\*))$", - "type": "string" - }, - "name": { - "title": "Name", - "type": "string" - }, - "description": { - "title": "Description", - "type": "string" - } - }, - "required": [ - "key", - "name", - "description" - ], - "type": "object" } }, "properties": { @@ -183,7 +360,7 @@ "types": { "title": "Types", "additionalProperties": { - "$ref": "#/$defs/NsType" + "$ref": "#/$defs/_NsType" }, "description": "A dictionary mapping type names to NsType objects.", "type": "object" diff --git a/src/ssvc/__init__.py b/src/ssvc/__init__.py index 8da8d785..3cb5b746 100644 --- a/src/ssvc/__init__.py +++ b/src/ssvc/__init__.py @@ -28,7 +28,9 @@ import_modules(IMPORTABLES, include_children=True) if __name__ == "__main__": + from ssvc.registry import get_registry + # confirms that the registries are populated - from ssvc.registry import REGISTRY + registry = get_registry() - print(REGISTRY.model_dump_json(indent=2)) + print(registry.model_dump_json(indent=2)) diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index 50ee3791..2bc78f81 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -23,12 +23,13 @@ # DM24-0278 from datetime import datetime, timezone -from typing import Optional +from typing import Any, Optional from pydantic import BaseModel, ConfigDict, Field, field_validator, model_validator from semver import Version from ssvc.namespaces import NameSpace +from ssvc.registry.events import notify_registration from ssvc.utils.defaults import DEFAULT_VERSION, SCHEMA_VERSION from ssvc.utils.field_specs import NamespaceString, VersionString @@ -198,6 +199,25 @@ class _GenericSsvcObject(_Base, _Versioned, _Keyed, _Namespaced, BaseModel): pass +class _Registered(BaseModel): + registered: bool = Field( + default=True, exclude=True, json_schema_extra={"exclude": True} + ) + + model_config = ConfigDict(json_schema_mode_override="serialization") + + def model_post_init(self, __context: Any, /) -> None: + if hasattr(super(), "model_post_init"): + super().model_post_init(__context) + + if self.registered: + self._register() + + def _register(self) -> None: + """Register the object.""" + notify_registration(self) + + def main(): pass diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index 92aa96cf..f239c7e0 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -31,10 +31,10 @@ _Commented, _GenericSsvcObject, _KeyedBaseModel, + _Registered, _SchemaVersioned, _Valued, ) -from ssvc.registry.events import notify_registration from ssvc.utils.defaults import FIELD_DELIMITER logger = logging.getLogger(__name__) @@ -59,6 +59,7 @@ def __str__(self): class DecisionPoint( + _Registered, _Valued, _SchemaVersioned, _GenericSsvcObject, @@ -79,18 +80,7 @@ class DecisionPoint( """ schemaVersion: Literal[SCHEMA_VERSION] - - @model_validator(mode="before") - def _set_schema_version(cls, data: dict) -> dict: - """ - Set the schema version to the default if not provided. - """ - if "schemaVersion" not in data: - data["schemaVersion"] = SCHEMA_VERSION - return data - values: tuple[DecisionPointValue, ...] - model_config = ConfigDict(revalidate_instances="always") def __str__(self): @@ -134,11 +124,14 @@ def str(self) -> str: """ return self.__str__() - @model_validator(mode="after") - def _register(self): - """Register the decision point.""" - notify_registration(self) - return self + @model_validator(mode="before") + def _set_schema_version(cls, data: dict) -> dict: + """ + Set the schema version to the default if not provided. + """ + if "schemaVersion" not in data: + data["schemaVersion"] = SCHEMA_VERSION + return data @property def value_summaries(self) -> list[str]: diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index b28ec001..a449a15a 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -28,9 +28,9 @@ import pandas as pd from pydantic import BaseModel, Field, field_validator, model_validator -from ssvc._mixins import _Commented, _GenericSsvcObject, _SchemaVersioned +from ssvc._mixins import _Commented, _GenericSsvcObject, _Registered, _SchemaVersioned from ssvc.decision_points.base import DecisionPoint -from ssvc.registry.events import notify_registration +from ssvc.registry import get_registry from ssvc.utils.field_specs import DecisionPointDict from ssvc.utils.misc import obfuscate_dict from ssvc.utils.toposort import dplist_to_toposort @@ -72,7 +72,7 @@ def dpdict_to_combination_list( class DecisionTable( - _SchemaVersioned, _GenericSsvcObject, _Commented, BaseModel + _Registered, _SchemaVersioned, _GenericSsvcObject, _Commented, BaseModel ): """ DecisionTable: A flexible, serializable SSVC decision table model. @@ -83,6 +83,7 @@ class DecisionTable( Attributes: """ + key_prefix: ClassVar[str] = "DT" schemaVersion: Literal[SCHEMA_VERSION] @@ -108,6 +109,10 @@ def id(self): @field_validator("key", mode="before") @classmethod def validate_key(cls, value: str) -> str: + if value.startswith(f"{cls.key_prefix}_"): + return value + + # prepend the key prefix if it is not already present key = f"{cls.key_prefix}_{value}" return key @@ -237,13 +242,6 @@ def validate_mapping(self): return self - @model_validator(mode="after") - def _register(self): - """Register the decision point table.""" - notify_registration(self) - return self - - def obfuscate(self) -> "DecisionTable": """ Obfuscate the decision table by renaming the dict keys. @@ -411,12 +409,12 @@ def _col_check(col: str) -> bool: """ # late-binding import to avoid circular import issues - from ssvc.registry import REGISTRY + registry = get_registry() ns, dp_key, version = col.split(":") return ( - REGISTRY.lookup_version( + registry.lookup( objtype="DecisionPoint", namespace=ns, key=dp_key, @@ -463,7 +461,7 @@ def _replace_value_keys(value_key: str, dp_id: str) -> str: key = f"{dp_id}:{value_key}" objtype = "DecisionPoint" - from ssvc.registry import REGISTRY + REGISTRY = get_registry() newval = REGISTRY.lookup_by_id(objtype, key) @@ -479,10 +477,10 @@ def _rename_column(col: str) -> str: Returns: str: The renamed column. """ - from ssvc.registry import REGISTRY + registry = get_registry() # col should be in the format "namespace:dp_key:version" - dp = REGISTRY.lookup_by_id(objtype="DecisionPoint", objid=col) + dp = registry.lookup_by_id(objtype="DecisionPoint", objid=col) if dp is None: raise KeyError(f"Column {col} not found in DP_REGISTRY.") diff --git a/src/ssvc/doctools.py b/src/ssvc/doctools.py index 40631c89..df01df38 100755 --- a/src/ssvc/doctools.py +++ b/src/ssvc/doctools.py @@ -40,13 +40,14 @@ import os import re +import ssvc.dp_groups.base from ssvc.decision_points.base import ( DecisionPoint, ) from ssvc.decision_points.ssvc.base import SsvcDecisionPoint from ssvc.decision_tables.base import DecisionTable -from ssvc.registry import REGISTRY -from ssvc.registry.base import SsvcObjectRegistry +from ssvc.registry import get_registry +from ssvc.registry.base import SsvcObjectRegistry, get_all from ssvc.selection import SelectionList from ssvc.utils.misc import order_schema @@ -318,16 +319,15 @@ def main(): find_modules_to_import("./src/ssvc/decision_points", "ssvc.decision_points") find_modules_to_import("./src/ssvc/outcomes", "ssvc.outcomes") - # import collections to ensure they are registered too - import ssvc.dp_groups.ssvc.collections # noqa: F401 - import ssvc.dp_groups.cvss.collections # noqa: F401 + + registry = get_registry() # for each decision point: - for dp in REGISTRY.get_all("DecisionPoint"): + for dp in get_all("DecisionPoint", registry=registry): dump_decision_point(dp_dir, dp, overwrite) # for each decision table: - for dt in REGISTRY.get_all("DecisionTable"): + for dt in get_all("DecisionTable", registry=registry): dump_decision_table(dt_dir, dt, overwrite) # dump the registry @@ -338,7 +338,7 @@ def main(): try: logger.info(f"Writing {registry_json}") with open(registry_json, "x") as f: - f.write(REGISTRY.model_dump_json(indent=2)) + f.write(registry.model_dump_json(indent=2,exclude_none=True)) f.write("\n") # newline at end of file except FileExistsError: logger.warning( diff --git a/src/ssvc/registry/__init__.py b/src/ssvc/registry/__init__.py index 95449cc2..db36cb32 100644 --- a/src/ssvc/registry/__init__.py +++ b/src/ssvc/registry/__init__.py @@ -23,38 +23,51 @@ import logging -from ssvc.registry.base import SsvcObjectRegistry from ssvc.registry.events import add_registration_hook logger = logging.getLogger(__name__) # create an empty registry -REGISTRY = SsvcObjectRegistry( - name="SSVC Object Registry", - description="A registry for SSVC objects organized by type, namespace, key, and version.", -) +_REGISTRY = None + + +def get_registry() -> "SsvcObjectRegistry": + """Create and return a new SSVC object registry.""" + from ssvc.registry.base import SsvcObjectRegistry + + global _REGISTRY + + if _REGISTRY is None: + _REGISTRY = SsvcObjectRegistry( + name="SSVC Object Registry", + description="A registry for SSVC objects organized by type, namespace, key, and version.", + ) + + return _REGISTRY def _handle_registration(obj): """Handle object registration with type checking.""" + registry = get_registry() + # Import here to avoid circular imports try: from ssvc.decision_points.base import DecisionPoint, DecisionPointValue from ssvc.decision_tables.base import DecisionTable - logger.debug(f"Handling registration for {obj.id} of type {type(obj)}") if isinstance(obj, (DecisionPoint, DecisionPointValue, DecisionTable)): - REGISTRY.register(obj) + registry.register(obj) + logger.debug("Registered object %s of type %s", obj.id, type(obj).__name__) else: logger.warning( - f"Object {obj.id} is not a recognized SSVC decision point type: {type(obj)}" + f"Object {obj.id} is not a recognized SSVC type: {type(obj)}" ) - raise TypeError(f"Object {obj.id} is not a valid SSVC decision point type.") + raise TypeError(f"Object {obj.id} is not a valid SSVC type.") except ImportError: # Fallback registration without type checking logger.debug(f"Handling registration for {obj.id} of type {type(obj)}") - REGISTRY.register(obj) + registry.register(obj) # Set up the hook diff --git a/src/ssvc/registry/base.py b/src/ssvc/registry/base.py index b13515e3..11c69fa5 100644 --- a/src/ssvc/registry/base.py +++ b/src/ssvc/registry/base.py @@ -22,8 +22,9 @@ # DM24-0278 import logging -from typing import Any, Literal, Optional +from typing import Any, Literal, Optional, Union +import semver from pydantic import BaseModel, Field, model_validator from ssvc._mixins import ( @@ -31,8 +32,10 @@ _GenericSsvcObject, _KeyedBaseModel, _SchemaVersioned, - _Valued, ) +from ssvc.decision_points.base import DecisionPoint, DecisionPointValue +from ssvc.decision_tables.base import DecisionTable +from ssvc.registry import get_registry from ssvc.utils.field_specs import VersionString logger = logging.getLogger(__name__) @@ -40,6 +43,10 @@ SCHEMA_VERSION: str = "2.0.0" logger.debug(f"Using schema version {SCHEMA_VERSION} for SsvcObjectRegistry.") +# Define the types we can register +_Registerable = (DecisionPoint, DecisionTable) +_RegisterableClass = Union[_Registerable] + def lookup_type(module: str, type_name: str): """ @@ -78,58 +85,53 @@ def _get_obj_type(obj: object) -> str: if t is not None and isinstance(obj, t): objtype = t.__name__ break + return objtype -class NonValuedVersion(BaseModel): +class _ValuedVersion(BaseModel): version: VersionString - obj: object + obj: DecisionPoint + values: dict[str, DecisionPointValue] = Field( + default_factory=dict, + description="A dictionary mapping value keys to DecisionPointValue objects.", + ) + + def model_post_init(self, __context: Any) -> None: + if not self.values: + # if the object is valued, we should set the values dictionary + self.values = {v.key: v for v in self.obj.values} -class ValuedVersion(BaseModel): +class _NonValuedVersion(BaseModel): version: VersionString - obj: object - values: dict[str, _KeyedBaseModel] = Field( - default_factory=dict, - description="A dictionary mapping value keys to _Valued objects.", - ) + obj: DecisionTable - @model_validator(mode="before") - def _populate_values(cls, data): - obj = data.get("obj") - if not isinstance(obj, _Valued): - raise ValueError( - "ValuedVersion must include an `obj` that subclasses `_Valued`" - ) - return data - def model_post_init(self, __context: Any) -> None: - # set the values dictionary from the obj - self.values = {v.key: v for v in self.obj.values} - return self +_Version = Union[_ValuedVersion, _NonValuedVersion] -class Key(BaseModel): +class _Key(BaseModel): key: str - versions: dict[str, NonValuedVersion | ValuedVersion] = Field( + versions: dict[str, _Version] = Field( default_factory=dict, description="A dictionary mapping version strings to versioned objects.", ) -class Namespace(BaseModel): +class _Namespace(BaseModel): namespace: str - keys: dict[str, Key] = Field( + keys: dict[str, _Key] = Field( default_factory=dict, description="A dictionary mapping keys to Key objects within this namespace.", ) -class NsType(BaseModel): +class _NsType(BaseModel): type: str - namespaces: dict[str, Namespace] = Field( + namespaces: dict[str, _Namespace] = Field( default_factory=dict, - description="A dictionary mapping namespace strings to Namespace objects.", + description="A dictionary mapping obj types to Namespace objects.", ) @@ -139,7 +141,7 @@ class SsvcObjectRegistry(_SchemaVersioned, _Base, BaseModel): description="The schema version of this selection list.", ) - types: dict[str, NsType] = Field( + types: dict[str, _NsType] = Field( default_factory=dict, description="A dictionary mapping type names to NsType objects.", ) @@ -153,272 +155,489 @@ def set_schema_version(cls, data): data["schemaVersion"] = SCHEMA_VERSION return data - def lookup_objtype(self, objtype: str) -> NsType | None: + def register(self, obj: _GenericSsvcObject) -> None: """ - Lookup an object type in the registry by its name. - Returns None if the type is not found. + Register an object in the SSVC object registry. + If the object already exists, it will compare the new object with the existing one. + If they differ, it will raise a ValueError. Args: - objtype (str): The name of the object type to lookup. + obj: The object to register. + Returns: - NsType | None: The NsType object if found, otherwise None. + None """ - return self.types.get(objtype, None) + return register(obj=obj, registry=self) - def lookup_namespace(self, objtype: str, namespace: str) -> Namespace | None: + def reset(self, force: bool = False) -> None: """ - Lookup a namespace in the registry by object type and namespace name. - Returns None if the namespace is not found. - - Args: - objtype (str): The name of the object type. - namespace (str): The name of the namespace to lookup. - Returns: - Namespace | None: The Namespace object if found, otherwise None. + Reset the registry to an empty state. + If force is True, it will clear the registry even if it has objects. """ - otype = self.lookup_objtype(objtype) - - if otype is None: - return None - - return otype.namespaces.get(namespace, None) + if force or not self.types: + self.types = dict() + logger.debug("Registry reset.") + else: + logger.warning("Registry not reset. Use force=True to clear it.") - def lookup_key(self, objtype: str, namespace: str, key: str) -> Key | None: + def lookup( + self, + objtype: Optional[str] = None, + namespace: Optional[str] = None, + key: Optional[str] = None, + version: Optional[str] = None, + value_key: Optional[str] = None, + ) -> Union[DecisionPoint, DecisionPointValue, DecisionTable, None]: """ - Lookup a key in the registry by object type, namespace, and key name. - Returns None if the key is not found. + Lookup an object in the registry by type, namespace, key, version, and value key. Args: objtype (str): The name of the object type. namespace (str): The name of the namespace. key (str): The key to lookup. + version (str): The version string to lookup. + value_key (str): The key of the value to lookup. + Returns: - Key | None: The Key object if found, otherwise None. + DecisionPoint | DecisionPointValue | DecisionTable | None: The object if found, otherwise None. """ - ns = self.lookup_namespace(objtype, namespace) - - if ns is None: - return None - - return ns.keys.get(key, None) - - def lookup_version( - self, objtype: str, namespace: str, key: str, version: str - ) -> NonValuedVersion | ValuedVersion | None: + return lookup( + objtype=objtype, + namespace=namespace, + key=key, + version=version, + value_key=value_key, + registry=self, + ) + + def lookup_by_id( + self, objtype: str, objid: str + ) -> Union[DecisionPoint, DecisionPointValue, DecisionTable, None]: """ - Lookup a version in the registry by object type, namespace, key, and version string. - Returns None if the version is not found. + Lookup an object by its ID in the registry. + Args: - objtype (str): The name of the object type. - namespace (str): The name of the namespace. - key (str): The key to lookup. - version (str): The version string to lookup. - Returns: - NonValuedVersion | ValuedVersion | None: The version object if found, otherwise None. + objtype (str): The type of the object. + objid (str): The ID of the object in the format "namespace:key:version[:value_key]". + Returns: + DecisionPoint | DecisionPointValue | DecisionTable | None: The object if found, otherwise None. """ - key_obj = self.lookup_key(objtype, namespace, key) + return lookup_by_id(objtype=objtype, objid=objid, registry=self) - if key_obj is None: - return None - return key_obj.versions.get(version, None) +def register(obj: _RegisterableClass, registry: SsvcObjectRegistry = None) -> None: + """ + Register an object in the SSVC object registry. - def lookup_value( - self, objtype: str, namespace: str, key: str, version: str, value_key: str - ) -> _KeyedBaseModel | None: - """ - Lookup a value in the registry by object type, namespace, key, version, and value key. - Returns None if the value is not found. + Args: + obj: The object to register. + registry: The SsvcObjectRegistry to use. If None, uses the global registry. - Args: - objtype (str): The name of the object type. - namespace (str): The name of the namespace. - key (str): The key to lookup. - version (str): The version string to lookup. - value_key (str): The key of the value to lookup. - Returns: - _KeyedBaseModel | None: The value object if found, otherwise None. + Returns: + None + """ + if registry is None: + registry = get_registry() - """ - version_obj = self.lookup_version(objtype, namespace, key, version) + _insert(new=obj, registry=registry) - if version_obj is None: - return None - if isinstance(version_obj, ValuedVersion): - return version_obj.values.get(value_key, None) +def _get_keys(obj: _RegisterableClass) -> tuple[str, ...]: + objtype = _get_obj_type(obj) + ns = str(obj.namespace) # explicitly cast to string + k = obj.key + ver = obj.version - logger.debug(f"Object type '{objtype}' does not support values.") - return None + return (objtype, ns, k, ver) - def lookup( - self, - objtype: Optional[str] = None, - namespace: Optional[str] = None, - key: Optional[str] = None, - version: Optional[str] = None, - value_key: Optional[str] = None, - ) -> _GenericSsvcObject | None: - """ - Lookup an object in the registry by type, namespace, key, version, and value key. - Args: - objtype (str): The name of the object type. - namespace (str): The name of the namespace. - key (str): The key to lookup. - version (str): The version string to lookup. - value_key (str): The key of the value to lookup. - Returns: - _GenericSsvcObject | None: The object if found, otherwise None. +def _insert( + new: _RegisterableClass, registry: Optional[SsvcObjectRegistry] = None +) -> None: + """ + Inserts a new object into the SSVC object registry. + If the object is not registerable, it will raise a TypeError. + If the object already exists, it will compare the new object with the existing one. + If they differ, it will raise a ValueError. - """ - # everything None just returns the whole registry - if all([x is None for x in [objtype, namespace, key, version, value_key]]): - return self - - # start at the deepest level and work up - if value_key is not None: - return self.lookup_value(objtype, namespace, key, version, value_key) - if version is not None: - return self.lookup_version(objtype, namespace, key, version) - if key is not None: - return self.lookup_key(objtype, namespace, key) - if namespace is not None: - return self.lookup_namespace(objtype, namespace) - if objtype is not None: - return self.lookup_objtype(objtype) - logger.debug("No parameters provided for lookup, returning None.") - return None + Args: + new: + registry: - def lookup_by_id(self, objtype: str, objid: str) -> object | None: + Returns: - value_key = None - parts = objid.split(":") - ns, objid, version = parts[0:3] - if len(parts) == 4: - value_key = parts[3] + """ + if registry is None: + registry = get_registry() + + if not isinstance(new, _Registerable): + raise TypeError(f"Object {new} is not a registerable SSVC object.") + + (objtype, ns, k, ver) = _get_keys(new) + + # check to see if the type is already registered + typesobj = registry.types.get(objtype) + if typesobj is None: + logger.debug(f"Registering new object type '{objtype}'.") + typesobj = _NsType(type=objtype) + registry.types[objtype] = typesobj + + # check to see if the namespace is already registered + nsobj = typesobj.namespaces.get(ns) + if nsobj is None: + logger.debug(f"Registering new namespace '{ns}' for object type '{objtype}'.") + nsobj = _Namespace(namespace=ns) + registry.types[objtype].namespaces[ns] = nsobj + + # check to see if the key is already registered + keyobj = nsobj.keys.get(k) + if keyobj is None: + logger.debug( + f"Registering new key '{k}' in namespace '{ns}' for object type '{objtype}'." + ) + keyobj = _Key(key=k) + registry.types[objtype].namespaces[ns].keys[k] = keyobj + + # + verobj = keyobj.versions.get(ver) + if verobj is None: + # if we got here, we need to register the new version + logger.debug( + f"Registering new version '{ver}' for key '{k}' in namespace '{ns}' of type '{objtype}'." + ) + + # use model_construct to create the versioned object + # while avoiding recursion issues + if isinstance(new, DecisionTable): + # if this is a DecisionTable, we use the non-valued version + verobj = _NonValuedVersion.model_construct(version=ver, obj=new) + elif isinstance(new, DecisionPoint): + # if this is a DecisionPoint, we use the valued version + verobj = _ValuedVersion.model_construct(version=ver, obj=new) + else: + raise TypeError( + f"Object {new} is not a recognized SSVC object type for registration." + ) + keyobj.versions[ver] = verobj + else: + # if we got here, the version already exists, which is odd, but often benign + logger.debug(f"Object {new.id} already registered with version {ver}.") + # we should do a comparison to ensure it matches + _compare(new=new, existing=verobj.obj) - if value_key is not None: - return self.lookup_value(objtype, ns, objid, version, value_key) - return self.lookup_version(objtype, ns, objid, version) +def _compare(new: _RegisterableClass, existing: _RegisterableClass) -> None: + """ + Compares two objects and raises an error if they are different. - def register(self, obj: _GenericSsvcObject) -> None: - # extract the parts we need to register - - objtype = _get_obj_type(obj) - ns = str(obj.namespace) # explicitly cast to string - k = obj.key - ver = obj.version - - # if this object already exists in the registry, see if it matches - found = self.lookup(objtype=objtype, namespace=ns, key=k, version=ver) - if found is not None: - logger.debug(f"Object {obj.id} already registered, skipping registration.") - # if this is a different object with the same id, we should throw an error - diffs = [] - should_be_version = False - found_obj = found.obj - if found_obj.name != obj.name: - diffs.append(f"Name mismatch: {found_obj.name} != {obj.name}") - else: - should_be_version = True - if found_obj.description != obj.description: - diffs.append( - f"Description mismatch: {found_obj.description} != {obj.description}" - ) - if isinstance(found_obj, _Valued): - for a, b in zip(found_obj.values, obj.values): - if a != b: - diffs.append(f"Value mismatch: {a} != {b}") - for d in diffs: - logger.warning(f"Diff found when registering {obj.id}: {d}") - - if diffs: - if should_be_version: - logger.error( - f"Object {obj.id} ({obj.name}) already registered with different attributes. Consider changing the version." - ) - else: - logger.error( - f"Object {obj.id} already registered with different attributes. " - f"Consider changing the key ({obj.key}) for '{obj.name}' to avoid collision with '{found_obj.name}'." - ) - raise ValueError( - f"Object {obj.id} already registered with different attributes: {', '.join(diffs)}" - ) - # otherwise, we just return - return - - # start at the top of the registry and work down - if objtype not in self.types: - logger.debug(f"Registering new object type '{objtype}'.") - self.types[objtype] = NsType(type=objtype) - - if ns not in self.types[objtype].namespaces: - logger.debug( - f"Registering new namespace '{ns}' for object type '{objtype}'." - ) - self.types[objtype].namespaces[ns] = Namespace(namespace=ns) + Args: + new: the new object being registered + existing: the existing object in the registry - if k not in self.types[objtype].namespaces[ns].keys: - logger.debug( - f"Registering new key '{k}' in namespace '{ns}' for object type '{objtype}'." - ) - # versions will be created empty by the Key model - self.types[objtype].namespaces[ns].keys[k] = Key(key=k) + Returns: + None: if the objects are the same - if ver not in self.types[objtype].namespaces[ns].keys[k].versions: - logger.debug( - f"Registering new version '{ver}' for key '{k}' in namespace '{ns}' of type '{objtype}'." + Raises: + ValueError: if the objects are different + """ + # if this is a different object with the same id, we should throw an error + diffs = [] + should_be_version = False + + if existing.name != new.name: + diffs.append(f"Name mismatch: {existing.name} != {new.name}") + else: + should_be_version = True + + if existing.description != new.description: + diffs.append( + f"Description mismatch: {existing.description} != {new.description}" + ) + + if hasattr(existing, "values") and hasattr(new, "values"): + if existing.values is None and new.values is not None: + diffs.append( + f"Existing object {existing.id} has no values, but new object {new.id} has values." + ) + elif existing.values is not None and new.values is None: + diffs.append( + f"Existing object {existing.id} has values, but new object {new.id} has no values." + ) + elif existing.values is not None and new.values is not None: + for a, b in zip(existing.values, new.values): + if a != b: + diffs.append(f"Value mismatch: {a} != {b}") + + if diffs: + for d in diffs: + logger.warning(f"Diff found when registering {new.id}: {d}") + + if should_be_version: + logger.error( + f"Object {new.id} ({new.name}) already registered with different attributes. Consider changing the version." ) - if isinstance(obj, _Valued): - # values will be populated in the ValuedVersion model - self.types[objtype].namespaces[ns].keys[k].versions[ver] = ( - ValuedVersion( - version=ver, - obj=obj, - ) - ) - else: - self.types[objtype].namespaces[ns].keys[k].versions[ver] = ( - NonValuedVersion( - version=ver, - obj=obj, - ) - ) - - def reset(self, force: bool = False) -> None: - """ - Reset the registry to an empty state. - If force is True, it will clear the registry even if it has objects. - """ - if force or not self.types: - self.types = dict() - logger.debug("Registry reset.") else: - logger.warning("Registry not reset. Use force=True to clear it.") + logger.error( + f"Object {new.id} already registered with different attributes. " + f"Consider changing the key ({new.key}) for '{new.name}' to avoid collision with '{existing.name}'." + ) + raise ValueError( + f"Object {new.id} already registered with different attributes: {', '.join(diffs)}" + ) - def get_all(self, objtype: str) -> list[_GenericSsvcObject]: - """ - Get all objects of a specific type from the registry. + # if you get here, no problems were found, this is just a benign duplicate + logger.debug( + f"Object {new.id} already registered with matching attributes. No action taken." + ) - Args: - objtype (str): The type of objects to retrieve. - Returns: - list[_GenericSsvcObject]: A list of objects of the specified type. - """ - otype_ns = self.lookup_objtype(objtype) - if otype_ns is None: - return [] +def lookup_by_id( + objtype: str, objid: str, registry: SsvcObjectRegistry +) -> DecisionPoint | DecisionPointValue | DecisionTable | None: + + parts = objid.split(":") + args = {} + args["objtype"] = objtype + args["namespace"] = parts[0] + args["key"] = parts[1] + args["version"] = parts[2] + try: + args["value_key"] = parts[3] + except IndexError: + pass + + if "value_key" in args: + return lookup_value(**args, registry=registry) + + # if you got here, we're just looking up a version + return lookup_version(**args, registry=registry) - all_objects = [] - for ns in otype_ns.namespaces.values(): - for key in ns.keys.values(): - for version in key.versions.values(): - all_objects.append(version.obj) +def get_all(objtype: str, registry: SsvcObjectRegistry) -> list[_GenericSsvcObject]: + """ + Get all objects of a specific type from the registry. + + Args: + objtype (str): The type of objects to retrieve. + + Returns: + list[_GenericSsvcObject]: A list of objects of the specified type. + """ + + all_objects = [] + otype_ns = lookup_objtype(objtype, registry) + + if otype_ns is None: return all_objects + + for ns in otype_ns.namespaces.values(): + for key in ns.keys.values(): + for version in key.versions.values(): + all_objects.append(version.obj) + + return all_objects + + +def lookup_objtype(objtype: str, registry: SsvcObjectRegistry) -> _NsType | None: + """ + Lookup an object type in the registry by its name. + Returns None if the type is not found. + + Args: + objtype (str): The name of the object type to lookup. + Returns: + _NsType | None: The NsType object if found, otherwise None. + """ + return registry.types.get(objtype, None) + + +def lookup_namespace( + objtype: str, namespace: str, registry: SsvcObjectRegistry +) -> _Namespace | None: + """ + Lookup a namespace in the registry by object type and namespace name. + Returns None if the namespace is not found. + + Args: + objtype (str): The name of the object type. + namespace (str): The name of the namespace to lookup. + Returns: + _Namespace | None: The Namespace object if found, otherwise None. + """ + otype = lookup_objtype(objtype, registry) + + if otype is None: + return None + + return otype.namespaces.get(namespace, None) + + +def lookup_key( + objtype: str, namespace: str, key: str, registry: SsvcObjectRegistry +) -> _Key | None: + """ + Lookup a key in the registry by object type, namespace, and key name. + Returns None if the key is not found. + + Args: + objtype (str): The name of the object type. + namespace (str): The name of the namespace. + key (str): The key to lookup. + Returns: + _Key | None: The Key object if found, otherwise None. + """ + ns = lookup_namespace(objtype, namespace, registry) + + if ns is None: + return None + + return ns.keys.get(key, None) + + +def lookup_version( + objtype: str, namespace: str, key: str, version: str, registry: SsvcObjectRegistry +) -> _ValuedVersion | _NonValuedVersion | None: + """ + Lookup a version in the registry by object type, namespace, key, and version string. + Returns None if the version is not found. + Args: + registry: the SsvcObjectRegistry to use for lookup. + objtype (str): The name of the object type. + namespace (str): The name of the namespace. + key (str): The key to lookup. + version (str): The version string to lookup. + Returns: + NonValuedVersion | ValuedVersion | None: The version object if found, otherwise None. + + """ + key_obj = lookup_key(objtype, namespace, key, registry) + + if key_obj is None: + return None + + return key_obj.versions.get(version, None) + + +def lookup_value( + objtype: str, + namespace: str, + key: str, + version: str, + value_key: str, + registry: SsvcObjectRegistry, +) -> DecisionPointValue | None: + """ + Lookup a value in the registry by object type, namespace, key, version, and value key. + Returns None if the value is not found. + + Args: + objtype (str): The name of the object type. + namespace (str): The name of the namespace. + key (str): The key to lookup. + version (str): The version string to lookup. + value_key (str): The key of the value to lookup. + Returns: + _KeyedBaseModel | None: The value object if found, otherwise None. + + """ + version_obj = lookup_version(objtype, namespace, key, version, registry) + + if version_obj is None: + return None + + if version_obj.values is not None: + return version_obj.values.get(value_key, None) + + logger.debug(f"Object type '{objtype}' does not support values.") + return None + + +def lookup_latest( + objtype: Optional[str] = None, + namespace: Optional[str] = None, + key: Optional[str] = None, + registry: SsvcObjectRegistry = None, +) -> Union[_RegisterableClass, None]: + if registry is None: + registry = get_registry() + + keyobj = lookup_key( + objtype=objtype, namespace=namespace, key=key, registry=registry + ) + versions = keyobj.versions + # now we have a dict of {version_string: version_object} + + if versions is None: + return None + + def normalize_version(v: str) -> str: + return semver.Version.parse(v, optional_minor_and_patch=True) + + def stringify_version(v: str) -> str: + vers = normalize_version(v) + return vers.__str__() + + # create a quick lookup for version strings + version_lookup = {stringify_version(k): v.obj for k, v in versions.items()} + + parsed_version = [normalize_version(v) for v in list(versions.keys())] + latest = sorted(parsed_version)[-1] + # convert back to string + latest_str = str(latest) + + # now lookup the version object + version_obj = version_lookup[latest_str] + + return version_obj + + +def lookup( + objtype: Optional[str] = None, + namespace: Optional[str] = None, + key: Optional[str] = None, + version: Optional[str] = None, + value_key: Optional[str] = None, + registry: SsvcObjectRegistry = None, +) -> Union[_RegisterableClass, DecisionPointValue, None]: + """ + Lookup an object in the registry by type, namespace, key, version, and value key. + + Args: + objtype (str): The name of the object type. + namespace (str): The name of the namespace. + key (str): The key to lookup. + version (str): The version string to lookup. + value_key (str): The key of the value to lookup. + registry (SsvcObjectRegistry): The SsvcObjectRegistry to use. + + Returns: + DecisionPoint | DecisionPointValue | DecisionTable | None: The object if found, otherwise None. + + Raises: + ValueError: If the registry is not provided or if all lookup parameters are None. + + """ + if registry is None: + raise ValueError("Registry must be provided for lookup.") + + # start at the deepest level and work up + if value_key is not None: + return lookup_value(objtype, namespace, key, version, value_key, registry) + + if version is not None: + return lookup_version(objtype, namespace, key, version, registry) + + if key is not None: + return lookup_key(objtype, namespace, key, registry) + + if namespace is not None: + return lookup_namespace(objtype, namespace, registry) + + if objtype is not None: + return lookup_objtype(objtype, registry) + + raise ValueError( + "All lookup parameters were None. Please provide at least one parameter to lookup an object." + ) diff --git a/src/ssvc/registry_demo.py b/src/ssvc/registry_demo.py index 2dc9a6e2..2136bfa9 100644 --- a/src/ssvc/registry_demo.py +++ b/src/ssvc/registry_demo.py @@ -24,11 +24,13 @@ import logging -from ssvc.registry import REGISTRY, SsvcObjectRegistry +from ssvc.registry import get_registry +from ssvc.registry.base import SsvcObjectRegistry from ssvc.utils.misc import order_schema logger = logging.getLogger(__name__) + def main(): # importing the ssvc module forces the registry to be initialized import ssvc # noqa: F401 @@ -39,22 +41,29 @@ def main(): handler.setLevel(logging.DEBUG) logger.addHandler(handler) - print(REGISTRY.model_dump_json(indent=2)) + registry = get_registry() + + print(registry.model_dump_json(indent=2)) print() print() import json + schema = SsvcObjectRegistry.model_json_schema() schema = order_schema(schema) print(json.dumps(schema, indent=2)) - print() print("# Lookup demo") - search_for = {"objtype": "DecisionPoint", "namespace": "ssvc", "key": "EXP",} + search_for = { + "objtype": "DecisionPoint", + "namespace": "ssvc", + "key": "EXP", + } - dp = REGISTRY.lookup(**search_for) + dp = registry.lookup(**search_for) print(dp.model_dump_json(indent=2)) + if __name__ == "__main__": main() diff --git a/src/ssvc/utils/defaults.py b/src/ssvc/utils/defaults.py index 730b4df3..9c8a05bd 100644 --- a/src/ssvc/utils/defaults.py +++ b/src/ssvc/utils/defaults.py @@ -55,11 +55,18 @@ """Preferred order of fields in SSVC JSON Schema objects.""" +SCHEMA_VERSION = "2.0.0" +IMPORTABLES = [ + "ssvc.decision_points", + "ssvc.outcomes", + "ssvc.decision_tables", + "ssvc.dp_groups", +] + + def main(): pass if __name__ == "__main__": main() -SCHEMA_VERSION = "1-0-1" -IMPORTABLES = ["ssvc.decision_points", "ssvc.outcomes", "ssvc.decision_tables"] diff --git a/src/test/decision_points/test_cvss_helpers.py b/src/test/decision_points/test_cvss_helpers.py index 22d7725f..52eabd18 100644 --- a/src/test/decision_points/test_cvss_helpers.py +++ b/src/test/decision_points/test_cvss_helpers.py @@ -22,6 +22,7 @@ import ssvc.decision_points.cvss.helpers as h from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint +from ssvc.registry import get_registry def fake_ms_impacts() -> list[CvssDecisionPoint]: @@ -57,9 +58,9 @@ def fake_ms_impacts() -> list[CvssDecisionPoint]: class TestCvssHelpers(unittest.TestCase): def setUp(self) -> None: # reset the registry - from ssvc.registry import REGISTRY - REGISTRY.reset() + registry = get_registry() + registry.reset(force=True) self.dps = [] for i in range(3): diff --git a/src/test/decision_points/test_dp_base.py b/src/test/decision_points/test_dp_base.py index a09cb232..2d7cdd95 100644 --- a/src/test/decision_points/test_dp_base.py +++ b/src/test/decision_points/test_dp_base.py @@ -23,16 +23,19 @@ import ssvc.decision_points.ssvc.base import ssvc.registry from ssvc.decision_points.base import FIELD_DELIMITER +from ssvc.registry import get_registry +from ssvc.registry.base import _get_keys, get_all class MyTestCase(unittest.TestCase): def setUp(self) -> None: - from ssvc.registry import REGISTRY + self.registry = get_registry() + self.assertIsNotNone(self.registry) - self.original_registry = list(REGISTRY.get_all("DecisionPoint")) + self.original_registry = list(get_all("DecisionPoint", self.registry)) # reset the registry - REGISTRY.reset() + self.registry.reset() # add multiple values self.values = [] @@ -54,9 +57,7 @@ def setUp(self) -> None: def tearDown(self) -> None: # restore the original registry - from ssvc.registry import REGISTRY - - REGISTRY.reset() + self.registry.reset() def test_decision_point_basics(self): from ssvc._mixins import _Base, _Keyed, _Namespaced, _Valued, _Versioned @@ -68,37 +69,26 @@ def test_decision_point_basics(self): def test_registry(self): # just by creating the objects, they should be registered - self.assertIn(self.dp, base.REGISTERED_DECISION_POINTS) + self.registry.reset(force=True) + + # registry should be empty + self.assertIsNone(self.registry.types.get("DecisionPoint")) - dp2 = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( - name="asdfad", + dp = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( + name="testdp", key="asdfasdf", description="asdfasdf", version="1.33.1", - namespace="asdfasdf", + namespace="x_test", values=tuple(self.values), ) - self.assertIn(dp2, base.REGISTERED_DECISION_POINTS) - - def test_registry(self): - from ssvc.registry import REGISTRY - - # just by creating the objects, they should be registered - self.assertIsNotNone(REGISTRY.lookup_by_id("DecisionPoint", self.dp.id)) - dp2 = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( - name="asdfad", - key="asdfasdf", - description="asdfasdf", - version="1.33.1", - namespace="x_example.test", - values=self.values, + (objtype, ns, key, version) = _get_keys(dp) + self.assertEqual( + dp, + self.registry.types[objtype].namespaces[ns].keys[key].versions[version].obj, ) - dp2._comment = "asdfasdfasdf" - - self.assertIsNotNone(REGISTRY.lookup_by_id("DecisionPoint", dp2.id)) - def test_ssvc_value(self): for i, obj in enumerate(self.values): # should have name, key, description diff --git a/src/test/registry/__init__.py b/src/test/registry/__init__.py new file mode 100644 index 00000000..ee3fe40d --- /dev/null +++ b/src/test/registry/__init__.py @@ -0,0 +1,34 @@ +#!/usr/bin/env python +""" +file: __init__.py +author: adh +created_at: 8/6/25 10:57 AM +""" + + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + + +def main(): + pass + + +if __name__ == "__main__": + main() diff --git a/src/test/registry/test_base.py b/src/test/registry/test_base.py new file mode 100644 index 00000000..564d2b71 --- /dev/null +++ b/src/test/registry/test_base.py @@ -0,0 +1,346 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +import math +import random +import unittest +from unittest.mock import Mock, patch + +import semver + +import ssvc.registry.base as base +from ssvc.decision_points.base import DecisionPoint +from ssvc.decision_points.base import DecisionPointValue +from ssvc.decision_tables.base import DecisionTable +from ssvc.registry import get_registry + + +class RegistryTestCase(unittest.TestCase): + def setUp(self): + self.registry = base.SsvcObjectRegistry( + name="test_registry", description="A test registry" + ) + main_reg = get_registry() + main_reg.reset(force=True) # reset the main registry to ensure a clean state + + def tearDown(self): + pass + + def test_empty_init(self): + self.assertEqual(self.registry.name, "test_registry") + self.assertEqual(self.registry.description, "A test registry") + self.assertFalse(self.registry.types) + + def test_lookup_type(self): + type_name = "RegistryTestCase" + module_name = "test.registry.test_base" + + result = base.lookup_type(module_name, type_name) + # we expect to find ourselves + self.assertEqual(result, self.__class__) + + result = base.lookup_type("foo.bar", "NonExistent") + self.assertIsNone(result) + + def test_get_obj_type(self): + class Dummy: + pass + + dummy = Dummy() + obj_type = base._get_obj_type(dummy) + # anything outside of recognized types should be "other" + self.assertEqual("other", obj_type) + + # test with a known type + obj = DecisionPoint( + name="TestDP", + description="A test decision point", + namespace="x_test", + key="TEST", + values=[ + DecisionPointValue(key="A", name="AAA", description="Option A"), + DecisionPointValue(key="B", name="BBB", description="Option B"), + ], + registered=False, + ) + self.assertEqual("DecisionPoint", base._get_obj_type(obj)) + + class DpSubclass(DecisionPoint): + pass + + obj2 = DpSubclass( + name="TestDP2", + description="Another test decision point", + namespace="x_test", + key="TEST2", + values=[ + DecisionPointValue(key="A", name="AAA", description="Option A"), + DecisionPointValue(key="B", name="BBB", description="Option B"), + DecisionPointValue(key="C", name="CCC", description="Option C"), + ], + registered=False, + ) + self.assertEqual("DecisionPoint", base._get_obj_type(obj2)) + + def test_valued_version(self): + # test with a known type + + dp = DecisionPoint( + name="TestDP", + description="A test decision point", + namespace="x_test", + version="2.0.0", + key="TEST", + values=[ + DecisionPointValue(key="A", name="AAA", description="Option A"), + DecisionPointValue(key="B", name="BBB", description="Option B"), + ], + registered=False, + ) + + ver = base._ValuedVersion(version=dp.version, obj=dp) + self.assertEqual(dp.version, ver.version) + self.assertEqual(dp, ver.obj) + self.assertEqual(2, len(ver.values)) + + def test_nonvalued_version(self): + # test with a known type + + dp1 = DecisionPoint( + namespace="x_test", + key="TEST", + version="2.0.0", + name="TestDP", + description="A test decision point", + values=( + DecisionPointValue(key="A", name="AAA", description="Option A"), + DecisionPointValue(key="B", name="BBB", description="Option B"), + DecisionPointValue(key="C", name="CCC", description="Option C"), + DecisionPointValue(key="D", name="DDD", description="Option D"), + DecisionPointValue(key="E", name="EEE", description="Option E"), + ), + registered=False, + ) + dp2 = DecisionPoint( + namespace="x_test", + key="TEST2", + version="2.0.0", + name="TestDP", + description="A test decision point", + values=( + DecisionPointValue(key="A", name="AAA", description="Option A"), + DecisionPointValue(key="B", name="BBB", description="Option B"), + DecisionPointValue(key="C", name="CCC", description="Option C"), + ), + registered=False, + ) + + dp3 = DecisionPoint( + namespace="x_test", + key="TEST3", + version="2.0.0", + name="TestDP2", + description="A test decision point", + values=( + DecisionPointValue(key="A", name="A", description="Outcome A"), + DecisionPointValue(key="B", name="B", description="Outcome B"), + ), + registered=False, + ) + + dt = DecisionTable( + namespace="x_test", + key="TEST_DT", + version="2.0.0", + name="TestDT", + description="A test decision table", + decision_points={dp.id: dp for dp in [dp1, dp2, dp3]}, + outcome=dp3.id, + ) + + ver = base._NonValuedVersion(version=dt.version, obj=dt) + self.assertEqual(dt.version, ver.version) + self.assertEqual(dt, ver.obj) + # even though we didn't specify a mapping + # it should be created automatically + # and populated into the object + self.assertIsNotNone(ver.obj.mapping) + + self.assertEqual( + math.prod(len(dp.values) for dp in [dp1, dp2]), len(ver.obj.mapping) + ) + + @patch("ssvc.registry.base._NonValuedVersion") + @patch("ssvc.registry.base._ValuedVersion") + def test_key(self, mock_valued_version, mock_nonvalued_version): + mockobj1 = Mock() + mockobj1.schemaVersion = "2.0.0" + mockobj1.key = "TEST" + mockobj1.namespace = "x_test" + mockobj1.version = "1.0.0" + mockobj1.name = "Test Object" + mockobj1.description = "A test object" + mockobj1.id = "test-id" + mockobj1.model_dump_json.return_value = "{}" + mockobj1.values = [] + mockobj1.decision_points = {} + mockobj1.outcome = "" + + mockobj2 = Mock() + mockobj2.schemaVersion = "2.0.0" + mockobj2.key = "TEST2" + mockobj2.version = "2.0.0" + mockobj2.namespace = "x_test" + mockobj2.name = "Test Object" + mockobj2.description = "A test object" + mockobj2.id = "test-id" + mockobj2.model_dump_json.return_value = "{}" + mockobj2.values = [] + mockobj2.decision_points = {} + mockobj2.outcome = "" + + mock_valued_version.return_value = mockobj1 + mock_nonvalued_version.return_value = mockobj1 + + keyobj = base._Key( + key="FOO", + versions={ + "1.0.0": {"obj": mockobj1.__dict__, "version": "1.0.0"}, + "2.0.0": {"obj": mockobj2.__dict__, "version": "2.0.0"}, + }, + ) + self.assertEqual("FOO", keyobj.key) + self.assertEqual(2, len(keyobj.versions)) + + self.assertIn("1.0.0", keyobj.versions) + self.assertIn("2.0.0", keyobj.versions) + + def test__insert(self): + # test with a known type + + dp = DecisionPoint( + name="TestDP", + description="A test decision point", + namespace="x_test", + key="TEST", + values=[ + DecisionPointValue(key="A", name="AAA", description="Option A"), + DecisionPointValue(key="B", name="BBB", description="Option B"), + ], + registered=False, + ) + + self.assertIsNone( + base.lookup_by_id( + objtype="DecisionPoint", objid=dp.id, registry=self.registry + ) + ) + + # insert the object into the registry + base._insert(dp, registry=self.registry) + + result = base.lookup_by_id( + objtype="DecisionPoint", objid=dp.id, registry=self.registry + ) + self.assertIsNotNone(result) + self.assertEqual(dp, result.obj) + + def test__compare(self): + # test with a known type + + dp1 = DecisionPoint( + name="TestDP", + description="A test decision point", + namespace="x_test", + key="TEST", + values=[ + DecisionPointValue(key="A", name="AAA", description="Option A"), + DecisionPointValue(key="B", name="BBB", description="Option B"), + ], + registered=False, + ) + + dp2 = DecisionPoint( + name="TestDP2", + description="A test decision point", + namespace="x_test", + key="TEST", + values=[ + DecisionPointValue(key="AA", name="AAAA", description="Option A"), + DecisionPointValue(key="B", name="BBB", description="Option B"), + ], + registered=False, + ) + main_reg = get_registry() + self.assertIsNone(base.lookup_by_id("DecisionPoint", dp1.id, main_reg)) + self.assertIsNone(base.lookup_by_id("DecisionPoint", dp2.id, main_reg)) + + # no diffs + result = base._compare(dp1, dp1) + self.assertIsNone(result) + + # different values raise ValueError + with self.assertRaises(ValueError): + base._compare(dp1, dp2) + + def test_lookup_latest(self): + dps = [] + for v in range(1, 100): + version = str( + semver.Version( + major=v, minor=random.randint(0, 20), patch=random.randint(0, 50) + ) + ) + + dp = DecisionPoint( + name="TestDP", + description="A test decision point", + namespace="x_test", + key="TEST", + version=version, + values=[ + DecisionPointValue(key="A", name=f"AAA{v}", description="Option A"), + DecisionPointValue(key="B", name="BBB", description="Option B"), + ], + registered=False, + ) + dps.append(dp) + + # the highest version will be the last one added + expect_latest = dps[-1] + + # shuffle to change the order of insertion + # this is to ensure that the lookup_latest function + # correctly identifies the latest version regardless of insertion order + random.shuffle(dps) + + for dp in dps: + self.registry.register(dp) + + latest = base.lookup_latest( + objtype="DecisionPoint", + namespace="x_test", + key="TEST", + registry=self.registry, + ) + self.assertIsNotNone(latest) + self.assertEqual(expect_latest, latest) + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/test_schema.py b/src/test/test_schema.py index ff57baa8..51f63f98 100644 --- a/src/test/test_schema.py +++ b/src/test/test_schema.py @@ -34,7 +34,8 @@ # importing these causes the decision points to register themselves from ssvc.dp_groups.ssvc.collections import SSVCv1, SSVCv2, SSVCv2_1 # noqa -from ssvc.registry import REGISTRY +from ssvc.registry import get_registry +from ssvc.registry.base import get_all def retrieve_local(uri: str) -> Resource: @@ -55,9 +56,7 @@ def retrieve_local(uri: str) -> Resource: return Resource.from_contents(schema) -registry = Registry(retrieve=retrieve_local) - -REGISTERED_DECISION_POINTS = REGISTRY.get_all("DecisionPoint") +_schema_registry = Registry(retrieve=retrieve_local) class MyTestCase(unittest.TestCase): @@ -68,10 +67,8 @@ def setUp(self) -> None: logger.addHandler(hdlr) self.logger = logger - from ssvc.registry import REGISTRY - - self.registry = REGISTRY - self.registered_dps = list(self.registry.get_all("DecisionPoint")) + self.registry = get_registry() + self.registered_dps = list(get_all("DecisionPoint", registry=self.registry)) my_file_path = os.path.abspath(__file__) my_dir = os.path.dirname(my_file_path) @@ -81,7 +78,6 @@ def setUp(self) -> None: def test_confirm_registered_decision_points(self): self.assertGreater(len(self.registered_dps), 0, "No decision points registered") - # @unittest.expectedFailure def test_decision_point_validation(self): schema_path = os.path.join(self.schema_dir, "Decision_Point-2-0-0.schema.json") schema_path = os.path.abspath(schema_path) @@ -95,7 +91,7 @@ def test_decision_point_validation(self): loaded = json.loads(as_json) try: - Draft202012Validator(schema, registry=registry).validate(loaded) + Draft202012Validator(schema, registry=_schema_registry).validate(loaded) except jsonschema.exceptions.ValidationError as e: exp = e @@ -119,7 +115,7 @@ def test_decision_point_group_validation(self): loaded = json.loads(as_json) try: - Draft202012Validator(schema, registry=registry).validate(loaded) + Draft202012Validator(schema, registry=_schema_registry).validate(loaded) except jsonschema.exceptions.ValidationError as e: exp = e From 8aa3fb54e5d8d6fa24665e21ea0b08e2899b6afe Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli Date: Thu, 7 Aug 2025 15:02:56 -0400 Subject: [PATCH 214/468] Fix CISA Decision Tree extra text remove (#854) --- .../cisa/cisa_coordinate_dt_2_0_3.json | 42 ------------------- 1 file changed, 42 deletions(-) diff --git a/data/json/decision_tables/cisa/cisa_coordinate_dt_2_0_3.json b/data/json/decision_tables/cisa/cisa_coordinate_dt_2_0_3.json index c034dce9..7361662d 100644 --- a/data/json/decision_tables/cisa/cisa_coordinate_dt_2_0_3.json +++ b/data/json/decision_tables/cisa/cisa_coordinate_dt_2_0_3.json @@ -1,5 +1,3 @@ -CISA Coordinator Decision Table (2.0.3) - { "namespace": "cisa", "key": "DT_CO", @@ -390,43 +388,3 @@ CISA Coordinator Decision Table (2.0.3) } ] } -Longform DataFrame CSV - -Exploitation v1.1.0,Automatable v2.0.0,Technical Impact v1.0.0,Human Impact v2.0.1,CISA Levels v1.0.0 (cisa) -none,no,partial,low,track -none,no,partial,medium,track -none,no,partial,high,track -none,no,total,low,track -none,no,total,medium,track -none,no,total,high,track* -none,yes,partial,low,track -none,yes,partial,medium,track -none,yes,partial,high,act -none,yes,total,low,track -none,yes,total,medium,track -none,yes,total,high,act -public poc,no,partial,low,track -public poc,no,partial,medium,track -public poc,no,partial,high,track* -public poc,no,total,low,track -public poc,no,total,medium,track* -public poc,no,total,high,act -public poc,yes,partial,low,track -public poc,yes,partial,medium,track -public poc,yes,partial,high,act -public poc,yes,total,low,track -public poc,yes,total,medium,track* -public poc,yes,total,high,act -active,no,partial,low,track -active,no,partial,medium,track -active,no,partial,high,act -active,no,total,low,track -active,no,total,medium,act -active,no,total,high,act -active,yes,partial,low,act -active,yes,partial,medium,act -active,yes,partial,high,act -active,yes,total,low,act -active,yes,total,medium,act -active,yes,total,high,act - From ed447e36844c9ee6349ca49a741da7474d08ca72 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 7 Aug 2025 15:41:31 -0400 Subject: [PATCH 215/468] add coord pub table (#856) --- ...rdinator_publish_decision_table_1_0_0.json | 270 +++++++++++++++++ data/json/ssvc_object_registry.json | 278 ++++++++++++++++++ src/ssvc/decision_tables/ssvc/coord_pub_dt.py | 224 ++++++++++++++ 3 files changed, 772 insertions(+) create mode 100644 data/json/decision_tables/ssvc/coordinator_publish_decision_table_1_0_0.json create mode 100644 src/ssvc/decision_tables/ssvc/coord_pub_dt.py diff --git a/data/json/decision_tables/ssvc/coordinator_publish_decision_table_1_0_0.json b/data/json/decision_tables/ssvc/coordinator_publish_decision_table_1_0_0.json new file mode 100644 index 00000000..796e2ad5 --- /dev/null +++ b/data/json/decision_tables/ssvc/coordinator_publish_decision_table_1_0_0.json @@ -0,0 +1,270 @@ +{ + "namespace": "ssvc", + "key": "DT_COORD_PUBLISH", + "version": "1.0.0", + "name": "Coordinator Publish Decision Table", + "description": "This decision table is used to determine the priority of a coordinator publish.", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:SINV:1.0.0": { + "namespace": "ssvc", + "key": "SINV", + "version": "1.0.0", + "name": "Supplier Involvement", + "description": "What is the state of the supplier’s work on addressing the vulnerability?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "FR", + "name": "Fix Ready", + "description": "The supplier has provided a patch or fix." + }, + { + "key": "C", + "name": "Cooperative", + "description": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." + }, + { + "key": "UU", + "name": "Uncooperative/Unresponsive", + "description": "The supplier has not responded, declined to generate a remediation, or no longer exists." + } + ] + }, + "ssvc:E:1.1.0": { + "namespace": "ssvc", + "key": "E", + "version": "1.1.0", + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + }, + { + "key": "P", + "name": "Public PoC", + "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + }, + { + "key": "A", + "name": "Active", + "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + } + ] + }, + "ssvc:PVA:1.0.0": { + "namespace": "ssvc", + "key": "PVA", + "version": "1.0.0", + "name": "Public Value Added", + "description": "How much value would a publication from the coordinator benefit the broader community?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Limited", + "description": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." + }, + { + "key": "A", + "name": "Ampliative", + "description": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." + }, + { + "key": "P", + "name": "Precedence", + "description": "The publication would be the first publicly available, or be coincident with the first publicly available." + } + ] + }, + "ssvc:PUBLISH:1.0.0": { + "namespace": "ssvc", + "key": "PUBLISH", + "version": "1.0.0", + "name": "Publish, Do Not Publish", + "description": "The publish outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Do Not Publish", + "description": "Do Not Publish" + }, + { + "key": "P", + "name": "Publish", + "description": "Publish" + } + ] + } + }, + "outcome": "ssvc:PUBLISH:1.0.0", + "mapping": [ + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + } + ] +} diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index cda2426c..4b85cff8 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -6699,6 +6699,284 @@ "ssvc": { "namespace": "ssvc", "keys": { + "DT_COORD_PUBLISH": { + "key": "DT_COORD_PUBLISH", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "DT_COORD_PUBLISH", + "version": "1.0.0", + "name": "Coordinator Publish Decision Table", + "description": "This decision table is used to determine the priority of a coordinator publish.", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:SINV:1.0.0": { + "namespace": "ssvc", + "key": "SINV", + "version": "1.0.0", + "name": "Supplier Involvement", + "description": "What is the state of the supplier’s work on addressing the vulnerability?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "FR", + "name": "Fix Ready", + "description": "The supplier has provided a patch or fix." + }, + { + "key": "C", + "name": "Cooperative", + "description": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." + }, + { + "key": "UU", + "name": "Uncooperative/Unresponsive", + "description": "The supplier has not responded, declined to generate a remediation, or no longer exists." + } + ] + }, + "ssvc:E:1.1.0": { + "namespace": "ssvc", + "key": "E", + "version": "1.1.0", + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + }, + { + "key": "P", + "name": "Public PoC", + "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + }, + { + "key": "A", + "name": "Active", + "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + } + ] + }, + "ssvc:PVA:1.0.0": { + "namespace": "ssvc", + "key": "PVA", + "version": "1.0.0", + "name": "Public Value Added", + "description": "How much value would a publication from the coordinator benefit the broader community?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Limited", + "description": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." + }, + { + "key": "A", + "name": "Ampliative", + "description": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." + }, + { + "key": "P", + "name": "Precedence", + "description": "The publication would be the first publicly available, or be coincident with the first publicly available." + } + ] + }, + "ssvc:PUBLISH:1.0.0": { + "namespace": "ssvc", + "key": "PUBLISH", + "version": "1.0.0", + "name": "Publish, Do Not Publish", + "description": "The publish outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Do Not Publish", + "description": "Do Not Publish" + }, + { + "key": "P", + "name": "Publish", + "description": "Publish" + } + ] + } + }, + "outcome": "ssvc:PUBLISH:1.0.0", + "mapping": [ + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + } + ] + } + } + } + }, "DT_DP": { "key": "DT_DP", "versions": { diff --git a/src/ssvc/decision_tables/ssvc/coord_pub_dt.py b/src/ssvc/decision_tables/ssvc/coord_pub_dt.py new file mode 100644 index 00000000..11a51810 --- /dev/null +++ b/src/ssvc/decision_tables/ssvc/coord_pub_dt.py @@ -0,0 +1,224 @@ +#!/usr/bin/env python +""" +Provides the Coordinator Publish Decision Table for SSVC. +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.ssvc.exploitation import LATEST as Exploitation +from ssvc.decision_points.ssvc.public_value_added import LATEST as PublicValueAdded +from ssvc.decision_points.ssvc.supplier_involvement import LATEST as SupplierInvolvement +from ssvc.decision_tables.base import DecisionTable +from ssvc.namespaces import NameSpace +from ssvc.outcomes.ssvc.publish import LATEST as Priority + +V1_0_0 = DecisionTable( + namespace=NameSpace.SSVC, + key="COORD_PUBLISH", + version="1.0.0", + name="Coordinator Publish Decision Table", + description="This decision table is used to determine the priority of a coordinator publish.", + decision_points={ + dp.id: dp + for dp in [SupplierInvolvement, Exploitation, PublicValueAdded, Priority] + }, + outcome=Priority.id, + mapping=[ + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N", + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N", + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N", + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N", + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N", + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N", + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N", + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N", + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N", + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P", + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N", + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N", + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N", + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N", + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P", + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P", + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P", + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "P", + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P", + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P", + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P", + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P", + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P", + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P", + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P", + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P", + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P", + }, + ], +) + +VERSIONS = (V1_0_0,) +LATEST = VERSIONS[-1] + + +def main(): + from ssvc.decision_tables.base import decision_table_to_longform_df + + print(LATEST.model_dump_json(indent=2)) + + print("Longform DataFrame CSV") + print() + print(decision_table_to_longform_df(LATEST).to_csv(index=False)) + + +if __name__ == "__main__": + main() From 86db116457c91db2246423c41861aa07541240a7 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 7 Aug 2025 18:38:34 -0400 Subject: [PATCH 216/468] Fix imports in `doctools.py (#857) --- .../do_schedule_delegate_delete_1_0_0.json | 30 -- .../decision_points/x_basic/moscow_1_0_0.json | 30 -- .../x_basic/value_complexity_1_0_0.json | 30 -- .../decision_points/x_basic/yes_no_1_0_0.json | 20 - .../x_community/theparanoids_1_0_0.json | 40 -- ...2_0_3.json => cisa_coordinator_2_0_3.json} | 2 +- data/json/ssvc_object_registry.json | 403 ++++++++++++++++++ src/ssvc/doctools.py | 1 + 8 files changed, 405 insertions(+), 151 deletions(-) delete mode 100644 data/json/decision_points/x_basic/do_schedule_delegate_delete_1_0_0.json delete mode 100644 data/json/decision_points/x_basic/moscow_1_0_0.json delete mode 100644 data/json/decision_points/x_basic/value_complexity_1_0_0.json delete mode 100644 data/json/decision_points/x_basic/yes_no_1_0_0.json delete mode 100644 data/json/decision_points/x_community/theparanoids_1_0_0.json rename data/json/decision_tables/cisa/{cisa_coordinate_dt_2_0_3.json => cisa_coordinator_2_0_3.json} (99%) diff --git a/data/json/decision_points/x_basic/do_schedule_delegate_delete_1_0_0.json b/data/json/decision_points/x_basic/do_schedule_delegate_delete_1_0_0.json deleted file mode 100644 index f83890fe..00000000 --- a/data/json/decision_points/x_basic/do_schedule_delegate_delete_1_0_0.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "name": "Do, Schedule, Delegate, Delete", - "description": "The Eisenhower outcome group.", - "namespace": "x_basic", - "version": "1.0.0", - "schemaVersion": "1-0-1", - "key": "IKE", - "values": [ - { - "key": "D", - "name": "Delete", - "description": "Delete" - }, - { - "key": "G", - "name": "Delegate", - "description": "Delegate" - }, - { - "key": "S", - "name": "Schedule", - "description": "Schedule" - }, - { - "key": "O", - "name": "Do", - "description": "Do" - } - ] -} diff --git a/data/json/decision_points/x_basic/moscow_1_0_0.json b/data/json/decision_points/x_basic/moscow_1_0_0.json deleted file mode 100644 index 77955737..00000000 --- a/data/json/decision_points/x_basic/moscow_1_0_0.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "name": "MoSCoW", - "description": "The MoSCoW (Must, Should, Could, Won't) outcome group.", - "namespace": "x_basic", - "version": "1.0.0", - "schemaVersion": "1-0-1", - "key": "MSCW", - "values": [ - { - "key": "W", - "name": "Won't", - "description": "Won't" - }, - { - "key": "C", - "name": "Could", - "description": "Could" - }, - { - "key": "S", - "name": "Should", - "description": "Should" - }, - { - "key": "M", - "name": "Must", - "description": "Must" - } - ] -} diff --git a/data/json/decision_points/x_basic/value_complexity_1_0_0.json b/data/json/decision_points/x_basic/value_complexity_1_0_0.json deleted file mode 100644 index 83579078..00000000 --- a/data/json/decision_points/x_basic/value_complexity_1_0_0.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "name": "Value, Complexity", - "description": "The Value/Complexity outcome group.", - "namespace": "x_basic", - "version": "1.0.0", - "schemaVersion": "1-0-1", - "key": "VALUE_COMPLEXITY", - "values": [ - { - "key": "D", - "name": "Drop", - "description": "Drop" - }, - { - "key": "R", - "name": "Reconsider Later", - "description": "Reconsider Later" - }, - { - "key": "E", - "name": "Easy Win", - "description": "Easy Win" - }, - { - "key": "F", - "name": "Do First", - "description": "Do First" - } - ] -} diff --git a/data/json/decision_points/x_basic/yes_no_1_0_0.json b/data/json/decision_points/x_basic/yes_no_1_0_0.json deleted file mode 100644 index 6a3b9b23..00000000 --- a/data/json/decision_points/x_basic/yes_no_1_0_0.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "name": "Yes, No", - "description": "The Yes/No outcome group.", - "namespace": "x_basic", - "version": "1.0.0", - "schemaVersion": "1-0-1", - "key": "YN", - "values": [ - { - "key": "N", - "name": "No", - "description": "No" - }, - { - "key": "Y", - "name": "Yes", - "description": "Yes" - } - ] -} diff --git a/data/json/decision_points/x_community/theparanoids_1_0_0.json b/data/json/decision_points/x_community/theparanoids_1_0_0.json deleted file mode 100644 index 82d8a4c5..00000000 --- a/data/json/decision_points/x_community/theparanoids_1_0_0.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "name": "theParanoids", - "description": "PrioritizedRiskRemediation outcome group based on TheParanoids.", - "namespace": "x_community", - "version": "1.0.0", - "schemaVersion": "1-0-1", - "key": "PARANOIDS", - "values": [ - { - "key": "5", - "name": "Track 5", - "description": "Track" - }, - { - "key": "4", - "name": "Track Closely 4", - "description": "Track Closely" - }, - { - "key": "3", - "name": "Attend 3", - "description": "Attend" - }, - { - "key": "2", - "name": "Attend 2", - "description": "Attend" - }, - { - "key": "1", - "name": "Act 1", - "description": "Act" - }, - { - "key": "0", - "name": "Act ASAP 0", - "description": "Act ASAP" - } - ] -} diff --git a/data/json/decision_tables/cisa/cisa_coordinate_dt_2_0_3.json b/data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json similarity index 99% rename from data/json/decision_tables/cisa/cisa_coordinate_dt_2_0_3.json rename to data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json index 7361662d..ecd2103b 100644 --- a/data/json/decision_tables/cisa/cisa_coordinate_dt_2_0_3.json +++ b/data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json @@ -2,7 +2,7 @@ "namespace": "cisa", "key": "DT_CO", "version": "2.0.3", - "name": "CISA Coordinator (2.0.3)", + "name": "CISA Coordinator", "description": "CISA Coordinator decision table for SSVC", "schemaVersion": "2.0.0", "decision_points": { diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index 4b85cff8..47b74b7a 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -8348,6 +8348,409 @@ } } } + }, + "cisa": { + "namespace": "cisa", + "keys": { + "DT_CO": { + "key": "DT_CO", + "versions": { + "2.0.3": { + "version": "2.0.3", + "obj": { + "namespace": "cisa", + "key": "DT_CO", + "version": "2.0.3", + "name": "CISA Coordinator", + "description": "CISA Coordinator decision table for SSVC", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:E:1.1.0": { + "namespace": "ssvc", + "key": "E", + "version": "1.1.0", + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + }, + { + "key": "P", + "name": "Public PoC", + "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + }, + { + "key": "A", + "name": "Active", + "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + } + ] + }, + "ssvc:A:2.0.0": { + "namespace": "ssvc", + "key": "A", + "version": "2.0.0", + "name": "Automatable", + "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + }, + { + "key": "Y", + "name": "Yes", + "description": "Attackers can reliably automate steps 1-4 of the kill chain." + } + ] + }, + "ssvc:TI:1.0.0": { + "namespace": "ssvc", + "key": "TI", + "version": "1.0.0", + "name": "Technical Impact", + "description": "The technical impact of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "P", + "name": "Partial", + "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." + }, + { + "key": "T", + "name": "Total", + "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." + } + ] + }, + "ssvc:HI:2.0.1": { + "namespace": "ssvc", + "key": "HI", + "version": "2.0.1", + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + }, + { + "key": "M", + "name": "Medium", + "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + }, + { + "key": "H", + "name": "High", + "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + { + "key": "VH", + "name": "Very High", + "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + } + ] + }, + "cisa:CISA:1.0.0": { + "namespace": "cisa", + "key": "CISA", + "version": "1.0.0", + "name": "CISA Levels", + "description": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "T", + "name": "Track", + "description": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." + }, + { + "key": "T*", + "name": "Track*", + "description": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." + }, + { + "key": "A", + "name": "Attend", + "description": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." + }, + { + "key": "A", + "name": "Act", + "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." + } + ] + } + }, + "outcome": "cisa:CISA:1.0.0", + "mapping": [ + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "T*" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "T*" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T*" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T*" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "T" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "L", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "M", + "cisa:CISA:1.0.0": "A" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:HI:2.0.1": "H", + "cisa:CISA:1.0.0": "A" + } + ] + } + } + } + } + } } } } diff --git a/src/ssvc/doctools.py b/src/ssvc/doctools.py index df01df38..7124d70c 100755 --- a/src/ssvc/doctools.py +++ b/src/ssvc/doctools.py @@ -318,6 +318,7 @@ def main(): find_modules_to_import("./src/ssvc/decision_points", "ssvc.decision_points") find_modules_to_import("./src/ssvc/outcomes", "ssvc.outcomes") + find_modules_to_import("./src/ssvc/decision_tables", "ssvc.decision_tables") registry = get_registry() From e236a3f801156871d698df34c051063f41bf160d Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 11 Aug 2025 15:47:26 -0400 Subject: [PATCH 217/468] Add `DecisionTable` objects for CVSS v4 Equivalence Sets (#863) * extract decision table print helper method * add first attempt at EQ1 (note: default mapping is unverified) * bring EQ 1 into alignment with CVSSv4 spec * fix AC and AT value order * add EQ2 decision table * add EQ3 verified against spec * create modified subsequent availability and integrity decision points * add EQ4 decision table * add EQ6 * wip on EQ5. blocked by #859 * add expected failure test for #859 * fix #859 * Update src/ssvc/decision_tables/cvss/equivalence_set_two.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update src/ssvc/decision_points/cvss/helpers.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update data/json/decision_tables/cvss/cvss_v4_equivalence_set_2_1_0_0.json Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix errors in EQ4 * regenerate registry * add unit tests --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../cvss/access_complexity_1_0_0.json | 10 +- .../cvss/access_complexity_2_0_0.json | 12 +- .../cvss/attack_complexity_3_0_0.json | 10 +- .../cvss/attack_complexity_3_0_1.json | 10 +- .../cvss/attack_requirements_1_0_0.json | 10 +- ...equirement_without_not_defined__1_1_1.json | 25 + ...equirement_without_not_defined__1_1_1.json | 25 + ...equirement_without_not_defined__1_1_1.json | 25 + .../modified_attack_complexity_3_0_0.json | 10 +- .../modified_attack_complexity_3_0_1.json | 10 +- .../modified_attack_requirements_1_0_0.json | 10 +- ...impact_to_the_subsequent_system_1_0_1.json | 5 + ...ent_system_without_not_defined__1_0_1.json | 30 + ...ent_system_without_not_defined__1_0_1.json | 30 + .../cvss/cvss_equivalence_set_5_1_0_0.json | 80 + .../cvss/cvss_v4_equivalence_set_1_1_0_0.json | 334 + .../cvss/cvss_v4_equivalence_set_2_1_0_0.json | 93 + .../cvss/cvss_v4_equivalence_set_3_1_0_0.json | 275 + .../cvss/cvss_v4_equivalence_set_4_1_0_0.json | 411 + .../cvss/cvss_v4_equivalence_set_6_1_0_0.json | 6744 +++++++++ data/json/ssvc_object_registry.json | 11536 +++++++++++++--- .../decision_points/cvss/attack_complexity.py | 10 +- .../cvss/attack_requirements.py | 2 +- .../cvss/availability_requirement.py | 4 + .../cvss/confidentiality_requirement.py | 4 + src/ssvc/decision_points/cvss/helpers.py | 20 +- .../cvss/integrity_requirement.py | 4 + .../decision_points/cvss/modified/__init__.py | 20 + ...modified_subsequent_availability_impact.py | 46 + .../modified_subsequent_integrity_impact.py | 53 + src/ssvc/decision_tables/base.py | 7 + src/ssvc/decision_tables/cvss/__init__.py | 22 + .../cvss/equivalence_set_five.py | 63 + .../cvss/equivalence_set_four.py | 357 + .../cvss/equivalence_set_one.py | 280 + .../cvss/equivalence_set_six.py | 6638 +++++++++ .../cvss/equivalence_set_three.py | 230 + .../cvss/equivalence_set_two.py | 65 + src/ssvc/decision_tables/helpers.py | 26 +- src/ssvc/decision_tables/ssvc/coord_pub_dt.py | 9 +- src/test/decision_tables/cvss/__init__.py | 22 + src/test/decision_tables/cvss/test_eq1.py | 66 + src/test/decision_tables/cvss/test_eq2.py | 54 + src/test/decision_tables/cvss/test_eq3.py | 64 + src/test/decision_tables/cvss/test_eq4.py | 62 + src/test/decision_tables/cvss/test_eq5.py | 59 + src/test/decision_tables/cvss/test_eq6.py | 67 + src/test/decision_tables/test_base.py | 40 + 48 files changed, 26299 insertions(+), 1690 deletions(-) create mode 100644 data/json/decision_points/cvss/availability_requirement_without_not_defined__1_1_1.json create mode 100644 data/json/decision_points/cvss/confidentiality_requirement_without_not_defined__1_1_1.json create mode 100644 data/json/decision_points/cvss/integrity_requirement_without_not_defined__1_1_1.json create mode 100644 data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_without_not_defined__1_0_1.json create mode 100644 data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_without_not_defined__1_0_1.json create mode 100644 data/json/decision_tables/cvss/cvss_equivalence_set_5_1_0_0.json create mode 100644 data/json/decision_tables/cvss/cvss_v4_equivalence_set_1_1_0_0.json create mode 100644 data/json/decision_tables/cvss/cvss_v4_equivalence_set_2_1_0_0.json create mode 100644 data/json/decision_tables/cvss/cvss_v4_equivalence_set_3_1_0_0.json create mode 100644 data/json/decision_tables/cvss/cvss_v4_equivalence_set_4_1_0_0.json create mode 100644 data/json/decision_tables/cvss/cvss_v4_equivalence_set_6_1_0_0.json create mode 100644 src/ssvc/decision_points/cvss/modified/__init__.py create mode 100644 src/ssvc/decision_points/cvss/modified/modified_subsequent_availability_impact.py create mode 100644 src/ssvc/decision_points/cvss/modified/modified_subsequent_integrity_impact.py create mode 100644 src/ssvc/decision_tables/cvss/__init__.py create mode 100644 src/ssvc/decision_tables/cvss/equivalence_set_five.py create mode 100644 src/ssvc/decision_tables/cvss/equivalence_set_four.py create mode 100644 src/ssvc/decision_tables/cvss/equivalence_set_one.py create mode 100644 src/ssvc/decision_tables/cvss/equivalence_set_six.py create mode 100644 src/ssvc/decision_tables/cvss/equivalence_set_three.py create mode 100644 src/ssvc/decision_tables/cvss/equivalence_set_two.py create mode 100644 src/test/decision_tables/cvss/__init__.py create mode 100644 src/test/decision_tables/cvss/test_eq1.py create mode 100644 src/test/decision_tables/cvss/test_eq2.py create mode 100644 src/test/decision_tables/cvss/test_eq3.py create mode 100644 src/test/decision_tables/cvss/test_eq4.py create mode 100644 src/test/decision_tables/cvss/test_eq5.py create mode 100644 src/test/decision_tables/cvss/test_eq6.py diff --git a/data/json/decision_points/cvss/access_complexity_1_0_0.json b/data/json/decision_points/cvss/access_complexity_1_0_0.json index d890c949..2fb2dca4 100644 --- a/data/json/decision_points/cvss/access_complexity_1_0_0.json +++ b/data/json/decision_points/cvss/access_complexity_1_0_0.json @@ -6,15 +6,15 @@ "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", "schemaVersion": "2.0.0", "values": [ - { - "key": "L", - "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable." - }, { "key": "H", "name": "High", "description": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)" + }, + { + "key": "L", + "name": "Low", + "description": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable." } ] } diff --git a/data/json/decision_points/cvss/access_complexity_2_0_0.json b/data/json/decision_points/cvss/access_complexity_2_0_0.json index 8b1e2dfe..ff8b6c5d 100644 --- a/data/json/decision_points/cvss/access_complexity_2_0_0.json +++ b/data/json/decision_points/cvss/access_complexity_2_0_0.json @@ -7,9 +7,9 @@ "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist." + "key": "H", + "name": "High", + "description": "Specialized access conditions exist." }, { "key": "M", @@ -17,9 +17,9 @@ "description": "The access conditions are somewhat specialized." }, { - "key": "H", - "name": "High", - "description": "Specialized access conditions exist." + "key": "L", + "name": "Low", + "description": "Specialized access conditions or extenuating circumstances do not exist." } ] } diff --git a/data/json/decision_points/cvss/attack_complexity_3_0_0.json b/data/json/decision_points/cvss/attack_complexity_3_0_0.json index d4d3a781..d5d89c07 100644 --- a/data/json/decision_points/cvss/attack_complexity_3_0_0.json +++ b/data/json/decision_points/cvss/attack_complexity_3_0_0.json @@ -6,15 +6,15 @@ "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "schemaVersion": "2.0.0", "values": [ - { - "key": "L", - "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." - }, { "key": "H", "name": "High", "description": "A successful attack depends on conditions beyond the attacker's control." + }, + { + "key": "L", + "name": "Low", + "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." } ] } diff --git a/data/json/decision_points/cvss/attack_complexity_3_0_1.json b/data/json/decision_points/cvss/attack_complexity_3_0_1.json index a7f795f2..88ed9707 100644 --- a/data/json/decision_points/cvss/attack_complexity_3_0_1.json +++ b/data/json/decision_points/cvss/attack_complexity_3_0_1.json @@ -6,15 +6,15 @@ "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "schemaVersion": "2.0.0", "values": [ - { - "key": "L", - "name": "Low", - "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " - }, { "key": "H", "name": "High", "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + }, + { + "key": "L", + "name": "Low", + "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " } ] } diff --git a/data/json/decision_points/cvss/attack_requirements_1_0_0.json b/data/json/decision_points/cvss/attack_requirements_1_0_0.json index 3682f723..49219df7 100644 --- a/data/json/decision_points/cvss/attack_requirements_1_0_0.json +++ b/data/json/decision_points/cvss/attack_requirements_1_0_0.json @@ -6,15 +6,15 @@ "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "schemaVersion": "2.0.0", "values": [ - { - "key": "N", - "name": "None", - "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." - }, { "key": "P", "name": "Present", "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + }, + { + "key": "N", + "name": "None", + "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." } ] } diff --git a/data/json/decision_points/cvss/availability_requirement_without_not_defined__1_1_1.json b/data/json/decision_points/cvss/availability_requirement_without_not_defined__1_1_1.json new file mode 100644 index 00000000..c4d36b64 --- /dev/null +++ b/data/json/decision_points/cvss/availability_requirement_without_not_defined__1_1_1.json @@ -0,0 +1,25 @@ +{ + "namespace": "cvss", + "key": "AR_NoX", + "version": "1.1.1", + "name": "Availability Requirement (without Not Defined)", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + } + ] +} diff --git a/data/json/decision_points/cvss/confidentiality_requirement_without_not_defined__1_1_1.json b/data/json/decision_points/cvss/confidentiality_requirement_without_not_defined__1_1_1.json new file mode 100644 index 00000000..12e989e4 --- /dev/null +++ b/data/json/decision_points/cvss/confidentiality_requirement_without_not_defined__1_1_1.json @@ -0,0 +1,25 @@ +{ + "namespace": "cvss", + "key": "CR_NoX", + "version": "1.1.1", + "name": "Confidentiality Requirement (without Not Defined)", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + } + ] +} diff --git a/data/json/decision_points/cvss/integrity_requirement_without_not_defined__1_1_1.json b/data/json/decision_points/cvss/integrity_requirement_without_not_defined__1_1_1.json new file mode 100644 index 00000000..48563745 --- /dev/null +++ b/data/json/decision_points/cvss/integrity_requirement_without_not_defined__1_1_1.json @@ -0,0 +1,25 @@ +{ + "namespace": "cvss", + "key": "IR_NoX", + "version": "1.1.1", + "name": "Integrity Requirement (without Not Defined)", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + } + ] +} diff --git a/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json b/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json index 08b6e2d3..c71ee607 100644 --- a/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json +++ b/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json @@ -6,16 +6,16 @@ "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "schemaVersion": "2.0.0", "values": [ - { - "key": "L", - "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." - }, { "key": "H", "name": "High", "description": "A successful attack depends on conditions beyond the attacker's control." }, + { + "key": "L", + "name": "Low", + "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." + }, { "key": "X", "name": "Not Defined", diff --git a/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json b/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json index 126c124f..20df5d53 100644 --- a/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json +++ b/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json @@ -6,16 +6,16 @@ "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "schemaVersion": "2.0.0", "values": [ - { - "key": "L", - "name": "Low", - "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " - }, { "key": "H", "name": "High", "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." }, + { + "key": "L", + "name": "Low", + "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + }, { "key": "X", "name": "Not Defined", diff --git a/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json b/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json index 8918444c..60ae3f61 100644 --- a/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json +++ b/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json @@ -6,16 +6,16 @@ "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "schemaVersion": "2.0.0", "values": [ - { - "key": "N", - "name": "None", - "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." - }, { "key": "P", "name": "Present", "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." }, + { + "key": "N", + "name": "None", + "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + }, { "key": "X", "name": "Not Defined", diff --git a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_1.json b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_1.json index f50c62e2..0d8de3f9 100644 --- a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_1.json +++ b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_1.json @@ -25,6 +25,11 @@ "key": "X", "name": "Not Defined", "description": "This metric value is not defined. See CVSS documentation for details." + }, + { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] } diff --git a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_without_not_defined__1_0_1.json b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_without_not_defined__1_0_1.json new file mode 100644 index 00000000..5230980a --- /dev/null +++ b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_without_not_defined__1_0_1.json @@ -0,0 +1,30 @@ +{ + "namespace": "cvss", + "key": "MSA_NoX", + "version": "1.0.1", + "name": "Modified Availability Impact to the Subsequent System (without Not Defined)", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + } + ] +} diff --git a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_without_not_defined__1_0_1.json b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_without_not_defined__1_0_1.json new file mode 100644 index 00000000..1af512ba --- /dev/null +++ b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_without_not_defined__1_0_1.json @@ -0,0 +1,30 @@ +{ + "namespace": "cvss", + "key": "MSI_NoX", + "version": "1.0.1", + "name": "Modified Integrity Impact to the Subsequent System (without Not Defined)", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + }, + { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + } + ] +} diff --git a/data/json/decision_tables/cvss/cvss_equivalence_set_5_1_0_0.json b/data/json/decision_tables/cvss/cvss_equivalence_set_5_1_0_0.json new file mode 100644 index 00000000..f8adf99e --- /dev/null +++ b/data/json/decision_tables/cvss/cvss_equivalence_set_5_1_0_0.json @@ -0,0 +1,80 @@ +{ + "namespace": "cvss", + "key": "DT_CVSS_EQ5", + "version": "1.0.0", + "name": "CVSS Equivalence Set 5", + "description": "CVSS Equivalence Set 5 Decision Table", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:E:2.0.0": { + "namespace": "cvss", + "key": "E", + "version": "2.0.0", + "name": "Exploit Maturity", + "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "U", + "name": "Unreported", + "description": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + }, + { + "key": "P", + "name": "Proof-of-Concept", + "description": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + }, + { + "key": "A", + "name": "Attacked", + "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "cvss:EQ5:1.0.0": { + "namespace": "cvss", + "key": "EQ5", + "version": "1.0.0", + "name": "Equivalence Set 5", + "description": "E with 3 levels specified in Table 28", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: E:U" + }, + { + "key": "M", + "name": "Medium", + "description": "1: E:P" + }, + { + "key": "H", + "name": "High", + "description": "0: E:A" + } + ] + } + }, + "outcome": "cvss:EQ5:1.0.0", + "mapping": [ + { + "cvss:E:2.0.0": "U", + "cvss:EQ5:1.0.0": "L" + }, + { + "cvss:E:2.0.0": "P", + "cvss:EQ5:1.0.0": "M" + }, + { + "cvss:E:2.0.0": "A", + "cvss:EQ5:1.0.0": "H" + } + ] +} diff --git a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_1_1_0_0.json b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_1_1_0_0.json new file mode 100644 index 00000000..6f3ade36 --- /dev/null +++ b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_1_1_0_0.json @@ -0,0 +1,334 @@ +{ + "namespace": "cvss", + "key": "DT_CVSS4_EQ1", + "version": "1.0.0", + "name": "CVSS v4 Equivalence Set 1", + "description": "This decision table models equivalence set 1 from CVSS v4. Factors include Attack Vector (AV), Privileges Required (PR), and User Interaction (UI).", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:AV:3.0.1": { + "namespace": "cvss", + "key": "AV", + "version": "3.0.1", + "name": "Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "P", + "name": "Physical", + "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + }, + { + "key": "L", + "name": "Local", + "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + }, + { + "key": "A", + "name": "Adjacent", + "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + }, + { + "key": "N", + "name": "Network", + "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + } + ] + }, + "cvss:PR:1.0.1": { + "namespace": "cvss", + "key": "PR", + "version": "1.0.1", + "name": "Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + }, + { + "key": "L", + "name": "Low", + "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + }, + { + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + } + ] + }, + "cvss:UI:2.0.0": { + "namespace": "cvss", + "key": "UI", + "version": "2.0.0", + "name": "User Interaction", + "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "A", + "name": "Active", + "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + }, + { + "key": "P", + "name": "Passive", + "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + }, + { + "key": "N", + "name": "None", + "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + } + ] + }, + "cvss:EQ1:1.0.0": { + "namespace": "cvss", + "key": "EQ1", + "version": "1.0.0", + "name": "Equivalence Set 1", + "description": "AV/PR/UI with 3 levels specified in Table 24", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: AV:P or not(AV:N or PR:N or UI:N)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" + }, + { + "key": "H", + "name": "High", + "description": "0: AV:N and PR:N and UI:N" + } + ] + } + }, + "outcome": "cvss:EQ1:1.0.0", + "mapping": [ + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "H" + } + ] +} diff --git a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_2_1_0_0.json b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_2_1_0_0.json new file mode 100644 index 00000000..f60778e9 --- /dev/null +++ b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_2_1_0_0.json @@ -0,0 +1,93 @@ +{ + "namespace": "cvss", + "key": "DT_CVSS4_EQ2", + "version": "1.0.0", + "name": "CVSS v4 Equivalence Set 2", + "description": "This decision table models equivalence set 2 from CVSS v4. Factors include Attack Complexity (AC) and Attack Requirements (AT).", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:AC:3.0.1": { + "namespace": "cvss", + "key": "AC", + "version": "3.0.1", + "name": "Attack Complexity", + "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "H", + "name": "High", + "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + }, + { + "key": "L", + "name": "Low", + "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + } + ] + }, + "cvss:AT:1.0.0": { + "namespace": "cvss", + "key": "AT", + "version": "1.0.0", + "name": "Attack Requirements", + "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "P", + "name": "Present", + "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + }, + { + "key": "N", + "name": "None", + "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + } + ] + }, + "cvss:EQ2:1.0.0": { + "namespace": "cvss", + "key": "EQ2", + "version": "1.0.0", + "name": "Equivalence Set 2", + "description": "AC/AT with 2 levels specified in Table 25", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "1: not (AC:L and AT:N)" + }, + { + "key": "H", + "name": "High", + "description": "0: AC:L and AT:N" + } + ] + } + }, + "outcome": "cvss:EQ2:1.0.0", + "mapping": [ + { + "cvss:AC:3.0.1": "H", + "cvss:AT:1.0.0": "P", + "cvss:EQ2:1.0.0": "L" + }, + { + "cvss:AC:3.0.1": "L", + "cvss:AT:1.0.0": "P", + "cvss:EQ2:1.0.0": "L" + }, + { + "cvss:AC:3.0.1": "H", + "cvss:AT:1.0.0": "N", + "cvss:EQ2:1.0.0": "L" + }, + { + "cvss:AC:3.0.1": "L", + "cvss:AT:1.0.0": "N", + "cvss:EQ2:1.0.0": "H" + } + ] +} diff --git a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_3_1_0_0.json b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_3_1_0_0.json new file mode 100644 index 00000000..b27b5d8b --- /dev/null +++ b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_3_1_0_0.json @@ -0,0 +1,275 @@ +{ + "namespace": "cvss", + "key": "DT_CVSS4_EQ3", + "version": "1.0.0", + "name": "CVSS v4 Equivalence Set 3", + "description": "This decision table models equivalence set 3 from CVSS v4.", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:VC:3.0.0": { + "namespace": "cvss", + "key": "VC", + "version": "3.0.0", + "name": "Confidentiality Impact to the Vulnerable System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of confidentiality within the impacted component." + }, + { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + } + ] + }, + "cvss:VI:3.0.0": { + "namespace": "cvss", + "key": "VI", + "version": "3.0.0", + "name": "Integrity Impact to the Vulnerable System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of integrity within the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection." + } + ] + }, + "cvss:VA:3.0.0": { + "namespace": "cvss", + "key": "VA", + "version": "3.0.0", + "name": "Availability Impact to the Vulnerable System", + "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no impact to availability within the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + } + ] + }, + "cvss:EQ3:1.0.0": { + "namespace": "cvss", + "key": "EQ3", + "version": "1.0.0", + "name": "Equivalence Set 3", + "description": "VC/VI/VA with 3 levels specified in Table 26", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: not (VC:H or VI:H or VA:H)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: VC:H and VI:H" + } + ] + } + }, + "outcome": "cvss:EQ3:1.0.0", + "mapping": [ + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "L" + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "L" + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "L" + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "L" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "L" + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "L" + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "L" + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "L" + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "H" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "H" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "H" + } + ] +} diff --git a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_4_1_0_0.json b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_4_1_0_0.json new file mode 100644 index 00000000..440b97cf --- /dev/null +++ b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_4_1_0_0.json @@ -0,0 +1,411 @@ +{ + "namespace": "cvss", + "key": "DT_CVSS4_EQ4", + "version": "1.0.0", + "name": "CVSS v4 Equivalence Set 4", + "description": "This decision table models equivalence set 4 from CVSS v4.", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:SC:1.0.0": { + "namespace": "cvss", + "key": "SC", + "version": "1.0.0", + "name": "Confidentiality Impact to the Subsequent System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + } + ] + }, + "cvss:MSI_NoX:1.0.1": { + "namespace": "cvss", + "key": "MSI_NoX", + "version": "1.0.1", + "name": "Modified Integrity Impact to the Subsequent System (without Not Defined)", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + }, + { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + } + ] + }, + "cvss:MSA_NoX:1.0.1": { + "namespace": "cvss", + "key": "MSA_NoX", + "version": "1.0.1", + "name": "Modified Availability Impact to the Subsequent System (without Not Defined)", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + } + ] + }, + "cvss:EQ4:1.0.0": { + "namespace": "cvss", + "key": "EQ4", + "version": "1.0.0", + "name": "Equivalence Set 4", + "description": "SC/SI/SA with 3 levels specified in Table 27", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: MSI:S or MSA:S" + } + ] + } + }, + "outcome": "cvss:EQ4:1.0.0", + "mapping": [ + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "L" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "L" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "L" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "L" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "L" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "L" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "L" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "L" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + } + ] +} diff --git a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_6_1_0_0.json b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_6_1_0_0.json new file mode 100644 index 00000000..b51bf831 --- /dev/null +++ b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_6_1_0_0.json @@ -0,0 +1,6744 @@ +{ + "namespace": "cvss", + "key": "DT_CVSS4_EQ6", + "version": "1.0.0", + "name": "CVSS v4 Equivalence Set 6", + "description": "This decision table models equivalence set 6 from CVSS v4.", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:CR_NoX:1.1.1": { + "namespace": "cvss", + "key": "CR_NoX", + "version": "1.1.1", + "name": "Confidentiality Requirement (without Not Defined)", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + } + ] + }, + "cvss:VC:3.0.0": { + "namespace": "cvss", + "key": "VC", + "version": "3.0.0", + "name": "Confidentiality Impact to the Vulnerable System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of confidentiality within the impacted component." + }, + { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + } + ] + }, + "cvss:IR_NoX:1.1.1": { + "namespace": "cvss", + "key": "IR_NoX", + "version": "1.1.1", + "name": "Integrity Requirement (without Not Defined)", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + } + ] + }, + "cvss:VI:3.0.0": { + "namespace": "cvss", + "key": "VI", + "version": "3.0.0", + "name": "Integrity Impact to the Vulnerable System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of integrity within the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection." + } + ] + }, + "cvss:AR_NoX:1.1.1": { + "namespace": "cvss", + "key": "AR_NoX", + "version": "1.1.1", + "name": "Availability Requirement (without Not Defined)", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + } + ] + }, + "cvss:VA:3.0.0": { + "namespace": "cvss", + "key": "VA", + "version": "3.0.0", + "name": "Availability Impact to the Vulnerable System", + "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no impact to availability within the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + } + ] + }, + "cvss:EQ6:1.0.0": { + "namespace": "cvss", + "key": "EQ6", + "version": "1.0.0", + "name": "Equivalence Set 6", + "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" + } + ] + } + }, + "outcome": "cvss:EQ6:1.0.0", + "mapping": [ + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + } + ] +} diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index 47b74b7a..d2782875 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -172,28 +172,28 @@ "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", "schemaVersion": "2.0.0", "values": [ - { - "key": "L", - "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable." - }, { "key": "H", "name": "High", "description": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)" + }, + { + "key": "L", + "name": "Low", + "description": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable." } ] }, "values": { - "L": { - "key": "L", - "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable." - }, "H": { "key": "H", "name": "High", "description": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)" + }, + "L": { + "key": "L", + "name": "Low", + "description": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable." } } }, @@ -208,9 +208,9 @@ "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist." + "key": "H", + "name": "High", + "description": "Specialized access conditions exist." }, { "key": "M", @@ -218,27 +218,27 @@ "description": "The access conditions are somewhat specialized." }, { - "key": "H", - "name": "High", - "description": "Specialized access conditions exist." + "key": "L", + "name": "Low", + "description": "Specialized access conditions or extenuating circumstances do not exist." } ] }, "values": { - "L": { - "key": "L", - "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist." + "H": { + "key": "H", + "name": "High", + "description": "Specialized access conditions exist." }, "M": { "key": "M", "name": "Medium", "description": "The access conditions are somewhat specialized." }, - "H": { - "key": "H", - "name": "High", - "description": "Specialized access conditions exist." + "L": { + "key": "L", + "name": "Low", + "description": "Specialized access conditions or extenuating circumstances do not exist." } } }, @@ -252,28 +252,28 @@ "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "schemaVersion": "2.0.0", "values": [ - { - "key": "L", - "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." - }, { "key": "H", "name": "High", "description": "A successful attack depends on conditions beyond the attacker's control." + }, + { + "key": "L", + "name": "Low", + "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." } ] }, "values": { - "L": { - "key": "L", - "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." - }, "H": { "key": "H", "name": "High", "description": "A successful attack depends on conditions beyond the attacker's control." + }, + "L": { + "key": "L", + "name": "Low", + "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." } } }, @@ -287,28 +287,28 @@ "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "schemaVersion": "2.0.0", "values": [ - { - "key": "L", - "name": "Low", - "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " - }, { "key": "H", "name": "High", "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + }, + { + "key": "L", + "name": "Low", + "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " } ] }, "values": { - "L": { - "key": "L", - "name": "Low", - "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " - }, "H": { "key": "H", "name": "High", "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + }, + "L": { + "key": "L", + "name": "Low", + "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " } } } @@ -327,28 +327,28 @@ "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "schemaVersion": "2.0.0", "values": [ - { - "key": "N", - "name": "None", - "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." - }, { "key": "P", "name": "Present", "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + }, + { + "key": "N", + "name": "None", + "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." } ] }, "values": { - "N": { - "key": "N", - "name": "None", - "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." - }, "P": { "key": "P", "name": "Present", "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + }, + "N": { + "key": "N", + "name": "None", + "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." } } } @@ -949,6 +949,56 @@ } } }, + "AR_NoX": { + "key": "AR_NoX", + "versions": { + "1.1.1": { + "version": "1.1.1", + "obj": { + "namespace": "cvss", + "key": "AR_NoX", + "version": "1.1.1", + "name": "Availability Requirement (without Not Defined)", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "H": { + "key": "H", + "name": "High", + "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + } + } + } + } + }, "CDP": { "key": "CDP", "versions": { @@ -1389,6 +1439,56 @@ } } }, + "CR_NoX": { + "key": "CR_NoX", + "versions": { + "1.1.1": { + "version": "1.1.1", + "obj": { + "namespace": "cvss", + "key": "CR_NoX", + "version": "1.1.1", + "name": "Confidentiality Requirement (without Not Defined)", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "H": { + "key": "H", + "name": "High", + "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + } + } + } + } + }, "EQ1": { "key": "EQ1", "versions": { @@ -2289,138 +2389,83 @@ } } }, - "PR": { - "key": "PR", + "IR_NoX": { + "key": "IR_NoX", "versions": { - "1.0.0": { - "version": "1.0.0", + "1.1.1": { + "version": "1.1.1", "obj": { "namespace": "cvss", - "key": "PR", - "version": "1.0.0", - "name": "Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", + "key": "IR_NoX", + "version": "1.1.1", + "name": "Integrity Requirement (without Not Defined)", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ - { - "key": "H", - "name": "High", - "description": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." - }, { "key": "L", "name": "Low", - "description": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." + "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { - "key": "N", - "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "key": "M", + "name": "Medium", + "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } ] }, "values": { - "H": { - "key": "H", - "name": "High", - "description": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." - }, "L": { "key": "L", "name": "Low", - "description": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." + "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, - "N": { - "key": "N", - "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." - } - } - }, - "1.0.1": { - "version": "1.0.1", - "obj": { - "namespace": "cvss", - "key": "PR", - "version": "1.0.1", - "name": "Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "H", - "name": "High", - "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." - }, - { - "key": "L", - "name": "Low", - "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." - }, - { - "key": "N", - "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." - } - ] - }, - "values": { - "H": { - "key": "H", - "name": "High", - "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." - }, - "L": { - "key": "L", - "name": "Low", - "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." - }, - "N": { - "key": "N", - "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "M": { + "key": "M", + "name": "Medium", + "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "H": { + "key": "H", + "name": "High", + "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } } } } }, - "QS": { - "key": "QS", + "SA": { + "key": "SA", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "QS", + "key": "SA", "version": "1.0.0", - "name": "CVSS Qualitative Severity Rating Scale", - "description": "The CVSS Qualitative Severity Rating Scale provides a categorical representation of a CVSS Score.", + "name": "Availability Impact to the Subsequent System", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "No severity rating (0.0)" + "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Low (0.1 - 3.9)" - }, - { - "key": "M", - "name": "Medium", - "description": "Medium (4.0 - 6.9)" + "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { "key": "H", "name": "High", - "description": "High (7.0 - 8.9)" - }, - { - "key": "C", - "name": "Critical", - "description": "Critical (9.0 - 10.0)" + "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } ] }, @@ -2428,384 +2473,234 @@ "N": { "key": "N", "name": "None", - "description": "No severity rating (0.0)" + "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "Low (0.1 - 3.9)" - }, - "M": { - "key": "M", - "name": "Medium", - "description": "Medium (4.0 - 6.9)" + "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, "H": { "key": "H", "name": "High", - "description": "High (7.0 - 8.9)" - }, - "C": { - "key": "C", - "name": "Critical", - "description": "Critical (9.0 - 10.0)" + "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } } } } }, - "RL": { - "key": "RL", + "MSA": { + "key": "MSA", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "RL", + "key": "MSA", "version": "1.0.0", - "name": "Remediation Level", - "description": "This metric measures the remediation status of a vulnerability.", + "name": "Modified Availability Impact to the Subsequent System", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "schemaVersion": "2.0.0", "values": [ { - "key": "OF", - "name": "Official Fix", - "description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." + "key": "N", + "name": "None", + "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { - "key": "TF", - "name": "Temporary Fix", - "description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + "key": "L", + "name": "Low", + "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { - "key": "W", - "name": "Workaround", - "description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + "key": "H", + "name": "High", + "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, { - "key": "U", - "name": "Unavailable", - "description": "There is either no solution available or it is impossible to apply." + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { - "OF": { - "key": "OF", - "name": "Official Fix", - "description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." + "N": { + "key": "N", + "name": "None", + "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, - "TF": { - "key": "TF", - "name": "Temporary Fix", - "description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + "L": { + "key": "L", + "name": "Low", + "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, - "W": { - "key": "W", - "name": "Workaround", - "description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, - "U": { - "key": "U", - "name": "Unavailable", - "description": "There is either no solution available or it is impossible to apply." + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." } } }, - "1.1.0": { - "version": "1.1.0", + "1.0.1": { + "version": "1.0.1", "obj": { "namespace": "cvss", - "key": "RL", - "version": "1.1.0", - "name": "Remediation Level", - "description": "This metric measures the remediation status of a vulnerability.", + "key": "MSA", + "version": "1.0.1", + "name": "Modified Availability Impact to the Subsequent System", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "schemaVersion": "2.0.0", "values": [ { - "key": "OF", - "name": "Official Fix", - "description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." - }, - { - "key": "TF", - "name": "Temporary Fix", - "description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + "key": "N", + "name": "Negligible", + "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { - "key": "W", - "name": "Workaround", - "description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + "key": "L", + "name": "Low", + "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { - "key": "U", - "name": "Unavailable", - "description": "There is either no solution available or it is impossible to apply." + "key": "H", + "name": "High", + "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, { "key": "X", "name": "Not Defined", "description": "This metric value is not defined. See CVSS documentation for details." + }, + { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] }, "values": { - "OF": { - "key": "OF", - "name": "Official Fix", - "description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." - }, - "TF": { - "key": "TF", - "name": "Temporary Fix", - "description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + "N": { + "key": "N", + "name": "Negligible", + "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, - "W": { - "key": "W", - "name": "Workaround", - "description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + "L": { + "key": "L", + "name": "Low", + "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, - "U": { - "key": "U", - "name": "Unavailable", - "description": "There is either no solution available or it is impossible to apply." + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, "X": { "key": "X", "name": "Not Defined", "description": "This metric value is not defined. See CVSS documentation for details." + }, + "S": { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } } } } }, - "RC": { - "key": "RC", + "MSA_NoX": { + "key": "MSA_NoX", "versions": { - "1.0.0": { - "version": "1.0.0", + "1.0.1": { + "version": "1.0.1", "obj": { "namespace": "cvss", - "key": "RC", - "version": "1.0.0", - "name": "Report Confidence", - "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", + "key": "MSA_NoX", + "version": "1.0.1", + "name": "Modified Availability Impact to the Subsequent System (without Not Defined)", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { - "key": "UC", - "name": "Unconfirmed", - "description": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." + "key": "N", + "name": "Negligible", + "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { - "key": "UR", - "name": "Uncorroborated", - "description": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + "key": "L", + "name": "Low", + "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { - "key": "C", - "name": "Confirmed", - "description": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." + "key": "H", + "name": "High", + "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] }, "values": { - "UC": { - "key": "UC", - "name": "Unconfirmed", - "description": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." - }, - "UR": { - "key": "UR", - "name": "Uncorroborated", - "description": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." - }, - "C": { - "key": "C", - "name": "Confirmed", - "description": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." - } - } - }, - "1.1.0": { - "version": "1.1.0", - "obj": { - "namespace": "cvss", - "key": "RC", - "version": "1.1.0", - "name": "Report Confidence", - "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "UC", - "name": "Unconfirmed", - "description": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." - }, - { - "key": "UR", - "name": "Uncorroborated", - "description": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." - }, - { - "key": "C", - "name": "Confirmed", - "description": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." - }, - { - "key": "ND", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - } - ] - }, - "values": { - "UC": { - "key": "UC", - "name": "Unconfirmed", - "description": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." - }, - "UR": { - "key": "UR", - "name": "Uncorroborated", - "description": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." - }, - "C": { - "key": "C", - "name": "Confirmed", - "description": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." - }, - "ND": { - "key": "ND", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - } - } - }, - "2.0.0": { - "version": "2.0.0", - "obj": { - "namespace": "cvss", - "key": "RC", - "version": "2.0.0", - "name": "Report Confidence", - "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "U", - "name": "Unknown", - "description": "There are reports of impacts that indicate a vulnerability is present. The reports indicate that the cause of the vulnerability is unknown, or reports may differ on the cause or impacts of the vulnerability. Reporters are uncertain of the true nature of the vulnerability, and there is little confidence in the validity of the reports or whether a static Base score can be applied given the differences described." - }, - { - "key": "R", - "name": "Reasonable", - "description": "Significant details are published, but researchers either do not have full confidence in the root cause, or do not have access to source code to fully confirm all of the interactions that may lead to the result. Reasonable confidence exists, however, that the bug is reproducible and at least one impact is able to be verified (proof-of-concept exploits may provide this)." - }, - { - "key": "C", - "name": "Confirmed", - "description": "Detailed reports exist, or functional reproduction is possible (functional exploits may provide this). Source code is available to independently verify the assertions of the research, or the author or vendor of the affected code has confirmed the presence of the vulnerability." - }, - { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - } - ] - }, - "values": { - "U": { - "key": "U", - "name": "Unknown", - "description": "There are reports of impacts that indicate a vulnerability is present. The reports indicate that the cause of the vulnerability is unknown, or reports may differ on the cause or impacts of the vulnerability. Reporters are uncertain of the true nature of the vulnerability, and there is little confidence in the validity of the reports or whether a static Base score can be applied given the differences described." - }, - "R": { - "key": "R", - "name": "Reasonable", - "description": "Significant details are published, but researchers either do not have full confidence in the root cause, or do not have access to source code to fully confirm all of the interactions that may lead to the result. Reasonable confidence exists, however, that the bug is reproducible and at least one impact is able to be verified (proof-of-concept exploits may provide this)." + "N": { + "key": "N", + "name": "Negligible", + "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, - "C": { - "key": "C", - "name": "Confirmed", - "description": "Detailed reports exist, or functional reproduction is possible (functional exploits may provide this). Source code is available to independently verify the assertions of the research, or the author or vendor of the affected code has confirmed the presence of the vulnerability." + "L": { + "key": "L", + "name": "Low", + "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, - "X": { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - } - } - } - } - }, - "S": { - "key": "S", - "versions": { - "1.0.0": { - "version": "1.0.0", - "obj": { - "namespace": "cvss", - "key": "S", - "version": "1.0.0", - "name": "Scope", - "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "U", - "name": "Unchanged", - "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." - }, - { - "key": "C", - "name": "Changed", - "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." - } - ] - }, - "values": { - "U": { - "key": "U", - "name": "Unchanged", - "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, - "C": { - "key": "C", - "name": "Changed", - "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + "S": { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } } } } }, - "SA": { - "key": "SA", + "SI": { + "key": "SI", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "SA", + "key": "SI", "version": "1.0.0", - "name": "Availability Impact to the Subsequent System", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", + "name": "Integrity Impact to the Subsequent System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." } ] }, @@ -2813,89 +2708,94 @@ "N": { "key": "N", "name": "None", - "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." } } } } }, - "SC": { - "key": "SC", + "MSI": { + "key": "MSI", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "SC", + "key": "MSI", "version": "1.0.0", - "name": "Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "name": "Modified Integrity Impact to the Subsequent System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "Negligible", - "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "name": "None", + "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { "N": { "key": "N", - "name": "Negligible", - "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "name": "None", + "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." } } - } - } - }, - "SI": { - "key": "SI", - "versions": { - "1.0.0": { - "version": "1.0.0", + }, + "1.0.1": { + "version": "1.0.1", "obj": { "namespace": "cvss", - "key": "SI", - "version": "1.0.0", - "name": "Integrity Impact to the Subsequent System", + "key": "MSI", + "version": "1.0.1", + "name": "Modified Integrity Impact to the Subsequent System", "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "None", - "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "name": "Negligible", + "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { "key": "L", @@ -2906,14 +2806,24 @@ "key": "H", "name": "High", "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." - } - ] - }, - "values": { + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + }, + { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + } + ] + }, + "values": { "N": { "key": "N", - "name": "None", - "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "name": "Negligible", + "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, "L": { "key": "L", @@ -2924,406 +2834,301 @@ "key": "H", "name": "High", "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + }, + "S": { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } } } } }, - "AU": { - "key": "AU", + "MSI_NoX": { + "key": "MSI_NoX", "versions": { - "1.0.0": { - "version": "1.0.0", + "1.0.1": { + "version": "1.0.1", "obj": { "namespace": "cvss", - "key": "AU", - "version": "1.0.0", - "name": "Automatable", - "description": "The \"Automatable\" metric captures the answer to the question \"Can an attacker automate exploitation events for this vulnerability across multiple targets?\" based on steps 1-4 of the kill chain.", + "key": "MSI_NoX", + "version": "1.0.1", + "name": "Modified Integrity Impact to the Subsequent System (without Not Defined)", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "No", - "description": "Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + "name": "Negligible", + "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { - "key": "Y", - "name": "Yes", - "description": "Attackers can reliably automate all 4 steps of the kill chain. These steps are reconnaissance, weaponization, delivery, and exploitation (e.g., the vulnerability is \"wormable\")." + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + }, + { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] }, "values": { "N": { "key": "N", - "name": "No", - "description": "Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + "name": "Negligible", + "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, - "Y": { - "key": "Y", - "name": "Yes", - "description": "Attackers can reliably automate all 4 steps of the kill chain. These steps are reconnaissance, weaponization, delivery, and exploitation (e.g., the vulnerability is \"wormable\")." + "L": { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, - "X": { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + }, + "S": { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } } } } }, - "U": { - "key": "U", + "PR": { + "key": "PR", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "U", + "key": "PR", "version": "1.0.0", - "name": "Provider Urgency", - "description": "Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional \"pass-through\" Supplemental Metric called Provider Urgency is available.", + "name": "Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - }, - { - "key": "C", - "name": "Clear", - "description": "Provider has assessed the impact of this vulnerability as having no urgency (Informational)." - }, - { - "key": "G", - "name": "Green", - "description": "Provider has assessed the impact of this vulnerability as having a reduced urgency." + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." }, { - "key": "A", - "name": "Amber", - "description": "Provider has assessed the impact of this vulnerability as having a moderate urgency." + "key": "L", + "name": "Low", + "description": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." }, { - "key": "R", - "name": "Red", - "description": "Provider has assessed the impact of this vulnerability as having the highest urgency." + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." } ] }, "values": { - "X": { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - }, - "C": { - "key": "C", - "name": "Clear", - "description": "Provider has assessed the impact of this vulnerability as having no urgency (Informational)." - }, - "G": { - "key": "G", - "name": "Green", - "description": "Provider has assessed the impact of this vulnerability as having a reduced urgency." + "H": { + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." }, - "A": { - "key": "A", - "name": "Amber", - "description": "Provider has assessed the impact of this vulnerability as having a moderate urgency." + "L": { + "key": "L", + "name": "Low", + "description": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." }, - "R": { - "key": "R", - "name": "Red", - "description": "Provider has assessed the impact of this vulnerability as having the highest urgency." + "N": { + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." } } - } - } - }, - "R": { - "key": "R", - "versions": { - "1.0.0": { - "version": "1.0.0", + }, + "1.0.1": { + "version": "1.0.1", "obj": { "namespace": "cvss", - "key": "R", - "version": "1.0.0", - "name": "Recovery", - "description": "The Recovery metric describes the resilience of a system to recover services, in terms of performance and availability, after an attack has been performed.", + "key": "PR", + "version": "1.0.1", + "name": "Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "schemaVersion": "2.0.0", "values": [ { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - }, - { - "key": "A", - "name": "Automatic", - "description": "The system recovers services automatically after an attack has been performed." + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." }, { - "key": "U", - "name": "User", - "description": "The system requires manual intervention by the user to recover services, after an attack has been performed." + "key": "L", + "name": "Low", + "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." }, { - "key": "I", - "name": "Irrecoverable", - "description": "The system services are irrecoverable by the user, after an attack has been performed." + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." } ] }, "values": { - "X": { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - }, - "A": { - "key": "A", - "name": "Automatic", - "description": "The system recovers services automatically after an attack has been performed." + "H": { + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." }, - "U": { - "key": "U", - "name": "User", - "description": "The system requires manual intervention by the user to recover services, after an attack has been performed." + "L": { + "key": "L", + "name": "Low", + "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." }, - "I": { - "key": "I", - "name": "Irrecoverable", - "description": "The system services are irrecoverable by the user, after an attack has been performed." + "N": { + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." } } } } }, - "SF": { - "key": "SF", + "QS": { + "key": "QS", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "SF", + "key": "QS", "version": "1.0.0", - "name": "Safety", - "description": "The Safety decision point is a measure of the potential for harm to humans or the environment.", + "name": "CVSS Qualitative Severity Rating Scale", + "description": "The CVSS Qualitative Severity Rating Scale provides a categorical representation of a CVSS Score.", "schemaVersion": "2.0.0", "values": [ { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "key": "N", + "name": "None", + "description": "No severity rating (0.0)" }, { - "key": "P", - "name": "Present", - "description": "Consequences of the vulnerability meet definition of IEC 61508 consequence categories of \"marginal,\" \"critical,\" or \"catastrophic.\"" - }, - { - "key": "N", - "name": "Negligible", - "description": "Consequences of the vulnerability meet definition of IEC 61508 consequence category \"negligible.\"" - } - ] - }, - "values": { - "X": { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - }, - "P": { - "key": "P", - "name": "Present", - "description": "Consequences of the vulnerability meet definition of IEC 61508 consequence categories of \"marginal,\" \"critical,\" or \"catastrophic.\"" - }, - "N": { - "key": "N", - "name": "Negligible", - "description": "Consequences of the vulnerability meet definition of IEC 61508 consequence category \"negligible.\"" - } - } - } - } - }, - "V": { - "key": "V", - "versions": { - "1.0.0": { - "version": "1.0.0", - "obj": { - "namespace": "cvss", - "key": "V", - "version": "1.0.0", - "name": "Value Density", - "description": "Value Density describes the resources that the attacker will gain control over with a single exploitation event. It has two possible values, diffuse and concentrated.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - }, - { - "key": "D", - "name": "Diffuse", - "description": "The vulnerable system has limited resources. That is, the resources that the attacker will gain control over with a single exploitation event are relatively small." - }, - { - "key": "C", - "name": "Concentrated", - "description": "The vulnerable system is rich in resources. Heuristically, such systems are often the direct responsibility of \"system operators\" rather than users." - } - ] - }, - "values": { - "X": { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - }, - "D": { - "key": "D", - "name": "Diffuse", - "description": "The vulnerable system has limited resources. That is, the resources that the attacker will gain control over with a single exploitation event are relatively small." - }, - "C": { - "key": "C", - "name": "Concentrated", - "description": "The vulnerable system is rich in resources. Heuristically, such systems are often the direct responsibility of \"system operators\" rather than users." - } - } - } - } - }, - "RE": { - "key": "RE", - "versions": { - "1.0.0": { - "version": "1.0.0", - "obj": { - "namespace": "cvss", - "key": "RE", - "version": "1.0.0", - "name": "Vulnerability Response Effort", - "description": "The intention of the Vulnerability Response Effort metric is to provide supplemental information on how difficult it is for consumers to provide an initial response to the impact of vulnerabilities for deployed products and services in their infrastructure. The consumer can then take this additional information on effort required into consideration when applying mitigations and/or scheduling remediation.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - }, - { - "key": "L", - "name": "Low", - "description": "The effort required to respond to a vulnerability is low/trivial." + "key": "L", + "name": "Low", + "description": "Low (0.1 - 3.9)" }, { "key": "M", - "name": "Moderate", - "description": "The actions required to respond to a vulnerability require some effort on behalf of the consumer and could cause minimal service impact to implement." + "name": "Medium", + "description": "Medium (4.0 - 6.9)" }, { "key": "H", "name": "High", - "description": "The actions required to respond to a vulnerability are significant and/or difficult, and may possibly lead to an extended, scheduled service impact. This would need to be considered for scheduling purposes including honoring any embargo on deployment of the selected response. Alternatively, response to the vulnerability in the field is not possible remotely. The only resolution to the vulnerability involves physical replacement (e.g. units deployed would have to be recalled for a depot level repair or replacement)." + "description": "High (7.0 - 8.9)" + }, + { + "key": "C", + "name": "Critical", + "description": "Critical (9.0 - 10.0)" } ] }, "values": { - "X": { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "N": { + "key": "N", + "name": "None", + "description": "No severity rating (0.0)" }, "L": { "key": "L", "name": "Low", - "description": "The effort required to respond to a vulnerability is low/trivial." + "description": "Low (0.1 - 3.9)" }, "M": { "key": "M", - "name": "Moderate", - "description": "The actions required to respond to a vulnerability require some effort on behalf of the consumer and could cause minimal service impact to implement." + "name": "Medium", + "description": "Medium (4.0 - 6.9)" }, "H": { "key": "H", "name": "High", - "description": "The actions required to respond to a vulnerability are significant and/or difficult, and may possibly lead to an extended, scheduled service impact. This would need to be considered for scheduling purposes including honoring any embargo on deployment of the selected response. Alternatively, response to the vulnerability in the field is not possible remotely. The only resolution to the vulnerability involves physical replacement (e.g. units deployed would have to be recalled for a depot level repair or replacement)." + "description": "High (7.0 - 8.9)" + }, + "C": { + "key": "C", + "name": "Critical", + "description": "Critical (9.0 - 10.0)" } } } } }, - "TD": { - "key": "TD", + "RL": { + "key": "RL", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "TD", + "key": "RL", "version": "1.0.0", - "name": "Target Distribution", - "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", + "name": "Remediation Level", + "description": "This metric measures the remediation status of a vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "description": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." + "key": "OF", + "name": "Official Fix", + "description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." }, { - "key": "L", - "name": "Low", - "description": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + "key": "TF", + "name": "Temporary Fix", + "description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." }, { - "key": "M", - "name": "Medium", - "description": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + "key": "W", + "name": "Workaround", + "description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." }, { - "key": "H", - "name": "High", - "description": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + "key": "U", + "name": "Unavailable", + "description": "There is either no solution available or it is impossible to apply." } ] }, "values": { - "N": { - "key": "N", - "name": "None", - "description": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." + "OF": { + "key": "OF", + "name": "Official Fix", + "description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." }, - "L": { - "key": "L", - "name": "Low", - "description": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + "TF": { + "key": "TF", + "name": "Temporary Fix", + "description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." }, - "M": { - "key": "M", - "name": "Medium", - "description": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + "W": { + "key": "W", + "name": "Workaround", + "description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." }, - "H": { - "key": "H", - "name": "High", - "description": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + "U": { + "key": "U", + "name": "Unavailable", + "description": "There is either no solution available or it is impossible to apply." } } }, @@ -3331,31 +3136,31 @@ "version": "1.1.0", "obj": { "namespace": "cvss", - "key": "TD", + "key": "RL", "version": "1.1.0", - "name": "Target Distribution", - "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", + "name": "Remediation Level", + "description": "This metric measures the remediation status of a vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "description": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." + "key": "OF", + "name": "Official Fix", + "description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." }, { - "key": "L", - "name": "Low", - "description": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + "key": "TF", + "name": "Temporary Fix", + "description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." }, { - "key": "M", - "name": "Medium", - "description": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + "key": "W", + "name": "Workaround", + "description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." }, { - "key": "H", - "name": "High", - "description": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + "key": "U", + "name": "Unavailable", + "description": "There is either no solution available or it is impossible to apply." }, { "key": "X", @@ -3365,25 +3170,25 @@ ] }, "values": { - "N": { - "key": "N", - "name": "None", - "description": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." + "OF": { + "key": "OF", + "name": "Official Fix", + "description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." }, - "L": { - "key": "L", - "name": "Low", - "description": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + "TF": { + "key": "TF", + "name": "Temporary Fix", + "description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." }, - "M": { - "key": "M", - "name": "Medium", - "description": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + "W": { + "key": "W", + "name": "Workaround", + "description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." }, - "H": { - "key": "H", - "name": "High", - "description": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + "U": { + "key": "U", + "name": "Unavailable", + "description": "There is either no solution available or it is impossible to apply." }, "X": { "key": "X", @@ -3394,41 +3199,106 @@ } } }, - "UI": { - "key": "UI", + "RC": { + "key": "RC", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "UI", + "key": "RC", "version": "1.0.0", - "name": "User Interaction", - "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", + "name": "Report Confidence", + "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "schemaVersion": "2.0.0", "values": [ { - "key": "R", - "name": "Required", - "description": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + "key": "UC", + "name": "Unconfirmed", + "description": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." }, { - "key": "N", - "name": "None", - "description": "The vulnerable system can be exploited without interaction from any user." + "key": "UR", + "name": "Uncorroborated", + "description": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + }, + { + "key": "C", + "name": "Confirmed", + "description": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." } ] }, "values": { - "R": { - "key": "R", - "name": "Required", - "description": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + "UC": { + "key": "UC", + "name": "Unconfirmed", + "description": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." }, - "N": { - "key": "N", - "name": "None", - "description": "The vulnerable system can be exploited without interaction from any user." + "UR": { + "key": "UR", + "name": "Uncorroborated", + "description": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + }, + "C": { + "key": "C", + "name": "Confirmed", + "description": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." + } + } + }, + "1.1.0": { + "version": "1.1.0", + "obj": { + "namespace": "cvss", + "key": "RC", + "version": "1.1.0", + "name": "Report Confidence", + "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "UC", + "name": "Unconfirmed", + "description": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." + }, + { + "key": "UR", + "name": "Uncorroborated", + "description": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + }, + { + "key": "C", + "name": "Confirmed", + "description": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." + }, + { + "key": "ND", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "UC": { + "key": "UC", + "name": "Unconfirmed", + "description": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." + }, + "UR": { + "key": "UR", + "name": "Uncorroborated", + "description": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + }, + "C": { + "key": "C", + "name": "Confirmed", + "description": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." + }, + "ND": { + "key": "ND", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -3436,151 +3306,171 @@ "version": "2.0.0", "obj": { "namespace": "cvss", - "key": "UI", + "key": "RC", "version": "2.0.0", - "name": "User Interaction", - "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", + "name": "Report Confidence", + "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "schemaVersion": "2.0.0", "values": [ { - "key": "A", - "name": "Active", - "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + "key": "U", + "name": "Unknown", + "description": "There are reports of impacts that indicate a vulnerability is present. The reports indicate that the cause of the vulnerability is unknown, or reports may differ on the cause or impacts of the vulnerability. Reporters are uncertain of the true nature of the vulnerability, and there is little confidence in the validity of the reports or whether a static Base score can be applied given the differences described." }, { - "key": "P", - "name": "Passive", - "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + "key": "R", + "name": "Reasonable", + "description": "Significant details are published, but researchers either do not have full confidence in the root cause, or do not have access to source code to fully confirm all of the interactions that may lead to the result. Reasonable confidence exists, however, that the bug is reproducible and at least one impact is able to be verified (proof-of-concept exploits may provide this)." }, { - "key": "N", - "name": "None", - "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + "key": "C", + "name": "Confirmed", + "description": "Detailed reports exist, or functional reproduction is possible (functional exploits may provide this). Source code is available to independently verify the assertions of the research, or the author or vendor of the affected code has confirmed the presence of the vulnerability." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { - "A": { - "key": "A", - "name": "Active", - "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + "U": { + "key": "U", + "name": "Unknown", + "description": "There are reports of impacts that indicate a vulnerability is present. The reports indicate that the cause of the vulnerability is unknown, or reports may differ on the cause or impacts of the vulnerability. Reporters are uncertain of the true nature of the vulnerability, and there is little confidence in the validity of the reports or whether a static Base score can be applied given the differences described." }, - "P": { - "key": "P", - "name": "Passive", - "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + "R": { + "key": "R", + "name": "Reasonable", + "description": "Significant details are published, but researchers either do not have full confidence in the root cause, or do not have access to source code to fully confirm all of the interactions that may lead to the result. Reasonable confidence exists, however, that the bug is reproducible and at least one impact is able to be verified (proof-of-concept exploits may provide this)." }, - "N": { - "key": "N", - "name": "None", - "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + "C": { + "key": "C", + "name": "Confirmed", + "description": "Detailed reports exist, or functional reproduction is possible (functional exploits may provide this). Source code is available to independently verify the assertions of the research, or the author or vendor of the affected code has confirmed the presence of the vulnerability." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." } } } } }, - "CVSS": { - "key": "CVSS", + "S": { + "key": "S", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "CVSS", + "key": "S", "version": "1.0.0", - "name": "CVSS Qualitative Severity Rating Scale", - "description": "The CVSS Qualitative Severity Rating Scale group.", + "name": "Scope", + "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "U", + "name": "Unchanged", + "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + }, + { + "key": "C", + "name": "Changed", + "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + } + ] + }, + "values": { + "U": { + "key": "U", + "name": "Unchanged", + "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + }, + "C": { + "key": "C", + "name": "Changed", + "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + } + } + } + } + }, + "SC": { + "key": "SC", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "SC", + "version": "1.0.0", + "name": "Confidentiality Impact to the Subsequent System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "None", - "description": "None (0.0)" + "name": "Negligible", + "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Low (0.1-3.9)" - }, - { - "key": "M", - "name": "Medium", - "description": "Medium (4.0-6.9)" + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, { "key": "H", "name": "High", - "description": "High (7.0-8.9)" - }, - { - "key": "C", - "name": "Critical", - "description": "Critical (9.0-10.0)" + "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." } ] }, "values": { "N": { "key": "N", - "name": "None", - "description": "None (0.0)" + "name": "Negligible", + "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "Low (0.1-3.9)" - }, - "M": { - "key": "M", - "name": "Medium", - "description": "Medium (4.0-6.9)" + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, "H": { "key": "H", "name": "High", - "description": "High (7.0-8.9)" - }, - "C": { - "key": "C", - "name": "Critical", - "description": "Critical (9.0-10.0)" + "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." } } } } }, - "MAV": { - "key": "MAV", + "AU": { + "key": "AU", "versions": { - "3.0.0": { - "version": "3.0.0", + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MAV", - "version": "3.0.0", - "name": "Modified Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. ", + "key": "AU", + "version": "1.0.0", + "name": "Automatable", + "description": "The \"Automatable\" metric captures the answer to the question \"Can an attacker automate exploitation events for this vulnerability across multiple targets?\" based on steps 1-4 of the kill chain.", "schemaVersion": "2.0.0", "values": [ { - "key": "P", - "name": "Physical", - "description": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." - }, - { - "key": "L", - "name": "Local", - "description": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." - }, - { - "key": "A", - "name": "Adjacent", - "description": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + "key": "N", + "name": "No", + "description": "Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." }, { - "key": "N", - "name": "Network", - "description": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." + "key": "Y", + "name": "Yes", + "description": "Attackers can reliably automate all 4 steps of the kill chain. These steps are reconnaissance, weaponization, delivery, and exploitation (e.g., the vulnerability is \"wormable\")." }, { "key": "X", @@ -3590,25 +3480,15 @@ ] }, "values": { - "P": { - "key": "P", - "name": "Physical", - "description": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." - }, - "L": { - "key": "L", - "name": "Local", - "description": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." - }, - "A": { - "key": "A", - "name": "Adjacent", - "description": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." - }, "N": { "key": "N", - "name": "Network", - "description": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." + "name": "No", + "description": "Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + }, + "Y": { + "key": "Y", + "name": "Yes", + "description": "Attackers can reliably automate all 4 steps of the kill chain. These steps are reconnaissance, weaponization, delivery, and exploitation (e.g., the vulnerability is \"wormable\")." }, "X": { "key": "X", @@ -3616,356 +3496,386 @@ "description": "This metric value is not defined. See CVSS documentation for details." } } - }, - "3.0.1": { - "version": "3.0.1", + } + } + }, + "U": { + "key": "U", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MAV", - "version": "3.0.1", - "name": "Modified Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", + "key": "U", + "version": "1.0.0", + "name": "Provider Urgency", + "description": "Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional \"pass-through\" Supplemental Metric called Provider Urgency is available.", "schemaVersion": "2.0.0", "values": [ { - "key": "P", - "name": "Physical", - "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." }, { - "key": "L", - "name": "Local", - "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + "key": "C", + "name": "Clear", + "description": "Provider has assessed the impact of this vulnerability as having no urgency (Informational)." }, { - "key": "A", - "name": "Adjacent", - "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + "key": "G", + "name": "Green", + "description": "Provider has assessed the impact of this vulnerability as having a reduced urgency." }, { - "key": "N", - "name": "Network", - "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + "key": "A", + "name": "Amber", + "description": "Provider has assessed the impact of this vulnerability as having a moderate urgency." }, { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "key": "R", + "name": "Red", + "description": "Provider has assessed the impact of this vulnerability as having the highest urgency." } ] }, "values": { - "P": { - "key": "P", - "name": "Physical", - "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." }, - "L": { - "key": "L", - "name": "Local", - "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + "C": { + "key": "C", + "name": "Clear", + "description": "Provider has assessed the impact of this vulnerability as having no urgency (Informational)." + }, + "G": { + "key": "G", + "name": "Green", + "description": "Provider has assessed the impact of this vulnerability as having a reduced urgency." }, "A": { "key": "A", - "name": "Adjacent", - "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." - }, - "N": { - "key": "N", - "name": "Network", - "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + "name": "Amber", + "description": "Provider has assessed the impact of this vulnerability as having a moderate urgency." }, - "X": { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "R": { + "key": "R", + "name": "Red", + "description": "Provider has assessed the impact of this vulnerability as having the highest urgency." } } } } }, - "MAC": { - "key": "MAC", + "R": { + "key": "R", "versions": { - "3.0.0": { - "version": "3.0.0", + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MAC", - "version": "3.0.0", - "name": "Modified Attack Complexity", - "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", + "key": "R", + "version": "1.0.0", + "name": "Recovery", + "description": "The Recovery metric describes the resilience of a system to recover services, in terms of performance and availability, after an attack has been performed.", "schemaVersion": "2.0.0", "values": [ - { - "key": "L", - "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." - }, - { - "key": "H", - "name": "High", - "description": "A successful attack depends on conditions beyond the attacker's control." - }, { "key": "X", "name": "Not Defined", "description": "This metric value is not defined. See CVSS documentation for details." - } - ] - }, - "values": { - "L": { - "key": "L", - "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." - }, - "H": { - "key": "H", - "name": "High", - "description": "A successful attack depends on conditions beyond the attacker's control." - }, - "X": { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - } - } - }, - "3.0.1": { - "version": "3.0.1", - "obj": { - "namespace": "cvss", - "key": "MAC", - "version": "3.0.1", - "name": "Modified Attack Complexity", - "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", - "schemaVersion": "2.0.0", - "values": [ + }, { - "key": "L", - "name": "Low", - "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + "key": "A", + "name": "Automatic", + "description": "The system recovers services automatically after an attack has been performed." }, { - "key": "H", - "name": "High", - "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + "key": "U", + "name": "User", + "description": "The system requires manual intervention by the user to recover services, after an attack has been performed." }, { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "key": "I", + "name": "Irrecoverable", + "description": "The system services are irrecoverable by the user, after an attack has been performed." } ] }, "values": { - "L": { - "key": "L", - "name": "Low", - "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " - }, - "H": { - "key": "H", - "name": "High", - "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." - }, "X": { "key": "X", "name": "Not Defined", "description": "This metric value is not defined. See CVSS documentation for details." + }, + "A": { + "key": "A", + "name": "Automatic", + "description": "The system recovers services automatically after an attack has been performed." + }, + "U": { + "key": "U", + "name": "User", + "description": "The system requires manual intervention by the user to recover services, after an attack has been performed." + }, + "I": { + "key": "I", + "name": "Irrecoverable", + "description": "The system services are irrecoverable by the user, after an attack has been performed." } } } } }, - "MPR": { - "key": "MPR", + "SF": { + "key": "SF", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MPR", + "key": "SF", "version": "1.0.0", - "name": "Modified Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", + "name": "Safety", + "description": "The Safety decision point is a measure of the potential for harm to humans or the environment.", "schemaVersion": "2.0.0", "values": [ { - "key": "H", - "name": "High", - "description": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." }, { - "key": "L", - "name": "Low", - "description": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." + "key": "P", + "name": "Present", + "description": "Consequences of the vulnerability meet definition of IEC 61508 consequence categories of \"marginal,\" \"critical,\" or \"catastrophic.\"" }, { "key": "N", - "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." - }, - { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "name": "Negligible", + "description": "Consequences of the vulnerability meet definition of IEC 61508 consequence category \"negligible.\"" } ] }, "values": { - "H": { - "key": "H", - "name": "High", - "description": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." }, - "L": { - "key": "L", - "name": "Low", - "description": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." + "P": { + "key": "P", + "name": "Present", + "description": "Consequences of the vulnerability meet definition of IEC 61508 consequence categories of \"marginal,\" \"critical,\" or \"catastrophic.\"" }, "N": { "key": "N", - "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." - }, + "name": "Negligible", + "description": "Consequences of the vulnerability meet definition of IEC 61508 consequence category \"negligible.\"" + } + } + } + } + }, + "V": { + "key": "V", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "V", + "version": "1.0.0", + "name": "Value Density", + "description": "Value Density describes the resources that the attacker will gain control over with a single exploitation event. It has two possible values, diffuse and concentrated.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + }, + { + "key": "D", + "name": "Diffuse", + "description": "The vulnerable system has limited resources. That is, the resources that the attacker will gain control over with a single exploitation event are relatively small." + }, + { + "key": "C", + "name": "Concentrated", + "description": "The vulnerable system is rich in resources. Heuristically, such systems are often the direct responsibility of \"system operators\" rather than users." + } + ] + }, + "values": { "X": { "key": "X", "name": "Not Defined", "description": "This metric value is not defined. See CVSS documentation for details." + }, + "D": { + "key": "D", + "name": "Diffuse", + "description": "The vulnerable system has limited resources. That is, the resources that the attacker will gain control over with a single exploitation event are relatively small." + }, + "C": { + "key": "C", + "name": "Concentrated", + "description": "The vulnerable system is rich in resources. Heuristically, such systems are often the direct responsibility of \"system operators\" rather than users." } } - }, - "1.0.1": { - "version": "1.0.1", + } + } + }, + "RE": { + "key": "RE", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MPR", - "version": "1.0.1", - "name": "Modified Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", + "key": "RE", + "version": "1.0.0", + "name": "Vulnerability Response Effort", + "description": "The intention of the Vulnerability Response Effort metric is to provide supplemental information on how difficult it is for consumers to provide an initial response to the impact of vulnerabilities for deployed products and services in their infrastructure. The consumer can then take this additional information on effort required into consideration when applying mitigations and/or scheduling remediation.", "schemaVersion": "2.0.0", "values": [ { - "key": "H", - "name": "High", - "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." }, { "key": "L", "name": "Low", - "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + "description": "The effort required to respond to a vulnerability is low/trivial." }, { - "key": "N", - "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "key": "M", + "name": "Moderate", + "description": "The actions required to respond to a vulnerability require some effort on behalf of the consumer and could cause minimal service impact to implement." }, { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "key": "H", + "name": "High", + "description": "The actions required to respond to a vulnerability are significant and/or difficult, and may possibly lead to an extended, scheduled service impact. This would need to be considered for scheduling purposes including honoring any embargo on deployment of the selected response. Alternatively, response to the vulnerability in the field is not possible remotely. The only resolution to the vulnerability involves physical replacement (e.g. units deployed would have to be recalled for a depot level repair or replacement)." } ] }, "values": { - "H": { - "key": "H", - "name": "High", - "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." }, "L": { "key": "L", "name": "Low", - "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + "description": "The effort required to respond to a vulnerability is low/trivial." }, - "N": { - "key": "N", - "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "M": { + "key": "M", + "name": "Moderate", + "description": "The actions required to respond to a vulnerability require some effort on behalf of the consumer and could cause minimal service impact to implement." }, - "X": { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "H": { + "key": "H", + "name": "High", + "description": "The actions required to respond to a vulnerability are significant and/or difficult, and may possibly lead to an extended, scheduled service impact. This would need to be considered for scheduling purposes including honoring any embargo on deployment of the selected response. Alternatively, response to the vulnerability in the field is not possible remotely. The only resolution to the vulnerability involves physical replacement (e.g. units deployed would have to be recalled for a depot level repair or replacement)." } } } } }, - "MUI": { - "key": "MUI", + "TD": { + "key": "TD", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MUI", + "key": "TD", "version": "1.0.0", - "name": "Modified User Interaction", - "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", + "name": "Target Distribution", + "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", "schemaVersion": "2.0.0", "values": [ - { - "key": "R", - "name": "Required", - "description": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." - }, { "key": "N", "name": "None", - "description": "The vulnerable system can be exploited without interaction from any user." + "description": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." }, { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "key": "L", + "name": "Low", + "description": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + }, + { + "key": "M", + "name": "Medium", + "description": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + }, + { + "key": "H", + "name": "High", + "description": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." } ] }, "values": { - "R": { - "key": "R", - "name": "Required", - "description": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." - }, "N": { "key": "N", "name": "None", - "description": "The vulnerable system can be exploited without interaction from any user." + "description": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." }, - "X": { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "L": { + "key": "L", + "name": "Low", + "description": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + }, + "H": { + "key": "H", + "name": "High", + "description": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." } } }, - "2.0.0": { - "version": "2.0.0", + "1.1.0": { + "version": "1.1.0", "obj": { "namespace": "cvss", - "key": "MUI", - "version": "2.0.0", - "name": "Modified User Interaction", - "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", + "key": "TD", + "version": "1.1.0", + "name": "Target Distribution", + "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "A", - "name": "Active", - "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + "key": "N", + "name": "None", + "description": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." }, { - "key": "P", - "name": "Passive", - "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + "key": "L", + "name": "Low", + "description": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." }, { - "key": "N", - "name": "None", - "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + "key": "M", + "name": "Medium", + "description": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + }, + { + "key": "H", + "name": "High", + "description": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." }, { "key": "X", @@ -3975,172 +3885,157 @@ ] }, "values": { - "A": { - "key": "A", - "name": "Active", - "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." - }, - "P": { - "key": "P", - "name": "Passive", - "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." - }, "N": { "key": "N", "name": "None", - "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + "description": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." }, - "X": { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - } + "L": { + "key": "L", + "name": "Low", + "description": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + }, + "H": { + "key": "H", + "name": "High", + "description": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } } } } }, - "MS": { - "key": "MS", + "UI": { + "key": "UI", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MS", + "key": "UI", "version": "1.0.0", - "name": "Modified Scope", - "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", + "name": "User Interaction", + "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", "schemaVersion": "2.0.0", "values": [ { - "key": "U", - "name": "Unchanged", - "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." - }, - { - "key": "C", - "name": "Changed", - "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + "key": "R", + "name": "Required", + "description": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." }, { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "key": "N", + "name": "None", + "description": "The vulnerable system can be exploited without interaction from any user." } ] }, "values": { - "U": { - "key": "U", - "name": "Unchanged", - "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." - }, - "C": { - "key": "C", - "name": "Changed", - "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + "R": { + "key": "R", + "name": "Required", + "description": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." }, - "X": { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "N": { + "key": "N", + "name": "None", + "description": "The vulnerable system can be exploited without interaction from any user." } } - } - } - }, - "MC": { - "key": "MC", - "versions": { + }, "2.0.0": { "version": "2.0.0", "obj": { "namespace": "cvss", - "key": "MC", + "key": "UI", "version": "2.0.0", - "name": "Modified Confidentiality Impact", - "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", + "name": "User Interaction", + "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "description": "There is no loss of confidentiality within the impacted component." - }, - { - "key": "L", - "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "key": "A", + "name": "Active", + "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." }, { - "key": "H", - "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "key": "P", + "name": "Passive", + "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." }, { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "key": "N", + "name": "None", + "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." } ] }, "values": { + "A": { + "key": "A", + "name": "Active", + "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + }, + "P": { + "key": "P", + "name": "Passive", + "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + }, "N": { "key": "N", "name": "None", - "description": "There is no loss of confidentiality within the impacted component." - }, - "L": { - "key": "L", - "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." - }, - "H": { - "key": "H", - "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." - }, - "X": { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." } } } } }, - "MI": { - "key": "MI", + "CVSS": { + "key": "CVSS", "versions": { - "2.0.0": { - "version": "2.0.0", + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MI", - "version": "2.0.0", - "name": "Modified Integrity Impact", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "key": "CVSS", + "version": "1.0.0", + "name": "CVSS Qualitative Severity Rating Scale", + "description": "The CVSS Qualitative Severity Rating Scale group.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to the integrity of the system." + "description": "None (0.0)" }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." + "description": "Low (0.1-3.9)" + }, + { + "key": "M", + "name": "Medium", + "description": "Medium (4.0-6.9)" }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "description": "High (7.0-8.9)" }, { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "key": "C", + "name": "Critical", + "description": "Critical (9.0-10.0)" } ] }, @@ -4148,54 +4043,64 @@ "N": { "key": "N", "name": "None", - "description": "There is no impact to the integrity of the system." + "description": "None (0.0)" }, "L": { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." + "description": "Low (0.1-3.9)" + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Medium (4.0-6.9)" }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "description": "High (7.0-8.9)" }, - "X": { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "C": { + "key": "C", + "name": "Critical", + "description": "Critical (9.0-10.0)" } } } } }, - "MA": { - "key": "MA", + "MAV": { + "key": "MAV", "versions": { - "2.0.0": { - "version": "2.0.0", + "3.0.0": { + "version": "3.0.0", "obj": { "namespace": "cvss", - "key": "MA", - "version": "2.0.0", - "name": "Modified Availability Impact", - "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", + "key": "MAV", + "version": "3.0.0", + "name": "Modified Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. ", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "description": "There is no impact to the availability of the system." + "key": "P", + "name": "Physical", + "description": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." }, { "key": "L", - "name": "Low", - "description": "There is reduced performance or interruptions in resource availability." + "name": "Local", + "description": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." }, { - "key": "H", - "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "key": "A", + "name": "Adjacent", + "description": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + }, + { + "key": "N", + "name": "Network", + "description": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." }, { "key": "X", @@ -4205,20 +4110,25 @@ ] }, "values": { - "N": { - "key": "N", - "name": "None", - "description": "There is no impact to the availability of the system." + "P": { + "key": "P", + "name": "Physical", + "description": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." }, "L": { "key": "L", - "name": "Low", - "description": "There is reduced performance or interruptions in resource availability." + "name": "Local", + "description": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." }, - "H": { - "key": "H", - "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "A": { + "key": "A", + "name": "Adjacent", + "description": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + }, + "N": { + "key": "N", + "name": "Network", + "description": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." }, "X": { "key": "X", @@ -4226,86 +4136,36 @@ "description": "This metric value is not defined. See CVSS documentation for details." } } - } - } - }, - "MAT": { - "key": "MAT", - "versions": { - "1.0.0": { - "version": "1.0.0", + }, + "3.0.1": { + "version": "3.0.1", "obj": { "namespace": "cvss", - "key": "MAT", - "version": "1.0.0", - "name": "Modified Attack Requirements", - "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", + "key": "MAV", + "version": "3.0.1", + "name": "Modified Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", "schemaVersion": "2.0.0", "values": [ - { - "key": "N", - "name": "None", - "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." - }, { "key": "P", - "name": "Present", - "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + "name": "Physical", + "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." }, { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - } - ] - }, - "values": { - "N": { - "key": "N", - "name": "None", - "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." - }, - "P": { - "key": "P", - "name": "Present", - "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." - }, - "X": { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." - } - } - } - } - }, - "MVC": { - "key": "MVC", - "versions": { - "3.0.0": { - "version": "3.0.0", - "obj": { - "namespace": "cvss", - "key": "MVC", - "version": "3.0.0", - "name": "Modified Confidentiality Impact to the Vulnerable System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "N", - "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "key": "L", + "name": "Local", + "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." }, { - "key": "L", - "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "key": "A", + "name": "Adjacent", + "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." }, { - "key": "H", - "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "key": "N", + "name": "Network", + "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." }, { "key": "X", @@ -4315,20 +4175,25 @@ ] }, "values": { - "N": { - "key": "N", - "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "P": { + "key": "P", + "name": "Physical", + "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." }, "L": { "key": "L", - "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "name": "Local", + "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." }, - "H": { - "key": "H", - "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "A": { + "key": "A", + "name": "Adjacent", + "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + }, + "N": { + "key": "N", + "name": "Network", + "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." }, "X": { "key": "X", @@ -4339,33 +4204,28 @@ } } }, - "MVI": { - "key": "MVI", + "MAC": { + "key": "MAC", "versions": { "3.0.0": { "version": "3.0.0", "obj": { "namespace": "cvss", - "key": "MVI", + "key": "MAC", "version": "3.0.0", - "name": "Modified Integrity Impact to the Vulnerable System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "name": "Modified Attack Complexity", + "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "description": "There is no loss of integrity within the Vulnerable System." + "key": "H", + "name": "High", + "description": "A successful attack depends on conditions beyond the attacker's control." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." - }, - { - "key": "H", - "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." }, { "key": "X", @@ -4375,20 +4235,15 @@ ] }, "values": { - "N": { - "key": "N", - "name": "None", - "description": "There is no loss of integrity within the Vulnerable System." + "H": { + "key": "H", + "name": "High", + "description": "A successful attack depends on conditions beyond the attacker's control." }, "L": { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." - }, - "H": { - "key": "H", - "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." }, "X": { "key": "X", @@ -4396,36 +4251,26 @@ "description": "This metric value is not defined. See CVSS documentation for details." } } - } - } - }, - "MVA": { - "key": "MVA", - "versions": { - "3.0.0": { - "version": "3.0.0", + }, + "3.0.1": { + "version": "3.0.1", "obj": { "namespace": "cvss", - "key": "MVA", - "version": "3.0.0", - "name": "Modified Availability Impact to the Vulnerable System", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "key": "MAC", + "version": "3.0.1", + "name": "Modified Attack Complexity", + "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "description": "There is no impact to availability within the Vulnerable System." + "key": "H", + "name": "High", + "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." }, { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." - }, - { - "key": "H", - "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " }, { "key": "X", @@ -4435,20 +4280,15 @@ ] }, "values": { - "N": { - "key": "N", - "name": "None", - "description": "There is no impact to availability within the Vulnerable System." + "H": { + "key": "H", + "name": "High", + "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." }, "L": { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." - }, - "H": { - "key": "H", - "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " }, "X": { "key": "X", @@ -4459,33 +4299,33 @@ } } }, - "MSC": { - "key": "MSC", + "MPR": { + "key": "MPR", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MSC", + "key": "MPR", "version": "1.0.0", - "name": "Modified Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "name": "Modified Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "Negligible", - "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "description": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." }, { - "key": "H", - "name": "High", - "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." }, { "key": "X", @@ -4495,20 +4335,20 @@ ] }, "values": { - "N": { - "key": "N", - "name": "Negligible", - "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "H": { + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." }, "L": { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "description": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." }, - "H": { - "key": "H", - "name": "High", - "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "N": { + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." }, "X": { "key": "X", @@ -4521,26 +4361,26 @@ "version": "1.0.1", "obj": { "namespace": "cvss", - "key": "MSC", + "key": "MPR", "version": "1.0.1", - "name": "Modified Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "name": "Modified Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "Negligible", - "description": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." }, { - "key": "H", - "name": "High", - "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." }, { "key": "X", @@ -4550,20 +4390,20 @@ ] }, "values": { - "N": { - "key": "N", - "name": "Negligible", - "description": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "H": { + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." }, "L": { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." }, - "H": { - "key": "H", - "name": "High", - "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "N": { + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." }, "X": { "key": "X", @@ -4574,33 +4414,78 @@ } } }, - "MSI": { - "key": "MSI", + "MUI": { + "key": "MUI", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MSI", + "key": "MUI", "version": "1.0.0", - "name": "Modified Integrity Impact to the Subsequent System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", + "name": "Modified User Interaction", + "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", "schemaVersion": "2.0.0", "values": [ + { + "key": "R", + "name": "Required", + "description": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + }, { "key": "N", "name": "None", - "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "description": "The vulnerable system can be exploited without interaction from any user." }, { - "key": "L", - "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "R": { + "key": "R", + "name": "Required", + "description": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + }, + "N": { + "key": "N", + "name": "None", + "description": "The vulnerable system can be exploited without interaction from any user." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "MUI", + "version": "2.0.0", + "name": "Modified User Interaction", + "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "A", + "name": "Active", + "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." }, { - "key": "H", - "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "key": "P", + "name": "Passive", + "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + }, + { + "key": "N", + "name": "None", + "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." }, { "key": "X", @@ -4610,20 +4495,70 @@ ] }, "values": { + "A": { + "key": "A", + "name": "Active", + "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + }, + "P": { + "key": "P", + "name": "Passive", + "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + }, "N": { "key": "N", "name": "None", - "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." }, - "L": { - "key": "L", - "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "MS": { + "key": "MS", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "MS", + "version": "1.0.0", + "name": "Modified Scope", + "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "U", + "name": "Unchanged", + "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + }, + { + "key": "C", + "name": "Changed", + "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "U": { + "key": "U", + "name": "Unchanged", + "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." }, - "H": { - "key": "H", - "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "C": { + "key": "C", + "name": "Changed", + "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." }, "X": { "key": "X", @@ -4631,101 +4566,96 @@ "description": "This metric value is not defined. See CVSS documentation for details." } } - }, - "1.0.1": { - "version": "1.0.1", + } + } + }, + "MC": { + "key": "MC", + "versions": { + "2.0.0": { + "version": "2.0.0", "obj": { "namespace": "cvss", - "key": "MSI", - "version": "1.0.1", - "name": "Modified Integrity Impact to the Subsequent System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", + "key": "MC", + "version": "2.0.0", + "name": "Modified Confidentiality Impact", + "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "Negligible", - "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "name": "None", + "description": "There is no loss of confidentiality within the impacted component." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." }, { "key": "X", "name": "Not Defined", "description": "This metric value is not defined. See CVSS documentation for details." - }, - { - "key": "S", - "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] }, "values": { "N": { "key": "N", - "name": "Negligible", - "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "name": "None", + "description": "There is no loss of confidentiality within the impacted component." }, "L": { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." }, "X": { "key": "X", "name": "Not Defined", "description": "This metric value is not defined. See CVSS documentation for details." - }, - "S": { - "key": "S", - "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } } } } }, - "MSA": { - "key": "MSA", + "MI": { + "key": "MI", "versions": { - "1.0.0": { - "version": "1.0.0", + "2.0.0": { + "version": "2.0.0", "obj": { "namespace": "cvss", - "key": "MSA", - "version": "1.0.0", - "name": "Modified Availability Impact to the Subsequent System", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", + "key": "MI", + "version": "2.0.0", + "name": "Modified Integrity Impact", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "description": "There is no impact to the integrity of the system." }, { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." }, { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "description": "There is a total loss of integrity, or a complete loss of protection." }, { "key": "X", @@ -4738,17 +4668,17 @@ "N": { "key": "N", "name": "None", - "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "description": "There is no impact to the integrity of the system." }, "L": { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "description": "There is a total loss of integrity, or a complete loss of protection." }, "X": { "key": "X", @@ -4756,31 +4686,36 @@ "description": "This metric value is not defined. See CVSS documentation for details." } } - }, - "1.0.1": { - "version": "1.0.1", + } + } + }, + "MA": { + "key": "MA", + "versions": { + "2.0.0": { + "version": "2.0.0", "obj": { "namespace": "cvss", - "key": "MSA", - "version": "1.0.1", - "name": "Modified Availability Impact to the Subsequent System", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", + "key": "MA", + "version": "2.0.0", + "name": "Modified Availability Impact", + "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "Negligible", - "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "name": "None", + "description": "There is no impact to the availability of the system." }, { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "description": "There is reduced performance or interruptions in resource availability." }, { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, { "key": "X", @@ -4792,18 +4727,18 @@ "values": { "N": { "key": "N", - "name": "Negligible", - "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "name": "None", + "description": "There is no impact to the availability of the system." }, "L": { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "description": "There is reduced performance or interruptions in resource availability." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, "X": { "key": "X", @@ -4813,159 +4748,209 @@ } } } - } - } - }, - "ssvc": { - "namespace": "ssvc", - "keys": { - "V": { - "key": "V", + }, + "MAT": { + "key": "MAT", "versions": { "1.0.0": { "version": "1.0.0", "obj": { - "namespace": "ssvc", - "key": "V", + "namespace": "cvss", + "key": "MAT", "version": "1.0.0", - "name": "Virulence", - "description": "The speed at which the vulnerability can be exploited.", + "name": "Modified Attack Requirements", + "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "schemaVersion": "2.0.0", "values": [ { - "key": "S", - "name": "Slow", - "description": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + "key": "P", + "name": "Present", + "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." }, { - "key": "R", - "name": "Rapid", - "description": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote code execution or command injection, the default response should be rapid." + "key": "N", + "name": "None", + "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { - "S": { - "key": "S", - "name": "Slow", - "description": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + "P": { + "key": "P", + "name": "Present", + "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." }, - "R": { - "key": "R", - "name": "Rapid", - "description": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote code execution or command injection, the default response should be rapid." + "N": { + "key": "N", + "name": "None", + "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." } } } } }, - "A": { - "key": "A", + "MVC": { + "key": "MVC", "versions": { - "2.0.0": { - "version": "2.0.0", + "3.0.0": { + "version": "3.0.0", "obj": { - "namespace": "ssvc", - "key": "A", - "version": "2.0.0", - "name": "Automatable", - "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "namespace": "cvss", + "key": "MVC", + "version": "3.0.0", + "name": "Modified Confidentiality Impact to the Vulnerable System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "No", - "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + "name": "None", + "description": "There is no loss of confidentiality within the impacted component." }, { - "key": "Y", - "name": "Yes", - "description": "Attackers can reliably automate steps 1-4 of the kill chain." + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { "N": { "key": "N", - "name": "No", - "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + "name": "None", + "description": "There is no loss of confidentiality within the impacted component." }, - "Y": { - "key": "Y", - "name": "Yes", - "description": "Attackers can reliably automate steps 1-4 of the kill chain." + "L": { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." } } } } }, - "CS": { - "key": "CS", + "MVI": { + "key": "MVI", "versions": { - "1.0.0": { - "version": "1.0.0", + "3.0.0": { + "version": "3.0.0", "obj": { - "namespace": "ssvc", - "key": "CS", - "version": "1.0.0", - "name": "Critical Software", - "description": "Denotes whether a system meets a critical software definition.", + "namespace": "cvss", + "key": "MVI", + "version": "3.0.0", + "name": "Modified Integrity Impact to the Vulnerable System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "No", - "description": "System does not meet a critical software definition." + "name": "None", + "description": "There is no loss of integrity within the Vulnerable System." }, { - "key": "Y", - "name": "Yes", - "description": "System meets a critical software definition." + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { "N": { "key": "N", - "name": "No", - "description": "System does not meet a critical software definition." + "name": "None", + "description": "There is no loss of integrity within the Vulnerable System." }, - "Y": { - "key": "Y", - "name": "Yes", - "description": "System meets a critical software definition." + "L": { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." } } } } }, - "E": { - "key": "E", + "MVA": { + "key": "MVA", "versions": { - "1.0.0": { - "version": "1.0.0", + "3.0.0": { + "version": "3.0.0", "obj": { - "namespace": "ssvc", - "key": "E", - "version": "1.0.0", - "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", + "namespace": "cvss", + "key": "MVA", + "version": "3.0.0", + "name": "Modified Availability Impact to the Vulnerable System", + "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "description": "There is no impact to availability within the Vulnerable System." }, { - "key": "P", - "name": "PoC", - "description": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation." + "key": "L", + "name": "Low", + "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." }, { - "key": "A", - "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "key": "H", + "name": "High", + "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -4973,89 +4958,209 @@ "N": { "key": "N", "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "description": "There is no impact to availability within the Vulnerable System." }, - "P": { - "key": "P", - "name": "PoC", - "description": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation." + "L": { + "key": "L", + "name": "Low", + "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." }, - "A": { - "key": "A", - "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "H": { + "key": "H", + "name": "High", + "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." } } - }, - "1.1.0": { - "version": "1.1.0", + } + } + }, + "MSC": { + "key": "MSC", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { - "namespace": "ssvc", - "key": "E", - "version": "1.1.0", - "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", + "namespace": "cvss", + "key": "MSC", + "version": "1.0.0", + "name": "Modified Confidentiality Impact to the Subsequent System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "name": "Negligible", + "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, { - "key": "P", - "name": "Public PoC", - "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, { - "key": "A", - "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "key": "H", + "name": "High", + "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { "N": { "key": "N", - "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "name": "Negligible", + "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, - "P": { - "key": "P", - "name": "Public PoC", - "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + "L": { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, - "A": { - "key": "A", - "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "1.0.1": { + "version": "1.0.1", + "obj": { + "namespace": "cvss", + "key": "MSC", + "version": "1.0.1", + "name": "Modified Confidentiality Impact to the Subsequent System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "Negligible", + "description": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + }, + "L": { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + }, + "H": { + "key": "H", + "name": "High", + "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + }, + "X": { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." } } } } - }, - "HVA": { - "key": "HVA", + } + } + }, + "ssvc": { + "namespace": "ssvc", + "keys": { + "V": { + "key": "V", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "HVA", + "key": "V", "version": "1.0.0", - "name": "High Value Asset", - "description": "Denotes whether a system meets a high value asset definition.", + "name": "Virulence", + "description": "The speed at which the vulnerability can be exploited.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "S", + "name": "Slow", + "description": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + }, + { + "key": "R", + "name": "Rapid", + "description": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote code execution or command injection, the default response should be rapid." + } + ] + }, + "values": { + "S": { + "key": "S", + "name": "Slow", + "description": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + }, + "R": { + "key": "R", + "name": "Rapid", + "description": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote code execution or command injection, the default response should be rapid." + } + } + } + } + }, + "A": { + "key": "A", + "versions": { + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "ssvc", + "key": "A", + "version": "2.0.0", + "name": "Automatable", + "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "System does not meet a high value asset definition." + "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." }, { "key": "Y", "name": "Yes", - "description": "System meets a high value asset definition." + "description": "Attackers can reliably automate steps 1-4 of the kill chain." } ] }, @@ -5063,106 +5168,281 @@ "N": { "key": "N", "name": "No", - "description": "System does not meet a high value asset definition." + "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." }, "Y": { "key": "Y", "name": "Yes", - "description": "System meets a high value asset definition." + "description": "Attackers can reliably automate steps 1-4 of the kill chain." } } } } }, - "MWI": { - "key": "MWI", + "CS": { + "key": "CS", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "MWI", + "key": "CS", "version": "1.0.0", - "name": "Mission and Well-Being Impact", - "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", + "name": "Critical Software", + "description": "Denotes whether a system meets a critical software definition.", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "description": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" - }, - { - "key": "M", - "name": "Medium", - "description": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" + "key": "N", + "name": "No", + "description": "System does not meet a critical software definition." }, { - "key": "H", - "name": "High", - "description": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" + "key": "Y", + "name": "Yes", + "description": "System meets a critical software definition." } ] }, "values": { - "L": { - "key": "L", - "name": "Low", - "description": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" - }, - "M": { - "key": "M", - "name": "Medium", - "description": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" + "N": { + "key": "N", + "name": "No", + "description": "System does not meet a critical software definition." }, - "H": { - "key": "H", - "name": "High", - "description": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" + "Y": { + "key": "Y", + "name": "Yes", + "description": "System meets a critical software definition." } } } } }, - "HI": { - "key": "HI", + "E": { + "key": "E", "versions": { - "2.0.0": { - "version": "2.0.0", + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "HI", - "version": "2.0.0", - "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", + "key": "E", + "version": "1.0.0", + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "description": "Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)" - }, - { - "key": "M", - "name": "Medium", - "description": "(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))" + "key": "N", + "name": "None", + "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, { - "key": "H", - "name": "High", - "description": "(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)" + "key": "P", + "name": "PoC", + "description": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation." }, { - "key": "VH", - "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "key": "A", + "name": "Active", + "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } ] }, "values": { - "L": { - "key": "L", - "name": "Low", + "N": { + "key": "N", + "name": "None", + "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + }, + "P": { + "key": "P", + "name": "PoC", + "description": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation." + }, + "A": { + "key": "A", + "name": "Active", + "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + } + } + }, + "1.1.0": { + "version": "1.1.0", + "obj": { + "namespace": "ssvc", + "key": "E", + "version": "1.1.0", + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + }, + { + "key": "P", + "name": "Public PoC", + "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + }, + { + "key": "A", + "name": "Active", + "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + }, + "P": { + "key": "P", + "name": "Public PoC", + "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + }, + "A": { + "key": "A", + "name": "Active", + "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + } + } + } + } + }, + "HVA": { + "key": "HVA", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "HVA", + "version": "1.0.0", + "name": "High Value Asset", + "description": "Denotes whether a system meets a high value asset definition.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "System does not meet a high value asset definition." + }, + { + "key": "Y", + "name": "Yes", + "description": "System meets a high value asset definition." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "No", + "description": "System does not meet a high value asset definition." + }, + "Y": { + "key": "Y", + "name": "Yes", + "description": "System meets a high value asset definition." + } + } + } + } + }, + "MWI": { + "key": "MWI", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "MWI", + "version": "1.0.0", + "name": "Mission and Well-Being Impact", + "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" + }, + { + "key": "M", + "name": "Medium", + "description": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" + }, + { + "key": "H", + "name": "High", + "description": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" + }, + "M": { + "key": "M", + "name": "Medium", + "description": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" + }, + "H": { + "key": "H", + "name": "High", + "description": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" + } + } + } + } + }, + "HI": { + "key": "HI", + "versions": { + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "ssvc", + "key": "HI", + "version": "2.0.0", + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)" + }, + { + "key": "M", + "name": "Medium", + "description": "(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))" + }, + { + "key": "H", + "name": "High", + "description": "(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)" + }, + { + "key": "VH", + "name": "Very High", + "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", "description": "Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)" }, "M": { @@ -6696,6 +6976,7996 @@ "DecisionTable": { "type": "DecisionTable", "namespaces": { + "cvss": { + "namespace": "cvss", + "keys": { + "DT_CVSS_EQ5": { + "key": "DT_CVSS_EQ5", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "DT_CVSS_EQ5", + "version": "1.0.0", + "name": "CVSS Equivalence Set 5", + "description": "CVSS Equivalence Set 5 Decision Table", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:E:2.0.0": { + "namespace": "cvss", + "key": "E", + "version": "2.0.0", + "name": "Exploit Maturity", + "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "U", + "name": "Unreported", + "description": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + }, + { + "key": "P", + "name": "Proof-of-Concept", + "description": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + }, + { + "key": "A", + "name": "Attacked", + "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + }, + { + "key": "X", + "name": "Not Defined", + "description": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "cvss:EQ5:1.0.0": { + "namespace": "cvss", + "key": "EQ5", + "version": "1.0.0", + "name": "Equivalence Set 5", + "description": "E with 3 levels specified in Table 28", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: E:U" + }, + { + "key": "M", + "name": "Medium", + "description": "1: E:P" + }, + { + "key": "H", + "name": "High", + "description": "0: E:A" + } + ] + } + }, + "outcome": "cvss:EQ5:1.0.0", + "mapping": [ + { + "cvss:E:2.0.0": "U", + "cvss:EQ5:1.0.0": "L" + }, + { + "cvss:E:2.0.0": "P", + "cvss:EQ5:1.0.0": "M" + }, + { + "cvss:E:2.0.0": "A", + "cvss:EQ5:1.0.0": "H" + } + ] + } + } + } + }, + "DT_CVSS4_EQ4": { + "key": "DT_CVSS4_EQ4", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "DT_CVSS4_EQ4", + "version": "1.0.0", + "name": "CVSS v4 Equivalence Set 4", + "description": "This decision table models equivalence set 4 from CVSS v4.", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:SC:1.0.0": { + "namespace": "cvss", + "key": "SC", + "version": "1.0.0", + "name": "Confidentiality Impact to the Subsequent System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + } + ] + }, + "cvss:MSI_NoX:1.0.1": { + "namespace": "cvss", + "key": "MSI_NoX", + "version": "1.0.1", + "name": "Modified Integrity Impact to the Subsequent System (without Not Defined)", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + }, + { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + } + ] + }, + "cvss:MSA_NoX:1.0.1": { + "namespace": "cvss", + "key": "MSA_NoX", + "version": "1.0.1", + "name": "Modified Availability Impact to the Subsequent System (without Not Defined)", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + } + ] + }, + "cvss:EQ4:1.0.0": { + "namespace": "cvss", + "key": "EQ4", + "version": "1.0.0", + "name": "Equivalence Set 4", + "description": "SC/SI/SA with 3 levels specified in Table 27", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: MSI:S or MSA:S" + } + ] + } + }, + "outcome": "cvss:EQ4:1.0.0", + "mapping": [ + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "L" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "L" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "L" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "L" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "L" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "L" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "L" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "L" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + } + ] + } + } + } + }, + "DT_CVSS4_EQ1": { + "key": "DT_CVSS4_EQ1", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "DT_CVSS4_EQ1", + "version": "1.0.0", + "name": "CVSS v4 Equivalence Set 1", + "description": "This decision table models equivalence set 1 from CVSS v4. Factors include Attack Vector (AV), Privileges Required (PR), and User Interaction (UI).", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:AV:3.0.1": { + "namespace": "cvss", + "key": "AV", + "version": "3.0.1", + "name": "Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "P", + "name": "Physical", + "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + }, + { + "key": "L", + "name": "Local", + "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + }, + { + "key": "A", + "name": "Adjacent", + "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + }, + { + "key": "N", + "name": "Network", + "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + } + ] + }, + "cvss:PR:1.0.1": { + "namespace": "cvss", + "key": "PR", + "version": "1.0.1", + "name": "Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + }, + { + "key": "L", + "name": "Low", + "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + }, + { + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + } + ] + }, + "cvss:UI:2.0.0": { + "namespace": "cvss", + "key": "UI", + "version": "2.0.0", + "name": "User Interaction", + "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "A", + "name": "Active", + "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + }, + { + "key": "P", + "name": "Passive", + "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + }, + { + "key": "N", + "name": "None", + "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + } + ] + }, + "cvss:EQ1:1.0.0": { + "namespace": "cvss", + "key": "EQ1", + "version": "1.0.0", + "name": "Equivalence Set 1", + "description": "AV/PR/UI with 3 levels specified in Table 24", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: AV:P or not(AV:N or PR:N or UI:N)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" + }, + { + "key": "H", + "name": "High", + "description": "0: AV:N and PR:N and UI:N" + } + ] + } + }, + "outcome": "cvss:EQ1:1.0.0", + "mapping": [ + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "L" + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "H" + } + ] + } + } + } + }, + "DT_CVSS4_EQ6": { + "key": "DT_CVSS4_EQ6", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "DT_CVSS4_EQ6", + "version": "1.0.0", + "name": "CVSS v4 Equivalence Set 6", + "description": "This decision table models equivalence set 6 from CVSS v4.", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:CR_NoX:1.1.1": { + "namespace": "cvss", + "key": "CR_NoX", + "version": "1.1.1", + "name": "Confidentiality Requirement (without Not Defined)", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + } + ] + }, + "cvss:VC:3.0.0": { + "namespace": "cvss", + "key": "VC", + "version": "3.0.0", + "name": "Confidentiality Impact to the Vulnerable System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of confidentiality within the impacted component." + }, + { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + } + ] + }, + "cvss:IR_NoX:1.1.1": { + "namespace": "cvss", + "key": "IR_NoX", + "version": "1.1.1", + "name": "Integrity Requirement (without Not Defined)", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + } + ] + }, + "cvss:VI:3.0.0": { + "namespace": "cvss", + "key": "VI", + "version": "3.0.0", + "name": "Integrity Impact to the Vulnerable System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of integrity within the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection." + } + ] + }, + "cvss:AR_NoX:1.1.1": { + "namespace": "cvss", + "key": "AR_NoX", + "version": "1.1.1", + "name": "Availability Requirement (without Not Defined)", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + } + ] + }, + "cvss:VA:3.0.0": { + "namespace": "cvss", + "key": "VA", + "version": "3.0.0", + "name": "Availability Impact to the Vulnerable System", + "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no impact to availability within the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + } + ] + }, + "cvss:EQ6:1.0.0": { + "namespace": "cvss", + "key": "EQ6", + "version": "1.0.0", + "name": "Equivalence Set 6", + "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" + } + ] + } + }, + "outcome": "cvss:EQ6:1.0.0", + "mapping": [ + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + } + ] + } + } + } + }, + "DT_CVSS4_EQ3": { + "key": "DT_CVSS4_EQ3", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "DT_CVSS4_EQ3", + "version": "1.0.0", + "name": "CVSS v4 Equivalence Set 3", + "description": "This decision table models equivalence set 3 from CVSS v4.", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:VC:3.0.0": { + "namespace": "cvss", + "key": "VC", + "version": "3.0.0", + "name": "Confidentiality Impact to the Vulnerable System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of confidentiality within the impacted component." + }, + { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + } + ] + }, + "cvss:VI:3.0.0": { + "namespace": "cvss", + "key": "VI", + "version": "3.0.0", + "name": "Integrity Impact to the Vulnerable System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of integrity within the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection." + } + ] + }, + "cvss:VA:3.0.0": { + "namespace": "cvss", + "key": "VA", + "version": "3.0.0", + "name": "Availability Impact to the Vulnerable System", + "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no impact to availability within the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + } + ] + }, + "cvss:EQ3:1.0.0": { + "namespace": "cvss", + "key": "EQ3", + "version": "1.0.0", + "name": "Equivalence Set 3", + "description": "VC/VI/VA with 3 levels specified in Table 26", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: not (VC:H or VI:H or VA:H)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: VC:H and VI:H" + } + ] + } + }, + "outcome": "cvss:EQ3:1.0.0", + "mapping": [ + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "L" + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "L" + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "L" + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "L" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "L" + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "L" + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "L" + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "L" + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "H" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "H" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "H" + } + ] + } + } + } + }, + "DT_CVSS4_EQ2": { + "key": "DT_CVSS4_EQ2", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "DT_CVSS4_EQ2", + "version": "1.0.0", + "name": "CVSS v4 Equivalence Set 2", + "description": "This decision table models equivalence set 2 from CVSS v4. Factors include Attack Complexity (AC) and Attack Requirements (AT).", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:AC:3.0.1": { + "namespace": "cvss", + "key": "AC", + "version": "3.0.1", + "name": "Attack Complexity", + "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "H", + "name": "High", + "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + }, + { + "key": "L", + "name": "Low", + "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + } + ] + }, + "cvss:AT:1.0.0": { + "namespace": "cvss", + "key": "AT", + "version": "1.0.0", + "name": "Attack Requirements", + "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "P", + "name": "Present", + "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + }, + { + "key": "N", + "name": "None", + "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + } + ] + }, + "cvss:EQ2:1.0.0": { + "namespace": "cvss", + "key": "EQ2", + "version": "1.0.0", + "name": "Equivalence Set 2", + "description": "AC/AT with 2 levels specified in Table 25", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "1: not (AC:L and AT:N)" + }, + { + "key": "H", + "name": "High", + "description": "0: AC:L and AT:N" + } + ] + } + }, + "outcome": "cvss:EQ2:1.0.0", + "mapping": [ + { + "cvss:AC:3.0.1": "H", + "cvss:AT:1.0.0": "P", + "cvss:EQ2:1.0.0": "L" + }, + { + "cvss:AC:3.0.1": "L", + "cvss:AT:1.0.0": "P", + "cvss:EQ2:1.0.0": "L" + }, + { + "cvss:AC:3.0.1": "H", + "cvss:AT:1.0.0": "N", + "cvss:EQ2:1.0.0": "L" + }, + { + "cvss:AC:3.0.1": "L", + "cvss:AT:1.0.0": "N", + "cvss:EQ2:1.0.0": "H" + } + ] + } + } + } + } + } + }, "ssvc": { "namespace": "ssvc", "keys": { diff --git a/src/ssvc/decision_points/cvss/attack_complexity.py b/src/ssvc/decision_points/cvss/attack_complexity.py index f7aecd03..9f268644 100644 --- a/src/ssvc/decision_points/cvss/attack_complexity.py +++ b/src/ssvc/decision_points/cvss/attack_complexity.py @@ -73,8 +73,8 @@ key="AC", version="1.0.0", values=( - _LOW, _HIGH, + _LOW, ), ) @@ -85,9 +85,9 @@ key="AC", version="2.0.0", values=( - _LOW_2, - _MEDIUM, _HIGH_2, + _MEDIUM, + _LOW_2, ), ) @@ -98,8 +98,8 @@ key="AC", version="3.0.0", values=( - _LOW_3, _HIGH_3, + _LOW_3, ), ) """ @@ -130,8 +130,8 @@ key="AC", version="3.0.1", values=( - LOW_4, HIGH_4, + LOW_4, ), ) """ diff --git a/src/ssvc/decision_points/cvss/attack_requirements.py b/src/ssvc/decision_points/cvss/attack_requirements.py index 725ea7a9..e85b9e4f 100644 --- a/src/ssvc/decision_points/cvss/attack_requirements.py +++ b/src/ssvc/decision_points/cvss/attack_requirements.py @@ -48,8 +48,8 @@ description="This metric captures the prerequisite deployment and execution conditions or variables of the " "vulnerable system that enable the attack.", values=( - _AT_NONE, _PRESENT, + _AT_NONE, ), ) diff --git a/src/ssvc/decision_points/cvss/availability_requirement.py b/src/ssvc/decision_points/cvss/availability_requirement.py index a954a96a..6b282cb8 100644 --- a/src/ssvc/decision_points/cvss/availability_requirement.py +++ b/src/ssvc/decision_points/cvss/availability_requirement.py @@ -28,6 +28,7 @@ NOT_DEFINED_X, ) from ssvc.decision_points.cvss.base import CvssDecisionPoint +from ssvc.decision_points.cvss.helpers import no_x from ssvc.decision_points.helpers import print_versions_and_diffs @@ -118,6 +119,9 @@ ), ) +AR_NoX = no_x(AVAILABILITY_REQUIREMENT_1_1_1) +"""A version of the Availability Requirement decision point without the Not Defined (X) option.""" + VERSIONS = ( AVAILABILITY_REQUIREMENT_1, AVAILABILITY_REQUIREMENT_1_1, diff --git a/src/ssvc/decision_points/cvss/confidentiality_requirement.py b/src/ssvc/decision_points/cvss/confidentiality_requirement.py index 9c9c02e2..a86e2558 100644 --- a/src/ssvc/decision_points/cvss/confidentiality_requirement.py +++ b/src/ssvc/decision_points/cvss/confidentiality_requirement.py @@ -28,6 +28,7 @@ NOT_DEFINED_X, ) from ssvc.decision_points.cvss.base import CvssDecisionPoint +from ssvc.decision_points.cvss.helpers import no_x from ssvc.decision_points.helpers import print_versions_and_diffs _HIGH = DecisionPointValue( @@ -116,6 +117,9 @@ ), ) +CR_NoX = no_x(CONFIDENTIALITY_REQUIREMENT_1_1_1) +"""A version of the Confidentiality Requirement decision point without the Not Defined (X) option.""" + VERSIONS = ( CONFIDENTIALITY_REQUIREMENT_1, CONFIDENTIALITY_REQUIREMENT_1_1, diff --git a/src/ssvc/decision_points/cvss/helpers.py b/src/ssvc/decision_points/cvss/helpers.py index d0799a9d..0c6c3e4b 100644 --- a/src/ssvc/decision_points/cvss/helpers.py +++ b/src/ssvc/decision_points/cvss/helpers.py @@ -27,7 +27,7 @@ from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss._not_defined import NOT_DEFINED_X -from ssvc.decision_points.cvss.base import CvssDecisionPoint as DecisionPoint +from ssvc.decision_points.cvss.base import CvssDecisionPoint, CvssDecisionPoint as DecisionPoint def _modify_3(dp: DecisionPoint): @@ -101,9 +101,9 @@ def _modify_4(dp: DecisionPoint): _dp_dict["version"] = str(semver.Version.bump_patch(ver)) break - # Note: For MSI, There is also a highest severity level, Safety (S), in addition to the same values as the + # Note: For MSI and MSA, There is also a highest severity level, Safety (S), in addition to the same values as the # corresponding Base Metric (High, Medium, Low). - if key == "MSI": + if key in ["MSI", "MSA"]: _SAFETY = DecisionPointValue( name="Safety", key="S", @@ -125,3 +125,17 @@ def main(): if __name__ == "__main__": main() + + +def no_x(dp: CvssDecisionPoint) -> CvssDecisionPoint: + """Create a version of the decision point without the Not Defined (X) option.""" + return CvssDecisionPoint( + namespace=dp.namespace, + key=f"{dp.key}_NoX", + version=dp.version, + name=f"{dp.name} (without Not Defined)", + description=( + f"{dp.description} This version does not include the Not Defined (X) option." + ), + values=tuple([v for v in dp.values if v.key != "X"]), + ) diff --git a/src/ssvc/decision_points/cvss/integrity_requirement.py b/src/ssvc/decision_points/cvss/integrity_requirement.py index 2c8a652b..3611465f 100644 --- a/src/ssvc/decision_points/cvss/integrity_requirement.py +++ b/src/ssvc/decision_points/cvss/integrity_requirement.py @@ -28,6 +28,7 @@ NOT_DEFINED_X, ) from ssvc.decision_points.cvss.base import CvssDecisionPoint +from ssvc.decision_points.cvss.helpers import no_x from ssvc.decision_points.helpers import print_versions_and_diffs _HIGH = DecisionPointValue( @@ -116,6 +117,9 @@ ), ) +IR_NoX = no_x(INTEGRITY_REQUIREMENT_1_1_1) +"""A version of the Integrity Requirement decision point without the Not Defined (X) option.""" + VERSIONS = ( INTEGRITY_REQUIREMENT_1, INTEGRITY_REQUIREMENT_1_1, diff --git a/src/ssvc/decision_points/cvss/modified/__init__.py b/src/ssvc/decision_points/cvss/modified/__init__.py new file mode 100644 index 00000000..2c04ac3a --- /dev/null +++ b/src/ssvc/decision_points/cvss/modified/__init__.py @@ -0,0 +1,20 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +"""Provides CVSS Modified Decision Points""" diff --git a/src/ssvc/decision_points/cvss/modified/modified_subsequent_availability_impact.py b/src/ssvc/decision_points/cvss/modified/modified_subsequent_availability_impact.py new file mode 100644 index 00000000..271e19f7 --- /dev/null +++ b/src/ssvc/decision_points/cvss/modified/modified_subsequent_availability_impact.py @@ -0,0 +1,46 @@ +#!/usr/bin/env python +""" +CVSS Subsequent system availability impact decision point. +""" +# Copyright (c) 2023-2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.cvss.helpers import modify_4, no_x +from ssvc.decision_points.cvss.subsequent_availability_impact import ( + SUBSEQUENT_AVAILABILITY_IMPACT_1 as SA, +) + +MSA = modify_4(SA) +MSA_NoX = no_x(MSA) + +VERSIONS = (MSA,) +LATEST = VERSIONS[-1] + + +def main(): + from ssvc.decision_points.helpers import print_versions_and_diffs + + print_versions_and_diffs(VERSIONS) + print_versions_and_diffs([ + MSA_NoX, + ]) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/decision_points/cvss/modified/modified_subsequent_integrity_impact.py b/src/ssvc/decision_points/cvss/modified/modified_subsequent_integrity_impact.py new file mode 100644 index 00000000..574da037 --- /dev/null +++ b/src/ssvc/decision_points/cvss/modified/modified_subsequent_integrity_impact.py @@ -0,0 +1,53 @@ +#!/usr/bin/env python +""" +CVSS Subsequent System Integrity Impact Decision Point +""" + + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.cvss.helpers import modify_4, no_x +from ssvc.decision_points.cvss.subsequent_integrity_impact import ( + SUBSEQUENT_INTEGRITY_IMPACT_1 as SI, +) + +MSI = modify_4(SI) + +MSI_NoX = no_x(MSI) + + +VERSIONS = (MSI,) +LATEST = VERSIONS[-1] + + +def main(): + from ssvc.decision_points.helpers import print_versions_and_diffs + + print_versions_and_diffs(VERSIONS) + + print_versions_and_diffs( + [ + MSI_NoX, + ] + ) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index a449a15a..5e2bcffc 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -227,6 +227,13 @@ def validate_mapping(self): else: logger.debug("Topological order check passed with no problems.") + # if there's only one decision point mapping to the outcome, we can stop here + input_cols = [ + dp for dp in self.decision_points.values() if dp.id != self.outcome + ] + if len(input_cols) <= 1: + return self + # reject if any irrelevant columns are present in the mapping fi = feature_importance(self) irrelevant_features = fi[fi["feature_importance"] <= 0] diff --git a/src/ssvc/decision_tables/cvss/__init__.py b/src/ssvc/decision_tables/cvss/__init__.py new file mode 100644 index 00000000..920ef790 --- /dev/null +++ b/src/ssvc/decision_tables/cvss/__init__.py @@ -0,0 +1,22 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +""" +Provides decision tables related to CVSS (Common Vulnerability Scoring System). +""" diff --git a/src/ssvc/decision_tables/cvss/equivalence_set_five.py b/src/ssvc/decision_tables/cvss/equivalence_set_five.py new file mode 100644 index 00000000..3091a599 --- /dev/null +++ b/src/ssvc/decision_tables/cvss/equivalence_set_five.py @@ -0,0 +1,63 @@ +#!/usr/bin/env python +""" +CVSS Equivalence Set 5 Decision Table +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +# Table 28: EQ5 - MacroVectors +# +# Levels Constraints Highest Severity Vector(s) +# 0 E:A E:A +# 1 E:P E:P +# 2 E:U E:U + + +from ssvc.decision_points.cvss.equivalence_set_5 import EQ5 +from ssvc.decision_points.cvss.exploit_maturity import EXPLOIT_MATURITY_2 as E +from ssvc.decision_tables.base import DecisionTable +from ssvc.namespaces import NameSpace + +V1_0_0 = DecisionTable( + namespace=NameSpace.CVSS, + key="CVSS_EQ5", + version="1.0.0", + name="CVSS Equivalence Set 5", + description="CVSS Equivalence Set 5 Decision Table", + decision_points={dp.id: dp for dp in [E, EQ5]}, + outcome=EQ5.id, + mapping=[ + {"cvss:E:2.0.0": "U", "cvss:EQ5:1.0.0": "L"}, + {"cvss:E:2.0.0": "P", "cvss:EQ5:1.0.0": "M"}, + {"cvss:E:2.0.0": "A", "cvss:EQ5:1.0.0": "H"}, + ], +) + +VERSIONS = (V1_0_0,) +LATEST = VERSIONS[-1] + + +def main(): + from ssvc.decision_tables.helpers import print_dt_version + + print_dt_version(LATEST, longform=False) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/decision_tables/cvss/equivalence_set_four.py b/src/ssvc/decision_tables/cvss/equivalence_set_four.py new file mode 100644 index 00000000..554e9b35 --- /dev/null +++ b/src/ssvc/decision_tables/cvss/equivalence_set_four.py @@ -0,0 +1,357 @@ +#!/usr/bin/env python +""" +Provides CVSS v4 Equivalence Set 4 Decision Table +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +# +# +# https://www.first.org/cvss/v4-0/specification-document +# Table 27: EQ4 - MacroVectors +# +# Levels Constraints Highest Severity Vector(s) +# 0 MSI:S or MSA:S SC:H/SI:S/SA:S +# 1 not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H) SC:H/SI:H/SA:H +# 2 not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H) SC:L/SI:L/SA:L + +from ssvc.decision_points.cvss.equivalence_set_4 import EQ4 +from ssvc.decision_points.cvss.modified.modified_subsequent_availability_impact import ( + MSA_NoX as MSA, +) +from ssvc.decision_points.cvss.modified.modified_subsequent_integrity_impact import ( + MSI_NoX as MSI, +) +from ssvc.decision_points.cvss.subsequent_confidentiality_impact import ( + SUBSEQUENT_CONFIDENTIALITY_IMPACT_1 as SC, +) +from ssvc.decision_tables.base import DecisionTable +from ssvc.namespaces import NameSpace + +V1_0_0 = DecisionTable( + namespace=NameSpace.CVSS, + key="CVSS4_EQ4", + version="1.0.0", + name="CVSS v4 Equivalence Set 4", + description="This decision table models equivalence set 4 from CVSS v4.", + decision_points={dp.id: dp for dp in (SC, MSI, MSA, EQ4)}, + outcome=EQ4.id, + mapping=[ + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "L", + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "L", + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "L", + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "L", + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "L", + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "L", + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "L", + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "L", + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M", + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H", + }, + { + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H", + }, + ], +) + +VERSIONS = (V1_0_0,) +LATEST = VERSIONS[-1] + + +def main(): + from ssvc.decision_tables.helpers import print_dt_version + + print_dt_version(LATEST, longform=False) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/decision_tables/cvss/equivalence_set_one.py b/src/ssvc/decision_tables/cvss/equivalence_set_one.py new file mode 100644 index 00000000..41b227d7 --- /dev/null +++ b/src/ssvc/decision_tables/cvss/equivalence_set_one.py @@ -0,0 +1,280 @@ +#!/usr/bin/env python +""" +Provides a decision table modeling equivalence set 1 from CVSS v4""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +# https://www.first.org/cvss/v4-0/specification-document +# Table 24: EQ1 MacroVectors +# Levels Constraints Highest Severity Vector(s) +# 0 AV:N and PR:N and UI:N AV:N/PR:N/UI:N +# 1 (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P AV:A/PR:N/UI:N or AV:N/PR:L/UI:N or AV:N/PR:N:/UI:P +# 2 AV:P or not(AV:N or PR:N or UI:N) AV:P/PR:N/UI:N or AV:A/PR:L/UI:P + +from ssvc.decision_points.cvss.attack_vector import ATTACK_VECTOR_3_0_1 as AV +from ssvc.decision_points.cvss.equivalence_set_1 import EQ1 +from ssvc.decision_points.cvss.privileges_required import ( + PRIVILEGES_REQUIRED_1_0_1 as PR, +) +from ssvc.decision_points.cvss.user_interaction import USER_INTERACTION_2 as UI +from ssvc.decision_tables.base import DecisionTable +from ssvc.namespaces import NameSpace + + +V1_0_0 = DecisionTable( + namespace=NameSpace.CVSS, + key="CVSS4_EQ1", + version="1.0.0", + name="CVSS v4 Equivalence Set 1", + description="This decision table models equivalence set 1 from CVSS v4. Factors include Attack Vector (AV), Privileges Required (PR), and User Interaction (UI).", + decision_points={dp.id: dp for dp in (AV, PR, UI, EQ1)}, + outcome=EQ1.id, + mapping=[ + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L", + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L", + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L", + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L", + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L", + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L", + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L", + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L", + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L", + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "L", + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M", + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L", + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M", + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L", + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L", + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L", + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M", + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "L", + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M", + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M", + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M", + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L", + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M", + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M", + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M", + }, + { + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "L", + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M", + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M", + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M", + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M", + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M", + }, + { + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M", + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M", + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M", + }, + { + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M", + }, + { + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "H", + }, + ], +) + +VERSIONS = (V1_0_0,) +LATEST = VERSIONS[-1] + + +def main(): + from ssvc.decision_tables.helpers import print_dt_version + + print_dt_version(LATEST, longform=False) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/decision_tables/cvss/equivalence_set_six.py b/src/ssvc/decision_tables/cvss/equivalence_set_six.py new file mode 100644 index 00000000..1acd1875 --- /dev/null +++ b/src/ssvc/decision_tables/cvss/equivalence_set_six.py @@ -0,0 +1,6638 @@ +#!/usr/bin/env python +""" +file: equivalence_set_six +author: adh +created_at: 8/8/25 3:22 PM +""" + + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +# Table 29: EQ6 - MacroVectors +# +# Levels Constraints Highest Severity Vector(s) +# 0 (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H) VC:H/VI:H/VA:H/CR:H/IR:H/AR:H +# 1 not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H) VC:H/VI:H/VA:H/CR:M/IR:M/AR:M or VC:H/VI:H/VA:L/CR:M/IR:M/AR:H or VC:H/VI:L/VA:H/CR:M/IR:H/AR:M or VC:H/VI:L/VA:L/CR:M/IR:H/AR:H or VC:L/VI:H/VA:H/CR:H/IR:M/AR:M or VC:L/VI:H/VA:L/CR:H/IR:M/AR:H or VC:L/VI:L/VA:H/CR:H/IR:H/AR:M or VC:L/VI:L/VA:L/CR:H/IR:H/AR:H + +from ssvc.decision_points.cvss.availability_impact import ( + AVAILABILITY_IMPACT_3_0_0 as VA, +) +from ssvc.decision_points.cvss.availability_requirement import ( + AR_NoX as AR, +) +from ssvc.decision_points.cvss.confidentiality_impact import ( + CONFIDENTIALITY_IMPACT_3_0_0 as VC, +) +from ssvc.decision_points.cvss.confidentiality_requirement import ( + CR_NoX as CR, +) +from ssvc.decision_points.cvss.equivalence_set_6 import EQ6 +from ssvc.decision_points.cvss.integrity_impact import INTEGRITY_IMPACT_3_0_0 as VI +from ssvc.decision_points.cvss.integrity_requirement import ( + IR_NoX as IR, +) +from ssvc.decision_tables.base import DecisionTable +from ssvc.namespaces import NameSpace + +V1_0_0 = DecisionTable( + namespace=NameSpace.CVSS, + key="CVSS4_EQ6", + version="1.0.0", + name="CVSS v4 Equivalence Set 6", + description="This decision table models equivalence set 6 from CVSS v4.", + decision_points={dp.id: dp for dp in (CR, VC, IR, VI, AR, VA, EQ6)}, + outcome=EQ6.id, + mapping=[ + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H", + }, + ], +) + +VERSIONS = (V1_0_0,) +LATEST = VERSIONS[-1] + + +def main(): + from ssvc.decision_tables.helpers import print_dt_version + + print_dt_version(LATEST, longform=False) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/decision_tables/cvss/equivalence_set_three.py b/src/ssvc/decision_tables/cvss/equivalence_set_three.py new file mode 100644 index 00000000..e6b2757c --- /dev/null +++ b/src/ssvc/decision_tables/cvss/equivalence_set_three.py @@ -0,0 +1,230 @@ +#!/usr/bin/env python +""" +Provides a decision table modeling equivalence set 3 from CVSS v4""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +# https://www.first.org/cvss/v4-0/specification-document +# Table 26: EQ3 - MacroVectors +# +# Levels Constraints Highest Severity Vector(s) +# 0 VC:H and VI:H VC:H/VI:H/VA:H +# 1 not (VC:H and VI:H) and (VC:H or VI:H or VA:H) VC:L/VI:H/VA:H or VC:H/VI:L/VA:H +# 2 not (VC:H or VI:H or VA:H) VC:L/VI:L/VA:L + +from ssvc.decision_points.cvss.availability_impact import ( + AVAILABILITY_IMPACT_3_0_0 as VA, +) +from ssvc.decision_points.cvss.confidentiality_impact import ( + CONFIDENTIALITY_IMPACT_3_0_0 as VC, +) +from ssvc.decision_points.cvss.equivalence_set_3 import EQ3 +from ssvc.decision_points.cvss.integrity_impact import ( + INTEGRITY_IMPACT_3_0_0 as VI, +) +from ssvc.decision_tables.base import DecisionTable +from ssvc.namespaces import NameSpace + +V1_0_0 = DecisionTable( + namespace=NameSpace.CVSS, + key="CVSS4_EQ3", + version="1.0.0", + name="CVSS v4 Equivalence Set 3", + description="This decision table models equivalence set 3 from CVSS v4.", + decision_points={dp.id: dp for dp in (VC, VI, VA, EQ3)}, + outcome=EQ3.id, + mapping=[ + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "L", + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "L", + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "L", + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "L", + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "M", + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "L", + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "M", + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "L", + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "L", + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M", + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "M", + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "M", + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "M", + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "L", + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "M", + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M", + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M", + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "H", + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "M", + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "M", + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M", + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M", + }, + { + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M", + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "H", + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M", + }, + { + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M", + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "H", + }, + ], +) + +VERSIONS = (V1_0_0,) +LATEST = VERSIONS[-1] + + +def main(): + from ssvc.decision_tables.helpers import print_dt_version + + print_dt_version(LATEST, longform=False) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/decision_tables/cvss/equivalence_set_two.py b/src/ssvc/decision_tables/cvss/equivalence_set_two.py new file mode 100644 index 00000000..b4b2c48d --- /dev/null +++ b/src/ssvc/decision_tables/cvss/equivalence_set_two.py @@ -0,0 +1,65 @@ +#!/usr/bin/env python +""" +Provides a decision table modeling equivalence set 2 from CVSS v4""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +# https://www.first.org/cvss/v4-0/specification-document +# Table 25: EQ2 - MacroVectors +# +# Levels Constraints Highest Severity Vector(s) +# 0 AC:L and AT:N AC:L/AT:N +# 1 not (AC:L and AT:N) AC:L/AT:P or AC:H/AT:N + +from ssvc.decision_points.cvss.attack_complexity import ATTACK_COMPLEXITY_3_0_1 as AC +from ssvc.decision_points.cvss.attack_requirements import ATTACK_REQUIREMENTS_1 as AT + +from ssvc.decision_points.cvss.equivalence_set_2 import EQ2 +from ssvc.decision_tables.base import DecisionTable +from ssvc.namespaces import NameSpace + +V1_0_0 = DecisionTable( + namespace=NameSpace.CVSS, + key="CVSS4_EQ2", + version="1.0.0", + name="CVSS v4 Equivalence Set 2", + description="This decision table models equivalence set 2 from CVSS v4. Factors include Attack Complexity (AC) and Attack Requirements (AT).", + decision_points={dp.id: dp for dp in (AC, AT, EQ2)}, + outcome=EQ2.id, + mapping=[ + {"cvss:AC:3.0.1": "H", "cvss:AT:1.0.0": "P", "cvss:EQ2:1.0.0": "L"}, + {"cvss:AC:3.0.1": "L", "cvss:AT:1.0.0": "P", "cvss:EQ2:1.0.0": "L"}, + {"cvss:AC:3.0.1": "H", "cvss:AT:1.0.0": "N", "cvss:EQ2:1.0.0": "L"}, + {"cvss:AC:3.0.1": "L", "cvss:AT:1.0.0": "N", "cvss:EQ2:1.0.0": "H"}, + ], +) + +VERSIONS = (V1_0_0,) +LATEST = VERSIONS[-1] + + +def main(): + from ssvc.decision_tables.helpers import print_dt_version + + print_dt_version(LATEST, longform=False) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/decision_tables/helpers.py b/src/ssvc/decision_tables/helpers.py index 19cbcaba..31a37e4f 100644 --- a/src/ssvc/decision_tables/helpers.py +++ b/src/ssvc/decision_tables/helpers.py @@ -22,7 +22,12 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_tables.base import decision_table_to_longform_df + +from ssvc.decision_tables.base import ( + DecisionTable, + decision_table_to_longform_df, + decision_table_to_shortform_df, +) def write_csv( @@ -52,9 +57,28 @@ def write_csv( fp.write(decision_table_to_longform_df(decision_table).to_csv(index=index)) +def print_dt_version(dt: DecisionTable, longform=True) -> None: + from ssvc.decision_tables.base import decision_table_to_longform_df + + print(f"# Decision Table: {dt.name} v{dt.version}") + print() + print("## Full Model Dump:") + print() + print(dt.model_dump_json(indent=2)) + print() + print("## CSV Mapping:") + print() + if longform: + df = decision_table_to_longform_df(dt) + else: + df = decision_table_to_shortform_df(dt) + print(df.to_csv(index=False)) + + def main(): pass if __name__ == "__main__": main() + diff --git a/src/ssvc/decision_tables/ssvc/coord_pub_dt.py b/src/ssvc/decision_tables/ssvc/coord_pub_dt.py index 11a51810..22f9e401 100644 --- a/src/ssvc/decision_tables/ssvc/coord_pub_dt.py +++ b/src/ssvc/decision_tables/ssvc/coord_pub_dt.py @@ -3,6 +3,7 @@ Provides the Coordinator Publish Decision Table for SSVC. """ + # Copyright (c) 2025 Carnegie Mellon University. # NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE # ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. @@ -211,13 +212,9 @@ def main(): - from ssvc.decision_tables.base import decision_table_to_longform_df - - print(LATEST.model_dump_json(indent=2)) + from ssvc.decision_tables.helpers import print_dt_version - print("Longform DataFrame CSV") - print() - print(decision_table_to_longform_df(LATEST).to_csv(index=False)) + print_dt_version(LATEST) if __name__ == "__main__": diff --git a/src/test/decision_tables/cvss/__init__.py b/src/test/decision_tables/cvss/__init__.py new file mode 100644 index 00000000..7c3b4a14 --- /dev/null +++ b/src/test/decision_tables/cvss/__init__.py @@ -0,0 +1,22 @@ +""" +Unit tests for CVSS decision tables. +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 diff --git a/src/test/decision_tables/cvss/test_eq1.py b/src/test/decision_tables/cvss/test_eq1.py new file mode 100644 index 00000000..1d5e261b --- /dev/null +++ b/src/test/decision_tables/cvss/test_eq1.py @@ -0,0 +1,66 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest + +from ssvc.decision_tables.cvss.equivalence_set_one import V1_0_0 as EQ1 + + +class MyTestCase(unittest.TestCase): + def setUp(self): + self.eq1 = EQ1 + + def test_mapping(self): + # Levels Constraints Highest Severity Vector(s) + # 0 AV:N and PR:N and UI:N AV:N/PR:N/UI:N + # 1 (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P AV:A/PR:N/UI:N or AV:N/PR:L/UI:N or AV:N/PR:N:/UI:P + # 2 AV:P or not(AV:N or PR:N or UI:N) AV:P/PR:N/UI:N or AV:A/PR:L/UI:P + + av = [k for k in self.eq1.decision_points.keys() if "AV" in k][0] + pr = [k for k in self.eq1.decision_points.keys() if "PR" in k][0] + ui = [k for k in self.eq1.decision_points.keys() if "UI" in k][0] + out = self.eq1.outcome + for row in self.eq1.mapping: + with self.subTest(row=row): + self.assertIn(av, row) + self.assertIn(pr, row) + self.assertIn(ui, row) + self.assertIn(out, row) + if row[av] == "N" and row[pr] == "N" and row[ui] == "N": + # level 0 + self.assertEqual(row[out], "H") + elif row[av] == "N" and row[av] != "P": + # level 1 + self.assertEqual(row[out], "M") + elif row[pr] == "N" and row[av] != "P": + self.assertEqual(row[out], "M") + elif row[ui] == "N" and row[av] != "P": + self.assertEqual(row[out], "M") + elif row[av] == "P": + # level 2 + self.assertEqual(row[out], "L") + else: + self.assertNotEqual(row[av], "N") + self.assertNotEqual(row[pr], "N") + self.assertNotEqual(row[ui], "N") + self.assertEqual(row[out], "L") + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/decision_tables/cvss/test_eq2.py b/src/test/decision_tables/cvss/test_eq2.py new file mode 100644 index 00000000..24d1ce2d --- /dev/null +++ b/src/test/decision_tables/cvss/test_eq2.py @@ -0,0 +1,54 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest + +from ssvc.decision_tables.cvss.equivalence_set_two import V1_0_0 as EQ2 + + +class MyTestCase(unittest.TestCase): + def setUp(self): + self.eq2 = EQ2 + + def test_mapping(self): + # Table 25: EQ2 - MacroVectors + # + # Levels Constraints Highest Severity Vector(s) + # 0 AC:L and AT:N AC:L/AT:N + # 1 not (AC:L and AT:N) AC:L/AT:P or AC:H/AT:N + ac = [k for k in self.eq2.decision_points.keys() if "AC" in k][0] + at = [k for k in self.eq2.decision_points.keys() if "AT" in k][0] + out = self.eq2.outcome + + for row in self.eq2.mapping: + with self.subTest(row=row): + self.assertIn(ac, row) + self.assertIn(at, row) + self.assertIn(out, row) + + if row[ac] == "L" and row[at] == "N": + # level 0 + self.assertEqual(row[out], "H") + else: + # level 1 + self.assertEqual(row[out], "L") + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/decision_tables/cvss/test_eq3.py b/src/test/decision_tables/cvss/test_eq3.py new file mode 100644 index 00000000..5812f6ed --- /dev/null +++ b/src/test/decision_tables/cvss/test_eq3.py @@ -0,0 +1,64 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest + +from ssvc.decision_tables.cvss.equivalence_set_three import V1_0_0 as EQ3 + + +class MyTestCase(unittest.TestCase): + def setUp(self): + self.eq3 = EQ3 + + def test_mapping(self): + # Table 26: EQ3 - MacroVectors + # + # Levels Constraints Highest Severity Vector(s) + # 0 VC:H and VI:H VC:H/VI:H/VA:H + # 1 not (VC:H and VI:H) and (VC:H or VI:H or VA:H) VC:L/VI:H/VA:H or VC:H/VI:L/VA:H + # 2 not (VC:H or VI:H or VA:H) VC:L/VI:L/VA:L + vc = [k for k in self.eq3.decision_points.keys() if "VC" in k][0] + vi = [k for k in self.eq3.decision_points.keys() if "VI" in k][0] + va = [k for k in self.eq3.decision_points.keys() if "VA" in k][0] + out = self.eq3.outcome + + for row in self.eq3.mapping: + with self.subTest(row=row): + self.assertIn(vc, row) + self.assertIn(vi, row) + self.assertIn(va, row) + self.assertIn(out, row) + + if row[vc] == "H" and row[vi] == "H": + # level 0 + self.assertEqual(row[out], "H") + elif row[vc] == "H" or row[vi] == "H" or row[va] == "H": + # level 1 + self.assertFalse(row[vc] == "H" and row[vi] == "H") + self.assertEqual(row[out], "M") + else: + # level 2 + self.assertNotEqual(row[vc], "H") + self.assertNotEqual(row[vi], "H") + self.assertNotEqual(row[va], "H") + self.assertEqual(row[out], "L") + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/decision_tables/cvss/test_eq4.py b/src/test/decision_tables/cvss/test_eq4.py new file mode 100644 index 00000000..3d6a8591 --- /dev/null +++ b/src/test/decision_tables/cvss/test_eq4.py @@ -0,0 +1,62 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest + +from ssvc.decision_tables.cvss.equivalence_set_four import V1_0_0 as EQ4 + + +class MyTestCase(unittest.TestCase): + def setUp(self): + self.eq4 = EQ4 + + def test_mapping(self): + msi = [k for k in self.eq4.decision_points.keys() if "MSI" in k][0] + msa = [k for k in self.eq4.decision_points.keys() if "MSA" in k][0] + sc = [k for k in self.eq4.decision_points.keys() if "SC" in k][0] + out = self.eq4.outcome + + for row in self.eq4.mapping: + self.assertIn(msi, row) + self.assertIn(msa, row) + self.assertIn(sc, row) + self.assertIn(out, row) + + # Levels Constraints Highest Severity Vector(s) + # 0 MSI:S or MSA:S SC:H/SI:S/SA:S + # 1 not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H) SC:H/SI:H/SA:H + # 2 not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H) SC:L/SI:L/SA:L + if row[msi] == "S" or row[msa] == "S": + # level 0 + self.assertEqual(row[out], "H") + else: + # level 1 + if row[msi] == "H": + self.assertEqual(row[out], "M") + elif row[msa] == "H": + self.assertEqual(row[out], "M") + elif row[sc] == "H": + self.assertEqual(row[out], "M") + else: + # level 2 + self.assertEqual(row[out], "L") + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/decision_tables/cvss/test_eq5.py b/src/test/decision_tables/cvss/test_eq5.py new file mode 100644 index 00000000..aee9b531 --- /dev/null +++ b/src/test/decision_tables/cvss/test_eq5.py @@ -0,0 +1,59 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest + +from ssvc.decision_tables.cvss.equivalence_set_five import V1_0_0 as EQ5 + + +class MyTestCase(unittest.TestCase): + def setUp(self): + self.eq5 = EQ5 + + def test_mapping(self): + # Table 28: EQ5 - MacroVectors + # + # Levels Constraints Highest Severity Vector(s) + # 0 E:A E:A + # 1 E:P E:P + # 2 E:U E:U + + e = [k for k in self.eq5.decision_points.keys() if "E" in k][0] + out = self.eq5.outcome + + for row in self.eq5.mapping: + with self.subTest(row=row): + self.assertIn(e, row) + self.assertIn(out, row) + + if row[e] == "A": + # level 0 + self.assertEqual(row[out], "H") + elif row[e] == "P": + # level 1 + self.assertEqual(row[out], "M") + elif row[e] == "U": + # level 2 + self.assertEqual(row[out], "L") + else: + self.fail(f"Unexpected value: {row}") + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/decision_tables/cvss/test_eq6.py b/src/test/decision_tables/cvss/test_eq6.py new file mode 100644 index 00000000..f3ef9052 --- /dev/null +++ b/src/test/decision_tables/cvss/test_eq6.py @@ -0,0 +1,67 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest + +from ssvc.decision_tables.cvss.equivalence_set_six import V1_0_0 as EQ6 + + +class MyTestCase(unittest.TestCase): + def setUp(self): + self.eq6 = EQ6 + + def test_mapping(self): + # Table 29: EQ6 - MacroVectors + # + # Levels Constraints Highest Severity Vector(s) + # 0 (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H) VC:H/VI:H/VA:H/CR:H/IR:H/AR:H + # 1 not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H) VC:H/VI:H/VA:H/CR:M/IR:M/AR:M or VC:H/VI:H/VA:L/CR:M/IR:M/AR:H or VC:H/VI:L/VA:H/CR:M/IR:H/AR:M or VC:H/VI:L/VA:L/CR:M/IR:H/AR:H or VC:L/VI:H/VA:H/CR:H/IR:M/AR:M or VC:L/VI:H/VA:L/CR:H/IR:M/AR:H or VC:L/VI:L/VA:H/CR:H/IR:H/AR:M or VC:L/VI:L/VA:L/CR:H/IR:H/AR:H + + cr = [k for k in self.eq6.decision_points.keys() if "CR" in k][0] + ir = [k for k in self.eq6.decision_points.keys() if "IR" in k][0] + ar = [k for k in self.eq6.decision_points.keys() if "AR" in k][0] + + vc = [k for k in self.eq6.decision_points.keys() if "VC" in k][0] + vi = [k for k in self.eq6.decision_points.keys() if "VI" in k][0] + va = [k for k in self.eq6.decision_points.keys() if "VA" in k][0] + out = self.eq6.outcome + + for row in self.eq6.mapping: + with self.subTest(row=row): + self.assertIn(cr, row) + self.assertIn(ir, row) + self.assertIn(ar, row) + self.assertIn(out, row) + + if row[cr] == "H" and row[vc] == "H": + # level 0 + self.assertEqual(row[out], "H") + elif row[ir] == "H" and row[vi] == "H": + # level 0 + self.assertEqual(row[out], "H") + elif row[ar] == "H" and row[va] == "H": + # level 0 + self.assertEqual(row[out], "H") + else: + # level 1 + self.assertEqual(row[out], "L") + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/decision_tables/test_base.py b/src/test/decision_tables/test_base.py index 0215780a..d1efb1eb 100644 --- a/src/test/decision_tables/test_base.py +++ b/src/test/decision_tables/test_base.py @@ -330,6 +330,46 @@ def test_combo_strings(self): # # each count should be less than or equal to the length of the combination self.assertLessEqual(count, len(combos)) + def test_single_dp_dt(self): + # Create a DecisionTable with a single DecisionPoint + dp_in = DecisionPoint( + name="dp_in", + description="A single decision point", + version="1.0.0", + namespace="x_test", + key="dp", + values=(self.dp1v1, self.dp1v2), + registered=False, + ) + dp_out = DecisionPoint( + namespace="x_test", + key="outcome", + name="Outcome", + description="Outcome for single DP test", + version="1.0.0", + values=(self.ogv1, self.ogv2, self.ogv3), + registered=False, + ) + + single_dt = DecisionTable( + key="SINGLE_TEST", + namespace="x_test", + name="Single DP Test Table", + description="Describes the single DP test table", + decision_points={dp.id: dp for dp in [dp_in, dp_out]}, + outcome=dp_out.id, + registered=False, + ) + + # Check if mapping is populated correctly + self.assertIsNotNone(single_dt.mapping) + self.assertEqual(len(single_dt.mapping), len(dp_in.values)) + + # Check if the mapping contains the correct outcomes + for row in single_dt.mapping: + self.assertIn(single_dt.outcome, row) + self.assertIn(row[single_dt.outcome], [v.key for v in self.og.values]) + if __name__ == "__main__": unittest.main() From 589f537826ae2219c038d4264087a3c35553db28 Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli Date: Tue, 12 Aug 2025 13:33:49 -0400 Subject: [PATCH 218/468] Move a file to be consistent in data/json/decision_points folder (#866) * Move a file to be consistent * modify title of Decision Table object --------- Co-authored-by: Allen D. Householder --- ...ce_set_5_1_0_0.json => cvss_v4_equivalence_set_5_1_0_0.json} | 2 +- data/json/ssvc_object_registry.json | 2 +- src/ssvc/decision_tables/cvss/equivalence_set_five.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) rename data/json/decision_tables/cvss/{cvss_equivalence_set_5_1_0_0.json => cvss_v4_equivalence_set_5_1_0_0.json} (98%) diff --git a/data/json/decision_tables/cvss/cvss_equivalence_set_5_1_0_0.json b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_5_1_0_0.json similarity index 98% rename from data/json/decision_tables/cvss/cvss_equivalence_set_5_1_0_0.json rename to data/json/decision_tables/cvss/cvss_v4_equivalence_set_5_1_0_0.json index f8adf99e..f6386ff2 100644 --- a/data/json/decision_tables/cvss/cvss_equivalence_set_5_1_0_0.json +++ b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_5_1_0_0.json @@ -2,7 +2,7 @@ "namespace": "cvss", "key": "DT_CVSS_EQ5", "version": "1.0.0", - "name": "CVSS Equivalence Set 5", + "name": "CVSS v4 Equivalence Set 5", "description": "CVSS Equivalence Set 5 Decision Table", "schemaVersion": "2.0.0", "decision_points": { diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index d2782875..6f5e2816 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -6988,7 +6988,7 @@ "namespace": "cvss", "key": "DT_CVSS_EQ5", "version": "1.0.0", - "name": "CVSS Equivalence Set 5", + "name": "CVSS v4 Equivalence Set 5", "description": "CVSS Equivalence Set 5 Decision Table", "schemaVersion": "2.0.0", "decision_points": { diff --git a/src/ssvc/decision_tables/cvss/equivalence_set_five.py b/src/ssvc/decision_tables/cvss/equivalence_set_five.py index 3091a599..d0ed510f 100644 --- a/src/ssvc/decision_tables/cvss/equivalence_set_five.py +++ b/src/ssvc/decision_tables/cvss/equivalence_set_five.py @@ -38,7 +38,7 @@ namespace=NameSpace.CVSS, key="CVSS_EQ5", version="1.0.0", - name="CVSS Equivalence Set 5", + name="CVSS v4 Equivalence Set 5", description="CVSS Equivalence Set 5 Decision Table", decision_points={dp.id: dp for dp in [E, EQ5]}, outcome=EQ5.id, From 87d2cc3fb67e3c9308f9d409881efc22435e8d26 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Aug 2025 14:23:05 -0400 Subject: [PATCH 219/468] Bump actions/checkout from 4 to 5 (#864) Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/deploy_site.yml | 2 +- .github/workflows/link_checker.yml | 2 +- .github/workflows/lint_md_changes.yml | 2 +- .github/workflows/python-app.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy_site.yml b/.github/workflows/deploy_site.yml index df0a56b3..67f2a54f 100644 --- a/.github/workflows/deploy_site.yml +++ b/.github/workflows/deploy_site.yml @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Set up Python uses: actions/setup-python@v5 diff --git a/.github/workflows/link_checker.yml b/.github/workflows/link_checker.yml index 6def2986..9e73e866 100644 --- a/.github/workflows/link_checker.yml +++ b/.github/workflows/link_checker.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Set up Python uses: actions/setup-python@v5 diff --git a/.github/workflows/lint_md_changes.yml b/.github/workflows/lint_md_changes.yml index 15215556..09346c88 100644 --- a/.github/workflows/lint_md_changes.yml +++ b/.github/workflows/lint_md_changes.yml @@ -13,7 +13,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 - uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index eda4f001..e9142cb3 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-tags: true - name: Set up Python 3.12 From 0e85eea05ea373a048893176d6a2c22a08ec348a Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli Date: Tue, 12 Aug 2025 14:23:58 -0400 Subject: [PATCH 220/468] SSVC Cacluator to accept new schema (#867) --- docs/ssvc-calc/ssvc.js | 53 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 49 insertions(+), 4 deletions(-) diff --git a/docs/ssvc-calc/ssvc.js b/docs/ssvc-calc/ssvc.js index ee6f6079..93b6fc0d 100644 --- a/docs/ssvc-calc/ssvc.js +++ b/docs/ssvc-calc/ssvc.js @@ -20,7 +20,7 @@ */ /* SSVC code for graph building */ -const _version = "5.1.7" +const _version = "5.1.8" const _tool = "Dryad SSVC Calculator "+_version var showFullTree = false var diagonal,tree,svg,duration,root @@ -667,6 +667,47 @@ function create_short_keys(x,uniq_keys) { x["key"] = ssvc_short_keys[x.label]; } } +function schemaTransform(dtnew) { + const dtobj = JSON.parse(JSON.stringify(dtnew)); + const dtold = {}; + let finalkey; + if('outcome' in dtobj) + finalkey = dtobj.outcome; + if('decision_points' in dtobj) { + dtold['decision_points'] = []; + Object.entries(dtobj['decision_points']).forEach(function([k,dp]) { + dp.decision_type = "simple"; + if(k == finalkey) + dp.decision_type = "final"; + dp.values.forEach(function(dv) { + dv.label = dv.name; + delete dv.name; + }); + dp.options = dp.values; + delete dp.values; + dp.label = dp.name; + delete dp.name; + dtold.decision_points.push(dp); + }); + } + if('mapping' in dtobj) { + dtold['decisions_table'] = []; + dtobj.mapping.forEach(function(dvpair) { + const dt = {} + Object.entries(dvpair).forEach(function([k,v]) { + const dp = dtnew.decision_points[k]; + const name = dp.name; + for(let i=0; i< dp.values.length; i++) { + if('key' in dp.values[i] && dp.values[i].key == v) + dt[name] = dp.values[i].name; + } + }); + dtold['decisions_table'].push(dt); + }); + } + return dtold; + +} function parse_json(xraw,paused) { $('.bcomplex').remove(); $('.graphy').not('#zoomcontrol').show(); @@ -678,6 +719,9 @@ function parse_json(xraw,paused) { tm = JSON.parse(xraw) else tm = xraw + if(('schemaVersion' in tm) && (tm.schemaVersion == "2.0.0")) { + tm = schemaTransform(tm); + } if('decision_tree' in tm) { /* This has a decision_tree and a score - a computed and provision schemas together*/ @@ -785,7 +829,6 @@ function parse_json(xraw,paused) { var duniq_keys = {}; /* unique keys for choices under decision points*/ var ouniq_keys = {}; - acolors = []; lcolors = {}; tm.decision_points.map(x => { create_short_keys(x,duniq_keys); @@ -853,8 +896,10 @@ function parse_json(xraw,paused) { classes.push(srlabel); if(("color" in r) && (r.color)) { lcolors[r.label] = r.color; - } else if(acolors[i]) { - r.color = acolors[i]; + } else if(acolors[ir]) { + r.color = acolors[ir]; + } else { + r.color = "#fefefe"; } return h + $("
").append($("").addClass("decisiontab"). css({color:r.color}).html(r.label)) From aae4b5ac5f1489f5a3f3d0210970d8aeaec628fa Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 12 Aug 2025 15:24:17 -0400 Subject: [PATCH 221/468] Create `DecisionTable` representation of coordinator triage decision model (#868) * extract decision table print helper method * add first attempt at EQ1 (note: default mapping is unverified) * bring EQ 1 into alignment with CVSSv4 spec * fix AC and AT value order * add EQ2 decision table * add EQ3 verified against spec * create modified subsequent availability and integrity decision points * add EQ4 decision table * add EQ6 * wip on EQ5. blocked by #859 * add expected failure test for #859 * fix #859 * Update src/ssvc/decision_tables/cvss/equivalence_set_two.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update src/ssvc/decision_points/cvss/helpers.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update data/json/decision_tables/cvss/cvss_v4_equivalence_set_2_1_0_0.json Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix errors in EQ4 * regenerate registry * add unit tests * add coord triage table * pin specific decision point versions * isolate failing test * tighten up table and unit tests * refactor unit tests --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../ssvc/coordinator_triage_1_0_0.json | 2103 ++++++++++++++++ data/json/ssvc_object_registry.json | 2111 +++++++++++++++++ src/ssvc/decision_tables/ssvc/coord_triage.py | 2000 ++++++++++++++++ src/test/decision_tables/ssvc/__init__.py | 22 + .../decision_tables/ssvc/test_coord_triage.py | 152 ++ 5 files changed, 6388 insertions(+) create mode 100644 data/json/decision_tables/ssvc/coordinator_triage_1_0_0.json create mode 100644 src/ssvc/decision_tables/ssvc/coord_triage.py create mode 100644 src/test/decision_tables/ssvc/__init__.py create mode 100644 src/test/decision_tables/ssvc/test_coord_triage.py diff --git a/data/json/decision_tables/ssvc/coordinator_triage_1_0_0.json b/data/json/decision_tables/ssvc/coordinator_triage_1_0_0.json new file mode 100644 index 00000000..d9c32253 --- /dev/null +++ b/data/json/decision_tables/ssvc/coordinator_triage_1_0_0.json @@ -0,0 +1,2103 @@ +{ + "namespace": "ssvc", + "key": "DT_COORD_TRIAGE", + "version": "1.0.0", + "name": "Coordinator Triage", + "description": "Decision table for coordinator triage", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:RP:1.0.0": { + "namespace": "ssvc", + "key": "RP", + "version": "1.0.0", + "name": "Report Public", + "description": "Is a viable report of the details of the vulnerability already publicly available?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "Y", + "name": "Yes", + "description": "A public report of the vulnerability exists." + }, + { + "key": "N", + "name": "No", + "description": "No public report of the vulnerability exists." + } + ] + }, + "ssvc:SCON:1.0.0": { + "namespace": "ssvc", + "key": "SCON", + "version": "1.0.0", + "name": "Supplier Contacted", + "description": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "The supplier has not been contacted." + }, + { + "key": "Y", + "name": "Yes", + "description": "The supplier has been contacted." + } + ] + }, + "ssvc:RC:1.0.0": { + "namespace": "ssvc", + "key": "RC", + "version": "1.0.0", + "name": "Report Credibility", + "description": "Is the report credible?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "NC", + "name": "Not Credible", + "description": "The report is not credible." + }, + { + "key": "C", + "name": "Credible", + "description": "The report is credible." + } + ] + }, + "ssvc:SC:1.0.0": { + "namespace": "ssvc", + "key": "SC", + "version": "1.0.0", + "name": "Supplier Cardinality", + "description": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "O", + "name": "One", + "description": "There is only one supplier of the vulnerable component." + }, + { + "key": "M", + "name": "Multiple", + "description": "There are multiple suppliers of the vulnerable component." + } + ] + }, + "ssvc:SE:1.0.0": { + "namespace": "ssvc", + "key": "SE", + "version": "1.0.0", + "name": "Supplier Engagement", + "description": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "A", + "name": "Active", + "description": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." + }, + { + "key": "U", + "name": "Unresponsive", + "description": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." + } + ] + }, + "ssvc:U:1.0.1": { + "namespace": "ssvc", + "key": "U", + "version": "1.0.1", + "name": "Utility", + "description": "The Usefulness of the Exploit to the Adversary", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Laborious", + "description": "Automatable:No AND Value Density:Diffuse" + }, + { + "key": "E", + "name": "Efficient", + "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + }, + { + "key": "S", + "name": "Super Effective", + "description": "Automatable:Yes AND Value Density:Concentrated" + } + ] + }, + "ssvc:PSI:2.0.1": { + "namespace": "ssvc", + "key": "PSI", + "version": "2.0.1", + "name": "Public Safety Impact", + "description": "A coarse-grained representation of impact to public safety.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "M", + "name": "Minimal", + "description": "Safety Impact:Negligible" + }, + { + "key": "S", + "name": "Significant", + "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + } + ] + }, + "ssvc:COORDINATE:1.0.0": { + "namespace": "ssvc", + "key": "COORDINATE", + "version": "1.0.0", + "name": "Decline, Track, Coordinate", + "description": "The coordinate outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Decline", + "description": "Decline" + }, + { + "key": "T", + "name": "Track", + "description": "Track" + }, + { + "key": "C", + "name": "Coordinate", + "description": "Coordinate" + } + ] + } + }, + "outcome": "ssvc:COORDINATE:1.0.0", + "mapping": [ + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + } + ] +} diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index 6f5e2816..2243f523 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -15247,6 +15247,2117 @@ } } }, + "DT_COORD_TRIAGE": { + "key": "DT_COORD_TRIAGE", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "DT_COORD_TRIAGE", + "version": "1.0.0", + "name": "Coordinator Triage", + "description": "Decision table for coordinator triage", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:RP:1.0.0": { + "namespace": "ssvc", + "key": "RP", + "version": "1.0.0", + "name": "Report Public", + "description": "Is a viable report of the details of the vulnerability already publicly available?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "Y", + "name": "Yes", + "description": "A public report of the vulnerability exists." + }, + { + "key": "N", + "name": "No", + "description": "No public report of the vulnerability exists." + } + ] + }, + "ssvc:SCON:1.0.0": { + "namespace": "ssvc", + "key": "SCON", + "version": "1.0.0", + "name": "Supplier Contacted", + "description": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "The supplier has not been contacted." + }, + { + "key": "Y", + "name": "Yes", + "description": "The supplier has been contacted." + } + ] + }, + "ssvc:RC:1.0.0": { + "namespace": "ssvc", + "key": "RC", + "version": "1.0.0", + "name": "Report Credibility", + "description": "Is the report credible?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "NC", + "name": "Not Credible", + "description": "The report is not credible." + }, + { + "key": "C", + "name": "Credible", + "description": "The report is credible." + } + ] + }, + "ssvc:SC:1.0.0": { + "namespace": "ssvc", + "key": "SC", + "version": "1.0.0", + "name": "Supplier Cardinality", + "description": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "O", + "name": "One", + "description": "There is only one supplier of the vulnerable component." + }, + { + "key": "M", + "name": "Multiple", + "description": "There are multiple suppliers of the vulnerable component." + } + ] + }, + "ssvc:SE:1.0.0": { + "namespace": "ssvc", + "key": "SE", + "version": "1.0.0", + "name": "Supplier Engagement", + "description": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "A", + "name": "Active", + "description": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." + }, + { + "key": "U", + "name": "Unresponsive", + "description": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." + } + ] + }, + "ssvc:U:1.0.1": { + "namespace": "ssvc", + "key": "U", + "version": "1.0.1", + "name": "Utility", + "description": "The Usefulness of the Exploit to the Adversary", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Laborious", + "description": "Automatable:No AND Value Density:Diffuse" + }, + { + "key": "E", + "name": "Efficient", + "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + }, + { + "key": "S", + "name": "Super Effective", + "description": "Automatable:Yes AND Value Density:Concentrated" + } + ] + }, + "ssvc:PSI:2.0.1": { + "namespace": "ssvc", + "key": "PSI", + "version": "2.0.1", + "name": "Public Safety Impact", + "description": "A coarse-grained representation of impact to public safety.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "M", + "name": "Minimal", + "description": "Safety Impact:Negligible" + }, + { + "key": "S", + "name": "Significant", + "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + } + ] + }, + "ssvc:COORDINATE:1.0.0": { + "namespace": "ssvc", + "key": "COORDINATE", + "version": "1.0.0", + "name": "Decline, Track, Coordinate", + "description": "The coordinate outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Decline", + "description": "Decline" + }, + { + "key": "T", + "name": "Track", + "description": "Track" + }, + { + "key": "C", + "name": "Coordinate", + "description": "Coordinate" + } + ] + } + }, + "outcome": "ssvc:COORDINATE:1.0.0", + "mapping": [ + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C" + } + ] + } + } + } + }, "DT_DP": { "key": "DT_DP", "versions": { diff --git a/src/ssvc/decision_tables/ssvc/coord_triage.py b/src/ssvc/decision_tables/ssvc/coord_triage.py new file mode 100644 index 00000000..e4c7c391 --- /dev/null +++ b/src/ssvc/decision_tables/ssvc/coord_triage.py @@ -0,0 +1,2000 @@ +#!/usr/bin/env python +""" +Provides the Coordination Triage decision table for SSVC.""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.ssvc.public_safety_impact import ( + PUBLIC_SAFETY_IMPACT_2_0_1 as PublicSafetyImpact, +) +from ssvc.decision_points.ssvc.report_credibility import ( + REPORT_CREDIBILITY_1 as ReportCredibility, +) +from ssvc.decision_points.ssvc.report_public import REPORT_PUBLIC_1 as ReportPublic +from ssvc.decision_points.ssvc.supplier_cardinality import ( + SUPPLIER_CARDINALITY_1 as SupplierCardinality, +) +from ssvc.decision_points.ssvc.supplier_contacted import ( + SUPPLIER_CONTACTED_1 as SupplierContacted, +) +from ssvc.decision_points.ssvc.supplier_engagement import ( + SUPPLIER_ENGAGEMENT_1 as SupplierEngagement, +) +from ssvc.decision_points.ssvc.utility import UTILITY_1_0_1 as Utility +from ssvc.decision_tables.base import DecisionTable +from ssvc.namespaces import NameSpace +from ssvc.outcomes.ssvc.coordinate import COORDINATE as Outcome + +V1_0_0 = DecisionTable( + namespace=NameSpace.SSVC, + key="COORD_TRIAGE", + version="1.0.0", + name="Coordinator Triage", + description="Decision table for coordinator triage", + decision_points={ + dp.id: dp + for dp in [ + ReportPublic, + SupplierContacted, + ReportCredibility, + SupplierCardinality, + SupplierEngagement, + Utility, + PublicSafetyImpact, + Outcome, + ] + }, + outcome=Outcome.id, + mapping=[ + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "T", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "T", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "T", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "T", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "D", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.0": "C", + }, + ], +) + +VERSIONS = (V1_0_0,) +LATEST = VERSIONS[-1] + + +def main(): + from ssvc.decision_tables.helpers import print_dt_version + + print_dt_version(LATEST, longform=False) + + +if __name__ == "__main__": + main() diff --git a/src/test/decision_tables/ssvc/__init__.py b/src/test/decision_tables/ssvc/__init__.py new file mode 100644 index 00000000..bc4f1815 --- /dev/null +++ b/src/test/decision_tables/ssvc/__init__.py @@ -0,0 +1,22 @@ +""" +Provides SSVC decision tables. +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 diff --git a/src/test/decision_tables/ssvc/test_coord_triage.py b/src/test/decision_tables/ssvc/test_coord_triage.py new file mode 100644 index 00000000..77ed2a68 --- /dev/null +++ b/src/test/decision_tables/ssvc/test_coord_triage.py @@ -0,0 +1,152 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest + +from ssvc.decision_tables.ssvc.coord_triage import LATEST as CT + +expect_track = { + ("N", "Y", "NC", "O", "A", "E", "S"): "T", + ("N", "Y", "NC", "O", "A", "S", "S"): "T", + ("N", "Y", "NC", "O", "U", "E", "S"): "T", + ("N", "Y", "NC", "O", "U", "S", "S"): "T", + ("N", "Y", "NC", "M", "A", "L", "S"): "T", + ("N", "Y", "NC", "M", "A", "E", "S"): "T", + ("N", "Y", "NC", "M", "A", "S", "M"): "T", + ("N", "Y", "NC", "M", "U", "L", "S"): "T", + ("N", "Y", "NC", "M", "U", "E", "S"): "T", + ("N", "Y", "NC", "M", "U", "S", "M"): "T", + ("N", "Y", "C", "O", "A", "E", "S"): "T", + ("N", "Y", "C", "O", "A", "S", "S"): "T", + ("N", "Y", "C", "O", "U", "L", "M"): "T", + ("N", "Y", "C", "M", "A", "L", "S"): "T", + ("N", "Y", "C", "M", "A", "E", "S"): "T", +} + + +expect_coord = { + ("N", "Y", "NC", "M", "A", "S", "S"): "C", + ("N", "Y", "NC", "M", "U", "S", "S"): "C", + ("N", "Y", "C", "O", "U", "L", "S"): "C", + ("N", "Y", "C", "O", "U", "E", "M"): "C", + ("N", "Y", "C", "O", "U", "E", "S"): "C", + ("N", "Y", "C", "O", "U", "S", "M"): "C", + ("N", "Y", "C", "O", "U", "S", "S"): "C", + ("N", "Y", "C", "M", "A", "S", "M"): "C", + ("N", "Y", "C", "M", "A", "S", "S"): "C", + ("N", "Y", "C", "M", "U", "L", "M"): "C", + ("N", "Y", "C", "M", "U", "L", "S"): "C", + ("N", "Y", "C", "M", "U", "E", "M"): "C", + ("N", "Y", "C", "M", "U", "E", "S"): "C", + ("N", "Y", "C", "M", "U", "S", "M"): "C", + ("N", "Y", "C", "M", "U", "S", "S"): "C", + ("Y", "Y", "NC", "M", "A", "S", "S"): "C", + ("Y", "Y", "NC", "M", "U", "S", "S"): "C", + ("Y", "Y", "C", "M", "A", "S", "S"): "C", + ("Y", "Y", "C", "M", "U", "S", "S"): "C", + ("Y", "N", "NC", "M", "A", "S", "S"): "C", + ("Y", "N", "NC", "M", "U", "S", "S"): "C", + ("Y", "N", "C", "M", "A", "S", "S"): "C", + ("Y", "N", "C", "M", "U", "S", "S"): "C", + ("N", "N", "NC", "M", "A", "S", "S"): "C", + ("N", "N", "NC", "M", "U", "S", "S"): "C", + ("N", "N", "C", "M", "A", "S", "S"): "C", + ("N", "N", "C", "M", "U", "S", "S"): "C", +} + + +class MyTestCase(unittest.TestCase): + def setUp(self): + self.ct: "DecisionTable" = CT + self.rp: str = [k for k in self.ct.decision_points if "RP" in k][0] + self.scon: str = [k for k in self.ct.decision_points if "SCON" in k][0] + self.rc: str = [k for k in self.ct.decision_points if "RC" in k][0] + self.sc: str = [ + k for k in self.ct.decision_points if "SC" in k and "SCON" not in k + ][0] + self.se: str = [k for k in self.ct.decision_points if "SE" in k][0] + self.u: str = [k for k in self.ct.decision_points if "U" in k][0] + self.psi: str = [k for k in self.ct.decision_points if "PSI" in k][0] + self.outcome: str = self.ct.outcome + + def test_mapping_basics(self): + self.assertIsNotNone(self.ct.mapping) + self.assertGreater(len(self.ct.mapping), 0) + + for row in self.ct.mapping: + with self.subTest(row=row): + for x in [ + self.rp, + self.scon, + self.rc, + self.sc, + self.se, + self.u, + self.psi, + self.outcome, + ]: + self.assertIn(x, row) + + # @unittest.expectedFailure + def test_mapping(self): + """Test the mapping of the decision table against the expected outcomes.""" + + for i, row in enumerate(self.ct.mapping): + with self.subTest(row=row): + + val_tup = tuple([v for k, v in row.items() if k != self.outcome]) + + # short circuit rows where we explicitly set a different outcome + if val_tup in expect_track: + self.assertEqual(expect_track[val_tup], row[self.outcome]) + continue + elif val_tup in expect_coord: + self.assertEqual(expect_coord[val_tup], row[self.outcome]) + continue + + multiparty_supereffective_safety_impact = all( + (row[self.sc] == "M", row[self.u] == "S", row[self.psi] == "S") + ) + + # everything from here on should be a decline + # but we'll check it for completeness + + # Report Public: If a report is already public, + # OR If no suppliers have been contacted, + # then CERT/CC will decline the case unless + # there are multiple suppliers, + # super effective Utility, + # and significant Public Safety Impact. + + if row[self.rp] == "Y" or row[self.scon] == "N": + if row[self.rc] == "NC": + self.assertEqual("D", row[self.outcome], f"Row {i}: {row}") + + if not multiparty_supereffective_safety_impact: + self.assertEqual("D", row[self.outcome], f"Row {i}: {row}") + elif row[self.rc] == "NC": + # Report Credibility: If the report is not credible, + # then CERT/CC will decline the case. + self.assertEqual("D", row[self.outcome], f"Row {i}: {row}") + else: + self.assertEqual("D", row[self.outcome], f"Row {i}: {row}") + + +if __name__ == "__main__": + unittest.main() From d6d07bc1c97a94c10ec887b9d7c2e33e0bcecb56 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 12 Aug 2025 16:17:54 -0400 Subject: [PATCH 222/468] add unit test for human impact decision table --- .../decision_tables/ssvc/test_human_impact.py | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 src/test/decision_tables/ssvc/test_human_impact.py diff --git a/src/test/decision_tables/ssvc/test_human_impact.py b/src/test/decision_tables/ssvc/test_human_impact.py new file mode 100644 index 00000000..e5c49bc0 --- /dev/null +++ b/src/test/decision_tables/ssvc/test_human_impact.py @@ -0,0 +1,65 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest + +from ssvc.decision_tables.ssvc.human_impact import HUMAN_IMPACT_1 as HI + + +class MyTestCase(unittest.TestCase): + def setUp(self): + self.hi: "DecisionTable" = HI + self.si: str = [k for k in self.hi.decision_points.keys() if "SI" in k][0] + self.mi: str = [k for k in self.hi.decision_points.keys() if "MI" in k][0] + self.outcome: str = self.hi.outcome + + def test_mapping(self): + for i, row in enumerate(self.hi.mapping): + with self.subTest(row=row): + self.assertIn(self.si, row) + self.assertIn(self.mi, row) + self.assertIn(self.outcome, row) + + if row[self.si] == "N" and row[self.mi] in ["N", "D", "MSC"]: + # Low Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled) + self.assertEqual(row[self.outcome], "L", f"row {i}: {row}") + elif row[self.si] == "N" and row[self.mi] == "MEF": + # Medium (Safety Impact:Negligible AND Mission Impact:MEF Failure) + self.assertEqual(row[self.outcome], "M", f"row {i}: {row}") + elif row[self.si] == "M" and row[self.mi] in ["N", "D", "MSC"]: + # Medium OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled)) + self.assertEqual(row[self.outcome], "M", f"row {i}: {row}") + elif row[self.si] == "C" and row[self.mi] in ["N", "D", "MSC"]: + # High (Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) + self.assertEqual(row[self.outcome], "H", f"row {i}: {row}") + elif row[self.si] == "M" and row[self.mi] == "MEF": + # OR (Safety Impact:Marginal AND Mission Impact:MEF Failure) + self.assertEqual(row[self.outcome], "H", f"row {i}: {row}") + elif row[self.si] == "C": + # Very High Safety Impact:Catastrophic + self.assertEqual(row[self.outcome], "VH", f"row {i}: {row}") + elif row[self.mi] == "MF": + # OR Mission Impact:Mission Failure + self.assertEqual(row[self.outcome], "VH", f"row {i}: {row}") + else: + self.fail(f"Unhandled combination row {i}: {row}") + + +if __name__ == "__main__": + unittest.main() From 394de0e3d14bdff8dcdf315b315c91ed0354992f Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 12 Aug 2025 16:28:35 -0400 Subject: [PATCH 223/468] pin HI to specific versions of SI and MI --- .../ssvc/human_impact_1_0_0.json | 67 +++++++++---------- data/json/ssvc_object_registry.json | 67 +++++++++---------- src/ssvc/decision_tables/ssvc/human_impact.py | 46 ++++++------- 3 files changed, 85 insertions(+), 95 deletions(-) diff --git a/data/json/decision_tables/ssvc/human_impact_1_0_0.json b/data/json/decision_tables/ssvc/human_impact_1_0_0.json index ea714a23..23ecf51e 100644 --- a/data/json/decision_tables/ssvc/human_impact_1_0_0.json +++ b/data/json/decision_tables/ssvc/human_impact_1_0_0.json @@ -6,38 +6,33 @@ "description": "Human Impact decision table for SSVC", "schemaVersion": "2.0.0", "decision_points": { - "ssvc:SI:1.0.0": { + "ssvc:SI:2.0.0": { "namespace": "ssvc", "key": "SI", - "version": "1.0.0", + "version": "2.0.0", "name": "Safety Impact", - "description": "The safety impact of the vulnerability.", + "description": "The safety impact of the vulnerability. (based on IEC 61508)", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "None", - "description": "The effect is below the threshold for all aspects described in Minor." + "name": "Negligible", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." }, { "key": "M", - "name": "Minor", - "description": "Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." - }, - { - "key": "J", - "name": "Major", - "description": "Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + "name": "Marginal", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." }, { - "key": "H", - "name": "Hazardous", - "description": "Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A." + "key": "R", + "name": "Critical", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." }, { "key": "C", "name": "Catastrophic", - "description": "Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A." + "description": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." } ] }, @@ -105,102 +100,102 @@ "outcome": "ssvc:HI:2.0.1", "mapping": [ { - "ssvc:SI:1.0.0": "N", + "ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "L" }, { - "ssvc:SI:1.0.0": "N", + "ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "L" }, { - "ssvc:SI:1.0.0": "N", + "ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "M" }, { - "ssvc:SI:1.0.0": "N", + "ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH" }, { - "ssvc:SI:1.0.0": "M", + "ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "L" }, { - "ssvc:SI:1.0.0": "M", + "ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "L" }, { - "ssvc:SI:1.0.0": "M", + "ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "M" }, { - "ssvc:SI:1.0.0": "M", + "ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH" }, { - "ssvc:SI:1.0.0": "J", + "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "M" }, { - "ssvc:SI:1.0.0": "J", + "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "M" }, { - "ssvc:SI:1.0.0": "J", + "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "H" }, { - "ssvc:SI:1.0.0": "J", + "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH" }, { - "ssvc:SI:1.0.0": "H", + "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "H" }, { - "ssvc:SI:1.0.0": "H", + "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "H" }, { - "ssvc:SI:1.0.0": "H", + "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "H" }, { - "ssvc:SI:1.0.0": "H", + "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH" }, { - "ssvc:SI:1.0.0": "C", + "ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "VH" }, { - "ssvc:SI:1.0.0": "C", + "ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "VH" }, { - "ssvc:SI:1.0.0": "C", + "ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "VH" }, { - "ssvc:SI:1.0.0": "C", + "ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH" } diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index 2243f523..99974871 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -18026,38 +18026,33 @@ "description": "Human Impact decision table for SSVC", "schemaVersion": "2.0.0", "decision_points": { - "ssvc:SI:1.0.0": { + "ssvc:SI:2.0.0": { "namespace": "ssvc", "key": "SI", - "version": "1.0.0", + "version": "2.0.0", "name": "Safety Impact", - "description": "The safety impact of the vulnerability.", + "description": "The safety impact of the vulnerability. (based on IEC 61508)", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "None", - "description": "The effect is below the threshold for all aspects described in Minor." + "name": "Negligible", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." }, { "key": "M", - "name": "Minor", - "description": "Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + "name": "Marginal", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." }, { - "key": "J", - "name": "Major", - "description": "Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." - }, - { - "key": "H", - "name": "Hazardous", - "description": "Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A." + "key": "R", + "name": "Critical", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." }, { "key": "C", "name": "Catastrophic", - "description": "Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A." + "description": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." } ] }, @@ -18125,102 +18120,102 @@ "outcome": "ssvc:HI:2.0.1", "mapping": [ { - "ssvc:SI:1.0.0": "N", + "ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "L" }, { - "ssvc:SI:1.0.0": "N", + "ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "L" }, { - "ssvc:SI:1.0.0": "N", + "ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "M" }, { - "ssvc:SI:1.0.0": "N", + "ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH" }, { - "ssvc:SI:1.0.0": "M", + "ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "L" }, { - "ssvc:SI:1.0.0": "M", + "ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "L" }, { - "ssvc:SI:1.0.0": "M", + "ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "M" }, { - "ssvc:SI:1.0.0": "M", + "ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH" }, { - "ssvc:SI:1.0.0": "J", + "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "M" }, { - "ssvc:SI:1.0.0": "J", + "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "M" }, { - "ssvc:SI:1.0.0": "J", + "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "H" }, { - "ssvc:SI:1.0.0": "J", + "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH" }, { - "ssvc:SI:1.0.0": "H", + "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "H" }, { - "ssvc:SI:1.0.0": "H", + "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "H" }, { - "ssvc:SI:1.0.0": "H", + "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "H" }, { - "ssvc:SI:1.0.0": "H", + "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH" }, { - "ssvc:SI:1.0.0": "C", + "ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "VH" }, { - "ssvc:SI:1.0.0": "C", + "ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "VH" }, { - "ssvc:SI:1.0.0": "C", + "ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "VH" }, { - "ssvc:SI:1.0.0": "C", + "ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH" } diff --git a/src/ssvc/decision_tables/ssvc/human_impact.py b/src/ssvc/decision_tables/ssvc/human_impact.py index 71bea5a5..e83a7195 100644 --- a/src/ssvc/decision_tables/ssvc/human_impact.py +++ b/src/ssvc/decision_tables/ssvc/human_impact.py @@ -21,10 +21,10 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc.human_impact import LATEST as HumanImpact -from ssvc.decision_points.ssvc.mission_impact import LATEST as MissionImpact +from ssvc.decision_points.ssvc.human_impact import HUMAN_IMPACT_2_0_1 as HumanImpact +from ssvc.decision_points.ssvc.mission_impact import MISSION_IMPACT_2 as MissionImpact from ssvc.decision_points.ssvc.safety_impact import ( - SAFETY_IMPACT_1 as SituatedSafetyImpact, + SAFETY_IMPACT_2 as SituatedSafetyImpact, ) from ssvc.decision_tables.base import DecisionTable from ssvc.namespaces import NameSpace @@ -42,26 +42,26 @@ }, outcome=HumanImpact.id, mapping=[ - {"ssvc:SI:1.0.0": "N", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "L"}, - {"ssvc:SI:1.0.0": "N", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "L"}, - {"ssvc:SI:1.0.0": "N", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "M"}, - {"ssvc:SI:1.0.0": "N", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, - {"ssvc:SI:1.0.0": "M", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "L"}, - {"ssvc:SI:1.0.0": "M", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "L"}, - {"ssvc:SI:1.0.0": "M", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "M"}, - {"ssvc:SI:1.0.0": "M", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, - {"ssvc:SI:1.0.0": "J", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "M"}, - {"ssvc:SI:1.0.0": "J", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "M"}, - {"ssvc:SI:1.0.0": "J", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "H"}, - {"ssvc:SI:1.0.0": "J", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, - {"ssvc:SI:1.0.0": "H", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "H"}, - {"ssvc:SI:1.0.0": "H", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "H"}, - {"ssvc:SI:1.0.0": "H", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "H"}, - {"ssvc:SI:1.0.0": "H", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, - {"ssvc:SI:1.0.0": "C", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "VH"}, - {"ssvc:SI:1.0.0": "C", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "VH"}, - {"ssvc:SI:1.0.0": "C", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "VH"}, - {"ssvc:SI:1.0.0": "C", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, + {"ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "L"}, + {"ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "L"}, + {"ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "M"}, + {"ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, + {"ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "L"}, + {"ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "L"}, + {"ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "M"}, + {"ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, + {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "M"}, + {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "M"}, + {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "H"}, + {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, + {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "H"}, + {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "H"}, + {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "H"}, + {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, + {"ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "VH"}, + {"ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "VH"}, + {"ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "VH"}, + {"ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, ], ) From 2c7fc6031fd8bd1af8cb83c9d772d4f41616c8c6 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 12 Aug 2025 16:42:31 -0400 Subject: [PATCH 224/468] rev human impact decision point to reflect that None and Degraded were combined a while back. --- .../ssvc/human_impact_2_0_2.json | 30 +++ ...oyer_patch_application_priority_1_0_0.json | 154 ++++++------- data/json/ssvc_object_registry.json | 209 +++++++++++------- src/ssvc/decision_points/ssvc/human_impact.py | 35 +++ .../cisa/cisa_coordinate_dt.py | 2 +- src/ssvc/decision_tables/ssvc/deployer_dt.py | 146 ++++++------ .../decision_tables/ssvc/test_human_impact.py | 6 +- 7 files changed, 351 insertions(+), 231 deletions(-) create mode 100644 data/json/decision_points/ssvc/human_impact_2_0_2.json diff --git a/data/json/decision_points/ssvc/human_impact_2_0_2.json b/data/json/decision_points/ssvc/human_impact_2_0_2.json new file mode 100644 index 00000000..f6164b6b --- /dev/null +++ b/data/json/decision_points/ssvc/human_impact_2_0_2.json @@ -0,0 +1,30 @@ +{ + "namespace": "ssvc", + "key": "HI", + "version": "2.0.2", + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" + }, + { + "key": "M", + "name": "Medium", + "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" + }, + { + "key": "H", + "name": "High", + "description": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + { + "key": "VH", + "name": "Very High", + "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + } + ] +} diff --git a/data/json/decision_tables/ssvc/deployer_patch_application_priority_1_0_0.json b/data/json/decision_tables/ssvc/deployer_patch_application_priority_1_0_0.json index 2087649b..19cb05ab 100644 --- a/data/json/decision_tables/ssvc/deployer_patch_application_priority_1_0_0.json +++ b/data/json/decision_tables/ssvc/deployer_patch_application_priority_1_0_0.json @@ -76,10 +76,10 @@ } ] }, - "ssvc:HI:2.0.1": { + "ssvc:HI:2.0.2": { "namespace": "ssvc", "key": "HI", - "version": "2.0.1", + "version": "2.0.2", "name": "Human Impact", "description": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", @@ -87,17 +87,17 @@ { "key": "L", "name": "Low", - "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + "description": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" }, { "key": "M", "name": "Medium", - "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" }, { "key": "H", "name": "High", - "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + "description": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" }, { "key": "VH", @@ -143,504 +143,504 @@ "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "D" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "I" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "I" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "I" } ] diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index 99974871..ad178216 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -5516,6 +5516,61 @@ "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } } + }, + "2.0.2": { + "version": "2.0.2", + "obj": { + "namespace": "ssvc", + "key": "HI", + "version": "2.0.2", + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" + }, + { + "key": "M", + "name": "Medium", + "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" + }, + { + "key": "H", + "name": "High", + "description": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + { + "key": "VH", + "name": "Very High", + "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "description": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" + }, + "M": { + "key": "M", + "name": "Medium", + "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" + }, + "H": { + "key": "H", + "name": "High", + "description": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + "VH": { + "key": "VH", + "name": "Very High", + "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + } + } } } }, @@ -17441,10 +17496,10 @@ } ] }, - "ssvc:HI:2.0.1": { + "ssvc:HI:2.0.2": { "namespace": "ssvc", "key": "HI", - "version": "2.0.1", + "version": "2.0.2", "name": "Human Impact", "description": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", @@ -17452,17 +17507,17 @@ { "key": "L", "name": "Low", - "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + "description": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" }, { "key": "M", "name": "Medium", - "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" }, { "key": "H", "name": "High", - "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + "description": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" }, { "key": "VH", @@ -17508,504 +17563,504 @@ "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "D" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "I" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "I" }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "I" } ] diff --git a/src/ssvc/decision_points/ssvc/human_impact.py b/src/ssvc/decision_points/ssvc/human_impact.py index a5a583bf..b22819e0 100644 --- a/src/ssvc/decision_points/ssvc/human_impact.py +++ b/src/ssvc/decision_points/ssvc/human_impact.py @@ -44,6 +44,13 @@ description="Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)", ) +LOW_4 = DecisionPointValue( + name="Low", + key="L", + description="Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)", +) + + MEDIUM_1 = DecisionPointValue( name="Medium", key="M", @@ -62,6 +69,13 @@ description="(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))", ) +MEDIUM_4 = DecisionPointValue( + name="Medium", + key="M", + description="(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))", +) + + HIGH_1 = DecisionPointValue( name="High", key="H", @@ -81,6 +95,12 @@ description="(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)", ) +HIGH_4 = DecisionPointValue( + name="High", + key="H", + description="(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)", +) + VERY_HIGH_1 = DecisionPointValue( name="Very High", key="VH", @@ -127,10 +147,25 @@ ), ) +HUMAN_IMPACT_2_0_2 = SsvcDecisionPoint( + name="Human Impact", + description="Human Impact is a combination of Safety and Mission impacts.", + key="HI", + version="2.0.2", + values=( + LOW_4, + MEDIUM_4, + HIGH_4, + VERY_HIGH_1, + ), +) + + VERSIONS = ( MISSION_AND_WELL_BEING_IMPACT_1, HUMAN_IMPACT_2, HUMAN_IMPACT_2_0_1, + HUMAN_IMPACT_2_0_2, ) LATEST = VERSIONS[-1] diff --git a/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py b/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py index 04004186..246eb32d 100644 --- a/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py +++ b/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py @@ -24,7 +24,7 @@ from ssvc.decision_points.ssvc.automatable import LATEST as Automatable from ssvc.decision_points.ssvc.exploitation import LATEST as Exploitation -from ssvc.decision_points.ssvc.human_impact import LATEST as HumanImpact +from ssvc.decision_points.ssvc.human_impact import HUMAN_IMPACT_2_0_1 as HumanImpact from ssvc.decision_points.ssvc.technical_impact import LATEST as TechnicalImpact from ssvc.decision_tables.base import DecisionTable, decision_table_to_longform_df from ssvc.namespaces import NameSpace diff --git a/src/ssvc/decision_tables/ssvc/deployer_dt.py b/src/ssvc/decision_tables/ssvc/deployer_dt.py index b93ca0fe..dd334062 100644 --- a/src/ssvc/decision_tables/ssvc/deployer_dt.py +++ b/src/ssvc/decision_tables/ssvc/deployer_dt.py @@ -24,7 +24,7 @@ from ssvc.decision_points.ssvc.automatable import LATEST as Automatable from ssvc.decision_points.ssvc.exploitation import LATEST as Exploitation -from ssvc.decision_points.ssvc.human_impact import LATEST as HumanImpact +from ssvc.decision_points.ssvc.human_impact import HUMAN_IMPACT_2_0_2 as HumanImpact from ssvc.decision_points.ssvc.system_exposure import LATEST as Exposure from ssvc.decision_tables.base import DecisionTable, decision_table_to_longform_df from ssvc.namespaces import NameSpace @@ -45,504 +45,504 @@ "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "D", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "N", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "P", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "S", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "C", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "I", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "L", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "M", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "O", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "H", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "I", }, { "ssvc:E:1.1.0": "A", "ssvc:EXP:1.0.1": "O", "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.1": "VH", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "I", }, ], diff --git a/src/test/decision_tables/ssvc/test_human_impact.py b/src/test/decision_tables/ssvc/test_human_impact.py index e5c49bc0..6c56b3a5 100644 --- a/src/test/decision_tables/ssvc/test_human_impact.py +++ b/src/test/decision_tables/ssvc/test_human_impact.py @@ -36,16 +36,16 @@ def test_mapping(self): self.assertIn(self.mi, row) self.assertIn(self.outcome, row) - if row[self.si] == "N" and row[self.mi] in ["N", "D", "MSC"]: + if row[self.si] == "N" and row[self.mi] in ["D", "MSC"]: # Low Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled) self.assertEqual(row[self.outcome], "L", f"row {i}: {row}") elif row[self.si] == "N" and row[self.mi] == "MEF": # Medium (Safety Impact:Negligible AND Mission Impact:MEF Failure) self.assertEqual(row[self.outcome], "M", f"row {i}: {row}") - elif row[self.si] == "M" and row[self.mi] in ["N", "D", "MSC"]: + elif row[self.si] == "M" and row[self.mi] in ["D", "MSC"]: # Medium OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled)) self.assertEqual(row[self.outcome], "M", f"row {i}: {row}") - elif row[self.si] == "C" and row[self.mi] in ["N", "D", "MSC"]: + elif row[self.si] == "C" and row[self.mi] in ["D", "MSC"]: # High (Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) self.assertEqual(row[self.outcome], "H", f"row {i}: {row}") elif row[self.si] == "M" and row[self.mi] == "MEF": From 76ac37dd2708535d723857f29d979150b292a89a Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 12 Aug 2025 16:49:25 -0400 Subject: [PATCH 225/468] pin decision points to specific versions --- src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py b/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py index 246eb32d..cb8cd100 100644 --- a/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py +++ b/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py @@ -22,10 +22,12 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc.automatable import LATEST as Automatable -from ssvc.decision_points.ssvc.exploitation import LATEST as Exploitation +from ssvc.decision_points.ssvc.automatable import AUTOMATABLE_2 as Automatable +from ssvc.decision_points.ssvc.exploitation import EXPLOITATION_1_1_0 as Exploitation from ssvc.decision_points.ssvc.human_impact import HUMAN_IMPACT_2_0_1 as HumanImpact -from ssvc.decision_points.ssvc.technical_impact import LATEST as TechnicalImpact +from ssvc.decision_points.ssvc.technical_impact import ( + TECHNICAL_IMPACT_1 as TechnicalImpact, +) from ssvc.decision_tables.base import DecisionTable, decision_table_to_longform_df from ssvc.namespaces import NameSpace from ssvc.outcomes.cisa.scoring import CISA as Priority From 83cc6a90f270271b315d3cf7544921f92990e86a Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 12 Aug 2025 16:52:28 -0400 Subject: [PATCH 226/468] pin specific decision point versions in table --- src/ssvc/decision_tables/ssvc/deployer_dt.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/ssvc/decision_tables/ssvc/deployer_dt.py b/src/ssvc/decision_tables/ssvc/deployer_dt.py index dd334062..9b46bf42 100644 --- a/src/ssvc/decision_tables/ssvc/deployer_dt.py +++ b/src/ssvc/decision_tables/ssvc/deployer_dt.py @@ -22,13 +22,13 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc.automatable import LATEST as Automatable -from ssvc.decision_points.ssvc.exploitation import LATEST as Exploitation +from ssvc.decision_points.ssvc.automatable import AUTOMATABLE_2 as Automatable +from ssvc.decision_points.ssvc.exploitation import EXPLOITATION_1_1_0 as Exploitation from ssvc.decision_points.ssvc.human_impact import HUMAN_IMPACT_2_0_2 as HumanImpact -from ssvc.decision_points.ssvc.system_exposure import LATEST as Exposure +from ssvc.decision_points.ssvc.system_exposure import SYSTEM_EXPOSURE_1_0_1 as Exposure from ssvc.decision_tables.base import DecisionTable, decision_table_to_longform_df from ssvc.namespaces import NameSpace -from ssvc.outcomes.ssvc.dsoi import LATEST as DSOI +from ssvc.outcomes.ssvc.dsoi import DSOI as DSOI DEPLOYER_1 = DecisionTable( namespace=NameSpace.SSVC, From 9cb78dab7aa6185b9467e866066fae66b5026699 Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli Date: Tue, 12 Aug 2025 17:04:57 -0400 Subject: [PATCH 227/468] CVSS V4 Quality Severity Rating added --- .../cvss/qualitative_severity.py | 2484 +++++++++++++++++ 1 file changed, 2484 insertions(+) create mode 100644 src/ssvc/decision_tables/cvss/qualitative_severity.py diff --git a/src/ssvc/decision_tables/cvss/qualitative_severity.py b/src/ssvc/decision_tables/cvss/qualitative_severity.py new file mode 100644 index 00000000..837b8e9b --- /dev/null +++ b/src/ssvc/decision_tables/cvss/qualitative_severity.py @@ -0,0 +1,2484 @@ +#!/usr/bin/env python +""" +Models the CVSS v4.0 Qualitative Severity Ratings from Equivalency Set 1-6 +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +#Exploitation,Automatable,TechnicalImpact,HumanImpact,Decision +from ssvc.decision_points.cvss.equivalence_set_1 import LATEST as EQ1 +from ssvc.decision_points.cvss.equivalence_set_2 import LATEST as EQ2 +from ssvc.decision_points.cvss.equivalence_set_3 import LATEST as EQ3 +from ssvc.decision_points.cvss.equivalence_set_4 import LATEST as EQ4 +from ssvc.decision_points.cvss.equivalence_set_5 import LATEST as EQ5 +from ssvc.decision_points.cvss.equivalence_set_6 import LATEST as EQ6 +from ssvc.outcomes.cvss.lmhc import LATEST as LMHC +import pandas as pd +from mapper import findmap +from ssvc.decision_tables.base import DecisionTable, dpdict_to_combination_list +from ssvc.decision_tables.helpers import write_csv + +dp_array = [EQ1,EQ2,EQ3,EQ4,EQ5,EQ6,LMHC] + +dp_dict = {dp.id: dp for dp in dp_array} + + +LMHC_1 = DecisionTable( + name = "CVSS v4.0 Qualitative Severity Ratings", + key="CVSS4_QSR", + version="1.0.0", + namespace = "cvss", + description = "CVSS v4.0 using MacroVectors and Interpolation. See https://www.first.org/cvss/specification-document#New-Scoring-System-Development for details", + decision_points = {dp.id: dp for dp in dp_array}, + outcome = LMHC.id, + mapping = [ + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + } +] + +) + +VERSIONS = [LMHC_1,] +LATEST = LMHC_1 + +def main(): + + print(LMHC_1.model_dump_json(indent=2)) + + +if __name__ == '__main__': + main() From d1dabb631e94a5843c98ca6100553439b69b2df3 Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli Date: Tue, 12 Aug 2025 17:11:08 -0400 Subject: [PATCH 228/468] Removed local module mapper for testing docker --- src/ssvc/decision_tables/cvss/qualitative_severity.py | 1 - 1 file changed, 1 deletion(-) diff --git a/src/ssvc/decision_tables/cvss/qualitative_severity.py b/src/ssvc/decision_tables/cvss/qualitative_severity.py index 837b8e9b..e70bb6dc 100644 --- a/src/ssvc/decision_tables/cvss/qualitative_severity.py +++ b/src/ssvc/decision_tables/cvss/qualitative_severity.py @@ -29,7 +29,6 @@ from ssvc.decision_points.cvss.equivalence_set_6 import LATEST as EQ6 from ssvc.outcomes.cvss.lmhc import LATEST as LMHC import pandas as pd -from mapper import findmap from ssvc.decision_tables.base import DecisionTable, dpdict_to_combination_list from ssvc.decision_tables.helpers import write_csv From dbfc495d06948ba9e6bd96bf619d377cc77fa1ec Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 13 Aug 2025 09:28:26 -0400 Subject: [PATCH 229/468] fix redundancies in human impact table --- .../ssvc/human_impact_1_0_0.json | 20 ------------------- data/json/ssvc_object_registry.json | 20 ------------------- src/ssvc/decision_tables/ssvc/human_impact.py | 4 ---- .../decision_tables/ssvc/test_human_impact.py | 6 +++--- 4 files changed, 3 insertions(+), 47 deletions(-) diff --git a/data/json/decision_tables/ssvc/human_impact_1_0_0.json b/data/json/decision_tables/ssvc/human_impact_1_0_0.json index 23ecf51e..0e71585f 100644 --- a/data/json/decision_tables/ssvc/human_impact_1_0_0.json +++ b/data/json/decision_tables/ssvc/human_impact_1_0_0.json @@ -144,26 +144,6 @@ "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "M" }, - { - "ssvc:SI:2.0.0": "R", - "ssvc:MI:2.0.0": "MSC", - "ssvc:HI:2.0.1": "M" - }, - { - "ssvc:SI:2.0.0": "R", - "ssvc:MI:2.0.0": "MEF", - "ssvc:HI:2.0.1": "H" - }, - { - "ssvc:SI:2.0.0": "R", - "ssvc:MI:2.0.0": "MF", - "ssvc:HI:2.0.1": "VH" - }, - { - "ssvc:SI:2.0.0": "R", - "ssvc:MI:2.0.0": "D", - "ssvc:HI:2.0.1": "H" - }, { "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MSC", diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index ad178216..cb7c64e4 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -18219,26 +18219,6 @@ "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "M" }, - { - "ssvc:SI:2.0.0": "R", - "ssvc:MI:2.0.0": "MSC", - "ssvc:HI:2.0.1": "M" - }, - { - "ssvc:SI:2.0.0": "R", - "ssvc:MI:2.0.0": "MEF", - "ssvc:HI:2.0.1": "H" - }, - { - "ssvc:SI:2.0.0": "R", - "ssvc:MI:2.0.0": "MF", - "ssvc:HI:2.0.1": "VH" - }, - { - "ssvc:SI:2.0.0": "R", - "ssvc:MI:2.0.0": "D", - "ssvc:HI:2.0.1": "H" - }, { "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MSC", diff --git a/src/ssvc/decision_tables/ssvc/human_impact.py b/src/ssvc/decision_tables/ssvc/human_impact.py index e83a7195..ebd7d30b 100644 --- a/src/ssvc/decision_tables/ssvc/human_impact.py +++ b/src/ssvc/decision_tables/ssvc/human_impact.py @@ -51,10 +51,6 @@ {"ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "M"}, {"ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "M"}, - {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "M"}, - {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "H"}, - {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, - {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "H"}, {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "H"}, {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "H"}, {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, diff --git a/src/test/decision_tables/ssvc/test_human_impact.py b/src/test/decision_tables/ssvc/test_human_impact.py index 6c56b3a5..94b9ce95 100644 --- a/src/test/decision_tables/ssvc/test_human_impact.py +++ b/src/test/decision_tables/ssvc/test_human_impact.py @@ -37,16 +37,16 @@ def test_mapping(self): self.assertIn(self.outcome, row) if row[self.si] == "N" and row[self.mi] in ["D", "MSC"]: - # Low Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled) + # Low Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled) self.assertEqual(row[self.outcome], "L", f"row {i}: {row}") elif row[self.si] == "N" and row[self.mi] == "MEF": # Medium (Safety Impact:Negligible AND Mission Impact:MEF Failure) self.assertEqual(row[self.outcome], "M", f"row {i}: {row}") elif row[self.si] == "M" and row[self.mi] in ["D", "MSC"]: - # Medium OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled)) + # Medium OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled)) self.assertEqual(row[self.outcome], "M", f"row {i}: {row}") elif row[self.si] == "C" and row[self.mi] in ["D", "MSC"]: - # High (Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) + # High (Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) self.assertEqual(row[self.outcome], "H", f"row {i}: {row}") elif row[self.si] == "M" and row[self.mi] == "MEF": # OR (Safety Impact:Marginal AND Mission Impact:MEF Failure) From 2518e9de41d95d6b367c66eb889c8968a913e6bd Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 13 Aug 2025 09:49:47 -0400 Subject: [PATCH 230/468] add validator to detect duplicate mapping rows - log warning on benign duplicates (same inputs, same outcome) - throw exception on conflicts (same inputs, different outcome) --- src/ssvc/decision_tables/base.py | 26 ++++++++++++++++++ src/test/decision_tables/test_base.py | 38 +++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index 5e2bcffc..4caa8723 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -195,6 +195,32 @@ def check_mapping_keys(self): ) return self + @model_validator(mode="after") + def remove_duplicate_mapping_rows(self): + seen = dict() + new_mapping = [] + for row in self.mapping: + value_tuple = tuple(v for k, v in row.items() if k != self.outcome) + if value_tuple in seen: + # we have a duplicate, but is it same or different? + if seen[value_tuple][self.outcome] == row[self.outcome]: + # if it's a match, just log it and move on + logger.warning( + f"Duplicate mapping found (removed automatically): {row}" + ) + else: + # they don't match + raise ValueError( + f"Conflicting mappings found: {seen[value_tuple]} != {row}" + ) + else: + # not a duplicate, add it to the new mapping + seen[value_tuple] = row + new_mapping.append(row) + # set the new mapping (with duplicates removed) + self.mapping = new_mapping + return self + @model_validator(mode="after") def validate_mapping(self): """ diff --git a/src/test/decision_tables/test_base.py b/src/test/decision_tables/test_base.py index d1efb1eb..c721c27f 100644 --- a/src/test/decision_tables/test_base.py +++ b/src/test/decision_tables/test_base.py @@ -370,6 +370,44 @@ def test_single_dp_dt(self): self.assertIn(single_dt.outcome, row) self.assertIn(row[single_dt.outcome], [v.key for v in self.og.values]) + def test_should_reject_duplicate_conflicting_mappings(self): + dt = self.dt + + # dt already has a mapping, so we can just append to it + self.assertGreater(len(dt.mapping), 0, "Mapping should not be empty") + + new_row = dict(dt.mapping[0]) # copy the first row + self.assertEqual( + new_row[dt.outcome], self.ogv1.key, "First row should have outcome o1" + ) + new_row[dt.outcome] = self.ogv2.key # change the outcome to o2 + # insert it at position 1 + dt.mapping.insert(1, new_row) + + with self.assertRaises(ValueError) as context: + dt.remove_duplicate_mapping_rows() + + self.assertIn("Conflicting mappings found", str(context.exception)) + + def test_should_warn_duplicate_nonconflicting_mappings(self): + dt = self.dt + + # dt already has a mapping, so we can just append to it + self.assertGreater(len(dt.mapping), 0, "Mapping should not be empty") + + new_row = dict(dt.mapping[0]) # copy the first row + self.assertEqual( + new_row[dt.outcome], self.ogv1.key, "First row should have outcome o1" + ) + # do not change the outcome, just duplicate the row + # insert it at position 1 + dt.mapping.insert(1, new_row) + + with self.assertLogs(level="WARNING") as log: + dt.remove_duplicate_mapping_rows() + + self.assertIn("Duplicate mapping found", log.output[0]) + if __name__ == "__main__": unittest.main() From d2b1799132146d38de4943650a493839744564b9 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 13 Aug 2025 10:47:09 -0400 Subject: [PATCH 231/468] add a validator that guarantees full coverage of decision point value combinations in DecisionTable Fix cvss eq5 as a result. Also noticed that cisa uses mission and well being 1, not human impact 2.x --- ...t_maturity_without_not_defined__2_0_0.json | 25 +++ .../cisa/cisa_coordinator_2_0_3.json | 93 +++++----- .../cvss/cvss_v4_equivalence_set_5_1_0_0.json | 19 +- data/json/ssvc_object_registry.json | 162 +++++++++++------- .../decision_points/cvss/exploit_maturity.py | 3 + src/ssvc/decision_tables/base.py | 41 +++++ .../cisa/cisa_coordinate_dt.py | 84 +++++---- .../cvss/equivalence_set_five.py | 8 +- src/test/decision_tables/test_base.py | 12 ++ 9 files changed, 283 insertions(+), 164 deletions(-) create mode 100644 data/json/decision_points/cvss/exploit_maturity_without_not_defined__2_0_0.json diff --git a/data/json/decision_points/cvss/exploit_maturity_without_not_defined__2_0_0.json b/data/json/decision_points/cvss/exploit_maturity_without_not_defined__2_0_0.json new file mode 100644 index 00000000..c3f4e72c --- /dev/null +++ b/data/json/decision_points/cvss/exploit_maturity_without_not_defined__2_0_0.json @@ -0,0 +1,25 @@ +{ + "namespace": "cvss", + "key": "E_NoX", + "version": "2.0.0", + "name": "Exploit Maturity (without Not Defined)", + "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "U", + "name": "Unreported", + "description": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + }, + { + "key": "P", + "name": "Proof-of-Concept", + "description": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + }, + { + "key": "A", + "name": "Attacked", + "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + } + ] +} diff --git a/data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json b/data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json index ecd2103b..8a4715f1 100644 --- a/data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json +++ b/data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json @@ -71,33 +71,28 @@ } ] }, - "ssvc:HI:2.0.1": { + "ssvc:MWI:1.0.0": { "namespace": "ssvc", - "key": "HI", - "version": "2.0.1", - "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", + "key": "MWI", + "version": "1.0.0", + "name": "Mission and Well-Being Impact", + "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + "description": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" }, { "key": "M", "name": "Medium", - "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + "description": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" }, { "key": "H", "name": "High", - "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" - }, - { - "key": "VH", - "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "description": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" } ] }, @@ -138,252 +133,252 @@ "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "T*" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "T*" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T*" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T*" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A" } ] diff --git a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_5_1_0_0.json b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_5_1_0_0.json index f6386ff2..dc517df1 100644 --- a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_5_1_0_0.json +++ b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_5_1_0_0.json @@ -6,12 +6,12 @@ "description": "CVSS Equivalence Set 5 Decision Table", "schemaVersion": "2.0.0", "decision_points": { - "cvss:E:2.0.0": { + "cvss:E_NoX:2.0.0": { "namespace": "cvss", - "key": "E", + "key": "E_NoX", "version": "2.0.0", - "name": "Exploit Maturity", - "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation.", + "name": "Exploit Maturity (without Not Defined)", + "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { @@ -28,11 +28,6 @@ "key": "A", "name": "Attacked", "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" - }, - { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -65,15 +60,15 @@ "outcome": "cvss:EQ5:1.0.0", "mapping": [ { - "cvss:E:2.0.0": "U", + "cvss:E_NoX:2.0.0": "U", "cvss:EQ5:1.0.0": "L" }, { - "cvss:E:2.0.0": "P", + "cvss:E_NoX:2.0.0": "P", "cvss:EQ5:1.0.0": "M" }, { - "cvss:E:2.0.0": "A", + "cvss:E_NoX:2.0.0": "A", "cvss:EQ5:1.0.0": "H" } ] diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index cb7c64e4..9c876e59 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -2014,6 +2014,56 @@ } } }, + "E_NoX": { + "key": "E_NoX", + "versions": { + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "E_NoX", + "version": "2.0.0", + "name": "Exploit Maturity (without Not Defined)", + "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "U", + "name": "Unreported", + "description": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + }, + { + "key": "P", + "name": "Proof-of-Concept", + "description": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + }, + { + "key": "A", + "name": "Attacked", + "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + } + ] + }, + "values": { + "U": { + "key": "U", + "name": "Unreported", + "description": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + }, + "P": { + "key": "P", + "name": "Proof-of-Concept", + "description": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + }, + "A": { + "key": "A", + "name": "Attacked", + "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + } + } + } + } + }, "IB": { "key": "IB", "versions": { @@ -7047,12 +7097,12 @@ "description": "CVSS Equivalence Set 5 Decision Table", "schemaVersion": "2.0.0", "decision_points": { - "cvss:E:2.0.0": { + "cvss:E_NoX:2.0.0": { "namespace": "cvss", - "key": "E", + "key": "E_NoX", "version": "2.0.0", - "name": "Exploit Maturity", - "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation.", + "name": "Exploit Maturity (without Not Defined)", + "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { @@ -7069,11 +7119,6 @@ "key": "A", "name": "Attacked", "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" - }, - { - "key": "X", - "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -7106,15 +7151,15 @@ "outcome": "cvss:EQ5:1.0.0", "mapping": [ { - "cvss:E:2.0.0": "U", + "cvss:E_NoX:2.0.0": "U", "cvss:EQ5:1.0.0": "L" }, { - "cvss:E:2.0.0": "P", + "cvss:E_NoX:2.0.0": "P", "cvss:EQ5:1.0.0": "M" }, { - "cvss:E:2.0.0": "A", + "cvss:E_NoX:2.0.0": "A", "cvss:EQ5:1.0.0": "H" } ] @@ -18841,33 +18886,28 @@ } ] }, - "ssvc:HI:2.0.1": { + "ssvc:MWI:1.0.0": { "namespace": "ssvc", - "key": "HI", - "version": "2.0.1", - "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", + "key": "MWI", + "version": "1.0.0", + "name": "Mission and Well-Being Impact", + "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + "description": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" }, { "key": "M", "name": "Medium", - "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + "description": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" }, { "key": "H", "name": "High", - "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" - }, - { - "key": "VH", - "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "description": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" } ] }, @@ -18908,252 +18948,252 @@ "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "T*" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "T*" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T*" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T*" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "A" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A" } ] diff --git a/src/ssvc/decision_points/cvss/exploit_maturity.py b/src/ssvc/decision_points/cvss/exploit_maturity.py index 66a6e758..e19464fe 100644 --- a/src/ssvc/decision_points/cvss/exploit_maturity.py +++ b/src/ssvc/decision_points/cvss/exploit_maturity.py @@ -28,6 +28,7 @@ NOT_DEFINED_X, ) from ssvc.decision_points.cvss.base import CvssDecisionPoint +from ssvc.decision_points.cvss.helpers import no_x from ssvc.decision_points.helpers import print_versions_and_diffs _HIGH_2 = DecisionPointValue( @@ -186,6 +187,8 @@ ), ) +EXPLOIT_MATURITY_2_NoX = no_x(EXPLOIT_MATURITY_2) + VERSIONS = ( EXPLOITABILITY_1, EXPLOITABILITY_1_1, diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index 4caa8723..eeb01e1b 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -221,6 +221,47 @@ def remove_duplicate_mapping_rows(self): self.mapping = new_mapping return self + @model_validator(mode="after") + def check_mapping_coverage(self): + counts = {} + all_combos = dpdict_to_combination_list( + self.decision_points, exclude=[self.outcome] + ) + # all_combos is a dict of all possible combinations of decision point values + # keyed by decision point ID, with value keys as values. + # initialize counts for all input combinations to 0 + for combo in all_combos: + value_tuple = tuple(combo.values()) + counts[value_tuple] = counts.get(value_tuple, 0) + + # counts now has all possible input combinations set to count 0 + + for row in self.mapping: + value_tuple = tuple(v for k, v in row.items() if k != self.outcome) + counts[value_tuple] += 1 + + # check if all combinations are covered + for k, v in counts.items(): + if v == 1: + # ok, proceed + continue + elif v == 0: + # missing combination + raise ValueError( + f"Mapping is incomplete: No mapping found for decision point combination: {k}." + ) + elif v > 1: + # duplicate. remove duplicate mapping rows should have caught this already + raise ValueError( + f"Duplicate mapping found for decision point combination: {k}." + ) + else: + raise ValueError(f"Unexpected count in mapping coverage check.{k}: {v}") + + # if you made it to here, all the counts were 1, so we're good + + return self + @model_validator(mode="after") def validate_mapping(self): """ diff --git a/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py b/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py index cb8cd100..fc9e3175 100644 --- a/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py +++ b/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py @@ -24,7 +24,9 @@ from ssvc.decision_points.ssvc.automatable import AUTOMATABLE_2 as Automatable from ssvc.decision_points.ssvc.exploitation import EXPLOITATION_1_1_0 as Exploitation -from ssvc.decision_points.ssvc.human_impact import HUMAN_IMPACT_2_0_1 as HumanImpact +from ssvc.decision_points.ssvc.human_impact import ( + MISSION_AND_WELL_BEING_IMPACT_1 as MissionAndWellBeingImpact, +) from ssvc.decision_points.ssvc.technical_impact import ( TECHNICAL_IMPACT_1 as TechnicalImpact, ) @@ -41,259 +43,265 @@ outcome=Priority.id, decision_points={ dp.id: dp - for dp in [Exploitation, Automatable, TechnicalImpact, HumanImpact, Priority] + for dp in [ + Exploitation, + Automatable, + TechnicalImpact, + MissionAndWellBeingImpact, + Priority, + ] }, mapping=[ { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "T", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "T*", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "T*", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T*", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T*", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "T", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "T", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "A", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "A", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "A", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "L", + "ssvc:MWI:1.0.0": "L", "cisa:CISA:1.0.0": "A", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "M", + "ssvc:MWI:1.0.0": "M", "cisa:CISA:1.0.0": "A", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", - "ssvc:HI:2.0.1": "H", + "ssvc:MWI:1.0.0": "H", "cisa:CISA:1.0.0": "A", }, ], diff --git a/src/ssvc/decision_tables/cvss/equivalence_set_five.py b/src/ssvc/decision_tables/cvss/equivalence_set_five.py index d0ed510f..67557fd9 100644 --- a/src/ssvc/decision_tables/cvss/equivalence_set_five.py +++ b/src/ssvc/decision_tables/cvss/equivalence_set_five.py @@ -30,7 +30,7 @@ from ssvc.decision_points.cvss.equivalence_set_5 import EQ5 -from ssvc.decision_points.cvss.exploit_maturity import EXPLOIT_MATURITY_2 as E +from ssvc.decision_points.cvss.exploit_maturity import EXPLOIT_MATURITY_2_NoX as E from ssvc.decision_tables.base import DecisionTable from ssvc.namespaces import NameSpace @@ -43,9 +43,9 @@ decision_points={dp.id: dp for dp in [E, EQ5]}, outcome=EQ5.id, mapping=[ - {"cvss:E:2.0.0": "U", "cvss:EQ5:1.0.0": "L"}, - {"cvss:E:2.0.0": "P", "cvss:EQ5:1.0.0": "M"}, - {"cvss:E:2.0.0": "A", "cvss:EQ5:1.0.0": "H"}, + {"cvss:E_NoX:2.0.0": "U", "cvss:EQ5:1.0.0": "L"}, + {"cvss:E_NoX:2.0.0": "P", "cvss:EQ5:1.0.0": "M"}, + {"cvss:E_NoX:2.0.0": "A", "cvss:EQ5:1.0.0": "H"}, ], ) diff --git a/src/test/decision_tables/test_base.py b/src/test/decision_tables/test_base.py index c721c27f..f78d07ac 100644 --- a/src/test/decision_tables/test_base.py +++ b/src/test/decision_tables/test_base.py @@ -408,6 +408,18 @@ def test_should_warn_duplicate_nonconflicting_mappings(self): self.assertIn("Duplicate mapping found", log.output[0]) + def test_should_fail_on_incomplete_mapping(self): + dt = self.dt + + # dt already has a mapping, so we can just remove something from it + self.assertGreater(len(dt.mapping), 0, "Mapping should not be empty") + dt.mapping = dt.mapping[:-1] # remove the last row + + with self.assertRaises(ValueError) as context: + dt.check_mapping_coverage() + + self.assertIn("Mapping is incomplete", str(context.exception)) + if __name__ == "__main__": unittest.main() From d10bcc0841f9461f4c8f2d0515581bcfc541994f Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 13 Aug 2025 11:17:08 -0400 Subject: [PATCH 232/468] add check for duplicate value keys inside a single decision point. Fix offending decision points. --- .../cisa/cisa_levels_1_0_0.json | 4 +- .../ssvc/public_well_being_impact_1_0_0.json | 2 +- .../cisa/cisa_coordinator_2_0_3.json | 32 ++++++------ data/json/ssvc_object_registry.json | 52 +++++++++++-------- src/ssvc/decision_points/base.py | 15 ++++++ .../ssvc/public_safety_impact.py | 2 +- .../cisa/cisa_coordinate_dt.py | 28 +++++----- src/ssvc/outcomes/cisa/scoring.py | 34 +++++++----- 8 files changed, 100 insertions(+), 69 deletions(-) diff --git a/data/json/decision_points/cisa/cisa_levels_1_0_0.json b/data/json/decision_points/cisa/cisa_levels_1_0_0.json index fcbd7061..650cfae1 100644 --- a/data/json/decision_points/cisa/cisa_levels_1_0_0.json +++ b/data/json/decision_points/cisa/cisa_levels_1_0_0.json @@ -17,12 +17,12 @@ "description": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." }, { - "key": "A", + "key": "AT", "name": "Attend", "description": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." }, { - "key": "A", + "key": "AC", "name": "Act", "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." } diff --git a/data/json/decision_points/ssvc/public_well_being_impact_1_0_0.json b/data/json/decision_points/ssvc/public_well_being_impact_1_0_0.json index 2d1adc9c..b63eab00 100644 --- a/data/json/decision_points/ssvc/public_well_being_impact_1_0_0.json +++ b/data/json/decision_points/ssvc/public_well_being_impact_1_0_0.json @@ -12,7 +12,7 @@ "description": "The effect is below the threshold for all aspects described in material. " }, { - "key": "M", + "key": "MA", "name": "Material", "description": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. " }, diff --git a/data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json b/data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json index 8a4715f1..5e7e2182 100644 --- a/data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json +++ b/data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json @@ -115,12 +115,12 @@ "description": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." }, { - "key": "A", + "key": "AT", "name": "Attend", "description": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." }, { - "key": "A", + "key": "AC", "name": "Act", "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." } @@ -190,7 +190,7 @@ "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "N", @@ -211,7 +211,7 @@ "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "P", @@ -253,7 +253,7 @@ "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "P", @@ -274,7 +274,7 @@ "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "P", @@ -295,7 +295,7 @@ "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "A", @@ -316,7 +316,7 @@ "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "A", @@ -330,56 +330,56 @@ "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AC" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AC" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AC" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AC" } ] } diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index 9c876e59..bab5b5ce 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -123,12 +123,12 @@ "description": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." }, { - "key": "A", + "key": "AT", "name": "Attend", "description": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." }, { - "key": "A", + "key": "AC", "name": "Act", "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." } @@ -145,8 +145,13 @@ "name": "Track*", "description": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." }, - "A": { - "key": "A", + "AT": { + "key": "AT", + "name": "Attend", + "description": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." + }, + "AC": { + "key": "AC", "name": "Act", "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." } @@ -5768,7 +5773,7 @@ "description": "The effect is below the threshold for all aspects described in material. " }, { - "key": "M", + "key": "MA", "name": "Material", "description": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. " }, @@ -5782,6 +5787,11 @@ "values": { "M": { "key": "M", + "name": "Minimal", + "description": "The effect is below the threshold for all aspects described in material. " + }, + "MA": { + "key": "MA", "name": "Material", "description": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. " }, @@ -18930,12 +18940,12 @@ "description": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." }, { - "key": "A", + "key": "AT", "name": "Attend", "description": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." }, { - "key": "A", + "key": "AC", "name": "Act", "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." } @@ -19005,7 +19015,7 @@ "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "N", @@ -19026,7 +19036,7 @@ "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "P", @@ -19068,7 +19078,7 @@ "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "P", @@ -19089,7 +19099,7 @@ "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "P", @@ -19110,7 +19120,7 @@ "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "A", @@ -19131,7 +19141,7 @@ "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "A", @@ -19145,56 +19155,56 @@ "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AC" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AC" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AC" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A" + "cisa:CISA:1.0.0": "AC" } ] } diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index f239c7e0..f5ee3931 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -133,6 +133,21 @@ def _set_schema_version(cls, data: dict) -> dict: data["schemaVersion"] = SCHEMA_VERSION return data + @model_validator(mode="after") + def _validate_values(self): + # confirm that value keys are unique + seen = dict() + for value in self.values: + if value.key in seen: + raise ValueError( + f"Duplicate key found in {self.id}: {value.key} ({value.name} and {seen[value.key]})" + ) + else: + seen[value.key] = value.name + + # if we got here, all good + return self + @property def value_summaries(self) -> list[str]: """ diff --git a/src/ssvc/decision_points/ssvc/public_safety_impact.py b/src/ssvc/decision_points/ssvc/public_safety_impact.py index 449c8938..6227d318 100644 --- a/src/ssvc/decision_points/ssvc/public_safety_impact.py +++ b/src/ssvc/decision_points/ssvc/public_safety_impact.py @@ -45,7 +45,7 @@ "Financial: Financial losses likely lead to bankruptcy of multiple persons. " "Psychological: Widespread emotional or psychological harm, sufficient to necessitate " "counseling or therapy, impact populations of people. ", - key="M", + key="MA", ) IRREVERSIBLE = DecisionPointValue( diff --git a/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py b/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py index fc9e3175..8086fd75 100644 --- a/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py +++ b/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py @@ -113,7 +113,7 @@ "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A", + "cisa:CISA:1.0.0": "AT", }, { "ssvc:E:1.1.0": "N", @@ -134,7 +134,7 @@ "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A", + "cisa:CISA:1.0.0": "AT", }, { "ssvc:E:1.1.0": "P", @@ -176,7 +176,7 @@ "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A", + "cisa:CISA:1.0.0": "AT", }, { "ssvc:E:1.1.0": "P", @@ -197,7 +197,7 @@ "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A", + "cisa:CISA:1.0.0": "AT", }, { "ssvc:E:1.1.0": "P", @@ -218,7 +218,7 @@ "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A", + "cisa:CISA:1.0.0": "AT", }, { "ssvc:E:1.1.0": "A", @@ -239,7 +239,7 @@ "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A", + "cisa:CISA:1.0.0": "AT", }, { "ssvc:E:1.1.0": "A", @@ -253,56 +253,56 @@ "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "A", + "cisa:CISA:1.0.0": "AT", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A", + "cisa:CISA:1.0.0": "AC", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "A", + "cisa:CISA:1.0.0": "AT", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "A", + "cisa:CISA:1.0.0": "AT", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A", + "cisa:CISA:1.0.0": "AC", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "A", + "cisa:CISA:1.0.0": "AT", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "A", + "cisa:CISA:1.0.0": "AC", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "A", + "cisa:CISA:1.0.0": "AC", }, ], ) diff --git a/src/ssvc/outcomes/cisa/scoring.py b/src/ssvc/outcomes/cisa/scoring.py index 6b64bac1..549cf52c 100644 --- a/src/ssvc/outcomes/cisa/scoring.py +++ b/src/ssvc/outcomes/cisa/scoring.py @@ -1,15 +1,21 @@ -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 """ Provides the CISA Levels outcome group for use in SSVC. """ @@ -35,7 +41,7 @@ _ATTEND = DecisionPointValue( name="Attend", - key="A", + key="AT", description="The vulnerability requires attention from the organization's internal, supervisory-level individuals. " "Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. " "CISA recommends remediating Attend vulnerabilities sooner than standard update timelines.", @@ -43,7 +49,7 @@ _ACT = DecisionPointValue( name="Act", - key="A", + key="AC", description="The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. " "Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. " "Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. " From ba81ab429d5ff78722e67723f0682fb480c144cc Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 13 Aug 2025 12:02:47 -0400 Subject: [PATCH 233/468] use HI 2.0.2 --- .../ssvc/human_impact_1_0_0.json | 44 +++++++++---------- src/ssvc/decision_tables/ssvc/human_impact.py | 34 +++++++------- 2 files changed, 39 insertions(+), 39 deletions(-) diff --git a/data/json/decision_tables/ssvc/human_impact_1_0_0.json b/data/json/decision_tables/ssvc/human_impact_1_0_0.json index 0e71585f..e7f20d6b 100644 --- a/data/json/decision_tables/ssvc/human_impact_1_0_0.json +++ b/data/json/decision_tables/ssvc/human_impact_1_0_0.json @@ -66,10 +66,10 @@ } ] }, - "ssvc:HI:2.0.1": { + "ssvc:HI:2.0.2": { "namespace": "ssvc", "key": "HI", - "version": "2.0.1", + "version": "2.0.2", "name": "Human Impact", "description": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", @@ -77,17 +77,17 @@ { "key": "L", "name": "Low", - "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + "description": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" }, { "key": "M", "name": "Medium", - "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" }, { "key": "H", "name": "High", - "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + "description": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" }, { "key": "VH", @@ -97,87 +97,87 @@ ] } }, - "outcome": "ssvc:HI:2.0.1", + "outcome": "ssvc:HI:2.0.2", "mapping": [ { "ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "D", - "ssvc:HI:2.0.1": "L" + "ssvc:HI:2.0.2": "L" }, { "ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MSC", - "ssvc:HI:2.0.1": "L" + "ssvc:HI:2.0.2": "L" }, { "ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MEF", - "ssvc:HI:2.0.1": "M" + "ssvc:HI:2.0.2": "M" }, { "ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MF", - "ssvc:HI:2.0.1": "VH" + "ssvc:HI:2.0.2": "VH" }, { "ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "D", - "ssvc:HI:2.0.1": "L" + "ssvc:HI:2.0.2": "L" }, { "ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MSC", - "ssvc:HI:2.0.1": "L" + "ssvc:HI:2.0.2": "L" }, { "ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MEF", - "ssvc:HI:2.0.1": "M" + "ssvc:HI:2.0.2": "M" }, { "ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MF", - "ssvc:HI:2.0.1": "VH" + "ssvc:HI:2.0.2": "VH" }, { "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "D", - "ssvc:HI:2.0.1": "M" + "ssvc:HI:2.0.2": "M" }, { "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MSC", - "ssvc:HI:2.0.1": "H" + "ssvc:HI:2.0.2": "H" }, { "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MEF", - "ssvc:HI:2.0.1": "H" + "ssvc:HI:2.0.2": "H" }, { "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MF", - "ssvc:HI:2.0.1": "VH" + "ssvc:HI:2.0.2": "VH" }, { "ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "D", - "ssvc:HI:2.0.1": "VH" + "ssvc:HI:2.0.2": "VH" }, { "ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MSC", - "ssvc:HI:2.0.1": "VH" + "ssvc:HI:2.0.2": "VH" }, { "ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MEF", - "ssvc:HI:2.0.1": "VH" + "ssvc:HI:2.0.2": "VH" }, { "ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MF", - "ssvc:HI:2.0.1": "VH" + "ssvc:HI:2.0.2": "VH" } ] } diff --git a/src/ssvc/decision_tables/ssvc/human_impact.py b/src/ssvc/decision_tables/ssvc/human_impact.py index ebd7d30b..c20436ed 100644 --- a/src/ssvc/decision_tables/ssvc/human_impact.py +++ b/src/ssvc/decision_tables/ssvc/human_impact.py @@ -21,7 +21,7 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc.human_impact import HUMAN_IMPACT_2_0_1 as HumanImpact +from ssvc.decision_points.ssvc.human_impact import HUMAN_IMPACT_2_0_2 as HumanImpact from ssvc.decision_points.ssvc.mission_impact import MISSION_IMPACT_2 as MissionImpact from ssvc.decision_points.ssvc.safety_impact import ( SAFETY_IMPACT_2 as SituatedSafetyImpact, @@ -42,22 +42,22 @@ }, outcome=HumanImpact.id, mapping=[ - {"ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "L"}, - {"ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "L"}, - {"ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "M"}, - {"ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, - {"ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "L"}, - {"ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "L"}, - {"ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "M"}, - {"ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, - {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "M"}, - {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "H"}, - {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "H"}, - {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, - {"ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.1": "VH"}, - {"ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.1": "VH"}, - {"ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.1": "VH"}, - {"ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.1": "VH"}, + {"ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.2": "L"}, + {"ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.2": "L"}, + {"ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.2": "M"}, + {"ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.2": "VH"}, + {"ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.2": "L"}, + {"ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.2": "L"}, + {"ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.2": "M"}, + {"ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.2": "VH"}, + {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.2": "M"}, + {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.2": "H"}, + {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.2": "H"}, + {"ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.2": "VH"}, + {"ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "D", "ssvc:HI:2.0.2": "VH"}, + {"ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MSC", "ssvc:HI:2.0.2": "VH"}, + {"ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MEF", "ssvc:HI:2.0.2": "VH"}, + {"ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MF", "ssvc:HI:2.0.2": "VH"}, ], ) From c768c820084d6a364ebd1f98073e3f98504abfc6 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 13 Aug 2025 12:03:35 -0400 Subject: [PATCH 234/468] bump public_well_being version --- .../ssvc/public_well_being_impact_1_1_0.json | 25 ++++++++++ data/json/ssvc_object_registry.json | 50 +++++++++---------- .../ssvc/public_safety_impact.py | 41 +++++++++++++-- 3 files changed, 86 insertions(+), 30 deletions(-) create mode 100644 data/json/decision_points/ssvc/public_well_being_impact_1_1_0.json diff --git a/data/json/decision_points/ssvc/public_well_being_impact_1_1_0.json b/data/json/decision_points/ssvc/public_well_being_impact_1_1_0.json new file mode 100644 index 00000000..38780b34 --- /dev/null +++ b/data/json/decision_points/ssvc/public_well_being_impact_1_1_0.json @@ -0,0 +1,25 @@ +{ + "namespace": "ssvc", + "key": "PWI", + "version": "1.1.0", + "name": "Public Well-Being Impact", + "description": "A coarse-grained representation of impact to public well-being.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "M", + "name": "Minimal", + "description": "The effect is below the threshold for all aspects described in material. " + }, + { + "key": "MA", + "name": "Material", + "description": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. " + }, + { + "key": "I", + "name": "Irreversible", + "description": "Any one or more of these conditions hold. Physical harm: One or both of the following are true: (a) Multiple fatalities are likely.(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) are imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse. Psychological: N/A " + } + ] +} diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index bab5b5ce..016cc714 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -5757,12 +5757,12 @@ "PWI": { "key": "PWI", "versions": { - "1.0.0": { - "version": "1.0.0", + "1.1.0": { + "version": "1.1.0", "obj": { "namespace": "ssvc", "key": "PWI", - "version": "1.0.0", + "version": "1.1.0", "name": "Public Well-Being Impact", "description": "A coarse-grained representation of impact to public well-being.", "schemaVersion": "2.0.0", @@ -18196,10 +18196,10 @@ } ] }, - "ssvc:HI:2.0.1": { + "ssvc:HI:2.0.2": { "namespace": "ssvc", "key": "HI", - "version": "2.0.1", + "version": "2.0.2", "name": "Human Impact", "description": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", @@ -18207,17 +18207,17 @@ { "key": "L", "name": "Low", - "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + "description": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" }, { "key": "M", "name": "Medium", - "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" }, { "key": "H", "name": "High", - "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + "description": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" }, { "key": "VH", @@ -18227,87 +18227,87 @@ ] } }, - "outcome": "ssvc:HI:2.0.1", + "outcome": "ssvc:HI:2.0.2", "mapping": [ { "ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "D", - "ssvc:HI:2.0.1": "L" + "ssvc:HI:2.0.2": "L" }, { "ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MSC", - "ssvc:HI:2.0.1": "L" + "ssvc:HI:2.0.2": "L" }, { "ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MEF", - "ssvc:HI:2.0.1": "M" + "ssvc:HI:2.0.2": "M" }, { "ssvc:SI:2.0.0": "N", "ssvc:MI:2.0.0": "MF", - "ssvc:HI:2.0.1": "VH" + "ssvc:HI:2.0.2": "VH" }, { "ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "D", - "ssvc:HI:2.0.1": "L" + "ssvc:HI:2.0.2": "L" }, { "ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MSC", - "ssvc:HI:2.0.1": "L" + "ssvc:HI:2.0.2": "L" }, { "ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MEF", - "ssvc:HI:2.0.1": "M" + "ssvc:HI:2.0.2": "M" }, { "ssvc:SI:2.0.0": "M", "ssvc:MI:2.0.0": "MF", - "ssvc:HI:2.0.1": "VH" + "ssvc:HI:2.0.2": "VH" }, { "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "D", - "ssvc:HI:2.0.1": "M" + "ssvc:HI:2.0.2": "M" }, { "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MSC", - "ssvc:HI:2.0.1": "H" + "ssvc:HI:2.0.2": "H" }, { "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MEF", - "ssvc:HI:2.0.1": "H" + "ssvc:HI:2.0.2": "H" }, { "ssvc:SI:2.0.0": "R", "ssvc:MI:2.0.0": "MF", - "ssvc:HI:2.0.1": "VH" + "ssvc:HI:2.0.2": "VH" }, { "ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "D", - "ssvc:HI:2.0.1": "VH" + "ssvc:HI:2.0.2": "VH" }, { "ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MSC", - "ssvc:HI:2.0.1": "VH" + "ssvc:HI:2.0.2": "VH" }, { "ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MEF", - "ssvc:HI:2.0.1": "VH" + "ssvc:HI:2.0.2": "VH" }, { "ssvc:SI:2.0.0": "C", "ssvc:MI:2.0.0": "MF", - "ssvc:HI:2.0.1": "VH" + "ssvc:HI:2.0.2": "VH" } ] } diff --git a/src/ssvc/decision_points/ssvc/public_safety_impact.py b/src/ssvc/decision_points/ssvc/public_safety_impact.py index 6227d318..46f22a94 100644 --- a/src/ssvc/decision_points/ssvc/public_safety_impact.py +++ b/src/ssvc/decision_points/ssvc/public_safety_impact.py @@ -34,6 +34,21 @@ ) MATERIAL = DecisionPointValue( + name="Material", + description="Any one or more of these conditions hold. " + "Physical harm: Does one or more of the following: " + "(a) Causes physical distress or injury to system users. " + "(b) Introduces occupational safety hazards. " + "(c) Reduces and/or results in failure of cyber-physical system safety margins. " + "Environment: Major externalities (property damage, environmental damage, etc.) are " + "imposed on other parties. " + "Financial: Financial losses likely lead to bankruptcy of multiple persons. " + "Psychological: Widespread emotional or psychological harm, sufficient to necessitate " + "counseling or therapy, impact populations of people. ", + key="M", +) + +MATERIAL_1 = DecisionPointValue( name="Material", description="Any one or more of these conditions hold. " "Physical harm: Does one or more of the following: " @@ -48,6 +63,7 @@ key="MA", ) + IRREVERSIBLE = DecisionPointValue( name="Irreversible", description="Any one or more of these conditions hold. " @@ -81,19 +97,33 @@ name="Minimal", description="Safety Impact:Negligible", key="M" ) - -PUBLIC_WELL_BEING_IMPACT_1 = SsvcDecisionPoint( +# This version is deprecated because it had two values with the same key. +# It is kept here for reference, but should not be used in new code. +# PUBLIC_WELL_BEING_IMPACT_1 = SsvcDecisionPoint( +# name="Public Well-Being Impact", +# description="A coarse-grained representation of impact to public well-being.", +# key="PWI", +# version="1.0.0", +# values=( +# MINIMAL_1, +# MATERIAL, +# IRREVERSIBLE, +# ), +# ) + +PUBLIC_WELL_BEING_IMPACT_1_1 = SsvcDecisionPoint( name="Public Well-Being Impact", description="A coarse-grained representation of impact to public well-being.", key="PWI", - version="1.0.0", + version="1.1.0", values=( MINIMAL_1, - MATERIAL, + MATERIAL_1, IRREVERSIBLE, ), ) + PUBLIC_SAFETY_IMPACT_2 = SsvcDecisionPoint( name="Public Safety Impact", description="A coarse-grained representation of impact to public safety.", @@ -117,7 +147,8 @@ ) VERSIONS = ( - PUBLIC_WELL_BEING_IMPACT_1, + # PUBLIC_WELL_BEING_IMPACT_1, + PUBLIC_WELL_BEING_IMPACT_1_1, PUBLIC_SAFETY_IMPACT_2, PUBLIC_SAFETY_IMPACT_2_0_1, ) From 130ea98a53f287ac2e4a08aa2617438c70b8388a Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 13 Aug 2025 12:04:40 -0400 Subject: [PATCH 235/468] ssvc:pwi:1.0.0 no longer validates (duplicate keys), so get rid of it. --- .../ssvc/public_well_being_impact_1_0_0.json | 25 ------------------- 1 file changed, 25 deletions(-) delete mode 100644 data/json/decision_points/ssvc/public_well_being_impact_1_0_0.json diff --git a/data/json/decision_points/ssvc/public_well_being_impact_1_0_0.json b/data/json/decision_points/ssvc/public_well_being_impact_1_0_0.json deleted file mode 100644 index b63eab00..00000000 --- a/data/json/decision_points/ssvc/public_well_being_impact_1_0_0.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "namespace": "ssvc", - "key": "PWI", - "version": "1.0.0", - "name": "Public Well-Being Impact", - "description": "A coarse-grained representation of impact to public well-being.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "M", - "name": "Minimal", - "description": "The effect is below the threshold for all aspects described in material. " - }, - { - "key": "MA", - "name": "Material", - "description": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. " - }, - { - "key": "I", - "name": "Irreversible", - "description": "Any one or more of these conditions hold. Physical harm: One or both of the following are true: (a) Multiple fatalities are likely.(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) are imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse. Psychological: N/A " - } - ] -} From 8d46606cd2f0f3b8ff345a454b4449afd811accf Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 13 Aug 2025 12:08:30 -0400 Subject: [PATCH 236/468] bump CISA scoring version to reflect change in keys --- ...vels_1_0_0.json => cisa_levels_1_1_0.json} | 2 +- .../cisa/cisa_coordinator_2_0_3.json | 78 ++++++++--------- data/json/ssvc_object_registry.json | 84 +++++++++---------- .../cisa/cisa_coordinate_dt.py | 72 ++++++++-------- src/ssvc/outcomes/cisa/scoring.py | 2 +- 5 files changed, 119 insertions(+), 119 deletions(-) rename data/json/decision_points/cisa/{cisa_levels_1_0_0.json => cisa_levels_1_1_0.json} (98%) diff --git a/data/json/decision_points/cisa/cisa_levels_1_0_0.json b/data/json/decision_points/cisa/cisa_levels_1_1_0.json similarity index 98% rename from data/json/decision_points/cisa/cisa_levels_1_0_0.json rename to data/json/decision_points/cisa/cisa_levels_1_1_0.json index 650cfae1..965874bb 100644 --- a/data/json/decision_points/cisa/cisa_levels_1_0_0.json +++ b/data/json/decision_points/cisa/cisa_levels_1_1_0.json @@ -1,7 +1,7 @@ { "namespace": "cisa", "key": "CISA", - "version": "1.0.0", + "version": "1.1.0", "name": "CISA Levels", "description": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", "schemaVersion": "2.0.0", diff --git a/data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json b/data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json index 5e7e2182..92c7fac7 100644 --- a/data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json +++ b/data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json @@ -96,10 +96,10 @@ } ] }, - "cisa:CISA:1.0.0": { + "cisa:CISA:1.1.0": { "namespace": "cisa", "key": "CISA", - "version": "1.0.0", + "version": "1.1.0", "name": "CISA Levels", "description": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", "schemaVersion": "2.0.0", @@ -127,259 +127,259 @@ ] } }, - "outcome": "cisa:CISA:1.0.0", + "outcome": "cisa:CISA:1.1.0", "mapping": [ { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "T*" + "cisa:CISA:1.1.0": "T*" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "T*" + "cisa:CISA:1.1.0": "T*" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T*" + "cisa:CISA:1.1.0": "T*" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T*" + "cisa:CISA:1.1.0": "T*" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AC" + "cisa:CISA:1.1.0": "AC" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AC" + "cisa:CISA:1.1.0": "AC" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "AC" + "cisa:CISA:1.1.0": "AC" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AC" + "cisa:CISA:1.1.0": "AC" } ] } diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index 016cc714..0f39238f 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -102,12 +102,12 @@ "CISA": { "key": "CISA", "versions": { - "1.0.0": { - "version": "1.0.0", + "1.1.0": { + "version": "1.1.0", "obj": { "namespace": "cisa", "key": "CISA", - "version": "1.0.0", + "version": "1.1.0", "name": "CISA Levels", "description": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", "schemaVersion": "2.0.0", @@ -18921,10 +18921,10 @@ } ] }, - "cisa:CISA:1.0.0": { + "cisa:CISA:1.1.0": { "namespace": "cisa", "key": "CISA", - "version": "1.0.0", + "version": "1.1.0", "name": "CISA Levels", "description": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", "schemaVersion": "2.0.0", @@ -18952,259 +18952,259 @@ ] } }, - "outcome": "cisa:CISA:1.0.0", + "outcome": "cisa:CISA:1.1.0", "mapping": [ { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "T*" + "cisa:CISA:1.1.0": "T*" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "T*" + "cisa:CISA:1.1.0": "T*" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T*" + "cisa:CISA:1.1.0": "T*" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T*" + "cisa:CISA:1.1.0": "T*" }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T" + "cisa:CISA:1.1.0": "T" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AC" + "cisa:CISA:1.1.0": "AC" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AC" + "cisa:CISA:1.1.0": "AC" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "AT" + "cisa:CISA:1.1.0": "AT" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "AC" + "cisa:CISA:1.1.0": "AC" }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AC" + "cisa:CISA:1.1.0": "AC" } ] } diff --git a/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py b/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py index 8086fd75..0e4503a9 100644 --- a/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py +++ b/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py @@ -57,252 +57,252 @@ "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T", + "cisa:CISA:1.1.0": "T", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T", + "cisa:CISA:1.1.0": "T", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "T", + "cisa:CISA:1.1.0": "T", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T", + "cisa:CISA:1.1.0": "T", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T", + "cisa:CISA:1.1.0": "T", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "T*", + "cisa:CISA:1.1.0": "T*", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T", + "cisa:CISA:1.1.0": "T", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T", + "cisa:CISA:1.1.0": "T", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AT", + "cisa:CISA:1.1.0": "AT", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T", + "cisa:CISA:1.1.0": "T", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T", + "cisa:CISA:1.1.0": "T", }, { "ssvc:E:1.1.0": "N", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AT", + "cisa:CISA:1.1.0": "AT", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T", + "cisa:CISA:1.1.0": "T", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T", + "cisa:CISA:1.1.0": "T", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "T*", + "cisa:CISA:1.1.0": "T*", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T", + "cisa:CISA:1.1.0": "T", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T*", + "cisa:CISA:1.1.0": "T*", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AT", + "cisa:CISA:1.1.0": "AT", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T", + "cisa:CISA:1.1.0": "T", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T", + "cisa:CISA:1.1.0": "T", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AT", + "cisa:CISA:1.1.0": "AT", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T", + "cisa:CISA:1.1.0": "T", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T*", + "cisa:CISA:1.1.0": "T*", }, { "ssvc:E:1.1.0": "P", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AT", + "cisa:CISA:1.1.0": "AT", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T", + "cisa:CISA:1.1.0": "T", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "T", + "cisa:CISA:1.1.0": "T", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AT", + "cisa:CISA:1.1.0": "AT", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "T", + "cisa:CISA:1.1.0": "T", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "AT", + "cisa:CISA:1.1.0": "AT", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "N", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AC", + "cisa:CISA:1.1.0": "AC", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "AT", + "cisa:CISA:1.1.0": "AT", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "AT", + "cisa:CISA:1.1.0": "AT", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "P", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AC", + "cisa:CISA:1.1.0": "AC", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.0.0": "AT", + "cisa:CISA:1.1.0": "AT", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.0.0": "AC", + "cisa:CISA:1.1.0": "AC", }, { "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", "ssvc:TI:1.0.0": "T", "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.0.0": "AC", + "cisa:CISA:1.1.0": "AC", }, ], ) diff --git a/src/ssvc/outcomes/cisa/scoring.py b/src/ssvc/outcomes/cisa/scoring.py index 549cf52c..3097061a 100644 --- a/src/ssvc/outcomes/cisa/scoring.py +++ b/src/ssvc/outcomes/cisa/scoring.py @@ -61,7 +61,7 @@ key="CISA", description="The CISA outcome group. " "CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", - version="1.0.0", + version="1.1.0", values=( _TRACK, _TRACK_STAR, From d7fe17859c0f53cc4ab8388c54cac069b58cc357 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 13 Aug 2025 13:46:10 -0400 Subject: [PATCH 237/468] copyright update --- src/ssvc/outcomes/cvss/lmhc.py | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/src/ssvc/outcomes/cvss/lmhc.py b/src/ssvc/outcomes/cvss/lmhc.py index 673c9794..b1791608 100644 --- a/src/ssvc/outcomes/cvss/lmhc.py +++ b/src/ssvc/outcomes/cvss/lmhc.py @@ -1,15 +1,21 @@ -# Copyright (c) 2025 Carnegie Mellon University and Contributors. -# - see Contributors.md for a full list of Contributors -# - see ContributionInstructions.md for information on how you can Contribute to this project -# Stakeholder Specific Vulnerability Categorization (SSVC) is -# licensed under a MIT (SEI)-style license, please see LICENSE.md distributed -# with this Software or contact permission@sei.cmu.edu for full terms. -# Created, in part, with funding and support from the United States Government -# (see Acknowledgments file). This program may include and/or can make use of -# certain third party source code, object code, documentation and other files -# (“Third Party Software”). See LICENSE.md for more details. -# Carnegie Mellon®, CERT® and CERT Coordination Center® are registered in the -# U.S. Patent and Trademark Office by Carnegie Mellon University +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 from ssvc.decision_points.base import DecisionPointValue as DecisionPointValue from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs From 75189b385c17d2c5f4143fc3776da7f954ccdf16 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 13 Aug 2025 13:48:18 -0400 Subject: [PATCH 238/468] add table with coverage of EQ3=L,EQ6=H. They're invalid according to CVSSv4 rules, but we need them for state coverage. --- ..._0_qualitative_severity_ratings_4_0_0.json | 3104 ++++++++++ data/json/ssvc_object_registry.json | 3112 ++++++++++ .../cvss/qualitative_severity.py | 5432 +++++++++-------- 3 files changed, 9201 insertions(+), 2447 deletions(-) create mode 100644 data/json/decision_tables/cvss/cvss_v4_0_qualitative_severity_ratings_4_0_0.json diff --git a/data/json/decision_tables/cvss/cvss_v4_0_qualitative_severity_ratings_4_0_0.json b/data/json/decision_tables/cvss/cvss_v4_0_qualitative_severity_ratings_4_0_0.json new file mode 100644 index 00000000..370ce1ce --- /dev/null +++ b/data/json/decision_tables/cvss/cvss_v4_0_qualitative_severity_ratings_4_0_0.json @@ -0,0 +1,3104 @@ +{ + "namespace": "cvss", + "key": "DT_CVSS_QSR", + "version": "4.0.0", + "name": "CVSS v4.0 Qualitative Severity Ratings", + "description": "CVSS v4.0 using MacroVectors and Interpolation. See https://www.first.org/cvss/specification-document#New-Scoring-System-Development for details", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:EQ1:1.0.0": { + "namespace": "cvss", + "key": "EQ1", + "version": "1.0.0", + "name": "Equivalence Set 1", + "description": "AV/PR/UI with 3 levels specified in Table 24", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: AV:P or not(AV:N or PR:N or UI:N)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" + }, + { + "key": "H", + "name": "High", + "description": "0: AV:N and PR:N and UI:N" + } + ] + }, + "cvss:EQ2:1.0.0": { + "namespace": "cvss", + "key": "EQ2", + "version": "1.0.0", + "name": "Equivalence Set 2", + "description": "AC/AT with 2 levels specified in Table 25", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "1: not (AC:L and AT:N)" + }, + { + "key": "H", + "name": "High", + "description": "0: AC:L and AT:N" + } + ] + }, + "cvss:EQ3:1.0.0": { + "namespace": "cvss", + "key": "EQ3", + "version": "1.0.0", + "name": "Equivalence Set 3", + "description": "VC/VI/VA with 3 levels specified in Table 26", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: not (VC:H or VI:H or VA:H)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: VC:H and VI:H" + } + ] + }, + "cvss:EQ4:1.0.0": { + "namespace": "cvss", + "key": "EQ4", + "version": "1.0.0", + "name": "Equivalence Set 4", + "description": "SC/SI/SA with 3 levels specified in Table 27", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: MSI:S or MSA:S" + } + ] + }, + "cvss:EQ5:1.0.0": { + "namespace": "cvss", + "key": "EQ5", + "version": "1.0.0", + "name": "Equivalence Set 5", + "description": "E with 3 levels specified in Table 28", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: E:U" + }, + { + "key": "M", + "name": "Medium", + "description": "1: E:P" + }, + { + "key": "H", + "name": "High", + "description": "0: E:A" + } + ] + }, + "cvss:EQ6:1.0.0": { + "namespace": "cvss", + "key": "EQ6", + "version": "1.0.0", + "name": "Equivalence Set 6", + "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" + } + ] + }, + "cvss:CVSS:1.0.0": { + "namespace": "cvss", + "key": "CVSS", + "version": "1.0.0", + "name": "CVSS Qualitative Severity Rating Scale", + "description": "The CVSS Qualitative Severity Rating Scale group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "None (0.0)" + }, + { + "key": "L", + "name": "Low", + "description": "Low (0.1-3.9)" + }, + { + "key": "M", + "name": "Medium", + "description": "Medium (4.0-6.9)" + }, + { + "key": "H", + "name": "High", + "description": "High (7.0-8.9)" + }, + { + "key": "C", + "name": "Critical", + "description": "Critical (9.0-10.0)" + } + ] + } + }, + "outcome": "cvss:CVSS:1.0.0", + "mapping": [ + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + } + ] +} diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index 0f39238f..237fb21d 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -15073,6 +15073,3118 @@ } } } + }, + "DT_CVSS_QSR": { + "key": "DT_CVSS_QSR", + "versions": { + "4.0.0": { + "version": "4.0.0", + "obj": { + "namespace": "cvss", + "key": "DT_CVSS_QSR", + "version": "4.0.0", + "name": "CVSS v4.0 Qualitative Severity Ratings", + "description": "CVSS v4.0 using MacroVectors and Interpolation. See https://www.first.org/cvss/specification-document#New-Scoring-System-Development for details", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:EQ1:1.0.0": { + "namespace": "cvss", + "key": "EQ1", + "version": "1.0.0", + "name": "Equivalence Set 1", + "description": "AV/PR/UI with 3 levels specified in Table 24", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: AV:P or not(AV:N or PR:N or UI:N)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" + }, + { + "key": "H", + "name": "High", + "description": "0: AV:N and PR:N and UI:N" + } + ] + }, + "cvss:EQ2:1.0.0": { + "namespace": "cvss", + "key": "EQ2", + "version": "1.0.0", + "name": "Equivalence Set 2", + "description": "AC/AT with 2 levels specified in Table 25", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "1: not (AC:L and AT:N)" + }, + { + "key": "H", + "name": "High", + "description": "0: AC:L and AT:N" + } + ] + }, + "cvss:EQ3:1.0.0": { + "namespace": "cvss", + "key": "EQ3", + "version": "1.0.0", + "name": "Equivalence Set 3", + "description": "VC/VI/VA with 3 levels specified in Table 26", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: not (VC:H or VI:H or VA:H)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: VC:H and VI:H" + } + ] + }, + "cvss:EQ4:1.0.0": { + "namespace": "cvss", + "key": "EQ4", + "version": "1.0.0", + "name": "Equivalence Set 4", + "description": "SC/SI/SA with 3 levels specified in Table 27", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: MSI:S or MSA:S" + } + ] + }, + "cvss:EQ5:1.0.0": { + "namespace": "cvss", + "key": "EQ5", + "version": "1.0.0", + "name": "Equivalence Set 5", + "description": "E with 3 levels specified in Table 28", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: E:U" + }, + { + "key": "M", + "name": "Medium", + "description": "1: E:P" + }, + { + "key": "H", + "name": "High", + "description": "0: E:A" + } + ] + }, + "cvss:EQ6:1.0.0": { + "namespace": "cvss", + "key": "EQ6", + "version": "1.0.0", + "name": "Equivalence Set 6", + "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" + } + ] + }, + "cvss:CVSS:1.0.0": { + "namespace": "cvss", + "key": "CVSS", + "version": "1.0.0", + "name": "CVSS Qualitative Severity Rating Scale", + "description": "The CVSS Qualitative Severity Rating Scale group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "None (0.0)" + }, + { + "key": "L", + "name": "Low", + "description": "Low (0.1-3.9)" + }, + { + "key": "M", + "name": "Medium", + "description": "Medium (4.0-6.9)" + }, + { + "key": "H", + "name": "High", + "description": "High (7.0-8.9)" + }, + { + "key": "C", + "name": "Critical", + "description": "Critical (9.0-10.0)" + } + ] + } + }, + "outcome": "cvss:CVSS:1.0.0", + "mapping": [ + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + } + ] + } + } + } } } }, diff --git a/src/ssvc/decision_tables/cvss/qualitative_severity.py b/src/ssvc/decision_tables/cvss/qualitative_severity.py index e70bb6dc..00237d44 100644 --- a/src/ssvc/decision_tables/cvss/qualitative_severity.py +++ b/src/ssvc/decision_tables/cvss/qualitative_severity.py @@ -20,2464 +20,3002 @@ # This Software includes and/or makes use of Third-Party Software each # subject to its own license. # DM24-0278 -#Exploitation,Automatable,TechnicalImpact,HumanImpact,Decision -from ssvc.decision_points.cvss.equivalence_set_1 import LATEST as EQ1 -from ssvc.decision_points.cvss.equivalence_set_2 import LATEST as EQ2 -from ssvc.decision_points.cvss.equivalence_set_3 import LATEST as EQ3 -from ssvc.decision_points.cvss.equivalence_set_4 import LATEST as EQ4 -from ssvc.decision_points.cvss.equivalence_set_5 import LATEST as EQ5 -from ssvc.decision_points.cvss.equivalence_set_6 import LATEST as EQ6 -from ssvc.outcomes.cvss.lmhc import LATEST as LMHC -import pandas as pd -from ssvc.decision_tables.base import DecisionTable, dpdict_to_combination_list -from ssvc.decision_tables.helpers import write_csv +from ssvc.decision_points.cvss.equivalence_set_1 import EQ1 +from ssvc.decision_points.cvss.equivalence_set_2 import EQ2 +from ssvc.decision_points.cvss.equivalence_set_3 import EQ3 +from ssvc.decision_points.cvss.equivalence_set_4 import EQ4 +from ssvc.decision_points.cvss.equivalence_set_5 import EQ5 +from ssvc.decision_points.cvss.equivalence_set_6 import EQ6 +from ssvc.decision_tables.base import DecisionTable +from ssvc.outcomes.cvss.lmhc import LMHC -dp_array = [EQ1,EQ2,EQ3,EQ4,EQ5,EQ6,LMHC] +dp_array = [EQ1, EQ2, EQ3, EQ4, EQ5, EQ6, LMHC] dp_dict = {dp.id: dp for dp in dp_array} -LMHC_1 = DecisionTable( - name = "CVSS v4.0 Qualitative Severity Ratings", - key="CVSS4_QSR", - version="1.0.0", - namespace = "cvss", - description = "CVSS v4.0 using MacroVectors and Interpolation. See https://www.first.org/cvss/specification-document#New-Scoring-System-Development for details", - decision_points = {dp.id: dp for dp in dp_array}, - outcome = LMHC.id, - mapping = [ - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - } +QSR_4 = DecisionTable( + name="CVSS v4.0 Qualitative Severity Ratings", + key="CVSS_QSR", + version="4.0.0", + namespace="cvss", + description="CVSS v4.0 using MacroVectors and Interpolation. See https://www.first.org/cvss/specification-document#New-Scoring-System-Development for details", + decision_points=dp_dict, + outcome=LMHC.id, + mapping=[ + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + ], +) + +VERSIONS = [ + QSR_4, ] +LATEST = QSR_4 -) -VERSIONS = [LMHC_1,] -LATEST = LMHC_1 +# def corrections(): +# from ssvc.outcomes.cvss._v4expected import V4_EXPECTED +# +# expected = {} +# for row in V4_EXPECTED: +# key = tuple([v for k, v in row.items() if k != QSR_4.outcome]) +# expected[key] = row +# +# # now go through default mapping and replace expected rows +# new_mapping = [] +# for row in QSR_4.mapping: +# new_row = dict(row) +# key = tuple([v for k, v in row.items() if k != QSR_4.outcome]) +# if key in expected: +# new_mapping.append(expected[key]) +# else: +# if row[EQ3.id] == "L" and row[EQ6.id] == "H": +# # this combination is not permitted +# # so instead we're going to lookup +# # the outcome from "3=L, 6=L", all else being equal +# new_key = list(key) +# new_key[5] = "L" # EQ6 +# new_key = tuple(new_key) +# if new_key in expected: +# new_row[QSR_4.outcome] = expected[new_key][QSR_4.outcome] +# else: +# raise KeyError( +# f"Warning: No expected row for {new_key} in CVSS v4." +# ) +# else: +# # why are we here? +# raise KeyError(f"Warning: No expected row for {key} in CVSS v4.") +# +# new_mapping.append(new_row) +# return new_mapping + def main(): - print(LMHC_1.model_dump_json(indent=2)) + print(QSR_4.model_dump_json(indent=2)) + + import pandas as pd + + df = pd.DataFrame(QSR_4.mapping) + print(df.to_csv(index=False)) + + # print(corrections()) -if __name__ == '__main__': +if __name__ == "__main__": main() From 38464c71db404efd36fa3c44dbef08baf5bbe63b Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 13 Aug 2025 14:16:31 -0400 Subject: [PATCH 239/468] add unit tests for CVSS v4 QSR DecisionTable --- src/test/decision_tables/cvss/_v4expected.py | 2458 +++++++++++++++++ .../decision_tables/cvss/test_cvss_qsr4.py | 80 + 2 files changed, 2538 insertions(+) create mode 100644 src/test/decision_tables/cvss/_v4expected.py create mode 100644 src/test/decision_tables/cvss/test_cvss_qsr4.py diff --git a/src/test/decision_tables/cvss/_v4expected.py b/src/test/decision_tables/cvss/_v4expected.py new file mode 100644 index 00000000..d809e95d --- /dev/null +++ b/src/test/decision_tables/cvss/_v4expected.py @@ -0,0 +1,2458 @@ +""" +This test helper module provides a complete set of expected values for the CVSS v4 Qualitative Severity Rating Scale (QSR) +mapped to the CVSS v4 Equivalency Set combinations. + +It was generated based on https://github.com/FIRSTdotorg/cvss-v4-calculator/blob/main/cvss_lookup.js +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +V4_EXPECTED = [ + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C", + }, +] diff --git a/src/test/decision_tables/cvss/test_cvss_qsr4.py b/src/test/decision_tables/cvss/test_cvss_qsr4.py new file mode 100644 index 00000000..d59eb427 --- /dev/null +++ b/src/test/decision_tables/cvss/test_cvss_qsr4.py @@ -0,0 +1,80 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest + +from ssvc.decision_tables.cvss.qualitative_severity import QSR_4 +from ._v4expected import V4_EXPECTED + +# create a dict of the mapping rows for lookups in tests +_MAPPING = { + tuple([v for k, v in row.items() if k != QSR_4.outcome]): row + for row in QSR_4.mapping +} + +# create a dict of the expected rows for lookups in tests +_EXPECTED = { + tuple([v for k, v in row.items() if k != QSR_4.outcome]): row for row in V4_EXPECTED +} + + +class MyTestCase(unittest.TestCase): + def setUp(self): + self.qsr4 = QSR_4 + self.eq3 = [k for k in self.qsr4.decision_points.keys() if "EQ3" in k][0] + self.eq6 = [k for k in self.qsr4.decision_points.keys() if "EQ6" in k][0] + + def test_mapping_for_expected(self): + for row in V4_EXPECTED: + key = tuple([v for k, v in row.items() if k != self.qsr4.outcome]) + self.assertIn(key, _MAPPING, f"Could not find {key} in mapping") + + def test_mapping_for_invalids(self): + """ + Test that the mapping includes the "forbidden" macrovector combinations + (EQ3="L" and EQ6="H") that are not valid according to the CVSSv4 specification. + We need them to support full coverage of the MacroVector input space in a DecisionTable object. + Also confirms that the workaround outcome for these combinations + is the same as the corresponding valid macrovector combination (where EQ6="L" instead of "H"). + This ensures that the resulting `DecisionTable.mapping` has full coverage of the input space and + that it will pass topological consistency checks. + """ + for row in self.qsr4.mapping: + key = tuple([v for k, v in row.items() if k != self.qsr4.outcome]) + if key in _EXPECTED: + # skip these, we test them in test_mapping_for_expected + continue + + # the only things to get here should be (EQ3="L" and EQ6="H") + self.assertEqual("L", row[self.eq3]) + self.assertEqual("H", row[self.eq6]) + + # construct a new key with EQ6="L" instead of "H" + new_key = list(key) + new_key[5] = "L" + new_key = tuple(new_key) + # make sure that the new key is in expected mapping + self.assertIn(new_key, _EXPECTED) + + expected_row = _EXPECTED[new_key] + self.assertEqual(expected_row[self.qsr4.outcome], row[self.qsr4.outcome]) + + +if __name__ == "__main__": + unittest.main() From d33604436d933e5eb9f4f8ad39b4f98bb30e2080 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 13 Aug 2025 17:14:10 -0400 Subject: [PATCH 240/468] wip commit not quite right yet --- src/ssvc/decision_tables/_mermaid.py | 75 ++++++++ src/ssvc/decision_tables/test.md | 250 +++++++++++++++++++++++++++ 2 files changed, 325 insertions(+) create mode 100644 src/ssvc/decision_tables/_mermaid.py create mode 100644 src/ssvc/decision_tables/test.md diff --git a/src/ssvc/decision_tables/_mermaid.py b/src/ssvc/decision_tables/_mermaid.py new file mode 100644 index 00000000..b444f819 --- /dev/null +++ b/src/ssvc/decision_tables/_mermaid.py @@ -0,0 +1,75 @@ +#!/usr/bin/env python +""" +file: _mermaid +author: adh +created_at: 8/13/25 4:29 PM +""" + + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + + +def dicts_to_mermaid_subgraphs(rows): + lines = ["graph LR", "n1(( ))"] + columns = list(rows[0].keys()) + + # Build subgraphs + for col_idx, col in enumerate(columns): + subgraph_name = f's{col_idx+1}["{col}"]' + lines.append(f"subgraph {subgraph_name}") + seen = set() + for row in rows: + node_id = "".join( + row[columns[i]] + + (f"s{col_idx+1}" if col_idx == len(columns) - 1 else "") + for i in range(col_idx + 1) + ) + label = row[columns[col_idx]] + if node_id not in seen: + lines.append(f"{node_id}([{label}])") + seen.add(node_id) + lines.append("end") + + # Add edges + first_col_vals = {row[columns[0]] for row in rows} + for val in first_col_vals: + lines.append(f"n1 --- {val}") + + for row in rows: + prev_id = row[columns[0]] + for col_idx in range(1, len(columns)): + node_id = "".join( + row[columns[i]] + + (f"s{col_idx+1}" if col_idx == len(columns) - 1 else "") + for i in range(col_idx + 1) + ) + lines.append(f"{prev_id} --- {node_id}") + prev_id = node_id + + return "\n".join(lines) + + +# Example + +if __name__ == "__main__": + from ssvc.decision_tables.ssvc.coord_pub_dt import LATEST as CP + + rows = CP.mapping + print(dicts_to_mermaid_subgraphs(rows)) diff --git a/src/ssvc/decision_tables/test.md b/src/ssvc/decision_tables/test.md new file mode 100644 index 00000000..c54186a2 --- /dev/null +++ b/src/ssvc/decision_tables/test.md @@ -0,0 +1,250 @@ +# Title + + +```mermaid +graph LR +n1(( )) +subgraph s1["ssvc:SI:2.0.0"] +N([N]) +M([M]) +R([R]) +C([C]) +end +subgraph s2["ssvc:MI:2.0.0"] +ND([D]) +MD([D]) +RD([D]) +CD([D]) +NMSC([MSC]) +MMSC([MSC]) +RMSC([MSC]) +CMSC([MSC]) +NMEF([MEF]) +MMEF([MEF]) +RMEF([MEF]) +CMEF([MEF]) +NMF([MF]) +MMF([MF]) +RMF([MF]) +CMF([MF]) +end +subgraph s3["ssvc:HI:2.0.2"] +NDs3([L]) +MDs3([L]) +RDs3([M]) +CDs3([VH]) +NMSCs3([L]) +MMSCs3([L]) +RMSCs3([M]) +CMSCs3([VH]) +NMEFs3([M]) +MMEFs3([H]) +RMEFs3([H]) +CMEFs3([VH]) +NMFs3([VH]) +MMFs3([VH]) +RMFs3([VH]) +CMFs3([VH]) + +end +n1 --- N +n1 --- M +n1 --- R +n1 --- C +N --- ND +N --- NMSC +N --- NMEF +N --- NMF +M --- MD +M --- MMSC +M --- MMEF +M --- MMF +R --- RD +R --- RMSC +R --- RMEF +R --- RMF +C --- CD +C --- CMSC +C --- CMEF +C --- CMF +ND --- NDs3 +MD --- MDs3 +RD --- RDs3 +CD --- CDs3 +NMSC --- NMSCs3 +MMSC --- MMSCs3 +RMSC --- RMSCs3 +CMSC --- CMSCs3 +NMEF --- NMEFs3 +MMEF --- MMEFs3 +RMEF --- RMEFs3 +CMEF --- CMEFs3 +NMF --- NMFs3 +MMF --- MMFs3 +RMF --- RMFs3 +CMF --- CMFs3 +``` + + +```mermaid +graph LR +n1(( )) +subgraph s1["ssvc:SINV:1.0.0"] +FR([FR]) +C([C]) +UU([UU]) +end +subgraph s2["ssvc:E:1.1.0"] +FRN([N]) +CN([N]) +FRP([P]) +UUN([N]) +CP([P]) +FRA([A]) +UUP([P]) +CA([A]) +UUA([A]) +end +subgraph s3["ssvc:PVA:1.0.0"] +FRNL([L]) +CNL([L]) +FRPL([L]) +FRNA([A]) +UUNL([L]) +CPL([L]) +FRAL([L]) +CNA([A]) +FRPA([A]) +FRNP([P]) +UUPL([L]) +CAL([L]) +UUNA([A]) +CPA([A]) +FRAA([A]) +CNP([P]) +FRPP([P]) +UUAL([L]) +UUPA([A]) +CAA([A]) +UUNP([P]) +CPP([P]) +FRAP([P]) +UUAA([A]) +UUPP([P]) +CAP([P]) +UUAP([P]) +end +subgraph s4["ssvc:PUBLISH:1.0.0"] +FRs4Ns4Ls4Ns4([N]) +Cs4Ns4Ls4Ns4([N]) +FRs4Ps4Ls4Ns4([N]) +FRs4Ns4As4Ns4([N]) +UUs4Ns4Ls4Ns4([N]) +Cs4Ps4Ls4Ns4([N]) +FRs4As4Ls4Ns4([N]) +Cs4Ns4As4Ns4([N]) +FRs4Ps4As4Ns4([N]) +FRs4Ns4Ps4Ps4([P]) +UUs4Ps4Ls4Ns4([N]) +Cs4As4Ls4Ns4([N]) +UUs4Ns4As4Ns4([N]) +Cs4Ps4As4Ns4([N]) +FRs4As4As4Ps4([P]) +Cs4Ns4Ps4Ps4([P]) +FRs4Ps4Ps4Ps4([P]) +UUs4As4Ls4Ps4([P]) +UUs4Ps4As4Ps4([P]) +Cs4As4As4Ps4([P]) +UUs4Ns4Ps4Ps4([P]) +Cs4Ps4Ps4Ps4([P]) +FRs4As4Ps4Ps4([P]) +UUs4As4As4Ps4([P]) +UUs4Ps4Ps4Ps4([P]) +Cs4As4Ps4Ps4([P]) +UUs4As4Ps4Ps4([P]) +end +n1 --- UU +n1 --- C +n1 --- FR +FR --- FRN +FRN --- FRNL +FRNL --- FRs4Ns4Ls4Ns4 +C --- CN +CN --- CNL +CNL --- Cs4Ns4Ls4Ns4 +FR --- FRP +FRP --- FRPL +FRPL --- FRs4Ps4Ls4Ns4 +FR --- FRN +FRN --- FRNA +FRNA --- FRs4Ns4As4Ns4 +UU --- UUN +UUN --- UUNL +UUNL --- UUs4Ns4Ls4Ns4 +C --- CP +CP --- CPL +CPL --- Cs4Ps4Ls4Ns4 +FR --- FRA +FRA --- FRAL +FRAL --- FRs4As4Ls4Ns4 +C --- CN +CN --- CNA +CNA --- Cs4Ns4As4Ns4 +FR --- FRP +FRP --- FRPA +FRPA --- FRs4Ps4As4Ns4 +FR --- FRN +FRN --- FRNP +FRNP --- FRs4Ns4Ps4Ps4 +UU --- UUP +UUP --- UUPL +UUPL --- UUs4Ps4Ls4Ns4 +C --- CA +CA --- CAL +CAL --- Cs4As4Ls4Ns4 +UU --- UUN +UUN --- UUNA +UUNA --- UUs4Ns4As4Ns4 +C --- CP +CP --- CPA +CPA --- Cs4Ps4As4Ns4 +FR --- FRA +FRA --- FRAA +FRAA --- FRs4As4As4Ps4 +C --- CN +CN --- CNP +CNP --- Cs4Ns4Ps4Ps4 +FR --- FRP +FRP --- FRPP +FRPP --- FRs4Ps4Ps4Ps4 +UU --- UUA +UUA --- UUAL +UUAL --- UUs4As4Ls4Ps4 +UU --- UUP +UUP --- UUPA +UUPA --- UUs4Ps4As4Ps4 +C --- CA +CA --- CAA +CAA --- Cs4As4As4Ps4 +UU --- UUN +UUN --- UUNP +UUNP --- UUs4Ns4Ps4Ps4 +C --- CP +CP --- CPP +CPP --- Cs4Ps4Ps4Ps4 +FR --- FRA +FRA --- FRAP +FRAP --- FRs4As4Ps4Ps4 +UU --- UUA +UUA --- UUAA +UUAA --- UUs4As4As4Ps4 +UU --- UUP +UUP --- UUPP +UUPP --- UUs4Ps4Ps4Ps4 +C --- CA +CA --- CAP +CAP --- Cs4As4Ps4Ps4 +UU --- UUA +UUA --- UUAP +UUAP --- UUs4As4Ps4Ps4 +``` \ No newline at end of file From 680ca497cdeb3f825e901ab0e6a393ce9e7d7c31 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Thu, 14 Aug 2025 18:17:01 +0200 Subject: [PATCH 241/468] fix broken f-strings --- src/ssvc/decision_points/cvss/helpers.py | 4 ++-- src/ssvc/doctools.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ssvc/decision_points/cvss/helpers.py b/src/ssvc/decision_points/cvss/helpers.py index 0c6c3e4b..32f7a9f2 100644 --- a/src/ssvc/decision_points/cvss/helpers.py +++ b/src/ssvc/decision_points/cvss/helpers.py @@ -32,8 +32,8 @@ def _modify_3(dp: DecisionPoint): _dp_dict = deepcopy(dp.model_dump()) - _dp_dict["name"] = f"Modified {_dp_dict["name"]}" - _dp_dict["key"] = f"M{_dp_dict["key"]}" + _dp_dict["name"] = f'Modified {_dp_dict["name"]}' + _dp_dict["key"] = f'M{_dp_dict["key"]}' # if there is no value named "Not Defined" value, add it nd = NOT_DEFINED_X diff --git a/src/ssvc/doctools.py b/src/ssvc/doctools.py index 7124d70c..ba180ea1 100755 --- a/src/ssvc/doctools.py +++ b/src/ssvc/doctools.py @@ -220,7 +220,7 @@ def dump_schemas(jsondir): schemapaths: list[dict(str, str)] = [] # selection schema - schemafile = f"Decision_Point_Value_Selection-{_filename_friendly(ssvc.selection.SCHEMA_VERSION, replacement="-")}.schema.json" + schemafile = f"Decision_Point_Value_Selection-{_filename_friendly(ssvc.selection.SCHEMA_VERSION, replacement='-')}.schema.json" schemapath = os.path.join(schemadir, schemafile) selection_schema = SelectionList.model_json_schema() schemapaths.append({"filepath": schemapath, "schema": selection_schema}) From 574f4c8bd878a798156deeb1cfd66456dc351009 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Fri, 15 Aug 2025 09:54:04 +0200 Subject: [PATCH 242/468] add new TestNamespacePattern from #858 --- src/test/test_namespaces_pattern.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index 716aa6f3..5e84eea5 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -48,7 +48,14 @@ def setUp(self): "x_private-test", # valid namespace with x_ prefix and dash (does not follow reverse domain notation) "x_com.example//custom-extension", # x_prefix, reverse domain notation, double slash, dashes "ssvc/de-DE/example.organization#reference-arch-1", # valid BCP-47 tag, reverse domain notation, hash + "ssvc//.de.bund.bsi$de-DE", # BSI's translation of SSVC + "ssvc//.de.bund.bsi#ref-arch-1/de-DE", # BSI's official translation to German as used in Germany of its ref-arch-1 model which is originally written in English + "ssvc//.de.bund.bsi#ref-arch-2$de-DE", # BSI's ref-arch-2 model which is originally written in German + "ssvc//.de.bund.bsi#ref-arch-2$de-DE/en-GB", # BSI's official translation to English as used in GB of its ref-arch-2 model which is originally written in German "ssvc//example.organization#model/com.example#foo", # valid BCP-47 tag, two segments with one hash each + "nist#800-30", # NIST's registered model regarding its publication 800-30 + "x_gov.nist#800-30/de-DE", # NIST's official translation to German as used in Germany of its model (regarding its publication) 800-30 + "x_gov.nist#800-30/.de.bund.bsi$de-DE", # BSI's translation to German as used in Germany of NIST's model (regarding its publication) 800-30 "ssvc/de-DE/reference-arch-1", # valid BCP-47 tag with dashes (But doesn't follow reverse domain notation) "x_example.test/pl-PL/foo/bar/baz/quux", # valid BCP-47 tag and multiple segments "com.example", # valid namespace with dots following reverse domain notation @@ -76,6 +83,9 @@ def setUp(self): "x_example.test/not-bcp-47", # not a valid BCP-47 tag "x_custom/extension/with/multiple/segments/" + "a" * 990, # exceeds max length + "ssvc$de-DE", # official translations / base language are at the first extension level + "anssi#800-30$fr-FR", # official translations / base language are at the first extension level + "x_gov.nist#800-30$de-DE", # official translations / base language are at the first extension level "ssvc/de-DE/example.organization##reference-arch-1", # valid BCP-47 tag, reverse domain notation, double hash "ssvc/de-DE/example.organization#multi#hash#forbidden", # valid BCP-47 tag, reverse domain notation, more than one hash per segment "x_custom.extension.", # ends with punctuation From 9eb9de68c014b3897ec60b4f3a1c4360f2d8ff62 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Fri, 15 Aug 2025 12:17:38 +0200 Subject: [PATCH 243/468] add new ssvc namspace pattern based on ABNF use new ABNF from #858 and use the pattern created from it to replace the existing patterns. add compatibility definitions and change for tests so the existing tests can be started (and fail where changes from #858 affect them). --- src/ssvc/outcomes/x_com_yahooinc/paranoids.py | 2 +- src/ssvc/utils/patterns.py | 64 ++++++++------ src/ssvc/utils/ssvc_namespace_pattern.abnf | 83 +++++++++++++++++++ 3 files changed, 121 insertions(+), 28 deletions(-) create mode 100644 src/ssvc/utils/ssvc_namespace_pattern.abnf diff --git a/src/ssvc/outcomes/x_com_yahooinc/paranoids.py b/src/ssvc/outcomes/x_com_yahooinc/paranoids.py index 140e7bf9..6b20a9e3 100644 --- a/src/ssvc/outcomes/x_com_yahooinc/paranoids.py +++ b/src/ssvc/outcomes/x_com_yahooinc/paranoids.py @@ -47,7 +47,7 @@ name="theParanoids", key="PARANOIDS", description="PrioritizedRiskRemediation outcome group based on TheParanoids.", - namespace="x_com.yahooinc", + namespace="x_com.yahooinc#private", version="1.0.0", values=( _TRACK_5, diff --git a/src/ssvc/utils/patterns.py b/src/ssvc/utils/patterns.py index 4d3fc5ad..15397aee 100644 --- a/src/ssvc/utils/patterns.py +++ b/src/ssvc/utils/patterns.py @@ -38,44 +38,54 @@ # --- Length constraint --- LENGTH_CHECK_PATTERN = r"(?=.{3,1000}$)" -# --- Base namespace --- -NO_CONSECUTIVE_SEP = r"(?!.*[.-]{2,})" # no consecutive '.' or '-' -BASE_PATTERN = ( - rf"{NO_CONSECUTIVE_SEP}" - r"[a-z][a-z0-9]+" # starts with lowercase letter + 1+ alnum - r"(?:[.-][a-z0-9]+)*" # optional dot or dash + alnum +# --- the following section is generated with +# abnf-to-regexp --format python-nested -i ssvc_namespace_pattern.abnf +alnum = '[a-zA-Z0-9]' +lower = '[a-z]' +alnumlow = f'({lower}|[0-9])' +dash = '-' +alnumlowdash = f'({alnumlow}|{dash})' +dot = '\\.' +specialchar = f'({dot}|{dash})' +alnumlowsc = f'({alnumlow}|{specialchar})' +label = f'{alnumlow}(({alnumlowdash}){{,61}}{alnumlow})?' +reverse_dns = f'{label}(\\.{label})+' +fragment_seg = f'({alnumlow})+([.\\-]({alnumlow})+)*' +x_name = f'{reverse_dns}\\#{fragment_seg}' +x_base = f'x_{x_name}' +ns_core = f'{lower}{alnumlow}([.\\-]?({alnumlow})+)+' +reg_base = f'{ns_core}(\\#{fragment_seg})?' +base_ns = f'({x_base}|{reg_base})' +singleton = '[0-9A-WY-Za-wy-z]' +bcp47 = ( + '(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-z' + 'A-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-' + f'(({alnum}){{5,8}}|[0-9]({alnum}){{3}}))*(-{singleton}(-' + f'({alnum}){{2,8}})+)*(-[xX](-({alnum}){{2,8}})+)?|[xX](-' + f'({alnum}){{2,8}})+|i-default|i-mingo)' ) - -BASE_NS_PATTERN = rf"(?:x_{BASE_PATTERN}|{BASE_PATTERN})" - -# --- Extension segments --- -# A single ext-seg with at most one '#' -EXT_SEGMENT_PATTERN = ( - rf"{NO_CONSECUTIVE_SEP}" - r"[a-zA-Z][a-zA-Z0-9]*" # start with a letter - r"(?:[.-][a-zA-Z0-9]+)*" # dot or dash + alnum - r"(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?" # optional single hash section -) - -# Subsequent ext-seg(s) -SUBSEQUENT_EXT = rf"{EXT_SEGMENT_PATTERN}(?:\/{EXT_SEGMENT_PATTERN})*" - - -# --- Language extension --- -LANG_EXT = rf"(?:\/{BCP_47_PATTERN}\/|\/\/)" +translation = f'\\.({reverse_dns}|{x_name})\\${bcp47}' +ext_seg = f'({bcp47}|\\.{x_name}|{translation})' +lang_ext = f'(/|/{bcp47})' +extensions = f'{lang_ext}((/{ext_seg})+)?' +namespace = f'{base_ns}({extensions})?' +# --- end of generated output + +# --- define base patterns to be compatible with previously existing tests +BASE_PATTERN = ns_core +BASE_NS_PATTERN = base_ns +EXT_SEGMENT_PATTERN = fragment_seg # --- Combine all parts into the full namespace pattern --- NS_PATTERN_STR = ( rf"^{LENGTH_CHECK_PATTERN}" - rf"{BASE_NS_PATTERN}" - rf"(?:{LANG_EXT}{SUBSEQUENT_EXT})?$" + rf"{namespace}" ) # Compile the regex with verbose flag for readability (if needed) NS_PATTERN = re.compile(NS_PATTERN_STR) - def main(): pass diff --git a/src/ssvc/utils/ssvc_namespace_pattern.abnf b/src/ssvc/utils/ssvc_namespace_pattern.abnf new file mode 100644 index 00000000..bc5ff67a --- /dev/null +++ b/src/ssvc/utils/ssvc_namespace_pattern.abnf @@ -0,0 +1,83 @@ +; SPDX-FileCopyrightText: 2025 Carnegie Mellon University +; SPDX-FileCopyrightText: 2025 German Federal Office for Information Security (BSI) +; SPDX-License-Identifier: LicenseRef-MIT-SEI-style.txt +; (see LICENCE for full terms) + +namespace = base-ns [extensions] +; Overall namespace must be 3-1000 characters +; (Enforced via regex length lookahead) + +base-ns = x-base / reg-base +x-base = "x_" x-name +reg-base = ns-core [ "#" fragment-seg ] + +; ns-core starts with a lowercase letter and may have '.' or '-' separators. +; Consecutive '.' or '-' are not allowed. +; It needs at least 3 characters. +ns-core = LOWER ALNUMLOW 1*( [ "." / "-" ] 1*ALNUMLOW) + +x-name = reverse-dns "#" fragment-seg + +; reverse-dns provides an specification for a reverse DNS name +; can't be longer than 253 characters +reverse-dns = label 1*("." label) + +; Each label must be between 1 and 63 characters long +label = ALNUMLOW [ *61(ALNUMLOWDASH) ALNUMLOW ] + +fragment-seg = 1*ALNUMLOW *( ("." / "-") 1*ALNUMLOW ) + +extensions = lang-ext [ 1*("/" ext-seg) ] + +; Language extension: either / (empty language extension) +; or // (BCP-47 language code) +lang-ext = "/" / ( "/" bcp47 ) + +; Extension segment between slashes. +; - is either a language or +; - a model or +; - a third-party/unofficial translation +ext-seg = bcp47 / "." x-name / translation + +; BCP-47 tag (based on the regex expansion) +bcp47 = ( 2*3ALPHA + [ "-" 3ALPHA *2( "-" 3ALPHA ) ] + / 4*8ALPHA ) + [ "-" 4ALPHA ] + [ "-" ( 2ALPHA / 3DIGIT ) ] + *( "-" ( 5*8ALNUM / (DIGIT 3ALNUM) ) ) + *( "-" singleton 1*("-" (2*8ALNUM))) + [ "-" "x" 1*( "-" 2*8ALNUM ) ] + / "x" 1*( "-" 2*8ALNUM ) + / "i-default" + / "i-mingo" + + ; Single alphanumerics + ; "x" reserved for private use +singleton = DIGIT ; 0 - 9 + / %x41-57 ; A - W + / %x59-5A ; Y - Z + / %x61-77 ; a - w + / %x79-7A ; y - z + +; Translations is either a +; - third-party/unofficial translation (depicted by using the reverse-dns before the target language) or +; - a (context) model (depicted by using the x-name) directly used in a different language +translation = "." ( reverse-dns / x-name ) "$" bcp47 + +; Character sets +LOWER = %x61-7A ; a-z +ALPHA = %x41-5A / %x61-7A ; A-Z / a-z +DIGIT = %x30-39 ; 0-9 +ALNUM = ALPHA / DIGIT +ALNUMLOW = LOWER / DIGIT +SPECIALCHAR = DOT / DASH +DOT = %x2E; . +DASH = %x2D ; - +ALNUMLOWSC = ALNUMLOW / SPECIALCHAR +ALNUMLOWDASH = ALNUMLOW / DASH + +; Constraints: +; - No consecutive "." or "-" in ns-core or ext-seg; exception in label +; - Each ext-seg can contain at most one "#". +; - Overall namespace is 3-1000 chars. From 72e7f32f015c5831965447ebaa0f0b6b7750a4c9 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Fri, 15 Aug 2025 12:24:19 +0200 Subject: [PATCH 244/468] cleanup whitespace in ssvc_namespace_pattern.abnf .. as it comes from working file `s3.abnf` from https://github.com/CERTCC/SSVC/issues/858#issuecomment-3188439344 and one intermediate and two trailing spaces are unnecessary --- src/ssvc/utils/ssvc_namespace_pattern.abnf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ssvc/utils/ssvc_namespace_pattern.abnf b/src/ssvc/utils/ssvc_namespace_pattern.abnf index bc5ff67a..3384fae3 100644 --- a/src/ssvc/utils/ssvc_namespace_pattern.abnf +++ b/src/ssvc/utils/ssvc_namespace_pattern.abnf @@ -16,7 +16,7 @@ reg-base = ns-core [ "#" fragment-seg ] ; It needs at least 3 characters. ns-core = LOWER ALNUMLOW 1*( [ "." / "-" ] 1*ALNUMLOW) -x-name = reverse-dns "#" fragment-seg +x-name = reverse-dns "#" fragment-seg ; reverse-dns provides an specification for a reverse DNS name ; can't be longer than 253 characters @@ -37,7 +37,7 @@ lang-ext = "/" / ( "/" bcp47 ) ; - is either a language or ; - a model or ; - a third-party/unofficial translation -ext-seg = bcp47 / "." x-name / translation +ext-seg = bcp47 / "." x-name / translation ; BCP-47 tag (based on the regex expansion) bcp47 = ( 2*3ALPHA From f81c23a0719eb232864b2c36bf260e890a631758 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Fri, 15 Aug 2025 16:21:33 +0200 Subject: [PATCH 245/468] adapt namespace tests to new patterns from #858 use valid examples where it is fairly obvious what the meaning of the test is. Remove tests where it is not or the test does not seem useful anymore. (The pattern schema is not yet adapted and thus checks via the schema will fail.) --- docs/reference/code/namespaces.md | 6 +- src/ssvc/decision_tables/base.py | 2 +- src/test/decision_points/test_dp_base.py | 6 +- src/test/decision_points/test_dp_helpers.py | 2 +- src/test/decision_tables/test_base.py | 14 ++--- src/test/dp_groups/test_dp_groups.py | 2 +- src/test/outcomes/test_outcomes.py | 2 +- src/test/registry/test_base.py | 28 ++++----- src/test/test_doc_helpers.py | 2 +- src/test/test_mixins.py | 5 +- src/test/test_namespaces.py | 22 ++++--- src/test/test_namespaces_pattern.py | 69 ++++++--------------- src/test/test_policy_generator.py | 4 +- src/test/test_selections.py | 12 ++-- src/test/utils/test_toposort.py | 4 +- 15 files changed, 78 insertions(+), 102 deletions(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index ec1844a0..acea1b7d 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -147,13 +147,13 @@ we expect that this will rarely lead to conflicts in practice. Conflicts are possible in the x_ prefix space - especially as the control over a domain may be transferred. Also in tests, Organizations A and B could both choose to use - `x_example.test`, and there are no guarantees of global uniqueness for the - decision points in the `x_example.test` namespace. + `x_org.example#bar`, and there are no guarantees of global uniqueness for the + decision points in the `x_org.example#bar` namespace. !!! tip "Test Namespace" - The `x_example.test` namespace is used for testing purposes and is not intended for production use. + The `x_org.example#bar` namespace is used for testing purposes and is not intended for production use. It is used to test the SSVC framework and its components, and may contain decision points that are not fully implemented or tested. ### Namespace Extensions diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index eeb01e1b..8c0cd26f 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -715,7 +715,7 @@ def main() -> None: table = DecisionTable( name="Test Table", description="A test decision table", - namespace="x_test", + namespace="x_com.example#foo", decision_points=dpg.decision_points, outcome=outcomes.id, ) diff --git a/src/test/decision_points/test_dp_base.py b/src/test/decision_points/test_dp_base.py index 2d7cdd95..ee0501cf 100644 --- a/src/test/decision_points/test_dp_base.py +++ b/src/test/decision_points/test_dp_base.py @@ -51,7 +51,7 @@ def setUp(self) -> None: key="bar", description="baz", version="1.0.0", - namespace="x_example.test", + namespace="x_org.example#bar", values=tuple(self.values), ) @@ -79,7 +79,7 @@ def test_registry(self): key="asdfasdf", description="asdfasdf", version="1.33.1", - namespace="x_test", + namespace="x_com.example#foo", values=tuple(self.values), ) @@ -107,7 +107,7 @@ def test_ssvc_decision_point(self): self.assertEqual(obj.key, "bar") self.assertEqual(obj.description, "baz") self.assertEqual(obj.version, "1.0.0") - self.assertEqual(obj.namespace, "x_example.test") + self.assertEqual(obj.namespace, "x_org.example#bar") self.assertEqual(len(self.values), len(obj.values)) def test_ssvc_value_json_roundtrip(self): diff --git a/src/test/decision_points/test_dp_helpers.py b/src/test/decision_points/test_dp_helpers.py index 68c2aca2..457d2cbf 100644 --- a/src/test/decision_points/test_dp_helpers.py +++ b/src/test/decision_points/test_dp_helpers.py @@ -31,7 +31,7 @@ def setUp(self) -> None: key="test_dp", description="This is a test decision point", version="1.0.0", - namespace="x_example.test", + namespace="x_org.example#bar", values=( DecisionPointValue( name="Yes", diff --git a/src/test/decision_tables/test_base.py b/src/test/decision_tables/test_base.py index f78d07ac..1936f335 100644 --- a/src/test/decision_tables/test_base.py +++ b/src/test/decision_tables/test_base.py @@ -55,7 +55,7 @@ def setUp(self): name="dp1", description="description for dp1", version="1.0.0", - namespace="x_test", + namespace="x_com.example#foo", key="dp1", values=(self.dp1v1, self.dp1v2), ) @@ -63,7 +63,7 @@ def setUp(self): name="dp2", description="description for dp2", version="1.0.0", - namespace="x_test", + namespace="x_com.example#foo", key="dp2", values=(self.dp2v1, self.dp2v2, self.dp2v3, self.dp2v4), ) @@ -76,7 +76,7 @@ def setUp(self): name="outcome", description="description for outcome", version="1.0.0", - namespace="x_test", + namespace="x_com.example#foo", key="outcome", values=(self.ogv1, self.ogv2, self.ogv3), ) @@ -86,7 +86,7 @@ def setUp(self): self.dt = DecisionTable( key="TEST", - namespace="x_test", + namespace="x_com.example#foo", name="Test Table", description="Describes the test table", decision_points=self.dpdict, @@ -336,13 +336,13 @@ def test_single_dp_dt(self): name="dp_in", description="A single decision point", version="1.0.0", - namespace="x_test", + namespace="x_com.example#foo", key="dp", values=(self.dp1v1, self.dp1v2), registered=False, ) dp_out = DecisionPoint( - namespace="x_test", + namespace="x_com.example#foo", key="outcome", name="Outcome", description="Outcome for single DP test", @@ -353,7 +353,7 @@ def test_single_dp_dt(self): single_dt = DecisionTable( key="SINGLE_TEST", - namespace="x_test", + namespace="x_com.example#foo", name="Single DP Test Table", description="Describes the single DP test table", decision_points={dp.id: dp for dp in [dp_in, dp_out]}, diff --git a/src/test/dp_groups/test_dp_groups.py b/src/test/dp_groups/test_dp_groups.py index e5ae99b5..d09b6453 100644 --- a/src/test/dp_groups/test_dp_groups.py +++ b/src/test/dp_groups/test_dp_groups.py @@ -31,7 +31,7 @@ def setUp(self) -> None: dp = ssvc.decision_points.ssvc.base.DecisionPoint( name=f"Decision Point {i}", key=f"DP_{i}", - namespace="x_example.test", + namespace="x_org.example#bar", description=f"Description of Decision Point {i}", version="1.0.0", values=( diff --git a/src/test/outcomes/test_outcomes.py b/src/test/outcomes/test_outcomes.py index ac435632..f171cf2f 100644 --- a/src/test/outcomes/test_outcomes.py +++ b/src/test/outcomes/test_outcomes.py @@ -41,7 +41,7 @@ def test_outcome_group(self): name="Outcome Group", key="OGX", description="an outcome group", - namespace="x_example.test", + namespace="x_org.example#bar", values=tuple(values), ) diff --git a/src/test/registry/test_base.py b/src/test/registry/test_base.py index 564d2b71..cfaf3ebb 100644 --- a/src/test/registry/test_base.py +++ b/src/test/registry/test_base.py @@ -70,7 +70,7 @@ class Dummy: obj = DecisionPoint( name="TestDP", description="A test decision point", - namespace="x_test", + namespace="x_com.example#foo", key="TEST", values=[ DecisionPointValue(key="A", name="AAA", description="Option A"), @@ -86,7 +86,7 @@ class DpSubclass(DecisionPoint): obj2 = DpSubclass( name="TestDP2", description="Another test decision point", - namespace="x_test", + namespace="x_com.example#foo", key="TEST2", values=[ DecisionPointValue(key="A", name="AAA", description="Option A"), @@ -103,7 +103,7 @@ def test_valued_version(self): dp = DecisionPoint( name="TestDP", description="A test decision point", - namespace="x_test", + namespace="x_com.example#foo", version="2.0.0", key="TEST", values=[ @@ -122,7 +122,7 @@ def test_nonvalued_version(self): # test with a known type dp1 = DecisionPoint( - namespace="x_test", + namespace="x_com.example#foo", key="TEST", version="2.0.0", name="TestDP", @@ -137,7 +137,7 @@ def test_nonvalued_version(self): registered=False, ) dp2 = DecisionPoint( - namespace="x_test", + namespace="x_com.example#foo", key="TEST2", version="2.0.0", name="TestDP", @@ -151,7 +151,7 @@ def test_nonvalued_version(self): ) dp3 = DecisionPoint( - namespace="x_test", + namespace="x_com.example#foo", key="TEST3", version="2.0.0", name="TestDP2", @@ -164,7 +164,7 @@ def test_nonvalued_version(self): ) dt = DecisionTable( - namespace="x_test", + namespace="x_com.example#foo", key="TEST_DT", version="2.0.0", name="TestDT", @@ -191,7 +191,7 @@ def test_key(self, mock_valued_version, mock_nonvalued_version): mockobj1 = Mock() mockobj1.schemaVersion = "2.0.0" mockobj1.key = "TEST" - mockobj1.namespace = "x_test" + mockobj1.namespace = "x_com.example#foo" mockobj1.version = "1.0.0" mockobj1.name = "Test Object" mockobj1.description = "A test object" @@ -205,7 +205,7 @@ def test_key(self, mock_valued_version, mock_nonvalued_version): mockobj2.schemaVersion = "2.0.0" mockobj2.key = "TEST2" mockobj2.version = "2.0.0" - mockobj2.namespace = "x_test" + mockobj2.namespace = "x_com.example#foo" mockobj2.name = "Test Object" mockobj2.description = "A test object" mockobj2.id = "test-id" @@ -236,7 +236,7 @@ def test__insert(self): dp = DecisionPoint( name="TestDP", description="A test decision point", - namespace="x_test", + namespace="x_com.example#foo", key="TEST", values=[ DecisionPointValue(key="A", name="AAA", description="Option A"), @@ -266,7 +266,7 @@ def test__compare(self): dp1 = DecisionPoint( name="TestDP", description="A test decision point", - namespace="x_test", + namespace="x_com.example#foo", key="TEST", values=[ DecisionPointValue(key="A", name="AAA", description="Option A"), @@ -278,7 +278,7 @@ def test__compare(self): dp2 = DecisionPoint( name="TestDP2", description="A test decision point", - namespace="x_test", + namespace="x_com.example#foo", key="TEST", values=[ DecisionPointValue(key="AA", name="AAAA", description="Option A"), @@ -310,7 +310,7 @@ def test_lookup_latest(self): dp = DecisionPoint( name="TestDP", description="A test decision point", - namespace="x_test", + namespace="x_com.example#foo", key="TEST", version=version, values=[ @@ -334,7 +334,7 @@ def test_lookup_latest(self): latest = base.lookup_latest( objtype="DecisionPoint", - namespace="x_test", + namespace="x_com.example#foo", key="TEST", registry=self.registry, ) diff --git a/src/test/test_doc_helpers.py b/src/test/test_doc_helpers.py index 73d54650..d300c428 100644 --- a/src/test/test_doc_helpers.py +++ b/src/test/test_doc_helpers.py @@ -26,7 +26,7 @@ class MyTestCase(unittest.TestCase): def setUp(self): self.dp = DecisionPoint( - namespace="x_example.test", + namespace="x_org.example#bar", name="test name", description="test description", key="TK", diff --git a/src/test/test_mixins.py b/src/test/test_mixins.py index 3ffc55cb..e1205cd4 100644 --- a/src/test/test_mixins.py +++ b/src/test/test_mixins.py @@ -119,9 +119,10 @@ def test_namespaced_create(self): self.assertEqual(obj.namespace, ns) # custom namespaces are allowed as long as they start with x_ + # and then follow `x-name = reverse-dns "#" fragment-seg` for _ in range(100): # we're just fuzzing some random strings here - ns = f"x_a{randint(1000,1000000)}" + ns = f"x_com.example.a{randint(1000,1000000)}#foo" obj = _Namespaced(namespace=ns) self.assertEqual(obj.namespace, ns) @@ -189,7 +190,7 @@ def test_mixin_combos(self): {"class": _Keyed, "args": {"key": "fizz"}, "has_default": False}, { "class": _Namespaced, - "args": {"namespace": "x_example.test"}, + "args": {"namespace": "x_org.example#bar"}, "has_default": False, }, { diff --git a/src/test/test_namespaces.py b/src/test/test_namespaces.py index dde85463..42ec82c7 100644 --- a/src/test/test_namespaces.py +++ b/src/test/test_namespaces.py @@ -18,6 +18,7 @@ # DM24-0278 import unittest +import re from ssvc.namespaces import NameSpace from ssvc.utils.patterns import NS_PATTERN @@ -32,12 +33,9 @@ def tearDown(self): def test_ns_pattern(self): should_match = [ - "foo", - "foo.bar", - "foo.bar.baz", - "foo/jp-JP/bar.baz/quux", - "foo//bar/baz/quux", - "foo.bar//baz.quux", + "foo.bar#baz", + "foo.bar.baz#quux", + "foo.bar#baz/jp-JP/bar.baz#foo/quux", ] should_match.extend([f"x_{ns}" for ns in should_match]) @@ -58,9 +56,16 @@ def test_ns_pattern(self): should_not_match.extend([f"_{ns}" for ns in should_not_match]) + # end pattern just like in + # test_namespaces_pattern._test_successes_failures() + pattern_str = NS_PATTERN.pattern + if not pattern_str.endswith("$"): + pattern_str = pattern_str + "$" + pattern = re.compile(pattern_str) + for ns in should_not_match: with self.subTest(ns=ns): - self.assertFalse(NS_PATTERN.match(ns)) + self.assertFalse(pattern.match(ns)) def test_namspace_enum(self): for ns in NameSpace: @@ -79,7 +84,8 @@ def test_namespace_validator(self): with self.assertRaises(ValueError): NameSpace.validate(ns) - for ns in ["x_foo", "x_bar", "x_baz", "x_quux"]: + for ns in ["x_com.example#foo", "x_com.example#bar", + "x_com.example#baz", "x_com.example#quux"]: self.assertEqual(ns, NameSpace.validate(ns)) diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index 5e84eea5..32870e56 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -40,33 +40,26 @@ def setUp(self): "cisa", "custom", # not in enum, but valid for the pattern "abc", # not in enum, but valid for the pattern - "x_abc", # valid namespace with x_ prefix - "x_custom", # valid namespace with x_ prefix - "x_private-test", # valid namespace with dash - "x_custom.with.dots", # valid namespace with x_ prefix and dots - "x_custom//extension", # double slash is okay when it's the first segment - "x_private-test", # valid namespace with x_ prefix and dash (does not follow reverse domain notation) - "x_com.example//custom-extension", # x_prefix, reverse domain notation, double slash, dashes - "ssvc/de-DE/example.organization#reference-arch-1", # valid BCP-47 tag, reverse domain notation, hash + "x_com.eample#foo/", + "x_com.example#foo//.org.example#bar", + "ssvc/de-DE/.org.example#reference-arch-1", # valid BCP-47 tag, reverse domain notation, hash "ssvc//.de.bund.bsi$de-DE", # BSI's translation of SSVC "ssvc//.de.bund.bsi#ref-arch-1/de-DE", # BSI's official translation to German as used in Germany of its ref-arch-1 model which is originally written in English "ssvc//.de.bund.bsi#ref-arch-2$de-DE", # BSI's ref-arch-2 model which is originally written in German "ssvc//.de.bund.bsi#ref-arch-2$de-DE/en-GB", # BSI's official translation to English as used in GB of its ref-arch-2 model which is originally written in German - "ssvc//example.organization#model/com.example#foo", # valid BCP-47 tag, two segments with one hash each + "ssvc//.example.organization#model/.com.example#foo", # valid BCP-47 tag, two segments with one hash each "nist#800-30", # NIST's registered model regarding its publication 800-30 "x_gov.nist#800-30/de-DE", # NIST's official translation to German as used in Germany of its model (regarding its publication) 800-30 - "x_gov.nist#800-30/.de.bund.bsi$de-DE", # BSI's translation to German as used in Germany of NIST's model (regarding its publication) 800-30 - "ssvc/de-DE/reference-arch-1", # valid BCP-47 tag with dashes (But doesn't follow reverse domain notation) - "x_example.test/pl-PL/foo/bar/baz/quux", # valid BCP-47 tag and multiple segments + "x_gov.nist#800-30//.de.bund.bsi$de-DE", # BSI's translation to German as used in Germany of NIST's model (regarding its publication) 800-30 + "x_com.example.test#bar/pl-PL/.com.example#foo/.org.example#bar/newfound", # valid BCP-47 tag and multiple segments "com.example", # valid namespace with dots following reverse domain notation - "x_com.example", # valid namespace with x_ prefix and dots following reverse domain notation + "x_com.example#foo", # valid namespace with x_ prefix and dots following reverse domain notation "au.com.example", # valid namespace with dots following reverse domain notation for 2-letter TLD - "x_au.com.example" # valid namespace with x_ prefix and dots following reverse domain notation - "abc//com.example", # valid namespace with double slash - "abc//com.au.example", - "abc//com.example/foo.bar", # valid namespace with double slash and additional segments - "abc//com.example-foo.bar", # valid namespace with double slash and dash - "foo.bar//baz.quux", + "x_au.com.example#bar" # valid namespace with x_ prefix and dots following reverse domain notation + "abc//.com.example#foo", + "abc//.com.au.example#foo", + "abc//.com.example#foo/.foo.bar#bar", + "foo.bar//.baz.quux#foo", ] self.expect_fail = [ "999", # invalid namespace, numeric only @@ -78,11 +71,10 @@ def setUp(self): "x_//foo", # invalid namespace, double slash after x_ "x_abc/invalid-bcp-47", # not a valid BCP-47 tag "abc/invalid-bcp-47", # not in enum (but that's ok for the pattern), not a valid BCP-47 tag - "abc/invalid", # not in enum (but that's ok for the pattern), not a valid BCP-47 tag "x_custom/extension", # not a valid BCP-47 tag "x_example.test/not-bcp-47", # not a valid BCP-47 tag - "x_custom/extension/with/multiple/segments/" - + "a" * 990, # exceeds max length + "x_com.eample#foo" + + "oo" * 990, # exceeds max length "ssvc$de-DE", # official translations / base language are at the first extension level "anssi#800-30$fr-FR", # official translations / base language are at the first extension level "x_gov.nist#800-30$de-DE", # official translations / base language are at the first extension level @@ -137,33 +129,11 @@ def test_base_pattern(self): ] self._test_successes_failures(BASE_PATTERN, x_fail, x_success) - def test_experimental_base_pattern(self): - x_success = [ - "x_abc", - "x_custom", - "x_custom.with.dots", # dots are allowed in the base pattern - "x_custom-with-dashes", # dashes are allowed in the base pattern - ] - x_fail = [ - "9abc", # does not start with x_ - "x__invalid", # double underscore - "x_-invalid", # dash after x_ - "x_.invalid", # dash at end - "x_9abc", # starts with a number after x_ - "x_abc.", # ends with a dot - "x_abc-", # ends with a dash - "x_abc/", # ends with a slash - "x_/foo", # slashes aren't part of the base pattern - ] - self._test_successes_failures(BASE_NS_PATTERN, x_fail, x_success) - def test_base_ns_pattern(self): x_success = [ "abc", - "x_abc", - "x_custom", - "x_custom.with.dots", # dots are allowed in the base pattern - "x_custom-with-dashes", # dashes are allowed in the base pattern + "abc-with-dashes", # dashes are allowed in the base pattern + "x_example.com#foo", ] x_fail = [ "9abc", # starts with a number @@ -232,9 +202,7 @@ def test_ext_segment_pattern(self): "valid", "valid.extension", "valid-extension", - "valid#extension", - "valid.extension#with-hash", - "com.example#foo", # valid namespace with hash + "v.a-li.d-extension", ] invalid_segments = [ "a_bc", # underscore not allowed @@ -243,7 +211,8 @@ def test_ext_segment_pattern(self): "invalid.segment.", # ends with a dot "invalid.segment-", # ends with a dash "invalid/segment", # slash not allowed - "com.example##foo", # valid namespace with hash + "com.example##foo", # hashes not allows + "com.example#foo", # hashes not allows "invalid#segment#with#multiple#hashes", # multiple hashes not allowed "invalid/segment/", # ends with a slash ] diff --git a/src/test/test_policy_generator.py b/src/test/test_policy_generator.py index 9505da3b..ca89479b 100644 --- a/src/test/test_policy_generator.py +++ b/src/test/test_policy_generator.py @@ -39,7 +39,7 @@ def setUp(self) -> None: name="test", description="test", key="TEST", - namespace="x_example.test", + namespace="x_org.example#bar", values=tuple( [ DecisionPointValue(key=c, name=c, description=c) @@ -56,7 +56,7 @@ def setUp(self) -> None: name=c, description=c, key=c, - namespace="x_example.test", + namespace="x_org.example#bar", values=tuple( [ DecisionPointValue(name=v, key=v, description=v) diff --git a/src/test/test_selections.py b/src/test/test_selections.py index aac0d75e..a922952d 100644 --- a/src/test/test_selections.py +++ b/src/test/test_selections.py @@ -29,13 +29,13 @@ class MyTestCase(unittest.TestCase): def setUp(self): self.s1 = selection.Selection( - namespace="x_example.test", + namespace="x_org.example#bar", key="test_key_1", version="1.0.0", values=[{"key": "value11"}, {"key": "value12"}], ) self.s2 = selection.Selection( - namespace="x_example.test", + namespace="x_org.example#bar", key="test_key_2", version="1.0.0", values=[{"key": "value21"}, {"key": "value22"}], @@ -137,7 +137,7 @@ def test_selection_validators(self): """Test the model validators for Selection.""" # Test with minimal data selection_minimal = selection.Selection( - namespace="x_example.test", + namespace="x_org.example#bar", key="test_key", version="1.0.0", values=[{"key": "value1"}], @@ -147,7 +147,7 @@ def test_selection_validators(self): # Test with empty strings selection_empty = selection.Selection( - namespace="x_example.test", + namespace="x_org.example#bar", key="test_key", version="1.0.0", values=[{"key": "value1"}], @@ -284,7 +284,7 @@ def test_add_selection_method(self): """Test the add_selection method.""" initial_count = len(self.selections.selections) new_selection = selection.Selection( - namespace="x_example.test", + namespace="x_org.example#bar", key="new_key", version="1.0.0", values=[{"key": "new_value"}], @@ -340,7 +340,7 @@ def test_selection_values_validation(self): """Test that Selection requires at least one value.""" with self.assertRaises(ValueError): selection.Selection( - namespace="x_example.test", + namespace="x_org.example#bar", key="test_key", version="1.0.0", values=[], # Empty values should raise error diff --git a/src/test/utils/test_toposort.py b/src/test/utils/test_toposort.py index 8b93f605..9fb2ecee 100644 --- a/src/test/utils/test_toposort.py +++ b/src/test/utils/test_toposort.py @@ -73,7 +73,7 @@ def setUp(self): from ssvc.decision_points.base import DecisionPoint, DecisionPointValue self.dp1 = DecisionPoint( - namespace="x_test", + namespace="x_com.example#foo", name="Decision Point 1", key="DP1", version="1.0.0", @@ -84,7 +84,7 @@ def setUp(self): ], ) self.dp2 = DecisionPoint( - namespace="x_test", + namespace="x_com.example#foo", name="Decision Point 2", key="DP2", version="1.0.0", From 4824e20d6602faac2dd341c380fc04f8eb0a0658 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Fri, 15 Aug 2025 16:56:09 +0200 Subject: [PATCH 246/468] cleanup codestyle with black (minor) in code that the new ssvc pattern touched --- src/ssvc/utils/patterns.py | 14 +++----------- src/test/test_namespaces.py | 8 ++++++-- src/test/test_namespaces_pattern.py | 8 +++----- 3 files changed, 12 insertions(+), 18 deletions(-) diff --git a/src/ssvc/utils/patterns.py b/src/ssvc/utils/patterns.py index 15397aee..67645a82 100644 --- a/src/ssvc/utils/patterns.py +++ b/src/ssvc/utils/patterns.py @@ -39,6 +39,7 @@ LENGTH_CHECK_PATTERN = r"(?=.{3,1000}$)" +# fmt: off # --- the following section is generated with # abnf-to-regexp --format python-nested -i ssvc_namespace_pattern.abnf alnum = '[a-zA-Z0-9]' @@ -71,6 +72,7 @@ extensions = f'{lang_ext}((/{ext_seg})+)?' namespace = f'{base_ns}({extensions})?' # --- end of generated output +# fmt: on # --- define base patterns to be compatible with previously existing tests BASE_PATTERN = ns_core @@ -78,17 +80,7 @@ EXT_SEGMENT_PATTERN = fragment_seg # --- Combine all parts into the full namespace pattern --- -NS_PATTERN_STR = ( - rf"^{LENGTH_CHECK_PATTERN}" - rf"{namespace}" -) +NS_PATTERN_STR = rf"^{LENGTH_CHECK_PATTERN}" rf"{namespace}" # Compile the regex with verbose flag for readability (if needed) NS_PATTERN = re.compile(NS_PATTERN_STR) - -def main(): - pass - - -if __name__ == "__main__": - main() diff --git a/src/test/test_namespaces.py b/src/test/test_namespaces.py index 42ec82c7..40182fbc 100644 --- a/src/test/test_namespaces.py +++ b/src/test/test_namespaces.py @@ -84,8 +84,12 @@ def test_namespace_validator(self): with self.assertRaises(ValueError): NameSpace.validate(ns) - for ns in ["x_com.example#foo", "x_com.example#bar", - "x_com.example#baz", "x_com.example#quux"]: + for ns in [ + "x_com.example#foo", + "x_com.example#bar", + "x_com.example#baz", + "x_com.example#quux", + ]: self.assertEqual(ns, NameSpace.validate(ns)) diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index 32870e56..ad7c62c6 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -73,9 +73,8 @@ def setUp(self): "abc/invalid-bcp-47", # not in enum (but that's ok for the pattern), not a valid BCP-47 tag "x_custom/extension", # not a valid BCP-47 tag "x_example.test/not-bcp-47", # not a valid BCP-47 tag - "x_com.eample#foo" - + "oo" * 990, # exceeds max length - "ssvc$de-DE", # official translations / base language are at the first extension level + "x_com.eample#foo" + "oo" * 990, # exceeds max length + "ssvc$de-DE", # official translations / base language are at the first extension level "anssi#800-30$fr-FR", # official translations / base language are at the first extension level "x_gov.nist#800-30$de-DE", # official translations / base language are at the first extension level "ssvc/de-DE/example.organization##reference-arch-1", # valid BCP-47 tag, reverse domain notation, double hash @@ -90,11 +89,10 @@ def setUp(self): "ab", # too short "x_", # too short after prefix "x_x_some-weird-private-one", # double x_ not allowed - "x_example.test///org.example#fragment", # three slashes in a row (was an mistake in ABNF previously) + "x_example.test///org.example#fragment", # three slashes in a row (was an mistake in ABNF previously) ] def test_ns_pattern(self): - self._test_successes_failures( NS_PATTERN.pattern, self.expect_fail, self.expect_success ) From 6a53385b94a1416c5fa66eeee3334ce4a22fe2ca Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Fri, 15 Aug 2025 17:26:36 +0200 Subject: [PATCH 247/468] put freshly generated schema files in --- data/schema/v2/Decision_Point-2-0-0.schema.json | 2 +- data/schema/v2/Decision_Point_Group-2-0-0.schema.json | 2 +- .../v2/Decision_Point_Value_Selection-2-0-0.schema.json | 2 +- data/schema/v2/Decision_Table-2-0-0.schema.json | 4 ++-- data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/data/schema/v2/Decision_Point-2-0-0.schema.json b/data/schema/v2/Decision_Point-2-0-0.schema.json index 070cb211..50d3e0ee 100644 --- a/data/schema/v2/Decision_Point-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point-2-0-0.schema.json @@ -53,7 +53,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(?:x_(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*)(?:(?:\\/(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])\\/|\\/\\/)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?(?:\\/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?)*)?$", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?", "type": "string" }, "key": { diff --git a/data/schema/v2/Decision_Point_Group-2-0-0.schema.json b/data/schema/v2/Decision_Point_Group-2-0-0.schema.json index da2ad297..c1972f73 100644 --- a/data/schema/v2/Decision_Point_Group-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Group-2-0-0.schema.json @@ -18,7 +18,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(?:x_(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*)(?:(?:\\/(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])\\/|\\/\\/)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?(?:\\/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?)*)?$", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?", "type": "string" }, "key": { diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index 7bbf67d4..d96bfdd8 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -79,7 +79,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(?:x_(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*)(?:(?:\\/(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])\\/|\\/\\/)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?(?:\\/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?)*)?$", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?", "type": "string" }, "key": { diff --git a/data/schema/v2/Decision_Table-2-0-0.schema.json b/data/schema/v2/Decision_Table-2-0-0.schema.json index c6ea1d33..c0886f45 100644 --- a/data/schema/v2/Decision_Table-2-0-0.schema.json +++ b/data/schema/v2/Decision_Table-2-0-0.schema.json @@ -18,7 +18,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(?:x_(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*)(?:(?:\\/(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])\\/|\\/\\/)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?(?:\\/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?)*)?$", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?", "type": "string" }, "key": { @@ -131,7 +131,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(?:x_(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*)(?:(?:\\/(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])\\/|\\/\\/)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?(?:\\/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?)*)?$", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?", "type": "string" }, "key": { diff --git a/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json b/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json index ebc46088..d7b4e2a4 100644 --- a/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json +++ b/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json @@ -17,7 +17,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(?:x_(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*)(?:(?:\\/(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])\\/|\\/\\/)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?(?:\\/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?)*)?$", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?", "type": "string" }, "key": { @@ -132,7 +132,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(?:x_(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*|(?!.*[.-]{2,})[a-z][a-z0-9]+(?:[.-][a-z0-9]+)*)(?:(?:\\/(([A-Za-z]{2,3}(-[A-Za-z]{3}(-[A-Za-z]{3}){0,2})?|[A-Za-z]{4,8})(-[A-Za-z]{4})?(-([A-Za-z]{2}|[0-9]{3}))?(-([A-Za-z0-9]{5,8}|[0-9][A-Za-z0-9]{3}))*(-[A-WY-Za-wy-z0-9](-[A-Za-z0-9]{2,8})+)*(-[Xx](-[A-Za-z0-9]{1,8})+)?|[Xx](-[A-Za-z0-9]{1,8})+|[Ii]-[Dd][Ee][Ff][Aa][Uu][Ll][Tt]|[Ii]-[Mm][Ii][Nn][Gg][Oo])\\/|\\/\\/)(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?(?:\\/(?!.*[.-]{2,})[a-zA-Z][a-zA-Z0-9]*(?:[.-][a-zA-Z0-9]+)*(?:#[a-zA-Z0-9]+(?:[.-][a-zA-Z0-9]+)*)?)*)?$", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?", "type": "string" }, "key": { From 9bc78501a929bb891b0d045ffc04acc8a3b02d7a Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Mon, 18 Aug 2025 09:24:28 +0200 Subject: [PATCH 248/468] make namespace abnf and examples more consistent .. by fixing a typo in a test example. .. by adding whitespace after [ and before ] to be consistent. --- src/ssvc/utils/ssvc_namespace_pattern.abnf | 2 +- src/test/test_namespaces_pattern.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ssvc/utils/ssvc_namespace_pattern.abnf b/src/ssvc/utils/ssvc_namespace_pattern.abnf index 3384fae3..1a93ecea 100644 --- a/src/ssvc/utils/ssvc_namespace_pattern.abnf +++ b/src/ssvc/utils/ssvc_namespace_pattern.abnf @@ -3,7 +3,7 @@ ; SPDX-License-Identifier: LicenseRef-MIT-SEI-style.txt ; (see LICENCE for full terms) -namespace = base-ns [extensions] +namespace = base-ns [ extensions ] ; Overall namespace must be 3-1000 characters ; (Enforced via regex length lookahead) diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index ad7c62c6..3d96af7e 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -40,7 +40,7 @@ def setUp(self): "cisa", "custom", # not in enum, but valid for the pattern "abc", # not in enum, but valid for the pattern - "x_com.eample#foo/", + "x_com.example#foo/", "x_com.example#foo//.org.example#bar", "ssvc/de-DE/.org.example#reference-arch-1", # valid BCP-47 tag, reverse domain notation, hash "ssvc//.de.bund.bsi$de-DE", # BSI's translation of SSVC @@ -73,7 +73,7 @@ def setUp(self): "abc/invalid-bcp-47", # not in enum (but that's ok for the pattern), not a valid BCP-47 tag "x_custom/extension", # not a valid BCP-47 tag "x_example.test/not-bcp-47", # not a valid BCP-47 tag - "x_com.eample#foo" + "oo" * 990, # exceeds max length + "x_com.example#foo" + "oo" * 990, # exceeds max length "ssvc$de-DE", # official translations / base language are at the first extension level "anssi#800-30$fr-FR", # official translations / base language are at the first extension level "x_gov.nist#800-30$de-DE", # official translations / base language are at the first extension level From 57b72015bad47e61167478c2a0319a738f58cc23 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Mon, 18 Aug 2025 09:30:07 +0200 Subject: [PATCH 249/468] improve x_com_yahooinc namespace model example following suggestion in https://github.com/CERTCC/SSVC/pull/882#discussion_r2279383821 --- src/ssvc/outcomes/x_com_yahooinc/paranoids.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssvc/outcomes/x_com_yahooinc/paranoids.py b/src/ssvc/outcomes/x_com_yahooinc/paranoids.py index 6b20a9e3..b92e4ca1 100644 --- a/src/ssvc/outcomes/x_com_yahooinc/paranoids.py +++ b/src/ssvc/outcomes/x_com_yahooinc/paranoids.py @@ -47,7 +47,7 @@ name="theParanoids", key="PARANOIDS", description="PrioritizedRiskRemediation outcome group based on TheParanoids.", - namespace="x_com.yahooinc#private", + namespace="x_com.yahooinc#prioritized-risk-remediation", version="1.0.0", values=( _TRACK_5, From b33d2e0e05bbbbf74890832cfbd76f34c4379c01 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Mon, 18 Aug 2025 09:32:48 +0200 Subject: [PATCH 250/468] improving namespace example following suggestion https://github.com/CERTCC/SSVC/pull/882#discussion_r2279363395 --- src/ssvc/decision_tables/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index 8c0cd26f..a7c4e033 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -715,7 +715,7 @@ def main() -> None: table = DecisionTable( name="Test Table", description="A test decision table", - namespace="x_com.example#foo", + namespace="x_com.example#test-table", decision_points=dpg.decision_points, outcome=outcomes.id, ) From b0725dbb3c100f1d2adc5ed7e606adb914ad061d Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 18 Aug 2025 10:44:54 -0400 Subject: [PATCH 251/468] this one appears to work --- src/ssvc/decision_tables/_mermaid.py | 53 ++-- src/ssvc/decision_tables/test.md | 367 ++++++++++----------------- 2 files changed, 163 insertions(+), 257 deletions(-) diff --git a/src/ssvc/decision_tables/_mermaid.py b/src/ssvc/decision_tables/_mermaid.py index b444f819..5cc3f05d 100644 --- a/src/ssvc/decision_tables/_mermaid.py +++ b/src/ssvc/decision_tables/_mermaid.py @@ -30,38 +30,47 @@ def dicts_to_mermaid_subgraphs(rows): lines = ["graph LR", "n1(( ))"] columns = list(rows[0].keys()) - # Build subgraphs + node_ids = {} # (col_idx, path_tuple) -> node_id + seen_edges = set() # (parent_id, child_id) + + # Build subgraphs + nodes for col_idx, col in enumerate(columns): subgraph_name = f's{col_idx+1}["{col}"]' lines.append(f"subgraph {subgraph_name}") - seen = set() + seen_paths = set() for row in rows: - node_id = "".join( - row[columns[i]] - + (f"s{col_idx+1}" if col_idx == len(columns) - 1 else "") - for i in range(col_idx + 1) - ) + path = tuple(row[columns[i]] for i in range(col_idx + 1)) + if path in seen_paths: + continue + seen_paths.add(path) + node_id = "_".join(path) + f"_L{col_idx}" + # future: if you want to label the nodes, do that here label = row[columns[col_idx]] - if node_id not in seen: - lines.append(f"{node_id}([{label}])") - seen.add(node_id) + lines.append(f"{node_id}([{label}])") + node_ids[(col_idx, path)] = node_id lines.append("end") - # Add edges - first_col_vals = {row[columns[0]] for row in rows} - for val in first_col_vals: - lines.append(f"n1 --- {val}") + # Root → level 0 + for row in rows: + path = (row[columns[0]],) + child_id = node_ids[(0, path)] + edge = ("n1", child_id) + if edge not in seen_edges: + lines.append(f"{edge[0]} --- {edge[1]}") + seen_edges.add(edge) + # Level k-1 → level k for row in rows: - prev_id = row[columns[0]] for col_idx in range(1, len(columns)): - node_id = "".join( - row[columns[i]] - + (f"s{col_idx+1}" if col_idx == len(columns) - 1 else "") - for i in range(col_idx + 1) - ) - lines.append(f"{prev_id} --- {node_id}") - prev_id = node_id + parent_path = tuple(row[columns[i]] for i in range(col_idx)) + child_path = parent_path + (row[columns[col_idx]],) + parent_id = node_ids[(col_idx - 1, parent_path)] + child_id = node_ids[(col_idx, child_path)] + edge = (parent_id, child_id) + if edge not in seen_edges: + # future: if you want to label the links, do that here + lines.append(f"{parent_id} --- {child_id}") + seen_edges.add(edge) return "\n".join(lines) diff --git a/src/ssvc/decision_tables/test.md b/src/ssvc/decision_tables/test.md index c54186a2..a9df8ae1 100644 --- a/src/ssvc/decision_tables/test.md +++ b/src/ssvc/decision_tables/test.md @@ -1,250 +1,147 @@ # Title -```mermaid -graph LR -n1(( )) -subgraph s1["ssvc:SI:2.0.0"] -N([N]) -M([M]) -R([R]) -C([C]) -end -subgraph s2["ssvc:MI:2.0.0"] -ND([D]) -MD([D]) -RD([D]) -CD([D]) -NMSC([MSC]) -MMSC([MSC]) -RMSC([MSC]) -CMSC([MSC]) -NMEF([MEF]) -MMEF([MEF]) -RMEF([MEF]) -CMEF([MEF]) -NMF([MF]) -MMF([MF]) -RMF([MF]) -CMF([MF]) -end -subgraph s3["ssvc:HI:2.0.2"] -NDs3([L]) -MDs3([L]) -RDs3([M]) -CDs3([VH]) -NMSCs3([L]) -MMSCs3([L]) -RMSCs3([M]) -CMSCs3([VH]) -NMEFs3([M]) -MMEFs3([H]) -RMEFs3([H]) -CMEFs3([VH]) -NMFs3([VH]) -MMFs3([VH]) -RMFs3([VH]) -CMFs3([VH]) - -end -n1 --- N -n1 --- M -n1 --- R -n1 --- C -N --- ND -N --- NMSC -N --- NMEF -N --- NMF -M --- MD -M --- MMSC -M --- MMEF -M --- MMF -R --- RD -R --- RMSC -R --- RMEF -R --- RMF -C --- CD -C --- CMSC -C --- CMEF -C --- CMF -ND --- NDs3 -MD --- MDs3 -RD --- RDs3 -CD --- CDs3 -NMSC --- NMSCs3 -MMSC --- MMSCs3 -RMSC --- RMSCs3 -CMSC --- CMSCs3 -NMEF --- NMEFs3 -MMEF --- MMEFs3 -RMEF --- RMEFs3 -CMEF --- CMEFs3 -NMF --- NMFs3 -MMF --- MMFs3 -RMF --- RMFs3 -CMF --- CMFs3 -``` - - ```mermaid graph LR n1(( )) subgraph s1["ssvc:SINV:1.0.0"] -FR([FR]) -C([C]) -UU([UU]) +FR_L0([FR]) +C_L0([C]) +UU_L0([UU]) end subgraph s2["ssvc:E:1.1.0"] -FRN([N]) -CN([N]) -FRP([P]) -UUN([N]) -CP([P]) -FRA([A]) -UUP([P]) -CA([A]) -UUA([A]) +FR_N_L1([N]) +C_N_L1([N]) +FR_P_L1([P]) +UU_N_L1([N]) +C_P_L1([P]) +FR_A_L1([A]) +UU_P_L1([P]) +C_A_L1([A]) +UU_A_L1([A]) end subgraph s3["ssvc:PVA:1.0.0"] -FRNL([L]) -CNL([L]) -FRPL([L]) -FRNA([A]) -UUNL([L]) -CPL([L]) -FRAL([L]) -CNA([A]) -FRPA([A]) -FRNP([P]) -UUPL([L]) -CAL([L]) -UUNA([A]) -CPA([A]) -FRAA([A]) -CNP([P]) -FRPP([P]) -UUAL([L]) -UUPA([A]) -CAA([A]) -UUNP([P]) -CPP([P]) -FRAP([P]) -UUAA([A]) -UUPP([P]) -CAP([P]) -UUAP([P]) +FR_N_L_L2([L]) +C_N_L_L2([L]) +FR_P_L_L2([L]) +FR_N_A_L2([A]) +UU_N_L_L2([L]) +C_P_L_L2([L]) +FR_A_L_L2([L]) +C_N_A_L2([A]) +FR_P_A_L2([A]) +FR_N_P_L2([P]) +UU_P_L_L2([L]) +C_A_L_L2([L]) +UU_N_A_L2([A]) +C_P_A_L2([A]) +FR_A_A_L2([A]) +C_N_P_L2([P]) +FR_P_P_L2([P]) +UU_A_L_L2([L]) +UU_P_A_L2([A]) +C_A_A_L2([A]) +UU_N_P_L2([P]) +C_P_P_L2([P]) +FR_A_P_L2([P]) +UU_A_A_L2([A]) +UU_P_P_L2([P]) +C_A_P_L2([P]) +UU_A_P_L2([P]) end subgraph s4["ssvc:PUBLISH:1.0.0"] -FRs4Ns4Ls4Ns4([N]) -Cs4Ns4Ls4Ns4([N]) -FRs4Ps4Ls4Ns4([N]) -FRs4Ns4As4Ns4([N]) -UUs4Ns4Ls4Ns4([N]) -Cs4Ps4Ls4Ns4([N]) -FRs4As4Ls4Ns4([N]) -Cs4Ns4As4Ns4([N]) -FRs4Ps4As4Ns4([N]) -FRs4Ns4Ps4Ps4([P]) -UUs4Ps4Ls4Ns4([N]) -Cs4As4Ls4Ns4([N]) -UUs4Ns4As4Ns4([N]) -Cs4Ps4As4Ns4([N]) -FRs4As4As4Ps4([P]) -Cs4Ns4Ps4Ps4([P]) -FRs4Ps4Ps4Ps4([P]) -UUs4As4Ls4Ps4([P]) -UUs4Ps4As4Ps4([P]) -Cs4As4As4Ps4([P]) -UUs4Ns4Ps4Ps4([P]) -Cs4Ps4Ps4Ps4([P]) -FRs4As4Ps4Ps4([P]) -UUs4As4As4Ps4([P]) -UUs4Ps4Ps4Ps4([P]) -Cs4As4Ps4Ps4([P]) -UUs4As4Ps4Ps4([P]) +FR_N_L_N_L3([N]) +C_N_L_N_L3([N]) +FR_P_L_N_L3([N]) +FR_N_A_N_L3([N]) +UU_N_L_N_L3([N]) +C_P_L_N_L3([N]) +FR_A_L_N_L3([N]) +C_N_A_N_L3([N]) +FR_P_A_N_L3([N]) +FR_N_P_P_L3([P]) +UU_P_L_N_L3([N]) +C_A_L_N_L3([N]) +UU_N_A_N_L3([N]) +C_P_A_N_L3([N]) +FR_A_A_P_L3([P]) +C_N_P_P_L3([P]) +FR_P_P_P_L3([P]) +UU_A_L_P_L3([P]) +UU_P_A_P_L3([P]) +C_A_A_P_L3([P]) +UU_N_P_P_L3([P]) +C_P_P_P_L3([P]) +FR_A_P_P_L3([P]) +UU_A_A_P_L3([P]) +UU_P_P_P_L3([P]) +C_A_P_P_L3([P]) +UU_A_P_P_L3([P]) end -n1 --- UU -n1 --- C -n1 --- FR -FR --- FRN -FRN --- FRNL -FRNL --- FRs4Ns4Ls4Ns4 -C --- CN -CN --- CNL -CNL --- Cs4Ns4Ls4Ns4 -FR --- FRP -FRP --- FRPL -FRPL --- FRs4Ps4Ls4Ns4 -FR --- FRN -FRN --- FRNA -FRNA --- FRs4Ns4As4Ns4 -UU --- UUN -UUN --- UUNL -UUNL --- UUs4Ns4Ls4Ns4 -C --- CP -CP --- CPL -CPL --- Cs4Ps4Ls4Ns4 -FR --- FRA -FRA --- FRAL -FRAL --- FRs4As4Ls4Ns4 -C --- CN -CN --- CNA -CNA --- Cs4Ns4As4Ns4 -FR --- FRP -FRP --- FRPA -FRPA --- FRs4Ps4As4Ns4 -FR --- FRN -FRN --- FRNP -FRNP --- FRs4Ns4Ps4Ps4 -UU --- UUP -UUP --- UUPL -UUPL --- UUs4Ps4Ls4Ns4 -C --- CA -CA --- CAL -CAL --- Cs4As4Ls4Ns4 -UU --- UUN -UUN --- UUNA -UUNA --- UUs4Ns4As4Ns4 -C --- CP -CP --- CPA -CPA --- Cs4Ps4As4Ns4 -FR --- FRA -FRA --- FRAA -FRAA --- FRs4As4As4Ps4 -C --- CN -CN --- CNP -CNP --- Cs4Ns4Ps4Ps4 -FR --- FRP -FRP --- FRPP -FRPP --- FRs4Ps4Ps4Ps4 -UU --- UUA -UUA --- UUAL -UUAL --- UUs4As4Ls4Ps4 -UU --- UUP -UUP --- UUPA -UUPA --- UUs4Ps4As4Ps4 -C --- CA -CA --- CAA -CAA --- Cs4As4As4Ps4 -UU --- UUN -UUN --- UUNP -UUNP --- UUs4Ns4Ps4Ps4 -C --- CP -CP --- CPP -CPP --- Cs4Ps4Ps4Ps4 -FR --- FRA -FRA --- FRAP -FRAP --- FRs4As4Ps4Ps4 -UU --- UUA -UUA --- UUAA -UUAA --- UUs4As4As4Ps4 -UU --- UUP -UUP --- UUPP -UUPP --- UUs4Ps4Ps4Ps4 -C --- CA -CA --- CAP -CAP --- Cs4As4Ps4Ps4 -UU --- UUA -UUA --- UUAP -UUAP --- UUs4As4Ps4Ps4 +n1 --- FR_L0 +n1 --- C_L0 +n1 --- UU_L0 +FR_L0 --- FR_N_L1 +FR_N_L1 --- FR_N_L_L2 +FR_N_L_L2 --- FR_N_L_N_L3 +C_L0 --- C_N_L1 +C_N_L1 --- C_N_L_L2 +C_N_L_L2 --- C_N_L_N_L3 +FR_L0 --- FR_P_L1 +FR_P_L1 --- FR_P_L_L2 +FR_P_L_L2 --- FR_P_L_N_L3 +FR_N_L1 --- FR_N_A_L2 +FR_N_A_L2 --- FR_N_A_N_L3 +UU_L0 --- UU_N_L1 +UU_N_L1 --- UU_N_L_L2 +UU_N_L_L2 --- UU_N_L_N_L3 +C_L0 --- C_P_L1 +C_P_L1 --- C_P_L_L2 +C_P_L_L2 --- C_P_L_N_L3 +FR_L0 --- FR_A_L1 +FR_A_L1 --- FR_A_L_L2 +FR_A_L_L2 --- FR_A_L_N_L3 +C_N_L1 --- C_N_A_L2 +C_N_A_L2 --- C_N_A_N_L3 +FR_P_L1 --- FR_P_A_L2 +FR_P_A_L2 --- FR_P_A_N_L3 +FR_N_L1 --- FR_N_P_L2 +FR_N_P_L2 --- FR_N_P_P_L3 +UU_L0 --- UU_P_L1 +UU_P_L1 --- UU_P_L_L2 +UU_P_L_L2 --- UU_P_L_N_L3 +C_L0 --- C_A_L1 +C_A_L1 --- C_A_L_L2 +C_A_L_L2 --- C_A_L_N_L3 +UU_N_L1 --- UU_N_A_L2 +UU_N_A_L2 --- UU_N_A_N_L3 +C_P_L1 --- C_P_A_L2 +C_P_A_L2 --- C_P_A_N_L3 +FR_A_L1 --- FR_A_A_L2 +FR_A_A_L2 --- FR_A_A_P_L3 +C_N_L1 --- C_N_P_L2 +C_N_P_L2 --- C_N_P_P_L3 +FR_P_L1 --- FR_P_P_L2 +FR_P_P_L2 --- FR_P_P_P_L3 +UU_L0 --- UU_A_L1 +UU_A_L1 --- UU_A_L_L2 +UU_A_L_L2 --- UU_A_L_P_L3 +UU_P_L1 --- UU_P_A_L2 +UU_P_A_L2 --- UU_P_A_P_L3 +C_A_L1 --- C_A_A_L2 +C_A_A_L2 --- C_A_A_P_L3 +UU_N_L1 --- UU_N_P_L2 +UU_N_P_L2 --- UU_N_P_P_L3 +C_P_L1 --- C_P_P_L2 +C_P_P_L2 --- C_P_P_P_L3 +FR_A_L1 --- FR_A_P_L2 +FR_A_P_L2 --- FR_A_P_P_L3 +UU_A_L1 --- UU_A_A_L2 +UU_A_A_L2 --- UU_A_A_P_L3 +UU_P_L1 --- UU_P_P_L2 +UU_P_P_L2 --- UU_P_P_P_L3 +C_A_L1 --- C_A_P_L2 +C_A_P_L2 --- C_A_P_P_L3 +UU_A_L1 --- UU_A_P_L2 +UU_A_P_L2 --- UU_A_P_P_L3 ``` \ No newline at end of file From d92be63a009a4790f4784ccca1b52e52444e2b42 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 18 Aug 2025 11:25:11 -0400 Subject: [PATCH 252/468] add workaround for when graph exceeds mermaid default 500 edges --- docs/howto/coordination_triage_decision.md | 11 + src/ssvc/decision_tables/_mermaid.py | 86 +- src/ssvc/decision_tables/test.md | 1776 +++++++++++++++++++- 3 files changed, 1863 insertions(+), 10 deletions(-) diff --git a/docs/howto/coordination_triage_decision.md b/docs/howto/coordination_triage_decision.md index 53949660..f395b709 100644 --- a/docs/howto/coordination_triage_decision.md +++ b/docs/howto/coordination_triage_decision.md @@ -105,9 +105,20 @@ Other coordinators should consider customizing the tree to their needs, as descr CISA has customized an SSVC decision model to suit their coordination needs. It is available at [https://www.cisa.gov/ssvc](https://www.cisa.gov/ssvc). +```python exec="true" idprefix="" +from ssvc.decision_tables.ssvc.coord_triage import LATEST as DT +from ssvc.decision_tables._mermaid import mapping2mermaid + +rows = DT.mapping +title = f"{DT.name} Decision Table ({DT.namespace}:{DT.key}:{DT.version})" +print(mapping2mermaid(rows,title=title)) +``` + + ### Table of Values diff --git a/src/ssvc/decision_tables/_mermaid.py b/src/ssvc/decision_tables/_mermaid.py index 5cc3f05d..da551d78 100644 --- a/src/ssvc/decision_tables/_mermaid.py +++ b/src/ssvc/decision_tables/_mermaid.py @@ -25,10 +25,28 @@ # subject to its own license. # DM24-0278 +EDGE_LIMIT = 500 -def dicts_to_mermaid_subgraphs(rows): - lines = ["graph LR", "n1(( ))"] - columns = list(rows[0].keys()) + +def _mapping2mermaid(mapping: list[dict[str:str]], title: str = None) -> str: + """ + Convert a decision table mapping to a Mermaid graph. + Args: + mapping (list[dict[str:str]]): A list of dictionaries representing the decision table mapping. + Each dictionary corresponds to a row in the table, with keys as column names and values as cell values. + Each row should have the same keys, representing the columns of the decision table. + Returns: + str: A string containing a markdown Mermaid graph representation, including the code block markers. + """ + lines = [ + "```mermaid", + ] + if title is not None: + # add the yaml front matter for the title + lines.extend(["---", f"title: {title}", "---"]) + + lines.extend(["graph LR", "n1(( ))"]) + columns = list(mapping[0].keys()) node_ids = {} # (col_idx, path_tuple) -> node_id seen_edges = set() # (parent_id, child_id) @@ -38,7 +56,7 @@ def dicts_to_mermaid_subgraphs(rows): subgraph_name = f's{col_idx+1}["{col}"]' lines.append(f"subgraph {subgraph_name}") seen_paths = set() - for row in rows: + for row in mapping: path = tuple(row[columns[i]] for i in range(col_idx + 1)) if path in seen_paths: continue @@ -51,7 +69,7 @@ def dicts_to_mermaid_subgraphs(rows): lines.append("end") # Root → level 0 - for row in rows: + for row in mapping: path = (row[columns[0]],) child_id = node_ids[(0, path)] edge = ("n1", child_id) @@ -60,7 +78,7 @@ def dicts_to_mermaid_subgraphs(rows): seen_edges.add(edge) # Level k-1 → level k - for row in rows: + for row in mapping: for col_idx in range(1, len(columns)): parent_path = tuple(row[columns[i]] for i in range(col_idx)) child_path = parent_path + (row[columns[col_idx]],) @@ -71,14 +89,64 @@ def dicts_to_mermaid_subgraphs(rows): # future: if you want to label the links, do that here lines.append(f"{parent_id} --- {child_id}") seen_edges.add(edge) + if len(seen_edges) > EDGE_LIMIT: + raise ValueError( + f"Too many edges in the graph: Limit={EDGE_LIMIT}." + "Consider filtering the mapping to reduce complexity." + ) + # Close the graph + lines.append("```") + lines.append("") return "\n".join(lines) +def mapping2mermaid(rows: list[dict[str:str]], title: str = None) -> str: + """ + Convert a decision table mapping to a Mermaid graph. + Args: + rows (list[dict[str:str]]): A list of dictionaries representing the decision table mapping. + Each dictionary corresponds to a row in the table, with keys as column names and values as cell values. + Each row should have the same keys, representing the columns of the decision table. + Returns: + str: A string containing a markdown Mermaid graph representation, including the code block markers. + """ + try: + return _mapping2mermaid(rows) + except ValueError as e: + # graph is too big, split it into smaller graphs + # one graph per value in the first column + first_col = list(rows[0].keys())[0] + diagrams = [] + uniq_values = set(row[first_col] for row in rows) + for value in uniq_values: + filtered_rows = [row for row in rows if row[first_col] == value] + if not filtered_rows: + continue + try: + diagram = _mapping2mermaid( + filtered_rows, title=f"{title} - {first_col}:{value}" + ) + diagrams.append(diagram) + except ValueError as e: + print(f"Skipping {value} due to error: {e}") + + return "\n\n".join(diagrams) if diagrams else "No valid diagrams generated." + + # Example if __name__ == "__main__": - from ssvc.decision_tables.ssvc.coord_pub_dt import LATEST as CP - rows = CP.mapping - print(dicts_to_mermaid_subgraphs(rows)) + from ssvc.decision_tables.cvss.qualitative_severity import LATEST as DT + + rows = DT.mapping + + # filter rows for invalid + def invalid(row): + if row["cvss:EQ3:1.0.0"] == "L" and row["cvss:EQ6:1.0.0"] == "H": + return True + return False + + rows = [row for row in rows if not invalid(row)] + print(mapping2mermaid(rows)) diff --git a/src/ssvc/decision_tables/test.md b/src/ssvc/decision_tables/test.md index a9df8ae1..d6af426c 100644 --- a/src/ssvc/decision_tables/test.md +++ b/src/ssvc/decision_tables/test.md @@ -144,4 +144,1778 @@ C_A_L1 --- C_A_P_L2 C_A_P_L2 --- C_A_P_P_L3 UU_A_L1 --- UU_A_P_L2 UU_A_P_L2 --- UU_A_P_P_L3 -``` \ No newline at end of file +``` + +```mermaid +graph LR +n1(( )) +subgraph s1["cvss:AV:3.0.1"] +P_L0([P]) +L_L0([L]) +A_L0([A]) +N_L0([N]) +end +subgraph s2["cvss:PR:1.0.1"] +P_H_L1([H]) +L_H_L1([H]) +P_L_L1([L]) +A_H_L1([H]) +L_L_L1([L]) +P_N_L1([N]) +N_H_L1([H]) +A_L_L1([L]) +L_N_L1([N]) +N_L_L1([L]) +A_N_L1([N]) +N_N_L1([N]) +end +subgraph s3["cvss:UI:2.0.0"] +P_H_A_L2([A]) +L_H_A_L2([A]) +P_L_A_L2([A]) +P_H_P_L2([P]) +A_H_A_L2([A]) +L_L_A_L2([A]) +P_N_A_L2([A]) +L_H_P_L2([P]) +P_L_P_L2([P]) +P_H_N_L2([N]) +N_H_A_L2([A]) +A_L_A_L2([A]) +L_N_A_L2([A]) +A_H_P_L2([P]) +L_L_P_L2([P]) +P_N_P_L2([P]) +L_H_N_L2([N]) +P_L_N_L2([N]) +N_L_A_L2([A]) +A_N_A_L2([A]) +N_H_P_L2([P]) +A_L_P_L2([P]) +L_N_P_L2([P]) +A_H_N_L2([N]) +L_L_N_L2([N]) +P_N_N_L2([N]) +N_N_A_L2([A]) +N_L_P_L2([P]) +A_N_P_L2([P]) +N_H_N_L2([N]) +A_L_N_L2([N]) +L_N_N_L2([N]) +N_N_P_L2([P]) +N_L_N_L2([N]) +A_N_N_L2([N]) +N_N_N_L2([N]) +end +subgraph s4["cvss:EQ1:1.0.0"] +P_H_A_L_L3([L]) +L_H_A_L_L3([L]) +P_L_A_L_L3([L]) +P_H_P_L_L3([L]) +A_H_A_L_L3([L]) +L_L_A_L_L3([L]) +P_N_A_L_L3([L]) +L_H_P_L_L3([L]) +P_L_P_L_L3([L]) +P_H_N_L_L3([L]) +N_H_A_M_L3([M]) +A_L_A_L_L3([L]) +L_N_A_M_L3([M]) +A_H_P_L_L3([L]) +L_L_P_L_L3([L]) +P_N_P_L_L3([L]) +L_H_N_M_L3([M]) +P_L_N_L_L3([L]) +N_L_A_M_L3([M]) +A_N_A_M_L3([M]) +N_H_P_M_L3([M]) +A_L_P_L_L3([L]) +L_N_P_M_L3([M]) +A_H_N_M_L3([M]) +L_L_N_M_L3([M]) +P_N_N_L_L3([L]) +N_N_A_M_L3([M]) +N_L_P_M_L3([M]) +A_N_P_M_L3([M]) +N_H_N_M_L3([M]) +A_L_N_M_L3([M]) +L_N_N_M_L3([M]) +N_N_P_M_L3([M]) +N_L_N_M_L3([M]) +A_N_N_M_L3([M]) +N_N_N_H_L3([H]) +end +n1 --- P_L0 +n1 --- L_L0 +n1 --- A_L0 +n1 --- N_L0 +P_L0 --- P_H_L1 +P_H_L1 --- P_H_A_L2 +P_H_A_L2 --- P_H_A_L_L3 +L_L0 --- L_H_L1 +L_H_L1 --- L_H_A_L2 +L_H_A_L2 --- L_H_A_L_L3 +P_L0 --- P_L_L1 +P_L_L1 --- P_L_A_L2 +P_L_A_L2 --- P_L_A_L_L3 +P_H_L1 --- P_H_P_L2 +P_H_P_L2 --- P_H_P_L_L3 +A_L0 --- A_H_L1 +A_H_L1 --- A_H_A_L2 +A_H_A_L2 --- A_H_A_L_L3 +L_L0 --- L_L_L1 +L_L_L1 --- L_L_A_L2 +L_L_A_L2 --- L_L_A_L_L3 +P_L0 --- P_N_L1 +P_N_L1 --- P_N_A_L2 +P_N_A_L2 --- P_N_A_L_L3 +L_H_L1 --- L_H_P_L2 +L_H_P_L2 --- L_H_P_L_L3 +P_L_L1 --- P_L_P_L2 +P_L_P_L2 --- P_L_P_L_L3 +P_H_L1 --- P_H_N_L2 +P_H_N_L2 --- P_H_N_L_L3 +N_L0 --- N_H_L1 +N_H_L1 --- N_H_A_L2 +N_H_A_L2 --- N_H_A_M_L3 +A_L0 --- A_L_L1 +A_L_L1 --- A_L_A_L2 +A_L_A_L2 --- A_L_A_L_L3 +L_L0 --- L_N_L1 +L_N_L1 --- L_N_A_L2 +L_N_A_L2 --- L_N_A_M_L3 +A_H_L1 --- A_H_P_L2 +A_H_P_L2 --- A_H_P_L_L3 +L_L_L1 --- L_L_P_L2 +L_L_P_L2 --- L_L_P_L_L3 +P_N_L1 --- P_N_P_L2 +P_N_P_L2 --- P_N_P_L_L3 +L_H_L1 --- L_H_N_L2 +L_H_N_L2 --- L_H_N_M_L3 +P_L_L1 --- P_L_N_L2 +P_L_N_L2 --- P_L_N_L_L3 +N_L0 --- N_L_L1 +N_L_L1 --- N_L_A_L2 +N_L_A_L2 --- N_L_A_M_L3 +A_L0 --- A_N_L1 +A_N_L1 --- A_N_A_L2 +A_N_A_L2 --- A_N_A_M_L3 +N_H_L1 --- N_H_P_L2 +N_H_P_L2 --- N_H_P_M_L3 +A_L_L1 --- A_L_P_L2 +A_L_P_L2 --- A_L_P_L_L3 +L_N_L1 --- L_N_P_L2 +L_N_P_L2 --- L_N_P_M_L3 +A_H_L1 --- A_H_N_L2 +A_H_N_L2 --- A_H_N_M_L3 +L_L_L1 --- L_L_N_L2 +L_L_N_L2 --- L_L_N_M_L3 +P_N_L1 --- P_N_N_L2 +P_N_N_L2 --- P_N_N_L_L3 +N_L0 --- N_N_L1 +N_N_L1 --- N_N_A_L2 +N_N_A_L2 --- N_N_A_M_L3 +N_L_L1 --- N_L_P_L2 +N_L_P_L2 --- N_L_P_M_L3 +A_N_L1 --- A_N_P_L2 +A_N_P_L2 --- A_N_P_M_L3 +N_H_L1 --- N_H_N_L2 +N_H_N_L2 --- N_H_N_M_L3 +A_L_L1 --- A_L_N_L2 +A_L_N_L2 --- A_L_N_M_L3 +L_N_L1 --- L_N_N_L2 +L_N_N_L2 --- L_N_N_M_L3 +N_N_L1 --- N_N_P_L2 +N_N_P_L2 --- N_N_P_M_L3 +N_L_L1 --- N_L_N_L2 +N_L_N_L2 --- N_L_N_M_L3 +A_N_L1 --- A_N_N_L2 +A_N_N_L2 --- A_N_N_M_L3 +N_N_L1 --- N_N_N_L2 +N_N_N_L2 --- N_N_N_H_L3 +``` + +```mermaid +graph LR +n1(( )) +subgraph s1["cvss:EQ1:1.0.0"] +L_L0([L]) +M_L0([M]) +H_L0([H]) +end +subgraph s2["cvss:EQ2:1.0.0"] +L_L_L1([L]) +M_L_L1([L]) +L_H_L1([H]) +H_L_L1([L]) +M_H_L1([H]) +H_H_L1([H]) +end +subgraph s3["cvss:EQ3:1.0.0"] +L_L_L_L2([L]) +M_L_L_L2([L]) +L_H_L_L2([L]) +L_L_M_L2([M]) +H_L_L_L2([L]) +M_H_L_L2([L]) +M_L_M_L2([M]) +L_H_M_L2([M]) +L_L_H_L2([H]) +H_H_L_L2([L]) +H_L_M_L2([M]) +M_H_M_L2([M]) +M_L_H_L2([H]) +L_H_H_L2([H]) +H_H_M_L2([M]) +H_L_H_L2([H]) +M_H_H_L2([H]) +H_H_H_L2([H]) +end +subgraph s4["cvss:EQ4:1.0.0"] +L_L_L_L_L3([L]) +M_L_L_L_L3([L]) +L_H_L_L_L3([L]) +L_L_M_L_L3([L]) +L_L_L_M_L3([M]) +H_L_L_L_L3([L]) +M_H_L_L_L3([L]) +M_L_M_L_L3([L]) +L_H_M_L_L3([L]) +L_L_H_L_L3([L]) +M_L_L_M_L3([M]) +L_H_L_M_L3([M]) +L_L_M_M_L3([M]) +L_L_L_H_L3([H]) +H_H_L_L_L3([L]) +H_L_M_L_L3([L]) +M_H_M_L_L3([L]) +M_L_H_L_L3([L]) +L_H_H_L_L3([L]) +H_L_L_M_L3([M]) +M_H_L_M_L3([M]) +M_L_M_M_L3([M]) +L_H_M_M_L3([M]) +L_L_H_M_L3([M]) +M_L_L_H_L3([H]) +L_H_L_H_L3([H]) +L_L_M_H_L3([H]) +H_H_M_L_L3([L]) +H_L_H_L_L3([L]) +M_H_H_L_L3([L]) +H_H_L_M_L3([M]) +H_L_M_M_L3([M]) +M_H_M_M_L3([M]) +M_L_H_M_L3([M]) +L_H_H_M_L3([M]) +H_L_L_H_L3([H]) +M_H_L_H_L3([H]) +M_L_M_H_L3([H]) +L_H_M_H_L3([H]) +L_L_H_H_L3([H]) +H_H_H_L_L3([L]) +H_H_M_M_L3([M]) +H_L_H_M_L3([M]) +M_H_H_M_L3([M]) +H_H_L_H_L3([H]) +H_L_M_H_L3([H]) +M_H_M_H_L3([H]) +M_L_H_H_L3([H]) +L_H_H_H_L3([H]) +H_H_H_M_L3([M]) +H_H_M_H_L3([H]) +H_L_H_H_L3([H]) +M_H_H_H_L3([H]) +H_H_H_H_L3([H]) +end +subgraph s5["cvss:EQ5:1.0.0"] +L_L_L_L_L_L4([L]) +M_L_L_L_L_L4([L]) +L_H_L_L_L_L4([L]) +L_L_M_L_L_L4([L]) +L_L_L_M_L_L4([L]) +L_L_L_L_M_L4([M]) +H_L_L_L_L_L4([L]) +M_H_L_L_L_L4([L]) +M_L_M_L_L_L4([L]) +L_H_M_L_L_L4([L]) +L_L_H_L_L_L4([L]) +M_L_L_M_L_L4([L]) +L_H_L_M_L_L4([L]) +L_L_M_M_L_L4([L]) +L_L_L_H_L_L4([L]) +M_L_L_L_M_L4([M]) +L_H_L_L_M_L4([M]) +L_L_M_L_M_L4([M]) +L_L_L_M_M_L4([M]) +L_L_L_L_H_L4([H]) +H_H_L_L_L_L4([L]) +H_L_M_L_L_L4([L]) +M_H_M_L_L_L4([L]) +M_L_H_L_L_L4([L]) +L_H_H_L_L_L4([L]) +H_L_L_M_L_L4([L]) +M_H_L_M_L_L4([L]) +M_L_M_M_L_L4([L]) +L_H_M_M_L_L4([L]) +L_L_H_M_L_L4([L]) +M_L_L_H_L_L4([L]) +L_H_L_H_L_L4([L]) +L_L_M_H_L_L4([L]) +H_L_L_L_M_L4([M]) +M_H_L_L_M_L4([M]) +M_L_M_L_M_L4([M]) +L_H_M_L_M_L4([M]) +L_L_H_L_M_L4([M]) +M_L_L_M_M_L4([M]) +L_H_L_M_M_L4([M]) +L_L_M_M_M_L4([M]) +L_L_L_H_M_L4([M]) +M_L_L_L_H_L4([H]) +L_H_L_L_H_L4([H]) +L_L_M_L_H_L4([H]) +L_L_L_M_H_L4([H]) +H_H_M_L_L_L4([L]) +H_L_H_L_L_L4([L]) +M_H_H_L_L_L4([L]) +H_H_L_M_L_L4([L]) +H_L_M_M_L_L4([L]) +M_H_M_M_L_L4([L]) +M_L_H_M_L_L4([L]) +L_H_H_M_L_L4([L]) +H_L_L_H_L_L4([L]) +M_H_L_H_L_L4([L]) +M_L_M_H_L_L4([L]) +L_H_M_H_L_L4([L]) +L_L_H_H_L_L4([L]) +H_H_L_L_M_L4([M]) +H_L_M_L_M_L4([M]) +M_H_M_L_M_L4([M]) +M_L_H_L_M_L4([M]) +L_H_H_L_M_L4([M]) +H_L_L_M_M_L4([M]) +M_H_L_M_M_L4([M]) +M_L_M_M_M_L4([M]) +L_H_M_M_M_L4([M]) +L_L_H_M_M_L4([M]) +M_L_L_H_M_L4([M]) +L_H_L_H_M_L4([M]) +L_L_M_H_M_L4([M]) +H_L_L_L_H_L4([H]) +M_H_L_L_H_L4([H]) +M_L_M_L_H_L4([H]) +L_H_M_L_H_L4([H]) +L_L_H_L_H_L4([H]) +M_L_L_M_H_L4([H]) +L_H_L_M_H_L4([H]) +L_L_M_M_H_L4([H]) +L_L_L_H_H_L4([H]) +H_H_H_L_L_L4([L]) +H_H_M_M_L_L4([L]) +H_L_H_M_L_L4([L]) +M_H_H_M_L_L4([L]) +H_H_L_H_L_L4([L]) +H_L_M_H_L_L4([L]) +M_H_M_H_L_L4([L]) +M_L_H_H_L_L4([L]) +L_H_H_H_L_L4([L]) +H_H_M_L_M_L4([M]) +H_L_H_L_M_L4([M]) +M_H_H_L_M_L4([M]) +H_H_L_M_M_L4([M]) +H_L_M_M_M_L4([M]) +M_H_M_M_M_L4([M]) +M_L_H_M_M_L4([M]) +L_H_H_M_M_L4([M]) +H_L_L_H_M_L4([M]) +M_H_L_H_M_L4([M]) +M_L_M_H_M_L4([M]) +L_H_M_H_M_L4([M]) +L_L_H_H_M_L4([M]) +H_H_L_L_H_L4([H]) +H_L_M_L_H_L4([H]) +M_H_M_L_H_L4([H]) +M_L_H_L_H_L4([H]) +L_H_H_L_H_L4([H]) +H_L_L_M_H_L4([H]) +M_H_L_M_H_L4([H]) +M_L_M_M_H_L4([H]) +L_H_M_M_H_L4([H]) +L_L_H_M_H_L4([H]) +M_L_L_H_H_L4([H]) +L_H_L_H_H_L4([H]) +L_L_M_H_H_L4([H]) +H_H_H_M_L_L4([L]) +H_H_M_H_L_L4([L]) +H_L_H_H_L_L4([L]) +M_H_H_H_L_L4([L]) +H_H_H_L_M_L4([M]) +H_H_M_M_M_L4([M]) +H_L_H_M_M_L4([M]) +M_H_H_M_M_L4([M]) +H_H_L_H_M_L4([M]) +H_L_M_H_M_L4([M]) +M_H_M_H_M_L4([M]) +M_L_H_H_M_L4([M]) +L_H_H_H_M_L4([M]) +H_H_M_L_H_L4([H]) +H_L_H_L_H_L4([H]) +M_H_H_L_H_L4([H]) +H_H_L_M_H_L4([H]) +H_L_M_M_H_L4([H]) +M_H_M_M_H_L4([H]) +M_L_H_M_H_L4([H]) +L_H_H_M_H_L4([H]) +H_L_L_H_H_L4([H]) +M_H_L_H_H_L4([H]) +M_L_M_H_H_L4([H]) +L_H_M_H_H_L4([H]) +L_L_H_H_H_L4([H]) +H_H_H_H_L_L4([L]) +H_H_H_M_M_L4([M]) +H_H_M_H_M_L4([M]) +H_L_H_H_M_L4([M]) +M_H_H_H_M_L4([M]) +H_H_H_L_H_L4([H]) +H_H_M_M_H_L4([H]) +H_L_H_M_H_L4([H]) +M_H_H_M_H_L4([H]) +H_H_L_H_H_L4([H]) +H_L_M_H_H_L4([H]) +M_H_M_H_H_L4([H]) +M_L_H_H_H_L4([H]) +L_H_H_H_H_L4([H]) +H_H_H_H_M_L4([M]) +H_H_H_M_H_L4([H]) +H_H_M_H_H_L4([H]) +H_L_H_H_H_L4([H]) +M_H_H_H_H_L4([H]) +H_H_H_H_H_L4([H]) +end +subgraph s6["cvss:EQ6:1.0.0"] +L_L_L_L_L_L_L5([L]) +M_L_L_L_L_L_L5([L]) +L_H_L_L_L_L_L5([L]) +L_L_M_L_L_L_L5([L]) +L_L_L_M_L_L_L5([L]) +L_L_L_L_M_L_L5([L]) +H_L_L_L_L_L_L5([L]) +M_H_L_L_L_L_L5([L]) +M_L_M_L_L_L_L5([L]) +L_H_M_L_L_L_L5([L]) +L_L_H_L_L_L_L5([L]) +M_L_L_M_L_L_L5([L]) +L_H_L_M_L_L_L5([L]) +L_L_M_M_L_L_L5([L]) +L_L_L_H_L_L_L5([L]) +M_L_L_L_M_L_L5([L]) +L_H_L_L_M_L_L5([L]) +L_L_M_L_M_L_L5([L]) +L_L_L_M_M_L_L5([L]) +L_L_L_L_H_L_L5([L]) +L_L_M_L_L_H_L5([H]) +H_H_L_L_L_L_L5([L]) +H_L_M_L_L_L_L5([L]) +M_H_M_L_L_L_L5([L]) +M_L_H_L_L_L_L5([L]) +L_H_H_L_L_L_L5([L]) +H_L_L_M_L_L_L5([L]) +M_H_L_M_L_L_L5([L]) +M_L_M_M_L_L_L5([L]) +L_H_M_M_L_L_L5([L]) +L_L_H_M_L_L_L5([L]) +M_L_L_H_L_L_L5([L]) +L_H_L_H_L_L_L5([L]) +L_L_M_H_L_L_L5([L]) +H_L_L_L_M_L_L5([L]) +M_H_L_L_M_L_L5([L]) +M_L_M_L_M_L_L5([L]) +L_H_M_L_M_L_L5([L]) +L_L_H_L_M_L_L5([L]) +M_L_L_M_M_L_L5([L]) +L_H_L_M_M_L_L5([L]) +L_L_M_M_M_L_L5([L]) +L_L_L_H_M_L_L5([L]) +M_L_L_L_H_L_L5([L]) +L_H_L_L_H_L_L5([L]) +L_L_M_L_H_L_L5([L]) +L_L_L_M_H_L_L5([L]) +M_L_M_L_L_H_L5([H]) +L_H_M_L_L_H_L5([H]) +L_L_H_L_L_H_L5([H]) +L_L_M_M_L_H_L5([H]) +L_L_M_L_M_H_L5([H]) +H_H_M_L_L_L_L5([L]) +H_L_H_L_L_L_L5([L]) +M_H_H_L_L_L_L5([L]) +H_H_L_M_L_L_L5([L]) +H_L_M_M_L_L_L5([L]) +M_H_M_M_L_L_L5([L]) +M_L_H_M_L_L_L5([L]) +L_H_H_M_L_L_L5([L]) +H_L_L_H_L_L_L5([L]) +M_H_L_H_L_L_L5([L]) +M_L_M_H_L_L_L5([L]) +L_H_M_H_L_L_L5([L]) +L_L_H_H_L_L_L5([L]) +H_H_L_L_M_L_L5([L]) +H_L_M_L_M_L_L5([L]) +M_H_M_L_M_L_L5([L]) +M_L_H_L_M_L_L5([L]) +L_H_H_L_M_L_L5([L]) +H_L_L_M_M_L_L5([L]) +M_H_L_M_M_L_L5([L]) +M_L_M_M_M_L_L5([L]) +L_H_M_M_M_L_L5([L]) +L_L_H_M_M_L_L5([L]) +M_L_L_H_M_L_L5([L]) +L_H_L_H_M_L_L5([L]) +L_L_M_H_M_L_L5([L]) +H_L_L_L_H_L_L5([L]) +M_H_L_L_H_L_L5([L]) +M_L_M_L_H_L_L5([L]) +L_H_M_L_H_L_L5([L]) +L_L_H_L_H_L_L5([L]) +M_L_L_M_H_L_L5([L]) +L_H_L_M_H_L_L5([L]) +L_L_M_M_H_L_L5([L]) +L_L_L_H_H_L_L5([L]) +H_L_M_L_L_H_L5([H]) +M_H_M_L_L_H_L5([H]) +M_L_H_L_L_H_L5([H]) +L_H_H_L_L_H_L5([H]) +M_L_M_M_L_H_L5([H]) +L_H_M_M_L_H_L5([H]) +L_L_H_M_L_H_L5([H]) +L_L_M_H_L_H_L5([H]) +M_L_M_L_M_H_L5([H]) +L_H_M_L_M_H_L5([H]) +L_L_H_L_M_H_L5([H]) +L_L_M_M_M_H_L5([H]) +L_L_M_L_H_H_L5([H]) +H_H_H_L_L_L_L5([L]) +H_H_M_M_L_L_L5([L]) +H_L_H_M_L_L_L5([L]) +M_H_H_M_L_L_L5([L]) +H_H_L_H_L_L_L5([L]) +H_L_M_H_L_L_L5([L]) +M_H_M_H_L_L_L5([L]) +M_L_H_H_L_L_L5([L]) +L_H_H_H_L_L_L5([L]) +H_H_M_L_M_L_L5([L]) +H_L_H_L_M_L_L5([L]) +M_H_H_L_M_L_L5([L]) +H_H_L_M_M_L_L5([L]) +H_L_M_M_M_L_L5([L]) +M_H_M_M_M_L_L5([L]) +M_L_H_M_M_L_L5([L]) +L_H_H_M_M_L_L5([L]) +H_L_L_H_M_L_L5([L]) +M_H_L_H_M_L_L5([L]) +M_L_M_H_M_L_L5([L]) +L_H_M_H_M_L_L5([L]) +L_L_H_H_M_L_L5([L]) +H_H_L_L_H_L_L5([L]) +H_L_M_L_H_L_L5([L]) +M_H_M_L_H_L_L5([L]) +M_L_H_L_H_L_L5([L]) +L_H_H_L_H_L_L5([L]) +H_L_L_M_H_L_L5([L]) +M_H_L_M_H_L_L5([L]) +M_L_M_M_H_L_L5([L]) +L_H_M_M_H_L_L5([L]) +L_L_H_M_H_L_L5([L]) +M_L_L_H_H_L_L5([L]) +L_H_L_H_H_L_L5([L]) +L_L_M_H_H_L_L5([L]) +H_H_M_L_L_H_L5([H]) +H_L_H_L_L_H_L5([H]) +M_H_H_L_L_H_L5([H]) +H_L_M_M_L_H_L5([H]) +M_H_M_M_L_H_L5([H]) +M_L_H_M_L_H_L5([H]) +L_H_H_M_L_H_L5([H]) +M_L_M_H_L_H_L5([H]) +L_H_M_H_L_H_L5([H]) +L_L_H_H_L_H_L5([H]) +H_L_M_L_M_H_L5([H]) +M_H_M_L_M_H_L5([H]) +M_L_H_L_M_H_L5([H]) +L_H_H_L_M_H_L5([H]) +M_L_M_M_M_H_L5([H]) +L_H_M_M_M_H_L5([H]) +L_L_H_M_M_H_L5([H]) +L_L_M_H_M_H_L5([H]) +M_L_M_L_H_H_L5([H]) +L_H_M_L_H_H_L5([H]) +L_L_H_L_H_H_L5([H]) +L_L_M_M_H_H_L5([H]) +H_H_H_M_L_L_L5([L]) +H_H_M_H_L_L_L5([L]) +H_L_H_H_L_L_L5([L]) +M_H_H_H_L_L_L5([L]) +H_H_H_L_M_L_L5([L]) +H_H_M_M_M_L_L5([L]) +H_L_H_M_M_L_L5([L]) +M_H_H_M_M_L_L5([L]) +H_H_L_H_M_L_L5([L]) +H_L_M_H_M_L_L5([L]) +M_H_M_H_M_L_L5([L]) +M_L_H_H_M_L_L5([L]) +L_H_H_H_M_L_L5([L]) +H_H_M_L_H_L_L5([L]) +H_L_H_L_H_L_L5([L]) +M_H_H_L_H_L_L5([L]) +H_H_L_M_H_L_L5([L]) +H_L_M_M_H_L_L5([L]) +M_H_M_M_H_L_L5([L]) +M_L_H_M_H_L_L5([L]) +L_H_H_M_H_L_L5([L]) +H_L_L_H_H_L_L5([L]) +M_H_L_H_H_L_L5([L]) +M_L_M_H_H_L_L5([L]) +L_H_M_H_H_L_L5([L]) +L_L_H_H_H_L_L5([L]) +H_H_H_L_L_H_L5([H]) +H_H_M_M_L_H_L5([H]) +H_L_H_M_L_H_L5([H]) +M_H_H_M_L_H_L5([H]) +H_L_M_H_L_H_L5([H]) +M_H_M_H_L_H_L5([H]) +M_L_H_H_L_H_L5([H]) +L_H_H_H_L_H_L5([H]) +H_H_M_L_M_H_L5([H]) +H_L_H_L_M_H_L5([H]) +M_H_H_L_M_H_L5([H]) +H_L_M_M_M_H_L5([H]) +M_H_M_M_M_H_L5([H]) +M_L_H_M_M_H_L5([H]) +L_H_H_M_M_H_L5([H]) +M_L_M_H_M_H_L5([H]) +L_H_M_H_M_H_L5([H]) +L_L_H_H_M_H_L5([H]) +H_L_M_L_H_H_L5([H]) +M_H_M_L_H_H_L5([H]) +M_L_H_L_H_H_L5([H]) +L_H_H_L_H_H_L5([H]) +M_L_M_M_H_H_L5([H]) +L_H_M_M_H_H_L5([H]) +L_L_H_M_H_H_L5([H]) +L_L_M_H_H_H_L5([H]) +H_H_H_H_L_L_L5([L]) +H_H_H_M_M_L_L5([L]) +H_H_M_H_M_L_L5([L]) +H_L_H_H_M_L_L5([L]) +M_H_H_H_M_L_L5([L]) +H_H_H_L_H_L_L5([L]) +H_H_M_M_H_L_L5([L]) +H_L_H_M_H_L_L5([L]) +M_H_H_M_H_L_L5([L]) +H_H_L_H_H_L_L5([L]) +H_L_M_H_H_L_L5([L]) +M_H_M_H_H_L_L5([L]) +M_L_H_H_H_L_L5([L]) +L_H_H_H_H_L_L5([L]) +H_H_H_M_L_H_L5([H]) +H_H_M_H_L_H_L5([H]) +H_L_H_H_L_H_L5([H]) +M_H_H_H_L_H_L5([H]) +H_H_H_L_M_H_L5([H]) +H_H_M_M_M_H_L5([H]) +H_L_H_M_M_H_L5([H]) +M_H_H_M_M_H_L5([H]) +H_L_M_H_M_H_L5([H]) +M_H_M_H_M_H_L5([H]) +M_L_H_H_M_H_L5([H]) +L_H_H_H_M_H_L5([H]) +H_H_M_L_H_H_L5([H]) +H_L_H_L_H_H_L5([H]) +M_H_H_L_H_H_L5([H]) +H_L_M_M_H_H_L5([H]) +M_H_M_M_H_H_L5([H]) +M_L_H_M_H_H_L5([H]) +L_H_H_M_H_H_L5([H]) +M_L_M_H_H_H_L5([H]) +L_H_M_H_H_H_L5([H]) +L_L_H_H_H_H_L5([H]) +H_H_H_H_M_L_L5([L]) +H_H_H_M_H_L_L5([L]) +H_H_M_H_H_L_L5([L]) +H_L_H_H_H_L_L5([L]) +M_H_H_H_H_L_L5([L]) +H_H_H_H_L_H_L5([H]) +H_H_H_M_M_H_L5([H]) +H_H_M_H_M_H_L5([H]) +H_L_H_H_M_H_L5([H]) +M_H_H_H_M_H_L5([H]) +H_H_H_L_H_H_L5([H]) +H_H_M_M_H_H_L5([H]) +H_L_H_M_H_H_L5([H]) +M_H_H_M_H_H_L5([H]) +H_L_M_H_H_H_L5([H]) +M_H_M_H_H_H_L5([H]) +M_L_H_H_H_H_L5([H]) +L_H_H_H_H_H_L5([H]) +H_H_H_H_H_L_L5([L]) +H_H_H_H_M_H_L5([H]) +H_H_H_M_H_H_L5([H]) +H_H_M_H_H_H_L5([H]) +H_L_H_H_H_H_L5([H]) +M_H_H_H_H_H_L5([H]) +H_H_H_H_H_H_L5([H]) +end +subgraph s7["cvss:CVSS:1.0.0"] +L_L_L_L_L_L_L_L6([L]) +M_L_L_L_L_L_L_L6([L]) +L_H_L_L_L_L_L_L6([L]) +L_L_M_L_L_L_L_L6([L]) +L_L_L_M_L_L_L_L6([L]) +L_L_L_L_M_L_L_L6([L]) +H_L_L_L_L_L_L_L6([L]) +M_H_L_L_L_L_L_L6([L]) +M_L_M_L_L_L_L_L6([L]) +L_H_M_L_L_L_L_L6([L]) +L_L_H_L_L_L_L_L6([L]) +M_L_L_M_L_L_L_L6([L]) +L_H_L_M_L_L_L_L6([L]) +L_L_M_M_L_L_L_L6([L]) +L_L_L_H_L_L_L_L6([L]) +M_L_L_L_M_L_L_L6([L]) +L_H_L_L_M_L_L_L6([L]) +L_L_M_L_M_L_L_L6([L]) +L_L_L_M_M_L_L_L6([L]) +L_L_L_L_H_L_L_L6([L]) +L_L_M_L_L_H_L_L6([L]) +H_H_L_L_L_L_L_L6([L]) +H_L_M_L_L_L_L_L6([L]) +M_H_M_L_L_L_L_L6([L]) +M_L_H_L_L_L_L_L6([L]) +L_H_H_L_L_L_L_L6([L]) +H_L_L_M_L_L_L_L6([L]) +M_H_L_M_L_L_L_L6([L]) +M_L_M_M_L_L_L_L6([L]) +L_H_M_M_L_L_L_L6([L]) +L_L_H_M_L_L_L_L6([L]) +M_L_L_H_L_L_L_L6([L]) +L_H_L_H_L_L_L_L6([L]) +L_L_M_H_L_L_L_L6([L]) +H_L_L_L_M_L_L_L6([L]) +M_H_L_L_M_L_L_L6([L]) +M_L_M_L_M_L_L_L6([L]) +L_H_M_L_M_L_L_L6([L]) +L_L_H_L_M_L_L_L6([L]) +M_L_L_M_M_L_L_L6([L]) +L_H_L_M_M_L_L_L6([L]) +L_L_M_M_M_L_L_L6([L]) +L_L_L_H_M_L_L_L6([L]) +M_L_L_L_H_L_L_L6([L]) +L_H_L_L_H_L_L_L6([L]) +L_L_M_L_H_L_L_L6([L]) +L_L_L_M_H_L_L_L6([L]) +M_L_M_L_L_H_L_L6([L]) +L_H_M_L_L_H_L_L6([L]) +L_L_H_L_L_H_L_L6([L]) +L_L_M_M_L_H_L_L6([L]) +L_L_M_L_M_H_L_L6([L]) +H_H_M_L_L_L_M_L6([M]) +H_L_H_L_L_L_M_L6([M]) +M_H_H_L_L_L_M_L6([M]) +H_H_L_M_L_L_M_L6([M]) +H_L_M_M_L_L_M_L6([M]) +M_H_M_M_L_L_M_L6([M]) +M_L_H_M_L_L_M_L6([M]) +L_H_H_M_L_L_L_L6([L]) +H_L_L_H_L_L_M_L6([M]) +M_H_L_H_L_L_M_L6([M]) +M_L_M_H_L_L_M_L6([M]) +L_H_M_H_L_L_M_L6([M]) +L_L_H_H_L_L_M_L6([M]) +H_H_L_L_M_L_M_L6([M]) +H_L_M_L_M_L_M_L6([M]) +M_H_M_L_M_L_M_L6([M]) +M_L_H_L_M_L_M_L6([M]) +L_H_H_L_M_L_M_L6([M]) +H_L_L_M_M_L_M_L6([M]) +M_H_L_M_M_L_M_L6([M]) +M_L_M_M_M_L_M_L6([M]) +L_H_M_M_M_L_M_L6([M]) +L_L_H_M_M_L_M_L6([M]) +M_L_L_H_M_L_M_L6([M]) +L_H_L_H_M_L_M_L6([M]) +L_L_M_H_M_L_M_L6([M]) +H_L_L_L_H_L_M_L6([M]) +M_H_L_L_H_L_M_L6([M]) +M_L_M_L_H_L_M_L6([M]) +L_H_M_L_H_L_L_L6([L]) +L_L_H_L_H_L_M_L6([M]) +M_L_L_M_H_L_M_L6([M]) +L_H_L_M_H_L_M_L6([M]) +L_L_M_M_H_L_M_L6([M]) +L_L_L_H_H_L_M_L6([M]) +H_L_M_L_L_H_M_L6([M]) +M_H_M_L_L_H_M_L6([M]) +M_L_H_L_L_H_M_L6([M]) +L_H_H_L_L_H_M_L6([M]) +M_L_M_M_L_H_M_L6([M]) +L_H_M_M_L_H_M_L6([M]) +L_L_H_M_L_H_M_L6([M]) +L_L_M_H_L_H_M_L6([M]) +M_L_M_L_M_H_M_L6([M]) +L_H_M_L_M_H_L_L6([L]) +L_L_H_L_M_H_M_L6([M]) +L_L_M_M_M_H_M_L6([M]) +L_L_M_L_H_H_M_L6([M]) +H_H_H_L_L_L_M_L6([M]) +H_H_M_M_L_L_M_L6([M]) +H_L_H_M_L_L_H_L6([H]) +M_H_H_M_L_L_M_L6([M]) +H_H_L_H_L_L_H_L6([H]) +H_L_M_H_L_L_H_L6([H]) +M_H_M_H_L_L_M_L6([M]) +M_L_H_H_L_L_H_L6([H]) +L_H_H_H_L_L_M_L6([M]) +H_H_M_L_M_L_H_L6([H]) +H_L_H_L_M_L_H_L6([H]) +M_H_H_L_M_L_M_L6([M]) +H_H_L_M_M_L_M_L6([M]) +H_L_M_M_M_L_H_L6([H]) +M_H_M_M_M_L_M_L6([M]) +M_L_H_M_M_L_M_L6([M]) +L_H_H_M_M_L_M_L6([M]) +H_L_L_H_M_L_H_L6([H]) +M_H_L_H_M_L_H_L6([H]) +M_L_M_H_M_L_M_L6([M]) +L_H_M_H_M_L_M_L6([M]) +L_L_H_H_M_L_M_L6([M]) +H_H_L_L_H_L_M_L6([M]) +H_L_M_L_H_L_H_L6([H]) +M_H_M_L_H_L_M_L6([M]) +M_L_H_L_H_L_M_L6([M]) +L_H_H_L_H_L_M_L6([M]) +H_L_L_M_H_L_H_L6([H]) +M_H_L_M_H_L_M_L6([M]) +M_L_M_M_H_L_M_L6([M]) +L_H_M_M_H_L_M_L6([M]) +L_L_H_M_H_L_M_L6([M]) +M_L_L_H_H_L_H_L6([H]) +L_H_L_H_H_L_M_L6([M]) +L_L_M_H_H_L_M_L6([M]) +H_H_M_L_L_H_M_L6([M]) +H_L_H_L_L_H_H_L6([H]) +M_H_H_L_L_H_M_L6([M]) +H_L_M_M_L_H_H_L6([H]) +M_H_M_M_L_H_M_L6([M]) +M_L_H_M_L_H_M_L6([M]) +L_H_H_M_L_H_M_L6([M]) +M_L_M_H_L_H_M_L6([M]) +L_H_M_H_L_H_M_L6([M]) +L_L_H_H_L_H_M_L6([M]) +H_L_M_L_M_H_H_L6([H]) +M_H_M_L_M_H_M_L6([M]) +M_L_H_L_M_H_M_L6([M]) +L_H_H_L_M_H_M_L6([M]) +M_L_M_M_M_H_M_L6([M]) +L_H_M_M_M_H_M_L6([M]) +L_L_H_M_M_H_M_L6([M]) +L_L_M_H_M_H_M_L6([M]) +M_L_M_L_H_H_M_L6([M]) +L_H_M_L_H_H_M_L6([M]) +L_L_H_L_H_H_M_L6([M]) +L_L_M_M_H_H_M_L6([M]) +H_H_H_M_L_L_H_L6([H]) +H_H_M_H_L_L_H_L6([H]) +H_L_H_H_L_L_H_L6([H]) +M_H_H_H_L_L_H_L6([H]) +H_H_H_L_M_L_H_L6([H]) +H_H_M_M_M_L_H_L6([H]) +H_L_H_M_M_L_H_L6([H]) +M_H_H_M_M_L_H_L6([H]) +H_H_L_H_M_L_H_L6([H]) +H_L_M_H_M_L_H_L6([H]) +M_H_M_H_M_L_H_L6([H]) +M_L_H_H_M_L_H_L6([H]) +L_H_H_H_M_L_H_L6([H]) +H_H_M_L_H_L_H_L6([H]) +H_L_H_L_H_L_H_L6([H]) +M_H_H_L_H_L_H_L6([H]) +H_H_L_M_H_L_H_L6([H]) +H_L_M_M_H_L_H_L6([H]) +M_H_M_M_H_L_H_L6([H]) +M_L_H_M_H_L_H_L6([H]) +L_H_H_M_H_L_H_L6([H]) +H_L_L_H_H_L_H_L6([H]) +M_H_L_H_H_L_H_L6([H]) +M_L_M_H_H_L_H_L6([H]) +L_H_M_H_H_L_H_L6([H]) +L_L_H_H_H_L_H_L6([H]) +H_H_H_L_L_H_H_L6([H]) +H_H_M_M_L_H_H_L6([H]) +H_L_H_M_L_H_H_L6([H]) +M_H_H_M_L_H_H_L6([H]) +H_L_M_H_L_H_H_L6([H]) +M_H_M_H_L_H_H_L6([H]) +M_L_H_H_L_H_H_L6([H]) +L_H_H_H_L_H_H_L6([H]) +H_H_M_L_M_H_H_L6([H]) +H_L_H_L_M_H_H_L6([H]) +M_H_H_L_M_H_H_L6([H]) +H_L_M_M_M_H_H_L6([H]) +M_H_M_M_M_H_H_L6([H]) +M_L_H_M_M_H_H_L6([H]) +L_H_H_M_M_H_H_L6([H]) +M_L_M_H_M_H_H_L6([H]) +L_H_M_H_M_H_H_L6([H]) +L_L_H_H_M_H_H_L6([H]) +H_L_M_L_H_H_H_L6([H]) +M_H_M_L_H_H_H_L6([H]) +M_L_H_L_H_H_H_L6([H]) +L_H_H_L_H_H_H_L6([H]) +M_L_M_M_H_H_H_L6([H]) +L_H_M_M_H_H_H_L6([H]) +L_L_H_M_H_H_H_L6([H]) +L_L_M_H_H_H_H_L6([H]) +H_H_H_H_L_L_C_L6([C]) +H_H_H_M_M_L_H_L6([H]) +H_H_M_H_M_L_C_L6([C]) +H_L_H_H_M_L_C_L6([C]) +M_H_H_H_M_L_H_L6([H]) +H_H_H_L_H_L_C_L6([C]) +H_H_M_M_H_L_C_L6([C]) +H_L_H_M_H_L_C_L6([C]) +M_H_H_M_H_L_H_L6([H]) +H_H_L_H_H_L_C_L6([C]) +H_L_M_H_H_L_C_L6([C]) +M_H_M_H_H_L_H_L6([H]) +M_L_H_H_H_L_C_L6([C]) +L_H_H_H_H_L_H_L6([H]) +H_H_H_M_L_H_C_L6([C]) +H_H_M_H_L_H_C_L6([C]) +H_L_H_H_L_H_C_L6([C]) +M_H_H_H_L_H_C_L6([C]) +H_H_H_L_M_H_H_L6([H]) +H_H_M_M_M_H_H_L6([H]) +H_L_H_M_M_H_C_L6([C]) +M_H_H_M_M_H_H_L6([H]) +H_L_M_H_M_H_C_L6([C]) +M_H_M_H_M_H_H_L6([H]) +M_L_H_H_M_H_H_L6([H]) +L_H_H_H_M_H_H_L6([H]) +H_H_M_L_H_H_H_L6([H]) +H_L_H_L_H_H_C_L6([C]) +M_H_H_L_H_H_H_L6([H]) +H_L_M_M_H_H_C_L6([C]) +M_H_M_M_H_H_H_L6([H]) +M_L_H_M_H_H_C_L6([C]) +L_H_H_M_H_H_H_L6([H]) +M_L_M_H_H_H_H_L6([H]) +L_H_M_H_H_H_H_L6([H]) +L_L_H_H_H_H_H_L6([H]) +H_H_H_H_M_L_C_L6([C]) +H_H_H_M_H_L_C_L6([C]) +H_H_M_H_H_L_C_L6([C]) +H_L_H_H_H_L_C_L6([C]) +M_H_H_H_H_L_C_L6([C]) +H_H_H_H_L_H_C_L6([C]) +H_H_H_M_M_H_C_L6([C]) +H_H_M_H_M_H_C_L6([C]) +H_L_H_H_M_H_C_L6([C]) +M_H_H_H_M_H_C_L6([C]) +H_H_H_L_H_H_C_L6([C]) +H_H_M_M_H_H_C_L6([C]) +H_L_H_M_H_H_C_L6([C]) +M_H_H_M_H_H_C_L6([C]) +H_L_M_H_H_H_C_L6([C]) +M_H_M_H_H_H_C_L6([C]) +M_L_H_H_H_H_C_L6([C]) +L_H_H_H_H_H_C_L6([C]) +H_H_H_H_H_L_C_L6([C]) +H_H_H_H_M_H_C_L6([C]) +H_H_H_M_H_H_C_L6([C]) +H_H_M_H_H_H_C_L6([C]) +H_L_H_H_H_H_C_L6([C]) +M_H_H_H_H_H_C_L6([C]) +H_H_H_H_H_H_C_L6([C]) +end +n1 --- L_L0 +n1 --- M_L0 +n1 --- H_L0 +L_L0 --- L_L_L1 +L_L_L1 --- L_L_L_L2 +L_L_L_L2 --- L_L_L_L_L3 +L_L_L_L_L3 --- L_L_L_L_L_L4 +L_L_L_L_L_L4 --- L_L_L_L_L_L_L5 +L_L_L_L_L_L_L5 --- L_L_L_L_L_L_L_L6 +M_L0 --- M_L_L1 +M_L_L1 --- M_L_L_L2 +M_L_L_L2 --- M_L_L_L_L3 +M_L_L_L_L3 --- M_L_L_L_L_L4 +M_L_L_L_L_L4 --- M_L_L_L_L_L_L5 +M_L_L_L_L_L_L5 --- M_L_L_L_L_L_L_L6 +L_L0 --- L_H_L1 +L_H_L1 --- L_H_L_L2 +L_H_L_L2 --- L_H_L_L_L3 +L_H_L_L_L3 --- L_H_L_L_L_L4 +L_H_L_L_L_L4 --- L_H_L_L_L_L_L5 +L_H_L_L_L_L_L5 --- L_H_L_L_L_L_L_L6 +L_L_L1 --- L_L_M_L2 +L_L_M_L2 --- L_L_M_L_L3 +L_L_M_L_L3 --- L_L_M_L_L_L4 +L_L_M_L_L_L4 --- L_L_M_L_L_L_L5 +L_L_M_L_L_L_L5 --- L_L_M_L_L_L_L_L6 +L_L_L_L2 --- L_L_L_M_L3 +L_L_L_M_L3 --- L_L_L_M_L_L4 +L_L_L_M_L_L4 --- L_L_L_M_L_L_L5 +L_L_L_M_L_L_L5 --- L_L_L_M_L_L_L_L6 +L_L_L_L_L3 --- L_L_L_L_M_L4 +L_L_L_L_M_L4 --- L_L_L_L_M_L_L5 +L_L_L_L_M_L_L5 --- L_L_L_L_M_L_L_L6 +H_L0 --- H_L_L1 +H_L_L1 --- H_L_L_L2 +H_L_L_L2 --- H_L_L_L_L3 +H_L_L_L_L3 --- H_L_L_L_L_L4 +H_L_L_L_L_L4 --- H_L_L_L_L_L_L5 +H_L_L_L_L_L_L5 --- H_L_L_L_L_L_L_L6 +M_L0 --- M_H_L1 +M_H_L1 --- M_H_L_L2 +M_H_L_L2 --- M_H_L_L_L3 +M_H_L_L_L3 --- M_H_L_L_L_L4 +M_H_L_L_L_L4 --- M_H_L_L_L_L_L5 +M_H_L_L_L_L_L5 --- M_H_L_L_L_L_L_L6 +M_L_L1 --- M_L_M_L2 +M_L_M_L2 --- M_L_M_L_L3 +M_L_M_L_L3 --- M_L_M_L_L_L4 +M_L_M_L_L_L4 --- M_L_M_L_L_L_L5 +M_L_M_L_L_L_L5 --- M_L_M_L_L_L_L_L6 +L_H_L1 --- L_H_M_L2 +L_H_M_L2 --- L_H_M_L_L3 +L_H_M_L_L3 --- L_H_M_L_L_L4 +L_H_M_L_L_L4 --- L_H_M_L_L_L_L5 +L_H_M_L_L_L_L5 --- L_H_M_L_L_L_L_L6 +L_L_L1 --- L_L_H_L2 +L_L_H_L2 --- L_L_H_L_L3 +L_L_H_L_L3 --- L_L_H_L_L_L4 +L_L_H_L_L_L4 --- L_L_H_L_L_L_L5 +L_L_H_L_L_L_L5 --- L_L_H_L_L_L_L_L6 +M_L_L_L2 --- M_L_L_M_L3 +M_L_L_M_L3 --- M_L_L_M_L_L4 +M_L_L_M_L_L4 --- M_L_L_M_L_L_L5 +M_L_L_M_L_L_L5 --- M_L_L_M_L_L_L_L6 +L_H_L_L2 --- L_H_L_M_L3 +L_H_L_M_L3 --- L_H_L_M_L_L4 +L_H_L_M_L_L4 --- L_H_L_M_L_L_L5 +L_H_L_M_L_L_L5 --- L_H_L_M_L_L_L_L6 +L_L_M_L2 --- L_L_M_M_L3 +L_L_M_M_L3 --- L_L_M_M_L_L4 +L_L_M_M_L_L4 --- L_L_M_M_L_L_L5 +L_L_M_M_L_L_L5 --- L_L_M_M_L_L_L_L6 +L_L_L_L2 --- L_L_L_H_L3 +L_L_L_H_L3 --- L_L_L_H_L_L4 +L_L_L_H_L_L4 --- L_L_L_H_L_L_L5 +L_L_L_H_L_L_L5 --- L_L_L_H_L_L_L_L6 +M_L_L_L_L3 --- M_L_L_L_M_L4 +M_L_L_L_M_L4 --- M_L_L_L_M_L_L5 +M_L_L_L_M_L_L5 --- M_L_L_L_M_L_L_L6 +L_H_L_L_L3 --- L_H_L_L_M_L4 +L_H_L_L_M_L4 --- L_H_L_L_M_L_L5 +L_H_L_L_M_L_L5 --- L_H_L_L_M_L_L_L6 +L_L_M_L_L3 --- L_L_M_L_M_L4 +L_L_M_L_M_L4 --- L_L_M_L_M_L_L5 +L_L_M_L_M_L_L5 --- L_L_M_L_M_L_L_L6 +L_L_L_M_L3 --- L_L_L_M_M_L4 +L_L_L_M_M_L4 --- L_L_L_M_M_L_L5 +L_L_L_M_M_L_L5 --- L_L_L_M_M_L_L_L6 +L_L_L_L_L3 --- L_L_L_L_H_L4 +L_L_L_L_H_L4 --- L_L_L_L_H_L_L5 +L_L_L_L_H_L_L5 --- L_L_L_L_H_L_L_L6 +L_L_M_L_L_L4 --- L_L_M_L_L_H_L5 +L_L_M_L_L_H_L5 --- L_L_M_L_L_H_L_L6 +H_L0 --- H_H_L1 +H_H_L1 --- H_H_L_L2 +H_H_L_L2 --- H_H_L_L_L3 +H_H_L_L_L3 --- H_H_L_L_L_L4 +H_H_L_L_L_L4 --- H_H_L_L_L_L_L5 +H_H_L_L_L_L_L5 --- H_H_L_L_L_L_L_L6 +H_L_L1 --- H_L_M_L2 +H_L_M_L2 --- H_L_M_L_L3 +H_L_M_L_L3 --- H_L_M_L_L_L4 +H_L_M_L_L_L4 --- H_L_M_L_L_L_L5 +H_L_M_L_L_L_L5 --- H_L_M_L_L_L_L_L6 +M_H_L1 --- M_H_M_L2 +M_H_M_L2 --- M_H_M_L_L3 +M_H_M_L_L3 --- M_H_M_L_L_L4 +M_H_M_L_L_L4 --- M_H_M_L_L_L_L5 +M_H_M_L_L_L_L5 --- M_H_M_L_L_L_L_L6 +M_L_L1 --- M_L_H_L2 +M_L_H_L2 --- M_L_H_L_L3 +M_L_H_L_L3 --- M_L_H_L_L_L4 +M_L_H_L_L_L4 --- M_L_H_L_L_L_L5 +M_L_H_L_L_L_L5 --- M_L_H_L_L_L_L_L6 +L_H_L1 --- L_H_H_L2 +L_H_H_L2 --- L_H_H_L_L3 +L_H_H_L_L3 --- L_H_H_L_L_L4 +L_H_H_L_L_L4 --- L_H_H_L_L_L_L5 +L_H_H_L_L_L_L5 --- L_H_H_L_L_L_L_L6 +H_L_L_L2 --- H_L_L_M_L3 +H_L_L_M_L3 --- H_L_L_M_L_L4 +H_L_L_M_L_L4 --- H_L_L_M_L_L_L5 +H_L_L_M_L_L_L5 --- H_L_L_M_L_L_L_L6 +M_H_L_L2 --- M_H_L_M_L3 +M_H_L_M_L3 --- M_H_L_M_L_L4 +M_H_L_M_L_L4 --- M_H_L_M_L_L_L5 +M_H_L_M_L_L_L5 --- M_H_L_M_L_L_L_L6 +M_L_M_L2 --- M_L_M_M_L3 +M_L_M_M_L3 --- M_L_M_M_L_L4 +M_L_M_M_L_L4 --- M_L_M_M_L_L_L5 +M_L_M_M_L_L_L5 --- M_L_M_M_L_L_L_L6 +L_H_M_L2 --- L_H_M_M_L3 +L_H_M_M_L3 --- L_H_M_M_L_L4 +L_H_M_M_L_L4 --- L_H_M_M_L_L_L5 +L_H_M_M_L_L_L5 --- L_H_M_M_L_L_L_L6 +L_L_H_L2 --- L_L_H_M_L3 +L_L_H_M_L3 --- L_L_H_M_L_L4 +L_L_H_M_L_L4 --- L_L_H_M_L_L_L5 +L_L_H_M_L_L_L5 --- L_L_H_M_L_L_L_L6 +M_L_L_L2 --- M_L_L_H_L3 +M_L_L_H_L3 --- M_L_L_H_L_L4 +M_L_L_H_L_L4 --- M_L_L_H_L_L_L5 +M_L_L_H_L_L_L5 --- M_L_L_H_L_L_L_L6 +L_H_L_L2 --- L_H_L_H_L3 +L_H_L_H_L3 --- L_H_L_H_L_L4 +L_H_L_H_L_L4 --- L_H_L_H_L_L_L5 +L_H_L_H_L_L_L5 --- L_H_L_H_L_L_L_L6 +L_L_M_L2 --- L_L_M_H_L3 +L_L_M_H_L3 --- L_L_M_H_L_L4 +L_L_M_H_L_L4 --- L_L_M_H_L_L_L5 +L_L_M_H_L_L_L5 --- L_L_M_H_L_L_L_L6 +H_L_L_L_L3 --- H_L_L_L_M_L4 +H_L_L_L_M_L4 --- H_L_L_L_M_L_L5 +H_L_L_L_M_L_L5 --- H_L_L_L_M_L_L_L6 +M_H_L_L_L3 --- M_H_L_L_M_L4 +M_H_L_L_M_L4 --- M_H_L_L_M_L_L5 +M_H_L_L_M_L_L5 --- M_H_L_L_M_L_L_L6 +M_L_M_L_L3 --- M_L_M_L_M_L4 +M_L_M_L_M_L4 --- M_L_M_L_M_L_L5 +M_L_M_L_M_L_L5 --- M_L_M_L_M_L_L_L6 +L_H_M_L_L3 --- L_H_M_L_M_L4 +L_H_M_L_M_L4 --- L_H_M_L_M_L_L5 +L_H_M_L_M_L_L5 --- L_H_M_L_M_L_L_L6 +L_L_H_L_L3 --- L_L_H_L_M_L4 +L_L_H_L_M_L4 --- L_L_H_L_M_L_L5 +L_L_H_L_M_L_L5 --- L_L_H_L_M_L_L_L6 +M_L_L_M_L3 --- M_L_L_M_M_L4 +M_L_L_M_M_L4 --- M_L_L_M_M_L_L5 +M_L_L_M_M_L_L5 --- M_L_L_M_M_L_L_L6 +L_H_L_M_L3 --- L_H_L_M_M_L4 +L_H_L_M_M_L4 --- L_H_L_M_M_L_L5 +L_H_L_M_M_L_L5 --- L_H_L_M_M_L_L_L6 +L_L_M_M_L3 --- L_L_M_M_M_L4 +L_L_M_M_M_L4 --- L_L_M_M_M_L_L5 +L_L_M_M_M_L_L5 --- L_L_M_M_M_L_L_L6 +L_L_L_H_L3 --- L_L_L_H_M_L4 +L_L_L_H_M_L4 --- L_L_L_H_M_L_L5 +L_L_L_H_M_L_L5 --- L_L_L_H_M_L_L_L6 +M_L_L_L_L3 --- M_L_L_L_H_L4 +M_L_L_L_H_L4 --- M_L_L_L_H_L_L5 +M_L_L_L_H_L_L5 --- M_L_L_L_H_L_L_L6 +L_H_L_L_L3 --- L_H_L_L_H_L4 +L_H_L_L_H_L4 --- L_H_L_L_H_L_L5 +L_H_L_L_H_L_L5 --- L_H_L_L_H_L_L_L6 +L_L_M_L_L3 --- L_L_M_L_H_L4 +L_L_M_L_H_L4 --- L_L_M_L_H_L_L5 +L_L_M_L_H_L_L5 --- L_L_M_L_H_L_L_L6 +L_L_L_M_L3 --- L_L_L_M_H_L4 +L_L_L_M_H_L4 --- L_L_L_M_H_L_L5 +L_L_L_M_H_L_L5 --- L_L_L_M_H_L_L_L6 +M_L_M_L_L_L4 --- M_L_M_L_L_H_L5 +M_L_M_L_L_H_L5 --- M_L_M_L_L_H_L_L6 +L_H_M_L_L_L4 --- L_H_M_L_L_H_L5 +L_H_M_L_L_H_L5 --- L_H_M_L_L_H_L_L6 +L_L_H_L_L_L4 --- L_L_H_L_L_H_L5 +L_L_H_L_L_H_L5 --- L_L_H_L_L_H_L_L6 +L_L_M_M_L_L4 --- L_L_M_M_L_H_L5 +L_L_M_M_L_H_L5 --- L_L_M_M_L_H_L_L6 +L_L_M_L_M_L4 --- L_L_M_L_M_H_L5 +L_L_M_L_M_H_L5 --- L_L_M_L_M_H_L_L6 +H_H_L1 --- H_H_M_L2 +H_H_M_L2 --- H_H_M_L_L3 +H_H_M_L_L3 --- H_H_M_L_L_L4 +H_H_M_L_L_L4 --- H_H_M_L_L_L_L5 +H_H_M_L_L_L_L5 --- H_H_M_L_L_L_M_L6 +H_L_L1 --- H_L_H_L2 +H_L_H_L2 --- H_L_H_L_L3 +H_L_H_L_L3 --- H_L_H_L_L_L4 +H_L_H_L_L_L4 --- H_L_H_L_L_L_L5 +H_L_H_L_L_L_L5 --- H_L_H_L_L_L_M_L6 +M_H_L1 --- M_H_H_L2 +M_H_H_L2 --- M_H_H_L_L3 +M_H_H_L_L3 --- M_H_H_L_L_L4 +M_H_H_L_L_L4 --- M_H_H_L_L_L_L5 +M_H_H_L_L_L_L5 --- M_H_H_L_L_L_M_L6 +H_H_L_L2 --- H_H_L_M_L3 +H_H_L_M_L3 --- H_H_L_M_L_L4 +H_H_L_M_L_L4 --- H_H_L_M_L_L_L5 +H_H_L_M_L_L_L5 --- H_H_L_M_L_L_M_L6 +H_L_M_L2 --- H_L_M_M_L3 +H_L_M_M_L3 --- H_L_M_M_L_L4 +H_L_M_M_L_L4 --- H_L_M_M_L_L_L5 +H_L_M_M_L_L_L5 --- H_L_M_M_L_L_M_L6 +M_H_M_L2 --- M_H_M_M_L3 +M_H_M_M_L3 --- M_H_M_M_L_L4 +M_H_M_M_L_L4 --- M_H_M_M_L_L_L5 +M_H_M_M_L_L_L5 --- M_H_M_M_L_L_M_L6 +M_L_H_L2 --- M_L_H_M_L3 +M_L_H_M_L3 --- M_L_H_M_L_L4 +M_L_H_M_L_L4 --- M_L_H_M_L_L_L5 +M_L_H_M_L_L_L5 --- M_L_H_M_L_L_M_L6 +L_H_H_L2 --- L_H_H_M_L3 +L_H_H_M_L3 --- L_H_H_M_L_L4 +L_H_H_M_L_L4 --- L_H_H_M_L_L_L5 +L_H_H_M_L_L_L5 --- L_H_H_M_L_L_L_L6 +H_L_L_L2 --- H_L_L_H_L3 +H_L_L_H_L3 --- H_L_L_H_L_L4 +H_L_L_H_L_L4 --- H_L_L_H_L_L_L5 +H_L_L_H_L_L_L5 --- H_L_L_H_L_L_M_L6 +M_H_L_L2 --- M_H_L_H_L3 +M_H_L_H_L3 --- M_H_L_H_L_L4 +M_H_L_H_L_L4 --- M_H_L_H_L_L_L5 +M_H_L_H_L_L_L5 --- M_H_L_H_L_L_M_L6 +M_L_M_L2 --- M_L_M_H_L3 +M_L_M_H_L3 --- M_L_M_H_L_L4 +M_L_M_H_L_L4 --- M_L_M_H_L_L_L5 +M_L_M_H_L_L_L5 --- M_L_M_H_L_L_M_L6 +L_H_M_L2 --- L_H_M_H_L3 +L_H_M_H_L3 --- L_H_M_H_L_L4 +L_H_M_H_L_L4 --- L_H_M_H_L_L_L5 +L_H_M_H_L_L_L5 --- L_H_M_H_L_L_M_L6 +L_L_H_L2 --- L_L_H_H_L3 +L_L_H_H_L3 --- L_L_H_H_L_L4 +L_L_H_H_L_L4 --- L_L_H_H_L_L_L5 +L_L_H_H_L_L_L5 --- L_L_H_H_L_L_M_L6 +H_H_L_L_L3 --- H_H_L_L_M_L4 +H_H_L_L_M_L4 --- H_H_L_L_M_L_L5 +H_H_L_L_M_L_L5 --- H_H_L_L_M_L_M_L6 +H_L_M_L_L3 --- H_L_M_L_M_L4 +H_L_M_L_M_L4 --- H_L_M_L_M_L_L5 +H_L_M_L_M_L_L5 --- H_L_M_L_M_L_M_L6 +M_H_M_L_L3 --- M_H_M_L_M_L4 +M_H_M_L_M_L4 --- M_H_M_L_M_L_L5 +M_H_M_L_M_L_L5 --- M_H_M_L_M_L_M_L6 +M_L_H_L_L3 --- M_L_H_L_M_L4 +M_L_H_L_M_L4 --- M_L_H_L_M_L_L5 +M_L_H_L_M_L_L5 --- M_L_H_L_M_L_M_L6 +L_H_H_L_L3 --- L_H_H_L_M_L4 +L_H_H_L_M_L4 --- L_H_H_L_M_L_L5 +L_H_H_L_M_L_L5 --- L_H_H_L_M_L_M_L6 +H_L_L_M_L3 --- H_L_L_M_M_L4 +H_L_L_M_M_L4 --- H_L_L_M_M_L_L5 +H_L_L_M_M_L_L5 --- H_L_L_M_M_L_M_L6 +M_H_L_M_L3 --- M_H_L_M_M_L4 +M_H_L_M_M_L4 --- M_H_L_M_M_L_L5 +M_H_L_M_M_L_L5 --- M_H_L_M_M_L_M_L6 +M_L_M_M_L3 --- M_L_M_M_M_L4 +M_L_M_M_M_L4 --- M_L_M_M_M_L_L5 +M_L_M_M_M_L_L5 --- M_L_M_M_M_L_M_L6 +L_H_M_M_L3 --- L_H_M_M_M_L4 +L_H_M_M_M_L4 --- L_H_M_M_M_L_L5 +L_H_M_M_M_L_L5 --- L_H_M_M_M_L_M_L6 +L_L_H_M_L3 --- L_L_H_M_M_L4 +L_L_H_M_M_L4 --- L_L_H_M_M_L_L5 +L_L_H_M_M_L_L5 --- L_L_H_M_M_L_M_L6 +M_L_L_H_L3 --- M_L_L_H_M_L4 +M_L_L_H_M_L4 --- M_L_L_H_M_L_L5 +M_L_L_H_M_L_L5 --- M_L_L_H_M_L_M_L6 +L_H_L_H_L3 --- L_H_L_H_M_L4 +L_H_L_H_M_L4 --- L_H_L_H_M_L_L5 +L_H_L_H_M_L_L5 --- L_H_L_H_M_L_M_L6 +L_L_M_H_L3 --- L_L_M_H_M_L4 +L_L_M_H_M_L4 --- L_L_M_H_M_L_L5 +L_L_M_H_M_L_L5 --- L_L_M_H_M_L_M_L6 +H_L_L_L_L3 --- H_L_L_L_H_L4 +H_L_L_L_H_L4 --- H_L_L_L_H_L_L5 +H_L_L_L_H_L_L5 --- H_L_L_L_H_L_M_L6 +M_H_L_L_L3 --- M_H_L_L_H_L4 +M_H_L_L_H_L4 --- M_H_L_L_H_L_L5 +M_H_L_L_H_L_L5 --- M_H_L_L_H_L_M_L6 +M_L_M_L_L3 --- M_L_M_L_H_L4 +M_L_M_L_H_L4 --- M_L_M_L_H_L_L5 +M_L_M_L_H_L_L5 --- M_L_M_L_H_L_M_L6 +L_H_M_L_L3 --- L_H_M_L_H_L4 +L_H_M_L_H_L4 --- L_H_M_L_H_L_L5 +L_H_M_L_H_L_L5 --- L_H_M_L_H_L_L_L6 +L_L_H_L_L3 --- L_L_H_L_H_L4 +L_L_H_L_H_L4 --- L_L_H_L_H_L_L5 +L_L_H_L_H_L_L5 --- L_L_H_L_H_L_M_L6 +M_L_L_M_L3 --- M_L_L_M_H_L4 +M_L_L_M_H_L4 --- M_L_L_M_H_L_L5 +M_L_L_M_H_L_L5 --- M_L_L_M_H_L_M_L6 +L_H_L_M_L3 --- L_H_L_M_H_L4 +L_H_L_M_H_L4 --- L_H_L_M_H_L_L5 +L_H_L_M_H_L_L5 --- L_H_L_M_H_L_M_L6 +L_L_M_M_L3 --- L_L_M_M_H_L4 +L_L_M_M_H_L4 --- L_L_M_M_H_L_L5 +L_L_M_M_H_L_L5 --- L_L_M_M_H_L_M_L6 +L_L_L_H_L3 --- L_L_L_H_H_L4 +L_L_L_H_H_L4 --- L_L_L_H_H_L_L5 +L_L_L_H_H_L_L5 --- L_L_L_H_H_L_M_L6 +H_L_M_L_L_L4 --- H_L_M_L_L_H_L5 +H_L_M_L_L_H_L5 --- H_L_M_L_L_H_M_L6 +M_H_M_L_L_L4 --- M_H_M_L_L_H_L5 +M_H_M_L_L_H_L5 --- M_H_M_L_L_H_M_L6 +M_L_H_L_L_L4 --- M_L_H_L_L_H_L5 +M_L_H_L_L_H_L5 --- M_L_H_L_L_H_M_L6 +L_H_H_L_L_L4 --- L_H_H_L_L_H_L5 +L_H_H_L_L_H_L5 --- L_H_H_L_L_H_M_L6 +M_L_M_M_L_L4 --- M_L_M_M_L_H_L5 +M_L_M_M_L_H_L5 --- M_L_M_M_L_H_M_L6 +L_H_M_M_L_L4 --- L_H_M_M_L_H_L5 +L_H_M_M_L_H_L5 --- L_H_M_M_L_H_M_L6 +L_L_H_M_L_L4 --- L_L_H_M_L_H_L5 +L_L_H_M_L_H_L5 --- L_L_H_M_L_H_M_L6 +L_L_M_H_L_L4 --- L_L_M_H_L_H_L5 +L_L_M_H_L_H_L5 --- L_L_M_H_L_H_M_L6 +M_L_M_L_M_L4 --- M_L_M_L_M_H_L5 +M_L_M_L_M_H_L5 --- M_L_M_L_M_H_M_L6 +L_H_M_L_M_L4 --- L_H_M_L_M_H_L5 +L_H_M_L_M_H_L5 --- L_H_M_L_M_H_L_L6 +L_L_H_L_M_L4 --- L_L_H_L_M_H_L5 +L_L_H_L_M_H_L5 --- L_L_H_L_M_H_M_L6 +L_L_M_M_M_L4 --- L_L_M_M_M_H_L5 +L_L_M_M_M_H_L5 --- L_L_M_M_M_H_M_L6 +L_L_M_L_H_L4 --- L_L_M_L_H_H_L5 +L_L_M_L_H_H_L5 --- L_L_M_L_H_H_M_L6 +H_H_L1 --- H_H_H_L2 +H_H_H_L2 --- H_H_H_L_L3 +H_H_H_L_L3 --- H_H_H_L_L_L4 +H_H_H_L_L_L4 --- H_H_H_L_L_L_L5 +H_H_H_L_L_L_L5 --- H_H_H_L_L_L_M_L6 +H_H_M_L2 --- H_H_M_M_L3 +H_H_M_M_L3 --- H_H_M_M_L_L4 +H_H_M_M_L_L4 --- H_H_M_M_L_L_L5 +H_H_M_M_L_L_L5 --- H_H_M_M_L_L_M_L6 +H_L_H_L2 --- H_L_H_M_L3 +H_L_H_M_L3 --- H_L_H_M_L_L4 +H_L_H_M_L_L4 --- H_L_H_M_L_L_L5 +H_L_H_M_L_L_L5 --- H_L_H_M_L_L_H_L6 +M_H_H_L2 --- M_H_H_M_L3 +M_H_H_M_L3 --- M_H_H_M_L_L4 +M_H_H_M_L_L4 --- M_H_H_M_L_L_L5 +M_H_H_M_L_L_L5 --- M_H_H_M_L_L_M_L6 +H_H_L_L2 --- H_H_L_H_L3 +H_H_L_H_L3 --- H_H_L_H_L_L4 +H_H_L_H_L_L4 --- H_H_L_H_L_L_L5 +H_H_L_H_L_L_L5 --- H_H_L_H_L_L_H_L6 +H_L_M_L2 --- H_L_M_H_L3 +H_L_M_H_L3 --- H_L_M_H_L_L4 +H_L_M_H_L_L4 --- H_L_M_H_L_L_L5 +H_L_M_H_L_L_L5 --- H_L_M_H_L_L_H_L6 +M_H_M_L2 --- M_H_M_H_L3 +M_H_M_H_L3 --- M_H_M_H_L_L4 +M_H_M_H_L_L4 --- M_H_M_H_L_L_L5 +M_H_M_H_L_L_L5 --- M_H_M_H_L_L_M_L6 +M_L_H_L2 --- M_L_H_H_L3 +M_L_H_H_L3 --- M_L_H_H_L_L4 +M_L_H_H_L_L4 --- M_L_H_H_L_L_L5 +M_L_H_H_L_L_L5 --- M_L_H_H_L_L_H_L6 +L_H_H_L2 --- L_H_H_H_L3 +L_H_H_H_L3 --- L_H_H_H_L_L4 +L_H_H_H_L_L4 --- L_H_H_H_L_L_L5 +L_H_H_H_L_L_L5 --- L_H_H_H_L_L_M_L6 +H_H_M_L_L3 --- H_H_M_L_M_L4 +H_H_M_L_M_L4 --- H_H_M_L_M_L_L5 +H_H_M_L_M_L_L5 --- H_H_M_L_M_L_H_L6 +H_L_H_L_L3 --- H_L_H_L_M_L4 +H_L_H_L_M_L4 --- H_L_H_L_M_L_L5 +H_L_H_L_M_L_L5 --- H_L_H_L_M_L_H_L6 +M_H_H_L_L3 --- M_H_H_L_M_L4 +M_H_H_L_M_L4 --- M_H_H_L_M_L_L5 +M_H_H_L_M_L_L5 --- M_H_H_L_M_L_M_L6 +H_H_L_M_L3 --- H_H_L_M_M_L4 +H_H_L_M_M_L4 --- H_H_L_M_M_L_L5 +H_H_L_M_M_L_L5 --- H_H_L_M_M_L_M_L6 +H_L_M_M_L3 --- H_L_M_M_M_L4 +H_L_M_M_M_L4 --- H_L_M_M_M_L_L5 +H_L_M_M_M_L_L5 --- H_L_M_M_M_L_H_L6 +M_H_M_M_L3 --- M_H_M_M_M_L4 +M_H_M_M_M_L4 --- M_H_M_M_M_L_L5 +M_H_M_M_M_L_L5 --- M_H_M_M_M_L_M_L6 +M_L_H_M_L3 --- M_L_H_M_M_L4 +M_L_H_M_M_L4 --- M_L_H_M_M_L_L5 +M_L_H_M_M_L_L5 --- M_L_H_M_M_L_M_L6 +L_H_H_M_L3 --- L_H_H_M_M_L4 +L_H_H_M_M_L4 --- L_H_H_M_M_L_L5 +L_H_H_M_M_L_L5 --- L_H_H_M_M_L_M_L6 +H_L_L_H_L3 --- H_L_L_H_M_L4 +H_L_L_H_M_L4 --- H_L_L_H_M_L_L5 +H_L_L_H_M_L_L5 --- H_L_L_H_M_L_H_L6 +M_H_L_H_L3 --- M_H_L_H_M_L4 +M_H_L_H_M_L4 --- M_H_L_H_M_L_L5 +M_H_L_H_M_L_L5 --- M_H_L_H_M_L_H_L6 +M_L_M_H_L3 --- M_L_M_H_M_L4 +M_L_M_H_M_L4 --- M_L_M_H_M_L_L5 +M_L_M_H_M_L_L5 --- M_L_M_H_M_L_M_L6 +L_H_M_H_L3 --- L_H_M_H_M_L4 +L_H_M_H_M_L4 --- L_H_M_H_M_L_L5 +L_H_M_H_M_L_L5 --- L_H_M_H_M_L_M_L6 +L_L_H_H_L3 --- L_L_H_H_M_L4 +L_L_H_H_M_L4 --- L_L_H_H_M_L_L5 +L_L_H_H_M_L_L5 --- L_L_H_H_M_L_M_L6 +H_H_L_L_L3 --- H_H_L_L_H_L4 +H_H_L_L_H_L4 --- H_H_L_L_H_L_L5 +H_H_L_L_H_L_L5 --- H_H_L_L_H_L_M_L6 +H_L_M_L_L3 --- H_L_M_L_H_L4 +H_L_M_L_H_L4 --- H_L_M_L_H_L_L5 +H_L_M_L_H_L_L5 --- H_L_M_L_H_L_H_L6 +M_H_M_L_L3 --- M_H_M_L_H_L4 +M_H_M_L_H_L4 --- M_H_M_L_H_L_L5 +M_H_M_L_H_L_L5 --- M_H_M_L_H_L_M_L6 +M_L_H_L_L3 --- M_L_H_L_H_L4 +M_L_H_L_H_L4 --- M_L_H_L_H_L_L5 +M_L_H_L_H_L_L5 --- M_L_H_L_H_L_M_L6 +L_H_H_L_L3 --- L_H_H_L_H_L4 +L_H_H_L_H_L4 --- L_H_H_L_H_L_L5 +L_H_H_L_H_L_L5 --- L_H_H_L_H_L_M_L6 +H_L_L_M_L3 --- H_L_L_M_H_L4 +H_L_L_M_H_L4 --- H_L_L_M_H_L_L5 +H_L_L_M_H_L_L5 --- H_L_L_M_H_L_H_L6 +M_H_L_M_L3 --- M_H_L_M_H_L4 +M_H_L_M_H_L4 --- M_H_L_M_H_L_L5 +M_H_L_M_H_L_L5 --- M_H_L_M_H_L_M_L6 +M_L_M_M_L3 --- M_L_M_M_H_L4 +M_L_M_M_H_L4 --- M_L_M_M_H_L_L5 +M_L_M_M_H_L_L5 --- M_L_M_M_H_L_M_L6 +L_H_M_M_L3 --- L_H_M_M_H_L4 +L_H_M_M_H_L4 --- L_H_M_M_H_L_L5 +L_H_M_M_H_L_L5 --- L_H_M_M_H_L_M_L6 +L_L_H_M_L3 --- L_L_H_M_H_L4 +L_L_H_M_H_L4 --- L_L_H_M_H_L_L5 +L_L_H_M_H_L_L5 --- L_L_H_M_H_L_M_L6 +M_L_L_H_L3 --- M_L_L_H_H_L4 +M_L_L_H_H_L4 --- M_L_L_H_H_L_L5 +M_L_L_H_H_L_L5 --- M_L_L_H_H_L_H_L6 +L_H_L_H_L3 --- L_H_L_H_H_L4 +L_H_L_H_H_L4 --- L_H_L_H_H_L_L5 +L_H_L_H_H_L_L5 --- L_H_L_H_H_L_M_L6 +L_L_M_H_L3 --- L_L_M_H_H_L4 +L_L_M_H_H_L4 --- L_L_M_H_H_L_L5 +L_L_M_H_H_L_L5 --- L_L_M_H_H_L_M_L6 +H_H_M_L_L_L4 --- H_H_M_L_L_H_L5 +H_H_M_L_L_H_L5 --- H_H_M_L_L_H_M_L6 +H_L_H_L_L_L4 --- H_L_H_L_L_H_L5 +H_L_H_L_L_H_L5 --- H_L_H_L_L_H_H_L6 +M_H_H_L_L_L4 --- M_H_H_L_L_H_L5 +M_H_H_L_L_H_L5 --- M_H_H_L_L_H_M_L6 +H_L_M_M_L_L4 --- H_L_M_M_L_H_L5 +H_L_M_M_L_H_L5 --- H_L_M_M_L_H_H_L6 +M_H_M_M_L_L4 --- M_H_M_M_L_H_L5 +M_H_M_M_L_H_L5 --- M_H_M_M_L_H_M_L6 +M_L_H_M_L_L4 --- M_L_H_M_L_H_L5 +M_L_H_M_L_H_L5 --- M_L_H_M_L_H_M_L6 +L_H_H_M_L_L4 --- L_H_H_M_L_H_L5 +L_H_H_M_L_H_L5 --- L_H_H_M_L_H_M_L6 +M_L_M_H_L_L4 --- M_L_M_H_L_H_L5 +M_L_M_H_L_H_L5 --- M_L_M_H_L_H_M_L6 +L_H_M_H_L_L4 --- L_H_M_H_L_H_L5 +L_H_M_H_L_H_L5 --- L_H_M_H_L_H_M_L6 +L_L_H_H_L_L4 --- L_L_H_H_L_H_L5 +L_L_H_H_L_H_L5 --- L_L_H_H_L_H_M_L6 +H_L_M_L_M_L4 --- H_L_M_L_M_H_L5 +H_L_M_L_M_H_L5 --- H_L_M_L_M_H_H_L6 +M_H_M_L_M_L4 --- M_H_M_L_M_H_L5 +M_H_M_L_M_H_L5 --- M_H_M_L_M_H_M_L6 +M_L_H_L_M_L4 --- M_L_H_L_M_H_L5 +M_L_H_L_M_H_L5 --- M_L_H_L_M_H_M_L6 +L_H_H_L_M_L4 --- L_H_H_L_M_H_L5 +L_H_H_L_M_H_L5 --- L_H_H_L_M_H_M_L6 +M_L_M_M_M_L4 --- M_L_M_M_M_H_L5 +M_L_M_M_M_H_L5 --- M_L_M_M_M_H_M_L6 +L_H_M_M_M_L4 --- L_H_M_M_M_H_L5 +L_H_M_M_M_H_L5 --- L_H_M_M_M_H_M_L6 +L_L_H_M_M_L4 --- L_L_H_M_M_H_L5 +L_L_H_M_M_H_L5 --- L_L_H_M_M_H_M_L6 +L_L_M_H_M_L4 --- L_L_M_H_M_H_L5 +L_L_M_H_M_H_L5 --- L_L_M_H_M_H_M_L6 +M_L_M_L_H_L4 --- M_L_M_L_H_H_L5 +M_L_M_L_H_H_L5 --- M_L_M_L_H_H_M_L6 +L_H_M_L_H_L4 --- L_H_M_L_H_H_L5 +L_H_M_L_H_H_L5 --- L_H_M_L_H_H_M_L6 +L_L_H_L_H_L4 --- L_L_H_L_H_H_L5 +L_L_H_L_H_H_L5 --- L_L_H_L_H_H_M_L6 +L_L_M_M_H_L4 --- L_L_M_M_H_H_L5 +L_L_M_M_H_H_L5 --- L_L_M_M_H_H_M_L6 +H_H_H_L2 --- H_H_H_M_L3 +H_H_H_M_L3 --- H_H_H_M_L_L4 +H_H_H_M_L_L4 --- H_H_H_M_L_L_L5 +H_H_H_M_L_L_L5 --- H_H_H_M_L_L_H_L6 +H_H_M_L2 --- H_H_M_H_L3 +H_H_M_H_L3 --- H_H_M_H_L_L4 +H_H_M_H_L_L4 --- H_H_M_H_L_L_L5 +H_H_M_H_L_L_L5 --- H_H_M_H_L_L_H_L6 +H_L_H_L2 --- H_L_H_H_L3 +H_L_H_H_L3 --- H_L_H_H_L_L4 +H_L_H_H_L_L4 --- H_L_H_H_L_L_L5 +H_L_H_H_L_L_L5 --- H_L_H_H_L_L_H_L6 +M_H_H_L2 --- M_H_H_H_L3 +M_H_H_H_L3 --- M_H_H_H_L_L4 +M_H_H_H_L_L4 --- M_H_H_H_L_L_L5 +M_H_H_H_L_L_L5 --- M_H_H_H_L_L_H_L6 +H_H_H_L_L3 --- H_H_H_L_M_L4 +H_H_H_L_M_L4 --- H_H_H_L_M_L_L5 +H_H_H_L_M_L_L5 --- H_H_H_L_M_L_H_L6 +H_H_M_M_L3 --- H_H_M_M_M_L4 +H_H_M_M_M_L4 --- H_H_M_M_M_L_L5 +H_H_M_M_M_L_L5 --- H_H_M_M_M_L_H_L6 +H_L_H_M_L3 --- H_L_H_M_M_L4 +H_L_H_M_M_L4 --- H_L_H_M_M_L_L5 +H_L_H_M_M_L_L5 --- H_L_H_M_M_L_H_L6 +M_H_H_M_L3 --- M_H_H_M_M_L4 +M_H_H_M_M_L4 --- M_H_H_M_M_L_L5 +M_H_H_M_M_L_L5 --- M_H_H_M_M_L_H_L6 +H_H_L_H_L3 --- H_H_L_H_M_L4 +H_H_L_H_M_L4 --- H_H_L_H_M_L_L5 +H_H_L_H_M_L_L5 --- H_H_L_H_M_L_H_L6 +H_L_M_H_L3 --- H_L_M_H_M_L4 +H_L_M_H_M_L4 --- H_L_M_H_M_L_L5 +H_L_M_H_M_L_L5 --- H_L_M_H_M_L_H_L6 +M_H_M_H_L3 --- M_H_M_H_M_L4 +M_H_M_H_M_L4 --- M_H_M_H_M_L_L5 +M_H_M_H_M_L_L5 --- M_H_M_H_M_L_H_L6 +M_L_H_H_L3 --- M_L_H_H_M_L4 +M_L_H_H_M_L4 --- M_L_H_H_M_L_L5 +M_L_H_H_M_L_L5 --- M_L_H_H_M_L_H_L6 +L_H_H_H_L3 --- L_H_H_H_M_L4 +L_H_H_H_M_L4 --- L_H_H_H_M_L_L5 +L_H_H_H_M_L_L5 --- L_H_H_H_M_L_H_L6 +H_H_M_L_L3 --- H_H_M_L_H_L4 +H_H_M_L_H_L4 --- H_H_M_L_H_L_L5 +H_H_M_L_H_L_L5 --- H_H_M_L_H_L_H_L6 +H_L_H_L_L3 --- H_L_H_L_H_L4 +H_L_H_L_H_L4 --- H_L_H_L_H_L_L5 +H_L_H_L_H_L_L5 --- H_L_H_L_H_L_H_L6 +M_H_H_L_L3 --- M_H_H_L_H_L4 +M_H_H_L_H_L4 --- M_H_H_L_H_L_L5 +M_H_H_L_H_L_L5 --- M_H_H_L_H_L_H_L6 +H_H_L_M_L3 --- H_H_L_M_H_L4 +H_H_L_M_H_L4 --- H_H_L_M_H_L_L5 +H_H_L_M_H_L_L5 --- H_H_L_M_H_L_H_L6 +H_L_M_M_L3 --- H_L_M_M_H_L4 +H_L_M_M_H_L4 --- H_L_M_M_H_L_L5 +H_L_M_M_H_L_L5 --- H_L_M_M_H_L_H_L6 +M_H_M_M_L3 --- M_H_M_M_H_L4 +M_H_M_M_H_L4 --- M_H_M_M_H_L_L5 +M_H_M_M_H_L_L5 --- M_H_M_M_H_L_H_L6 +M_L_H_M_L3 --- M_L_H_M_H_L4 +M_L_H_M_H_L4 --- M_L_H_M_H_L_L5 +M_L_H_M_H_L_L5 --- M_L_H_M_H_L_H_L6 +L_H_H_M_L3 --- L_H_H_M_H_L4 +L_H_H_M_H_L4 --- L_H_H_M_H_L_L5 +L_H_H_M_H_L_L5 --- L_H_H_M_H_L_H_L6 +H_L_L_H_L3 --- H_L_L_H_H_L4 +H_L_L_H_H_L4 --- H_L_L_H_H_L_L5 +H_L_L_H_H_L_L5 --- H_L_L_H_H_L_H_L6 +M_H_L_H_L3 --- M_H_L_H_H_L4 +M_H_L_H_H_L4 --- M_H_L_H_H_L_L5 +M_H_L_H_H_L_L5 --- M_H_L_H_H_L_H_L6 +M_L_M_H_L3 --- M_L_M_H_H_L4 +M_L_M_H_H_L4 --- M_L_M_H_H_L_L5 +M_L_M_H_H_L_L5 --- M_L_M_H_H_L_H_L6 +L_H_M_H_L3 --- L_H_M_H_H_L4 +L_H_M_H_H_L4 --- L_H_M_H_H_L_L5 +L_H_M_H_H_L_L5 --- L_H_M_H_H_L_H_L6 +L_L_H_H_L3 --- L_L_H_H_H_L4 +L_L_H_H_H_L4 --- L_L_H_H_H_L_L5 +L_L_H_H_H_L_L5 --- L_L_H_H_H_L_H_L6 +H_H_H_L_L_L4 --- H_H_H_L_L_H_L5 +H_H_H_L_L_H_L5 --- H_H_H_L_L_H_H_L6 +H_H_M_M_L_L4 --- H_H_M_M_L_H_L5 +H_H_M_M_L_H_L5 --- H_H_M_M_L_H_H_L6 +H_L_H_M_L_L4 --- H_L_H_M_L_H_L5 +H_L_H_M_L_H_L5 --- H_L_H_M_L_H_H_L6 +M_H_H_M_L_L4 --- M_H_H_M_L_H_L5 +M_H_H_M_L_H_L5 --- M_H_H_M_L_H_H_L6 +H_L_M_H_L_L4 --- H_L_M_H_L_H_L5 +H_L_M_H_L_H_L5 --- H_L_M_H_L_H_H_L6 +M_H_M_H_L_L4 --- M_H_M_H_L_H_L5 +M_H_M_H_L_H_L5 --- M_H_M_H_L_H_H_L6 +M_L_H_H_L_L4 --- M_L_H_H_L_H_L5 +M_L_H_H_L_H_L5 --- M_L_H_H_L_H_H_L6 +L_H_H_H_L_L4 --- L_H_H_H_L_H_L5 +L_H_H_H_L_H_L5 --- L_H_H_H_L_H_H_L6 +H_H_M_L_M_L4 --- H_H_M_L_M_H_L5 +H_H_M_L_M_H_L5 --- H_H_M_L_M_H_H_L6 +H_L_H_L_M_L4 --- H_L_H_L_M_H_L5 +H_L_H_L_M_H_L5 --- H_L_H_L_M_H_H_L6 +M_H_H_L_M_L4 --- M_H_H_L_M_H_L5 +M_H_H_L_M_H_L5 --- M_H_H_L_M_H_H_L6 +H_L_M_M_M_L4 --- H_L_M_M_M_H_L5 +H_L_M_M_M_H_L5 --- H_L_M_M_M_H_H_L6 +M_H_M_M_M_L4 --- M_H_M_M_M_H_L5 +M_H_M_M_M_H_L5 --- M_H_M_M_M_H_H_L6 +M_L_H_M_M_L4 --- M_L_H_M_M_H_L5 +M_L_H_M_M_H_L5 --- M_L_H_M_M_H_H_L6 +L_H_H_M_M_L4 --- L_H_H_M_M_H_L5 +L_H_H_M_M_H_L5 --- L_H_H_M_M_H_H_L6 +M_L_M_H_M_L4 --- M_L_M_H_M_H_L5 +M_L_M_H_M_H_L5 --- M_L_M_H_M_H_H_L6 +L_H_M_H_M_L4 --- L_H_M_H_M_H_L5 +L_H_M_H_M_H_L5 --- L_H_M_H_M_H_H_L6 +L_L_H_H_M_L4 --- L_L_H_H_M_H_L5 +L_L_H_H_M_H_L5 --- L_L_H_H_M_H_H_L6 +H_L_M_L_H_L4 --- H_L_M_L_H_H_L5 +H_L_M_L_H_H_L5 --- H_L_M_L_H_H_H_L6 +M_H_M_L_H_L4 --- M_H_M_L_H_H_L5 +M_H_M_L_H_H_L5 --- M_H_M_L_H_H_H_L6 +M_L_H_L_H_L4 --- M_L_H_L_H_H_L5 +M_L_H_L_H_H_L5 --- M_L_H_L_H_H_H_L6 +L_H_H_L_H_L4 --- L_H_H_L_H_H_L5 +L_H_H_L_H_H_L5 --- L_H_H_L_H_H_H_L6 +M_L_M_M_H_L4 --- M_L_M_M_H_H_L5 +M_L_M_M_H_H_L5 --- M_L_M_M_H_H_H_L6 +L_H_M_M_H_L4 --- L_H_M_M_H_H_L5 +L_H_M_M_H_H_L5 --- L_H_M_M_H_H_H_L6 +L_L_H_M_H_L4 --- L_L_H_M_H_H_L5 +L_L_H_M_H_H_L5 --- L_L_H_M_H_H_H_L6 +L_L_M_H_H_L4 --- L_L_M_H_H_H_L5 +L_L_M_H_H_H_L5 --- L_L_M_H_H_H_H_L6 +H_H_H_L2 --- H_H_H_H_L3 +H_H_H_H_L3 --- H_H_H_H_L_L4 +H_H_H_H_L_L4 --- H_H_H_H_L_L_L5 +H_H_H_H_L_L_L5 --- H_H_H_H_L_L_C_L6 +H_H_H_M_L3 --- H_H_H_M_M_L4 +H_H_H_M_M_L4 --- H_H_H_M_M_L_L5 +H_H_H_M_M_L_L5 --- H_H_H_M_M_L_H_L6 +H_H_M_H_L3 --- H_H_M_H_M_L4 +H_H_M_H_M_L4 --- H_H_M_H_M_L_L5 +H_H_M_H_M_L_L5 --- H_H_M_H_M_L_C_L6 +H_L_H_H_L3 --- H_L_H_H_M_L4 +H_L_H_H_M_L4 --- H_L_H_H_M_L_L5 +H_L_H_H_M_L_L5 --- H_L_H_H_M_L_C_L6 +M_H_H_H_L3 --- M_H_H_H_M_L4 +M_H_H_H_M_L4 --- M_H_H_H_M_L_L5 +M_H_H_H_M_L_L5 --- M_H_H_H_M_L_H_L6 +H_H_H_L_L3 --- H_H_H_L_H_L4 +H_H_H_L_H_L4 --- H_H_H_L_H_L_L5 +H_H_H_L_H_L_L5 --- H_H_H_L_H_L_C_L6 +H_H_M_M_L3 --- H_H_M_M_H_L4 +H_H_M_M_H_L4 --- H_H_M_M_H_L_L5 +H_H_M_M_H_L_L5 --- H_H_M_M_H_L_C_L6 +H_L_H_M_L3 --- H_L_H_M_H_L4 +H_L_H_M_H_L4 --- H_L_H_M_H_L_L5 +H_L_H_M_H_L_L5 --- H_L_H_M_H_L_C_L6 +M_H_H_M_L3 --- M_H_H_M_H_L4 +M_H_H_M_H_L4 --- M_H_H_M_H_L_L5 +M_H_H_M_H_L_L5 --- M_H_H_M_H_L_H_L6 +H_H_L_H_L3 --- H_H_L_H_H_L4 +H_H_L_H_H_L4 --- H_H_L_H_H_L_L5 +H_H_L_H_H_L_L5 --- H_H_L_H_H_L_C_L6 +H_L_M_H_L3 --- H_L_M_H_H_L4 +H_L_M_H_H_L4 --- H_L_M_H_H_L_L5 +H_L_M_H_H_L_L5 --- H_L_M_H_H_L_C_L6 +M_H_M_H_L3 --- M_H_M_H_H_L4 +M_H_M_H_H_L4 --- M_H_M_H_H_L_L5 +M_H_M_H_H_L_L5 --- M_H_M_H_H_L_H_L6 +M_L_H_H_L3 --- M_L_H_H_H_L4 +M_L_H_H_H_L4 --- M_L_H_H_H_L_L5 +M_L_H_H_H_L_L5 --- M_L_H_H_H_L_C_L6 +L_H_H_H_L3 --- L_H_H_H_H_L4 +L_H_H_H_H_L4 --- L_H_H_H_H_L_L5 +L_H_H_H_H_L_L5 --- L_H_H_H_H_L_H_L6 +H_H_H_M_L_L4 --- H_H_H_M_L_H_L5 +H_H_H_M_L_H_L5 --- H_H_H_M_L_H_C_L6 +H_H_M_H_L_L4 --- H_H_M_H_L_H_L5 +H_H_M_H_L_H_L5 --- H_H_M_H_L_H_C_L6 +H_L_H_H_L_L4 --- H_L_H_H_L_H_L5 +H_L_H_H_L_H_L5 --- H_L_H_H_L_H_C_L6 +M_H_H_H_L_L4 --- M_H_H_H_L_H_L5 +M_H_H_H_L_H_L5 --- M_H_H_H_L_H_C_L6 +H_H_H_L_M_L4 --- H_H_H_L_M_H_L5 +H_H_H_L_M_H_L5 --- H_H_H_L_M_H_H_L6 +H_H_M_M_M_L4 --- H_H_M_M_M_H_L5 +H_H_M_M_M_H_L5 --- H_H_M_M_M_H_H_L6 +H_L_H_M_M_L4 --- H_L_H_M_M_H_L5 +H_L_H_M_M_H_L5 --- H_L_H_M_M_H_C_L6 +M_H_H_M_M_L4 --- M_H_H_M_M_H_L5 +M_H_H_M_M_H_L5 --- M_H_H_M_M_H_H_L6 +H_L_M_H_M_L4 --- H_L_M_H_M_H_L5 +H_L_M_H_M_H_L5 --- H_L_M_H_M_H_C_L6 +M_H_M_H_M_L4 --- M_H_M_H_M_H_L5 +M_H_M_H_M_H_L5 --- M_H_M_H_M_H_H_L6 +M_L_H_H_M_L4 --- M_L_H_H_M_H_L5 +M_L_H_H_M_H_L5 --- M_L_H_H_M_H_H_L6 +L_H_H_H_M_L4 --- L_H_H_H_M_H_L5 +L_H_H_H_M_H_L5 --- L_H_H_H_M_H_H_L6 +H_H_M_L_H_L4 --- H_H_M_L_H_H_L5 +H_H_M_L_H_H_L5 --- H_H_M_L_H_H_H_L6 +H_L_H_L_H_L4 --- H_L_H_L_H_H_L5 +H_L_H_L_H_H_L5 --- H_L_H_L_H_H_C_L6 +M_H_H_L_H_L4 --- M_H_H_L_H_H_L5 +M_H_H_L_H_H_L5 --- M_H_H_L_H_H_H_L6 +H_L_M_M_H_L4 --- H_L_M_M_H_H_L5 +H_L_M_M_H_H_L5 --- H_L_M_M_H_H_C_L6 +M_H_M_M_H_L4 --- M_H_M_M_H_H_L5 +M_H_M_M_H_H_L5 --- M_H_M_M_H_H_H_L6 +M_L_H_M_H_L4 --- M_L_H_M_H_H_L5 +M_L_H_M_H_H_L5 --- M_L_H_M_H_H_C_L6 +L_H_H_M_H_L4 --- L_H_H_M_H_H_L5 +L_H_H_M_H_H_L5 --- L_H_H_M_H_H_H_L6 +M_L_M_H_H_L4 --- M_L_M_H_H_H_L5 +M_L_M_H_H_H_L5 --- M_L_M_H_H_H_H_L6 +L_H_M_H_H_L4 --- L_H_M_H_H_H_L5 +L_H_M_H_H_H_L5 --- L_H_M_H_H_H_H_L6 +L_L_H_H_H_L4 --- L_L_H_H_H_H_L5 +L_L_H_H_H_H_L5 --- L_L_H_H_H_H_H_L6 +H_H_H_H_L3 --- H_H_H_H_M_L4 +H_H_H_H_M_L4 --- H_H_H_H_M_L_L5 +H_H_H_H_M_L_L5 --- H_H_H_H_M_L_C_L6 +H_H_H_M_L3 --- H_H_H_M_H_L4 +H_H_H_M_H_L4 --- H_H_H_M_H_L_L5 +H_H_H_M_H_L_L5 --- H_H_H_M_H_L_C_L6 +H_H_M_H_L3 --- H_H_M_H_H_L4 +H_H_M_H_H_L4 --- H_H_M_H_H_L_L5 +H_H_M_H_H_L_L5 --- H_H_M_H_H_L_C_L6 +H_L_H_H_L3 --- H_L_H_H_H_L4 +H_L_H_H_H_L4 --- H_L_H_H_H_L_L5 +H_L_H_H_H_L_L5 --- H_L_H_H_H_L_C_L6 +M_H_H_H_L3 --- M_H_H_H_H_L4 +M_H_H_H_H_L4 --- M_H_H_H_H_L_L5 +M_H_H_H_H_L_L5 --- M_H_H_H_H_L_C_L6 +H_H_H_H_L_L4 --- H_H_H_H_L_H_L5 +H_H_H_H_L_H_L5 --- H_H_H_H_L_H_C_L6 +H_H_H_M_M_L4 --- H_H_H_M_M_H_L5 +H_H_H_M_M_H_L5 --- H_H_H_M_M_H_C_L6 +H_H_M_H_M_L4 --- H_H_M_H_M_H_L5 +H_H_M_H_M_H_L5 --- H_H_M_H_M_H_C_L6 +H_L_H_H_M_L4 --- H_L_H_H_M_H_L5 +H_L_H_H_M_H_L5 --- H_L_H_H_M_H_C_L6 +M_H_H_H_M_L4 --- M_H_H_H_M_H_L5 +M_H_H_H_M_H_L5 --- M_H_H_H_M_H_C_L6 +H_H_H_L_H_L4 --- H_H_H_L_H_H_L5 +H_H_H_L_H_H_L5 --- H_H_H_L_H_H_C_L6 +H_H_M_M_H_L4 --- H_H_M_M_H_H_L5 +H_H_M_M_H_H_L5 --- H_H_M_M_H_H_C_L6 +H_L_H_M_H_L4 --- H_L_H_M_H_H_L5 +H_L_H_M_H_H_L5 --- H_L_H_M_H_H_C_L6 +M_H_H_M_H_L4 --- M_H_H_M_H_H_L5 +M_H_H_M_H_H_L5 --- M_H_H_M_H_H_C_L6 +H_L_M_H_H_L4 --- H_L_M_H_H_H_L5 +H_L_M_H_H_H_L5 --- H_L_M_H_H_H_C_L6 +M_H_M_H_H_L4 --- M_H_M_H_H_H_L5 +M_H_M_H_H_H_L5 --- M_H_M_H_H_H_C_L6 +M_L_H_H_H_L4 --- M_L_H_H_H_H_L5 +M_L_H_H_H_H_L5 --- M_L_H_H_H_H_C_L6 +L_H_H_H_H_L4 --- L_H_H_H_H_H_L5 +L_H_H_H_H_H_L5 --- L_H_H_H_H_H_C_L6 +H_H_H_H_L3 --- H_H_H_H_H_L4 +H_H_H_H_H_L4 --- H_H_H_H_H_L_L5 +H_H_H_H_H_L_L5 --- H_H_H_H_H_L_C_L6 +H_H_H_H_M_L4 --- H_H_H_H_M_H_L5 +H_H_H_H_M_H_L5 --- H_H_H_H_M_H_C_L6 +H_H_H_M_H_L4 --- H_H_H_M_H_H_L5 +H_H_H_M_H_H_L5 --- H_H_H_M_H_H_C_L6 +H_H_M_H_H_L4 --- H_H_M_H_H_H_L5 +H_H_M_H_H_H_L5 --- H_H_M_H_H_H_C_L6 +H_L_H_H_H_L4 --- H_L_H_H_H_H_L5 +H_L_H_H_H_H_L5 --- H_L_H_H_H_H_C_L6 +M_H_H_H_H_L4 --- M_H_H_H_H_H_L5 +M_H_H_H_H_H_L5 --- M_H_H_H_H_H_C_L6 +H_H_H_H_H_L4 --- H_H_H_H_H_H_L5 +H_H_H_H_H_H_L5 --- H_H_H_H_H_H_C_L6 +``` From 80ab7f15390a755ee9c3c147c70e56028e245aa9 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Mon, 18 Aug 2025 17:37:20 +0200 Subject: [PATCH 253/468] fix example x_name-space --- docs/adr/0012-ssvc-namespaces.md | 2 +- docs/reference/code/namespaces.md | 6 +++--- src/test/decision_points/test_dp_base.py | 4 ++-- src/test/decision_points/test_dp_helpers.py | 2 +- src/test/dp_groups/test_dp_groups.py | 2 +- src/test/outcomes/test_outcomes.py | 2 +- src/test/test_doc_helpers.py | 2 +- src/test/test_mixins.py | 2 +- src/test/test_policy_generator.py | 4 ++-- src/test/test_selections.py | 12 ++++++------ 10 files changed, 19 insertions(+), 19 deletions(-) diff --git a/docs/adr/0012-ssvc-namespaces.md b/docs/adr/0012-ssvc-namespaces.md index a9458ec1..0db78597 100644 --- a/docs/adr/0012-ssvc-namespaces.md +++ b/docs/adr/0012-ssvc-namespaces.md @@ -50,7 +50,7 @@ based on other sources). **Unregistered namespaces** for objects that we do not create or maintain, but that others may want for their own use. Unregistered namespaces must start with -an `x_` prefix followed by a reverse domain name, such as `x_org.example`. +an `x_` prefix followed by a reverse domain name, such as `x_example.test`. Unregistered namespaces are intended for experimental or private use. !!! example diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index acea1b7d..2ddf14ba 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -147,13 +147,13 @@ we expect that this will rarely lead to conflicts in practice. Conflicts are possible in the x_ prefix space - especially as the control over a domain may be transferred. Also in tests, Organizations A and B could both choose to use - `x_org.example#bar`, and there are no guarantees of global uniqueness for the - decision points in the `x_org.example#bar` namespace. + `x_example.test#test`, and there are no guarantees of global uniqueness for the + decision points in the `x_example.test#test` namespace. !!! tip "Test Namespace" - The `x_org.example#bar` namespace is used for testing purposes and is not intended for production use. + The `x_example.test#test` namespace is used for testing purposes and is not intended for production use. It is used to test the SSVC framework and its components, and may contain decision points that are not fully implemented or tested. ### Namespace Extensions diff --git a/src/test/decision_points/test_dp_base.py b/src/test/decision_points/test_dp_base.py index ee0501cf..3c0b50d2 100644 --- a/src/test/decision_points/test_dp_base.py +++ b/src/test/decision_points/test_dp_base.py @@ -51,7 +51,7 @@ def setUp(self) -> None: key="bar", description="baz", version="1.0.0", - namespace="x_org.example#bar", + namespace="x_example.test#test", values=tuple(self.values), ) @@ -107,7 +107,7 @@ def test_ssvc_decision_point(self): self.assertEqual(obj.key, "bar") self.assertEqual(obj.description, "baz") self.assertEqual(obj.version, "1.0.0") - self.assertEqual(obj.namespace, "x_org.example#bar") + self.assertEqual(obj.namespace, "x_example.test#test") self.assertEqual(len(self.values), len(obj.values)) def test_ssvc_value_json_roundtrip(self): diff --git a/src/test/decision_points/test_dp_helpers.py b/src/test/decision_points/test_dp_helpers.py index 457d2cbf..71744b7e 100644 --- a/src/test/decision_points/test_dp_helpers.py +++ b/src/test/decision_points/test_dp_helpers.py @@ -31,7 +31,7 @@ def setUp(self) -> None: key="test_dp", description="This is a test decision point", version="1.0.0", - namespace="x_org.example#bar", + namespace="x_example.test#test", values=( DecisionPointValue( name="Yes", diff --git a/src/test/dp_groups/test_dp_groups.py b/src/test/dp_groups/test_dp_groups.py index d09b6453..11b3fc7a 100644 --- a/src/test/dp_groups/test_dp_groups.py +++ b/src/test/dp_groups/test_dp_groups.py @@ -31,7 +31,7 @@ def setUp(self) -> None: dp = ssvc.decision_points.ssvc.base.DecisionPoint( name=f"Decision Point {i}", key=f"DP_{i}", - namespace="x_org.example#bar", + namespace="x_example.test#test", description=f"Description of Decision Point {i}", version="1.0.0", values=( diff --git a/src/test/outcomes/test_outcomes.py b/src/test/outcomes/test_outcomes.py index f171cf2f..07bfe0f3 100644 --- a/src/test/outcomes/test_outcomes.py +++ b/src/test/outcomes/test_outcomes.py @@ -41,7 +41,7 @@ def test_outcome_group(self): name="Outcome Group", key="OGX", description="an outcome group", - namespace="x_org.example#bar", + namespace="x_example.test#test", values=tuple(values), ) diff --git a/src/test/test_doc_helpers.py b/src/test/test_doc_helpers.py index d300c428..028d35e1 100644 --- a/src/test/test_doc_helpers.py +++ b/src/test/test_doc_helpers.py @@ -26,7 +26,7 @@ class MyTestCase(unittest.TestCase): def setUp(self): self.dp = DecisionPoint( - namespace="x_org.example#bar", + namespace="x_example.test#test", name="test name", description="test description", key="TK", diff --git a/src/test/test_mixins.py b/src/test/test_mixins.py index e1205cd4..12af0c38 100644 --- a/src/test/test_mixins.py +++ b/src/test/test_mixins.py @@ -190,7 +190,7 @@ def test_mixin_combos(self): {"class": _Keyed, "args": {"key": "fizz"}, "has_default": False}, { "class": _Namespaced, - "args": {"namespace": "x_org.example#bar"}, + "args": {"namespace": "x_example.test#test"}, "has_default": False, }, { diff --git a/src/test/test_policy_generator.py b/src/test/test_policy_generator.py index ca89479b..a7f5d90a 100644 --- a/src/test/test_policy_generator.py +++ b/src/test/test_policy_generator.py @@ -39,7 +39,7 @@ def setUp(self) -> None: name="test", description="test", key="TEST", - namespace="x_org.example#bar", + namespace="x_example.test#test", values=tuple( [ DecisionPointValue(key=c, name=c, description=c) @@ -56,7 +56,7 @@ def setUp(self) -> None: name=c, description=c, key=c, - namespace="x_org.example#bar", + namespace="x_example.test#test", values=tuple( [ DecisionPointValue(name=v, key=v, description=v) diff --git a/src/test/test_selections.py b/src/test/test_selections.py index a922952d..94957d5b 100644 --- a/src/test/test_selections.py +++ b/src/test/test_selections.py @@ -29,13 +29,13 @@ class MyTestCase(unittest.TestCase): def setUp(self): self.s1 = selection.Selection( - namespace="x_org.example#bar", + namespace="x_example.test#test", key="test_key_1", version="1.0.0", values=[{"key": "value11"}, {"key": "value12"}], ) self.s2 = selection.Selection( - namespace="x_org.example#bar", + namespace="x_example.test#test", key="test_key_2", version="1.0.0", values=[{"key": "value21"}, {"key": "value22"}], @@ -137,7 +137,7 @@ def test_selection_validators(self): """Test the model validators for Selection.""" # Test with minimal data selection_minimal = selection.Selection( - namespace="x_org.example#bar", + namespace="x_example.test#test", key="test_key", version="1.0.0", values=[{"key": "value1"}], @@ -147,7 +147,7 @@ def test_selection_validators(self): # Test with empty strings selection_empty = selection.Selection( - namespace="x_org.example#bar", + namespace="x_example.test#test", key="test_key", version="1.0.0", values=[{"key": "value1"}], @@ -284,7 +284,7 @@ def test_add_selection_method(self): """Test the add_selection method.""" initial_count = len(self.selections.selections) new_selection = selection.Selection( - namespace="x_org.example#bar", + namespace="x_example.test#test", key="new_key", version="1.0.0", values=[{"key": "new_value"}], @@ -340,7 +340,7 @@ def test_selection_values_validation(self): """Test that Selection requires at least one value.""" with self.assertRaises(ValueError): selection.Selection( - namespace="x_org.example#bar", + namespace="x_example.test#test", key="test_key", version="1.0.0", values=[], # Empty values should raise error From eb80116fa2b1689009beda371bcbdb87135f2b14 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 18 Aug 2025 14:26:54 -0400 Subject: [PATCH 254/468] refactor decision table pages to leverage new python tools for decision table presentation --- docs/howto/coordination_triage_decision.md | 59 +-- docs/howto/deployer_tree.md | 58 ++- docs/howto/publication_decision.md | 152 ++----- docs/howto/supplier_tree.md | 58 ++- src/ssvc/decision_tables/_mermaid.py | 126 +----- src/ssvc/decision_tables/helpers.py | 148 ++++++- src/ssvc/decision_tables/ssvc/coord_triage.py | 386 +++++++++--------- src/ssvc/outcomes/ssvc/coordinate.py | 31 +- 8 files changed, 523 insertions(+), 495 deletions(-) diff --git a/docs/howto/coordination_triage_decision.md b/docs/howto/coordination_triage_decision.md index f395b709..bb8ab6b7 100644 --- a/docs/howto/coordination_triage_decision.md +++ b/docs/howto/coordination_triage_decision.md @@ -28,13 +28,13 @@ SSVC can be applied to either the initial report or to the results of such refin We take three priority levels in our decision about whether and how to [coordinate](https://certcc.github.io/CERT-Guide-to-CVD/tutorials/cvd_is_a_process/) a vulnerability based on an incoming report: -!!! info "Coordinator Triage Priority" +```python exec="true" idprefix="" +from ssvc.decision_tables.ssvc.coord_triage import LATEST as DT +from ssvc.doc_helpers import example_block - | Triage Priority | Description | - | :--- | :---------- | - | Decline | Do not act on the report. | - | Track | Receive information about the vulnerability and monitor for status changes but do not take any overt actions. | - | Coordinate | Take action on the report. “Action” may include any one or more of: technical analysis, reproduction, notifying vendors, publication, and assist another party. | +dp = DT.decision_points[DT.outcome] +print(example_block(dp)) +``` - *Decline* — Do not act on the report. May take different forms, including ignoring the report as well as an acknowledgement to the reporter that we will not act and suggest the reporter to go to vendor or publish if unresponsive. @@ -42,8 +42,12 @@ a vulnerability based on an incoming report: - *Coordinate* — Take action on the report. “Action” may include any one or more of: technical analysis, reproduction, notifying vendors, lead coordination (notify, communicate, and publish), publish only (amplify public message), advise only, secondary coordinator (assist another lead coordinator). - See the [FIRST CSIRT Services Framework](https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1#7-Service-Area-Vulnerability-Management) - for additional vulnerability management services a coordinator may provide. + +!!! tip "FIRST CSIRT Services Framework" + + The [FIRST CSIRT Services Framework](https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1#7-Service-Area-Vulnerability-Management) + describes the services that a coordinator may provide in the area of vulnerability management. + It includes services such as vulnerability coordination, vulnerability analysis, and vulnerability reporting. ## Coordinator Triage Decision Points @@ -82,16 +86,10 @@ The remaining five decision points are: More detail about each of these decision points is provided at the links above, here we provide a brief summary of each. ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc.report_public import LATEST as RP -from ssvc.decision_points.ssvc.supplier_contacted import LATEST as SC -from ssvc.decision_points.ssvc.report_credibility import LATEST as RC -from ssvc.decision_points.ssvc.supplier_cardinality import LATEST as SI -from ssvc.decision_points.ssvc.supplier_engagement import LATEST as SE -from ssvc.decision_points.ssvc.utility import LATEST as U -from ssvc.decision_points.ssvc.public_safety_impact import LATEST as PSI +from ssvc.decision_tables.ssvc.coord_triage import LATEST as DT from ssvc.doc_helpers import example_block -for dp in [RP, SC, RC, SI, SE, U, PSI]: +for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: print(example_block(dp)) ``` @@ -105,24 +103,33 @@ Other coordinators should consider customizing the tree to their needs, as descr CISA has customized an SSVC decision model to suit their coordination needs. It is available at [https://www.cisa.gov/ssvc](https://www.cisa.gov/ssvc). +### Decision Model Visualization + +The following diagram shows the decision model for the coordinator triage decision. + ```python exec="true" idprefix="" from ssvc.decision_tables.ssvc.coord_triage import LATEST as DT -from ssvc.decision_tables._mermaid import mapping2mermaid +from ssvc.decision_tables.helpers import mapping2mermaid, mermaid_title_from_dt rows = DT.mapping -title = f"{DT.name} Decision Table ({DT.namespace}:{DT.key}:{DT.version})" -print(mapping2mermaid(rows,title=title)) +title = mermaid_title_from_dt(DT) +print(mapping2mermaid(rows, title=title)) ``` - ### Table of Values +The table below shows the values for the decision model. +Each row of the table corresponds to a path through the decision model diagram above. + {% include-markdown "../_includes/_scrollable_table.md" heading-offset=1 %} - -{{ read_csv('coord-triage-options.csv') }} +```python exec="true" idprefix="" + +from ssvc.decision_tables.ssvc.coord_triage import LATEST as DT +from ssvc.decision_tables.helpers import dt2df_md + +print(dt2df_md(DT)) +``` + + diff --git a/docs/howto/deployer_tree.md b/docs/howto/deployer_tree.md index ffbde896..f3321559 100644 --- a/docs/howto/deployer_tree.md +++ b/docs/howto/deployer_tree.md @@ -48,14 +48,22 @@ A deployer's decision centers on with what priority to deploy a given remediatio Similar to the [Supplier](supplier_tree.md) case, we consider four categories of priority, as outlined in the table below. While we've used the same priority names, the meaning of the priority may have different implications for the deployer than for the supplier. -!!! note "Patch Deployer Priority" +```python exec="true" idprefix="" +from ssvc.decision_tables.ssvc.deployer_dt import LATEST as DT +from ssvc.doc_helpers import example_block + +dp = DT.decision_points[DT.outcome] +print(example_block(dp)) +``` - | Deployer Priority | Description | - | :--- | :---------- | - | Defer | Do not act at present. | - | Scheduled | Act during regularly scheduled maintenance time. | - | Out-of-cycle | Act more quickly than usual to apply the mitigation or remediation out-of-cycle, during the next available opportunity, working overtime if necessary. | - | Immediate | Act immediately; focus all resources on applying the fix as quickly as possible, including, if necessary, pausing regular organization operations. | +A more specific interpretation for the priority levels for deployers is as follows: + +| Deployer Priority | Description | +| :--- | :---------- | +| Defer | Do not act at present. | +| Scheduled | Act during regularly scheduled maintenance time. | +| Out-of-cycle | Act more quickly than usual to apply the mitigation or remediation out-of-cycle, during the next available opportunity, working overtime if necessary. | +| Immediate | Act immediately; focus all resources on applying the fix as quickly as possible, including, if necessary, pausing regular organization operations. | When remediation is available, usually the action is to apply it. When remediation is not yet available, the action space is more diverse, but it should involve mitigating the vulnerability @@ -113,13 +121,10 @@ The Deployer Patch Deployment Priority decision model uses the following decisio More detail about each of these decision points is provided at the links above, here we provide a brief summary of each. ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc.exploitation import LATEST as EXP -from ssvc.decision_points.ssvc.system_exposure import LATEST as SE -from ssvc.decision_points.ssvc.utility import LATEST as U -from ssvc.decision_points.ssvc.human_impact import LATEST as HI +from ssvc.decision_tables.ssvc.deployer_dt import LATEST as DT from ssvc.doc_helpers import example_block -for dp in [EXP, SE, U, HI]: +for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: print(example_block(dp)) ``` @@ -136,14 +141,29 @@ Below we provide an example deployer prioritization policy that maps the decisio - An [_active_](../reference/decision_points/exploitation.md) state of [*Exploitation*](../reference/decision_points/exploitation.md) will never result in a *defer* priority. - A [_none_](../reference/decision_points/exploitation.md) state of [*Exploitation*](../reference/decision_points/exploitation.md) (no evidence of exploitation) will result in either *defer* or *scheduled* priority—unless the state of [*Human Impact*](../reference/decision_points/human_impact.md) is [_very high_](../reference/decision_points/human_impact.md), resulting in an *out-of-cycle* priority. -{% include-markdown "../_includes/_tree_notation_tip.md" %} +### Decision Model Visualization + +The following diagram shows the decision model for the deployer decision. - +```python exec="true" idprefix="" +from ssvc.decision_tables.ssvc.deployer_dt import LATEST as DT +from ssvc.decision_tables.helpers import mapping2mermaid, mermaid_title_from_dt + +rows = DT.mapping +title = mermaid_title_from_dt(DT) +print(mapping2mermaid(rows, title=title)) +``` ### Table of Values - -{{ read_csv('deployer-options.csv') }} +The table below shows the values for the decision model. +Each row of the table corresponds to a path through the decision model diagram above. + + +```python exec="true" idprefix="" + +from ssvc.decision_tables.ssvc.deployer_dt import LATEST as DT +from ssvc.decision_tables.helpers import dt2df_md + +print(dt2df_md(DT)) +``` diff --git a/docs/howto/publication_decision.md b/docs/howto/publication_decision.md index 739b3b88..1329e9e4 100644 --- a/docs/howto/publication_decision.md +++ b/docs/howto/publication_decision.md @@ -88,12 +88,13 @@ based on some other criteria. For the CERT/CC, the publication decision is binary: publish or do not publish. -!!! note "Coordinator Publish Priority" +```python exec="true" idprefix="" +from ssvc.decision_tables.ssvc.coord_pub_dt import LATEST as DT +from ssvc.doc_helpers import example_block - | Publish Priority | Description | - | :--- | :---------- | - | Do not publish | Do not publish information about the vulnerability. | - | Publish | Publish information about the vulnerability. | +dp = DT.decision_points[DT.outcome] +print(example_block(dp)) +``` !!! tip "The Publication Decision is Time Sensitive" @@ -133,14 +134,12 @@ and adds two new ones ([*Supplier Involvement*](../reference/decision_points/sup More detail about each of these decision points is provided at the links above, here we provide a brief summary of each. ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc.supplier_involvement import LATEST as SI -from ssvc.decision_points.ssvc.exploitation import LATEST as EXP -from ssvc.decision_points.ssvc.public_value_added import LATEST as PVA - +from ssvc.decision_tables.ssvc.coord_pub_dt import LATEST as DT from ssvc.doc_helpers import example_block -for dp in [SI, EXP, PVA]: +for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: print(example_block(dp)) + ``` ## Coordinator Publication Decision Model @@ -149,124 +148,25 @@ An example coordinator publication decision model is shown below. The policy des publication decisions. Other organizations may have different publication criteria and may want to include other decision points in their publication decision model. - - - - -|fix ready| e1 - si -->|cooperative| e2 - si -->|uncooperative/
unresponsive| e3 - va1[Value
Added] - va2[Value
Added] - va3[Value
Added] - e1 -->|none| va1 - e1 -->|PoC| va2 - e1 -->|active| va3 - va4[Value
Added] - va5[Value
Added] - va6[Value
Added] - e2 -->|none| va4 - e2 -->|PoC| va5 - e2 -->|active| va6 - va7[Value
Added] - va8[Value
Added] - va9[Value
Added] - e3 -->|none| va7 - e3 -->|PoC| va8 - e3 -->|active| va9 - - p1[Publish] - p2[Don't Publish] - p3[Don't Publish] - - p4[Publish] - p5[Don't Publish] - p6[Don't Publish] - - p7[Publish] - p8[Publish] - p9[Don't Publish] - - p10[Publish] - p11[Don't Publish] - p12[Don't Publish] - - p13[Publish] - p14[Don't Publish] - p15[Don't Publish] - - p16[Publish] - p17[Publish] - p18[Don't Publish] - - p19[Publish] - p20[Don't Publish] - p21[Don't Publish] - - p22[Publish] - p23[Publish] - p24[Don't Publish] - - p25[Publish] - p26[Publish] - p27[Don't Publish] - - va1 -->|precedence| p1 - va1 -->|ampliative| p2 - va1 -->|limited| p3 - - va2 -->|precedence| p4 - va2 -->|ampliative| p5 - va2 -->|limited| p6 - - va3 -->|precedence| p7 - va3 -->|ampliative| p8 - va3 -->|limited| p9 - - va4 -->|precedence| p10 - va4 -->|ampliative| p11 - va4 -->|limited| p12 - - va5 -->|precedence| p13 - va5 -->|ampliative| p14 - va5 -->|limited| p15 - - va6 -->|precedence| p16 - va6 -->|ampliative| p17 - va6 -->|limited| p18 - - va7 -->|precedence| p19 - va7 -->|ampliative| p20 - va7 -->|limited| p21 - - va8 -->|precedence| p22 - va8 -->|ampliative| p23 - va8 -->|limited| p24 - - va9 -->|precedence| p25 - va9 -->|ampliative| p26 - va9 -->|limited| p27 +```python exec="true" idprefix="" +from ssvc.decision_tables.ssvc.coord_pub_dt import LATEST as DT +from ssvc.decision_tables.helpers import mapping2mermaid, mermaid_title_from_dt +rows = DT.mapping +title = mermaid_title_from_dt(DT) +print(mapping2mermaid(rows, title=title)) ``` ---> + ### Table of Values - -{{ read_csv('coord-publish-options.csv') }} +The table below shows the values for the decision model. +Each row of the table corresponds to a path through the decision model diagram above. + + +```python exec="true" idprefix="" +from ssvc.decision_tables.ssvc.coord_pub_dt import LATEST as DT +from ssvc.decision_tables.helpers import dt2df_md + +print(dt2df_md(DT)) +``` diff --git a/docs/howto/supplier_tree.md b/docs/howto/supplier_tree.md index 3d1c2384..2e38ce37 100644 --- a/docs/howto/supplier_tree.md +++ b/docs/howto/supplier_tree.md @@ -51,14 +51,23 @@ The organization considers several other factors to build the patch; refactoring be necessary for some patches, while others require relatively small changes. We focus only on the priority of building the patch, and we consider four categories of priority, as outlined in the table below. -!!! note "Patch Supplier Priority" - | Supplier Priority | Description | - | :--- | :---------- | - | Defer | Do not work on the patch at present. | - | Scheduled | Develop a fix within regularly scheduled maintenance using supplier resources as normal. | - | Out-of-Cycle | Develop mitigation or remediation out-of-cycle, taking resources away from other projects and releasing the fix as a security patch when it is ready. | - | Immediate | Develop and release a fix as quickly as possible, drawing on all available resources, potentially including drawing on or coordinating resources from other parts of the organization. | +```python exec="true" idprefix="" +from ssvc.decision_tables.ssvc.supplier_dt import LATEST as DT +from ssvc.doc_helpers import example_block + +dp = DT.decision_points[DT.outcome] +print(example_block(dp)) +``` + +A more specific interpretation for the priority levels for suppliers is as follows: + +| Supplier Priority | Description | +| :--- | :---------- | +| Defer | Do not work on the patch at present. | +| Scheduled | Develop a fix within regularly scheduled maintenance using supplier resources as normal. | +| Out-of-Cycle | Develop mitigation or remediation out-of-cycle, taking resources away from other projects and releasing the fix as a security patch when it is ready. | +| Immediate | Develop and release a fix as quickly as possible, drawing on all available resources, potentially including drawing on or coordinating resources from other parts of the organization. | ## Supplier Decision Points @@ -72,14 +81,10 @@ The decision to create a patch is based on the following decision points: More detail about each of these decision points is provided at the links above, here we provide a brief summary of each. ```python exec="true" idprefix="" -from ssvc.decision_points.ssvc.exploitation import LATEST as EXP -from ssvc.decision_points.ssvc.utility import LATEST as U -from ssvc.decision_points.ssvc.technical_impact import LATEST as TI -from ssvc.decision_points.ssvc.public_safety_impact import LATEST as PSI - +from ssvc.decision_tables.ssvc.supplier_dt import LATEST as DT from ssvc.doc_helpers import example_block -for dp in [EXP, U, TI, PSI]: +for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: print(example_block(dp)) ``` @@ -94,13 +99,28 @@ The example supplier decision model below shows a prioritization policy for the We display the decision model as a decision tree, which provides a compact representation of the policy, showing the relative priority of different situations. -{% include-markdown "../_includes/_tree_notation_tip.md" %} +```python exec="true" idprefix="" +from ssvc.decision_tables.ssvc.supplier_dt import LATEST as DT +from ssvc.decision_tables.helpers import mapping2mermaid, mermaid_title_from_dt - +rows = DT.mapping +title = mermaid_title_from_dt(DT) +print(mapping2mermaid(rows, title=title)) +``` ### Table of Values - -{{ read_csv('supplier-options.csv') }} + +The table below shows the values for the decision model. +Each row of the table corresponds to a path through the decision model diagram above. + +% include-markdown "../_includes/_scrollable_table.md" heading-offset=1 %} + + +```python exec="true" idprefix="" + +from ssvc.decision_tables.ssvc.supplier_dt import LATEST as DT +from ssvc.decision_tables.helpers import dt2df_md + +print(dt2df_md(DT)) +``` diff --git a/src/ssvc/decision_tables/_mermaid.py b/src/ssvc/decision_tables/_mermaid.py index da551d78..e105b914 100644 --- a/src/ssvc/decision_tables/_mermaid.py +++ b/src/ssvc/decision_tables/_mermaid.py @@ -5,7 +5,6 @@ created_at: 8/13/25 4:29 PM """ - # Copyright (c) 2025 Carnegie Mellon University. # NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE # ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. @@ -25,113 +24,26 @@ # subject to its own license. # DM24-0278 -EDGE_LIMIT = 500 - - -def _mapping2mermaid(mapping: list[dict[str:str]], title: str = None) -> str: - """ - Convert a decision table mapping to a Mermaid graph. - Args: - mapping (list[dict[str:str]]): A list of dictionaries representing the decision table mapping. - Each dictionary corresponds to a row in the table, with keys as column names and values as cell values. - Each row should have the same keys, representing the columns of the decision table. - Returns: - str: A string containing a markdown Mermaid graph representation, including the code block markers. - """ - lines = [ - "```mermaid", - ] - if title is not None: - # add the yaml front matter for the title - lines.extend(["---", f"title: {title}", "---"]) - - lines.extend(["graph LR", "n1(( ))"]) - columns = list(mapping[0].keys()) - - node_ids = {} # (col_idx, path_tuple) -> node_id - seen_edges = set() # (parent_id, child_id) - - # Build subgraphs + nodes - for col_idx, col in enumerate(columns): - subgraph_name = f's{col_idx+1}["{col}"]' - lines.append(f"subgraph {subgraph_name}") - seen_paths = set() - for row in mapping: - path = tuple(row[columns[i]] for i in range(col_idx + 1)) - if path in seen_paths: - continue - seen_paths.add(path) - node_id = "_".join(path) + f"_L{col_idx}" - # future: if you want to label the nodes, do that here - label = row[columns[col_idx]] - lines.append(f"{node_id}([{label}])") - node_ids[(col_idx, path)] = node_id - lines.append("end") - - # Root → level 0 - for row in mapping: - path = (row[columns[0]],) - child_id = node_ids[(0, path)] - edge = ("n1", child_id) - if edge not in seen_edges: - lines.append(f"{edge[0]} --- {edge[1]}") - seen_edges.add(edge) - - # Level k-1 → level k - for row in mapping: - for col_idx in range(1, len(columns)): - parent_path = tuple(row[columns[i]] for i in range(col_idx)) - child_path = parent_path + (row[columns[col_idx]],) - parent_id = node_ids[(col_idx - 1, parent_path)] - child_id = node_ids[(col_idx, child_path)] - edge = (parent_id, child_id) - if edge not in seen_edges: - # future: if you want to label the links, do that here - lines.append(f"{parent_id} --- {child_id}") - seen_edges.add(edge) - if len(seen_edges) > EDGE_LIMIT: - raise ValueError( - f"Too many edges in the graph: Limit={EDGE_LIMIT}." - "Consider filtering the mapping to reduce complexity." - ) +from ssvc.decision_tables.helpers import mapping2mermaid - # Close the graph - lines.append("```") - lines.append("") - return "\n".join(lines) - - -def mapping2mermaid(rows: list[dict[str:str]], title: str = None) -> str: - """ - Convert a decision table mapping to a Mermaid graph. - Args: - rows (list[dict[str:str]]): A list of dictionaries representing the decision table mapping. - Each dictionary corresponds to a row in the table, with keys as column names and values as cell values. - Each row should have the same keys, representing the columns of the decision table. - Returns: - str: A string containing a markdown Mermaid graph representation, including the code block markers. - """ - try: - return _mapping2mermaid(rows) - except ValueError as e: - # graph is too big, split it into smaller graphs - # one graph per value in the first column - first_col = list(rows[0].keys())[0] - diagrams = [] - uniq_values = set(row[first_col] for row in rows) - for value in uniq_values: - filtered_rows = [row for row in rows if row[first_col] == value] - if not filtered_rows: - continue - try: - diagram = _mapping2mermaid( - filtered_rows, title=f"{title} - {first_col}:{value}" - ) - diagrams.append(diagram) - except ValueError as e: - print(f"Skipping {value} due to error: {e}") - - return "\n\n".join(diagrams) if diagrams else "No valid diagrams generated." +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 # Example diff --git a/src/ssvc/decision_tables/helpers.py b/src/ssvc/decision_tables/helpers.py index 31a37e4f..27864148 100644 --- a/src/ssvc/decision_tables/helpers.py +++ b/src/ssvc/decision_tables/helpers.py @@ -30,6 +30,9 @@ ) +EDGE_LIMIT = 500 + + def write_csv( decision_table: "DecisionTable", csvfile: str, @@ -75,10 +78,147 @@ def print_dt_version(dt: DecisionTable, longform=True) -> None: print(df.to_csv(index=False)) -def main(): - pass +def _mapping2mermaid(mapping: list[dict[str:str]], title: str = None) -> str: + """ + Convert a decision table mapping to a Mermaid graph. + Args: + mapping (list[dict[str:str]]): A list of dictionaries representing the decision table mapping. + Each dictionary corresponds to a row in the table, with keys as column names and values as cell values. + Each row should have the same keys, representing the columns of the decision table. + Returns: + str: A string containing a markdown Mermaid graph representation, including the code block markers. + """ + lines = [ + "```mermaid", + ] + if title is not None: + # add the yaml front matter for the title + lines.extend(["---", f"title: {title}", "---"]) + + lines.extend(["graph LR", "n1(( ))"]) + columns = list(mapping[0].keys()) + + node_ids = {} # (col_idx, path_tuple) -> node_id + seen_edges = set() # (parent_id, child_id) + + # Build subgraphs + nodes + for col_idx, col in enumerate(columns): + subgraph_name = f's{col_idx+1}["{col}"]' + lines.append(f"subgraph {subgraph_name}") + seen_paths = set() + for row in mapping: + path = tuple(row[columns[i]] for i in range(col_idx + 1)) + if path in seen_paths: + continue + seen_paths.add(path) + node_id = "_".join(path) + f"_L{col_idx}" + # future: if you want to label the nodes, do that here + label = row[columns[col_idx]] + lines.append(f"{node_id}([{label}])") + node_ids[(col_idx, path)] = node_id + lines.append("end") + + # Root → level 0 + for row in mapping: + path = (row[columns[0]],) + child_id = node_ids[(0, path)] + edge = ("n1", child_id) + if edge not in seen_edges: + lines.append(f"{edge[0]} --- {edge[1]}") + seen_edges.add(edge) + + # Level k-1 → level k + for row in mapping: + for col_idx in range(1, len(columns)): + parent_path = tuple(row[columns[i]] for i in range(col_idx)) + child_path = parent_path + (row[columns[col_idx]],) + parent_id = node_ids[(col_idx - 1, parent_path)] + child_id = node_ids[(col_idx, child_path)] + edge = (parent_id, child_id) + if edge not in seen_edges: + # future: if you want to label the links, do that here + lines.append(f"{parent_id} --- {child_id}") + seen_edges.add(edge) + if len(seen_edges) > EDGE_LIMIT: + raise ValueError( + f"Too many edges in the graph: Limit={EDGE_LIMIT}." + "Consider filtering the mapping to reduce complexity." + ) + + # Close the graph + lines.append("```") + lines.append("") + return "\n".join(lines) + + +def mermaid_title_from_dt(dt: "DecisionTable") -> str: + return f"{dt.name} Decision Table ({dt.namespace}:{dt.key}:{dt.version})" + + +def mapping2mermaid(rows: list[dict[str:str]], title: str = None) -> str: + """ + Convert a decision table mapping to a Mermaid graph. + Args: + rows (list[dict[str:str]]): A list of dictionaries representing the decision table mapping. + Each dictionary corresponds to a row in the table, with keys as column names and values as cell values. + Each row should have the same keys, representing the columns of the decision table. + Returns: + str: A string containing a markdown Mermaid graph representation, including the code block markers. + """ + try: + return _mapping2mermaid(rows, title=title) + except ValueError as e: + # graph is too big, split it into smaller graphs + # one graph per value in the first column + first_col = list(rows[0].keys())[0] + diagrams = [] + + # find unique values but keep them in order of appearance + _uniq_set = set() + uniq_values = [] + for row in rows: + if row[first_col] in _uniq_set: + continue + _uniq_set.add(row[first_col]) + uniq_values.append(row[first_col]) + + for value in uniq_values: + filtered_rows = [row for row in rows if row[first_col] == value] + if not filtered_rows: + continue + try: + diagram = _mapping2mermaid( + filtered_rows, title=f"{title} - {first_col}:{value}" + ) + diagrams.append(diagram) + except ValueError as e: + print(f"Skipping {value} due to error: {e}") + + return "\n\n".join(diagrams) if diagrams else "No valid diagrams generated." + + +def dt2df_md( + dt: "DecisionTable", + longform: bool = True, +) -> str: + """ + Convert a decision table to a DataFrame. + Args: + decision_table (DecisionTable): The decision table to convert. + longform (bool): Whether to return the longform or shortform DataFrame. + Returns: + str: A string representation of the DataFrame in CSV format. + """ + if longform: + df = decision_table_to_longform_df(dt) + else: + df = decision_table_to_shortform_df(dt) + df.index.rename("Row", inplace=True) + return df.to_markdown(index=True) -if __name__ == "__main__": - main() + def main(): + pass + if __name__ == "__main__": + main() diff --git a/src/ssvc/decision_tables/ssvc/coord_triage.py b/src/ssvc/decision_tables/ssvc/coord_triage.py index e4c7c391..7c655d83 100644 --- a/src/ssvc/decision_tables/ssvc/coord_triage.py +++ b/src/ssvc/decision_tables/ssvc/coord_triage.py @@ -40,7 +40,7 @@ from ssvc.decision_points.ssvc.utility import UTILITY_1_0_1 as Utility from ssvc.decision_tables.base import DecisionTable from ssvc.namespaces import NameSpace -from ssvc.outcomes.ssvc.coordinate import COORDINATE as Outcome +from ssvc.outcomes.ssvc.coordinate import COORDINATE_1_0_1 as Outcome V1_0_0 = DecisionTable( namespace=NameSpace.SSVC, @@ -71,7 +71,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -81,7 +81,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -91,7 +91,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -101,7 +101,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -111,7 +111,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -121,7 +121,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -131,7 +131,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -141,7 +141,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -151,7 +151,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -161,7 +161,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -171,7 +171,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -181,7 +181,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -191,7 +191,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -201,7 +201,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -211,7 +211,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -221,7 +221,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -231,7 +231,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -241,7 +241,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -251,7 +251,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -261,7 +261,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -271,7 +271,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -281,7 +281,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -291,7 +291,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -301,7 +301,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -311,7 +311,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -321,7 +321,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -331,7 +331,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -341,7 +341,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -351,7 +351,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -361,7 +361,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -371,7 +371,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -381,7 +381,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -391,7 +391,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -401,7 +401,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -411,7 +411,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -421,7 +421,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -431,7 +431,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -441,7 +441,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -451,7 +451,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -461,7 +461,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -471,7 +471,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -481,7 +481,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -491,7 +491,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -501,7 +501,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -511,7 +511,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -521,7 +521,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -531,7 +531,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -541,7 +541,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -551,7 +551,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -561,7 +561,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -571,7 +571,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -581,7 +581,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -591,7 +591,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -601,7 +601,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -611,7 +611,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -621,7 +621,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -631,7 +631,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -641,7 +641,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -651,7 +651,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -661,7 +661,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -671,7 +671,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -681,7 +681,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -691,7 +691,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -701,7 +701,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -711,7 +711,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -721,7 +721,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -731,7 +731,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -741,7 +741,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -751,7 +751,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -761,7 +761,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -771,7 +771,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -781,7 +781,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -791,7 +791,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "T", + "ssvc:COORDINATE:1.0.1": "T", }, { "ssvc:RP:1.0.0": "N", @@ -801,7 +801,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -811,7 +811,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -821,7 +821,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -831,7 +831,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -841,7 +841,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -851,7 +851,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -861,7 +861,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -871,7 +871,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -881,7 +881,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -891,7 +891,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -901,7 +901,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -911,7 +911,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -921,7 +921,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -931,7 +931,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -941,7 +941,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -951,7 +951,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -961,7 +961,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -971,7 +971,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -981,7 +981,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -991,7 +991,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1001,7 +1001,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1011,7 +1011,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1021,7 +1021,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1031,7 +1031,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1041,7 +1041,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T", + "ssvc:COORDINATE:1.0.1": "T", }, { "ssvc:RP:1.0.0": "N", @@ -1051,7 +1051,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1061,7 +1061,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1071,7 +1071,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1081,7 +1081,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1091,7 +1091,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1101,7 +1101,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1111,7 +1111,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1121,7 +1121,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1131,7 +1131,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T", + "ssvc:COORDINATE:1.0.1": "T", }, { "ssvc:RP:1.0.0": "N", @@ -1141,7 +1141,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1151,7 +1151,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1161,7 +1161,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1171,7 +1171,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1181,7 +1181,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1191,7 +1191,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1201,7 +1201,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1211,7 +1211,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1221,7 +1221,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1231,7 +1231,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1241,7 +1241,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1251,7 +1251,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1261,7 +1261,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "Y", @@ -1271,7 +1271,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1281,7 +1281,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1291,7 +1291,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1301,7 +1301,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1311,7 +1311,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1321,7 +1321,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1331,7 +1331,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1341,7 +1341,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1351,7 +1351,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "T", + "ssvc:COORDINATE:1.0.1": "T", }, { "ssvc:RP:1.0.0": "N", @@ -1361,7 +1361,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1371,7 +1371,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1381,7 +1381,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1391,7 +1391,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1401,7 +1401,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1411,7 +1411,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1421,7 +1421,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1431,7 +1431,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1441,7 +1441,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T", + "ssvc:COORDINATE:1.0.1": "T", }, { "ssvc:RP:1.0.0": "N", @@ -1451,7 +1451,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1461,7 +1461,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T", + "ssvc:COORDINATE:1.0.1": "T", }, { "ssvc:RP:1.0.0": "N", @@ -1471,7 +1471,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1481,7 +1481,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1491,7 +1491,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T", + "ssvc:COORDINATE:1.0.1": "T", }, { "ssvc:RP:1.0.0": "N", @@ -1501,7 +1501,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T", + "ssvc:COORDINATE:1.0.1": "T", }, { "ssvc:RP:1.0.0": "N", @@ -1511,7 +1511,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1521,7 +1521,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1531,7 +1531,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T", + "ssvc:COORDINATE:1.0.1": "T", }, { "ssvc:RP:1.0.0": "N", @@ -1541,7 +1541,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1551,7 +1551,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1561,7 +1561,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1571,7 +1571,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1581,7 +1581,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1591,7 +1591,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T", + "ssvc:COORDINATE:1.0.1": "T", }, { "ssvc:RP:1.0.0": "N", @@ -1601,7 +1601,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1611,7 +1611,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1621,7 +1621,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "Y", @@ -1631,7 +1631,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "Y", @@ -1641,7 +1641,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1651,7 +1651,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1661,7 +1661,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1671,7 +1671,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1681,7 +1681,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1691,7 +1691,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1701,7 +1701,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1711,7 +1711,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1721,7 +1721,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "T", + "ssvc:COORDINATE:1.0.1": "T", }, { "ssvc:RP:1.0.0": "N", @@ -1731,7 +1731,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1741,7 +1741,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1751,7 +1751,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1761,7 +1761,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T", + "ssvc:COORDINATE:1.0.1": "T", }, { "ssvc:RP:1.0.0": "N", @@ -1771,7 +1771,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1781,7 +1781,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T", + "ssvc:COORDINATE:1.0.1": "T", }, { "ssvc:RP:1.0.0": "N", @@ -1791,7 +1791,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1801,7 +1801,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1811,7 +1811,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T", + "ssvc:COORDINATE:1.0.1": "T", }, { "ssvc:RP:1.0.0": "N", @@ -1821,7 +1821,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1831,7 +1831,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "Y", @@ -1841,7 +1841,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1851,7 +1851,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T", + "ssvc:COORDINATE:1.0.1": "T", }, { "ssvc:RP:1.0.0": "N", @@ -1861,7 +1861,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "Y", @@ -1871,7 +1871,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D", + "ssvc:COORDINATE:1.0.1": "D", }, { "ssvc:RP:1.0.0": "N", @@ -1881,7 +1881,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "Y", @@ -1891,7 +1891,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "Y", @@ -1901,7 +1901,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1911,7 +1911,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1921,7 +1921,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1931,7 +1931,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1941,7 +1941,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1951,7 +1951,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1961,7 +1961,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "Y", @@ -1971,7 +1971,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, { "ssvc:RP:1.0.0": "N", @@ -1981,7 +1981,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C", + "ssvc:COORDINATE:1.0.1": "C", }, ], ) diff --git a/src/ssvc/outcomes/ssvc/coordinate.py b/src/ssvc/outcomes/ssvc/coordinate.py index 136d987e..3b70a0a1 100644 --- a/src/ssvc/outcomes/ssvc/coordinate.py +++ b/src/ssvc/outcomes/ssvc/coordinate.py @@ -26,6 +26,21 @@ _COORDINATE = DecisionPointValue(name="Coordinate", key="C", description="Coordinate") +_DECLINE_2 = DecisionPointValue( + name="Decline", key="D", description="Do not act on the report." +) +_TRACK_2 = DecisionPointValue( + name="Track", + key="T", + description="Receive information about the vulnerability and monitor for status changes but do not take any overt actions.", +) + +_COORDINATE_2 = DecisionPointValue( + name="Coordinate", + key="C", + description="Take action on the report.", +) + COORDINATE = SsvcDecisionPoint( name="Decline, Track, Coordinate", key="COORDINATE", @@ -41,7 +56,21 @@ The coordinate outcome group. """ -VERSIONS = (COORDINATE,) + +COORDINATE_1_0_1 = SsvcDecisionPoint( + name="Decline, Track, Coordinate", + key="COORDINATE", + description="The coordinate outcome group.", + version="1.0.1", + values=( + _DECLINE_2, + _TRACK_2, + _COORDINATE_2, + ), +) + + +VERSIONS = (COORDINATE, COORDINATE_1_0_1) LATEST = VERSIONS[-1] From 6a85cead12597344d18f71db2f9cc0c9d482112f Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 18 Aug 2025 14:30:59 -0400 Subject: [PATCH 255/468] update coordinate outcome decision point with descriptions that better match prior documentation --- .../ssvc/decline_track_coordinate_1_0_1.json | 25 + .../ssvc/coordinator_triage_1_0_0.json | 396 ++++++++-------- data/json/ssvc_object_registry.json | 441 ++++++++++-------- 3 files changed, 466 insertions(+), 396 deletions(-) create mode 100644 data/json/decision_points/ssvc/decline_track_coordinate_1_0_1.json diff --git a/data/json/decision_points/ssvc/decline_track_coordinate_1_0_1.json b/data/json/decision_points/ssvc/decline_track_coordinate_1_0_1.json new file mode 100644 index 00000000..ff53fc5d --- /dev/null +++ b/data/json/decision_points/ssvc/decline_track_coordinate_1_0_1.json @@ -0,0 +1,25 @@ +{ + "namespace": "ssvc", + "key": "COORDINATE", + "version": "1.0.1", + "name": "Decline, Track, Coordinate", + "description": "The coordinate outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Decline", + "description": "Do not act on the report." + }, + { + "key": "T", + "name": "Track", + "description": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." + }, + { + "key": "C", + "name": "Coordinate", + "description": "Take action on the report." + } + ] +} diff --git a/data/json/decision_tables/ssvc/coordinator_triage_1_0_0.json b/data/json/decision_tables/ssvc/coordinator_triage_1_0_0.json index d9c32253..016b1d37 100644 --- a/data/json/decision_tables/ssvc/coordinator_triage_1_0_0.json +++ b/data/json/decision_tables/ssvc/coordinator_triage_1_0_0.json @@ -151,10 +151,10 @@ } ] }, - "ssvc:COORDINATE:1.0.0": { + "ssvc:COORDINATE:1.0.1": { "namespace": "ssvc", "key": "COORDINATE", - "version": "1.0.0", + "version": "1.0.1", "name": "Decline, Track, Coordinate", "description": "The coordinate outcome group.", "schemaVersion": "2.0.0", @@ -162,22 +162,22 @@ { "key": "D", "name": "Decline", - "description": "Decline" + "description": "Do not act on the report." }, { "key": "T", "name": "Track", - "description": "Track" + "description": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." }, { "key": "C", "name": "Coordinate", - "description": "Coordinate" + "description": "Take action on the report." } ] } }, - "outcome": "ssvc:COORDINATE:1.0.0", + "outcome": "ssvc:COORDINATE:1.0.1", "mapping": [ { "ssvc:RP:1.0.0": "Y", @@ -187,7 +187,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -197,7 +197,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -207,7 +207,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -217,7 +217,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -227,7 +227,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -237,7 +237,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -247,7 +247,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -257,7 +257,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -267,7 +267,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -277,7 +277,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -287,7 +287,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -297,7 +297,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -307,7 +307,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -317,7 +317,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -327,7 +327,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -337,7 +337,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -347,7 +347,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -357,7 +357,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -367,7 +367,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -377,7 +377,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -387,7 +387,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -397,7 +397,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -407,7 +407,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -417,7 +417,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -427,7 +427,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -437,7 +437,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -447,7 +447,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -457,7 +457,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -467,7 +467,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -477,7 +477,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -487,7 +487,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -497,7 +497,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -507,7 +507,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -517,7 +517,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -527,7 +527,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -537,7 +537,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -547,7 +547,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -557,7 +557,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -567,7 +567,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -577,7 +577,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -587,7 +587,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -597,7 +597,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -607,7 +607,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -617,7 +617,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -627,7 +627,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -637,7 +637,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -647,7 +647,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -657,7 +657,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -667,7 +667,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -677,7 +677,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -687,7 +687,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -697,7 +697,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -707,7 +707,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -717,7 +717,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -727,7 +727,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -737,7 +737,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -747,7 +747,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -757,7 +757,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -767,7 +767,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -777,7 +777,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -787,7 +787,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -797,7 +797,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -807,7 +807,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -817,7 +817,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -827,7 +827,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -837,7 +837,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -847,7 +847,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -857,7 +857,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -867,7 +867,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -877,7 +877,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -887,7 +887,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -897,7 +897,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -907,7 +907,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -917,7 +917,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -927,7 +927,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -937,7 +937,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -947,7 +947,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -957,7 +957,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -967,7 +967,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -977,7 +977,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -987,7 +987,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -997,7 +997,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1007,7 +1007,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1017,7 +1017,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1027,7 +1027,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1037,7 +1037,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1047,7 +1047,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1057,7 +1057,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1067,7 +1067,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1077,7 +1077,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1087,7 +1087,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1097,7 +1097,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1107,7 +1107,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1117,7 +1117,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1127,7 +1127,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1137,7 +1137,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1147,7 +1147,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1157,7 +1157,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -1167,7 +1167,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1177,7 +1177,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1187,7 +1187,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1197,7 +1197,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1207,7 +1207,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1217,7 +1217,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1227,7 +1227,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1237,7 +1237,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1247,7 +1247,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -1257,7 +1257,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1267,7 +1267,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1277,7 +1277,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1287,7 +1287,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1297,7 +1297,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1307,7 +1307,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1317,7 +1317,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1327,7 +1327,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1337,7 +1337,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1347,7 +1347,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1357,7 +1357,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1367,7 +1367,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1377,7 +1377,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "Y", @@ -1387,7 +1387,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1397,7 +1397,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -1407,7 +1407,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1417,7 +1417,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -1427,7 +1427,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1437,7 +1437,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1447,7 +1447,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1457,7 +1457,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1467,7 +1467,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -1477,7 +1477,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1487,7 +1487,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1497,7 +1497,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1507,7 +1507,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1517,7 +1517,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1527,7 +1527,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1537,7 +1537,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1547,7 +1547,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1557,7 +1557,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -1567,7 +1567,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -1577,7 +1577,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -1587,7 +1587,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1597,7 +1597,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1607,7 +1607,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -1617,7 +1617,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -1627,7 +1627,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1637,7 +1637,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1647,7 +1647,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -1657,7 +1657,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1667,7 +1667,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1677,7 +1677,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1687,7 +1687,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1697,7 +1697,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1707,7 +1707,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -1717,7 +1717,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1727,7 +1727,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1737,7 +1737,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "Y", @@ -1747,7 +1747,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "Y", @@ -1757,7 +1757,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -1767,7 +1767,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1777,7 +1777,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1787,7 +1787,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1797,7 +1797,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -1807,7 +1807,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -1817,7 +1817,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -1827,7 +1827,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -1837,7 +1837,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -1847,7 +1847,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1857,7 +1857,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1867,7 +1867,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -1877,7 +1877,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -1887,7 +1887,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -1897,7 +1897,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -1907,7 +1907,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1917,7 +1917,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1927,7 +1927,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -1937,7 +1937,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -1947,7 +1947,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "Y", @@ -1957,7 +1957,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -1967,7 +1967,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -1977,7 +1977,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -1987,7 +1987,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -1997,7 +1997,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "Y", @@ -2007,7 +2007,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "Y", @@ -2017,7 +2017,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -2027,7 +2027,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -2037,7 +2037,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -2047,7 +2047,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -2057,7 +2057,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -2067,7 +2067,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -2077,7 +2077,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "Y", @@ -2087,7 +2087,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -2097,7 +2097,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" } ] } diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index 237fb21d..43d62cd8 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -6621,6 +6621,51 @@ "description": "Coordinate" } } + }, + "1.0.1": { + "version": "1.0.1", + "obj": { + "namespace": "ssvc", + "key": "COORDINATE", + "version": "1.0.1", + "name": "Decline, Track, Coordinate", + "description": "The coordinate outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Decline", + "description": "Do not act on the report." + }, + { + "key": "T", + "name": "Track", + "description": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." + }, + { + "key": "C", + "name": "Coordinate", + "description": "Take action on the report." + } + ] + }, + "values": { + "D": { + "key": "D", + "name": "Decline", + "description": "Do not act on the report." + }, + "T": { + "key": "T", + "name": "Track", + "description": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." + }, + "C": { + "key": "C", + "name": "Coordinate", + "description": "Take action on the report." + } + } } } }, @@ -18627,10 +18672,10 @@ } ] }, - "ssvc:COORDINATE:1.0.0": { + "ssvc:COORDINATE:1.0.1": { "namespace": "ssvc", "key": "COORDINATE", - "version": "1.0.0", + "version": "1.0.1", "name": "Decline, Track, Coordinate", "description": "The coordinate outcome group.", "schemaVersion": "2.0.0", @@ -18638,22 +18683,22 @@ { "key": "D", "name": "Decline", - "description": "Decline" + "description": "Do not act on the report." }, { "key": "T", "name": "Track", - "description": "Track" + "description": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." }, { "key": "C", "name": "Coordinate", - "description": "Coordinate" + "description": "Take action on the report." } ] } }, - "outcome": "ssvc:COORDINATE:1.0.0", + "outcome": "ssvc:COORDINATE:1.0.1", "mapping": [ { "ssvc:RP:1.0.0": "Y", @@ -18663,7 +18708,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -18673,7 +18718,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18683,7 +18728,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18693,7 +18738,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18703,7 +18748,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18713,7 +18758,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18723,7 +18768,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18733,7 +18778,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -18743,7 +18788,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -18753,7 +18798,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18763,7 +18808,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -18773,7 +18818,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18783,7 +18828,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18793,7 +18838,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -18803,7 +18848,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18813,7 +18858,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18823,7 +18868,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18833,7 +18878,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -18843,7 +18888,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18853,7 +18898,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18863,7 +18908,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18873,7 +18918,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18883,7 +18928,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18893,7 +18938,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -18903,7 +18948,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18913,7 +18958,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18923,7 +18968,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18933,7 +18978,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18943,7 +18988,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18953,7 +18998,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -18963,7 +19008,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -18973,7 +19018,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -18983,7 +19028,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -18993,7 +19038,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19003,7 +19048,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19013,7 +19058,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19023,7 +19068,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19033,7 +19078,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19043,7 +19088,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19053,7 +19098,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19063,7 +19108,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19073,7 +19118,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19083,7 +19128,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19093,7 +19138,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19103,7 +19148,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19113,7 +19158,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19123,7 +19168,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19133,7 +19178,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19143,7 +19188,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19153,7 +19198,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19163,7 +19208,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19173,7 +19218,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19183,7 +19228,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19193,7 +19238,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19203,7 +19248,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19213,7 +19258,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19223,7 +19268,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19233,7 +19278,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19243,7 +19288,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19253,7 +19298,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19263,7 +19308,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19273,7 +19318,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19283,7 +19328,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19293,7 +19338,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19303,7 +19348,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19313,7 +19358,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19323,7 +19368,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19333,7 +19378,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19343,7 +19388,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19353,7 +19398,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19363,7 +19408,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19373,7 +19418,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19383,7 +19428,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -19393,7 +19438,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19403,7 +19448,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19413,7 +19458,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19423,7 +19468,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19433,7 +19478,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19443,7 +19488,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19453,7 +19498,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19463,7 +19508,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19473,7 +19518,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19483,7 +19528,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19493,7 +19538,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19503,7 +19548,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19513,7 +19558,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19523,7 +19568,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19533,7 +19578,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19543,7 +19588,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19553,7 +19598,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19563,7 +19608,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19573,7 +19618,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19583,7 +19628,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19593,7 +19638,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19603,7 +19648,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19613,7 +19658,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19623,7 +19668,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19633,7 +19678,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -19643,7 +19688,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19653,7 +19698,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19663,7 +19708,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19673,7 +19718,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19683,7 +19728,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19693,7 +19738,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19703,7 +19748,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19713,7 +19758,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19723,7 +19768,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -19733,7 +19778,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19743,7 +19788,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19753,7 +19798,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19763,7 +19808,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19773,7 +19818,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19783,7 +19828,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19793,7 +19838,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19803,7 +19848,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19813,7 +19858,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19823,7 +19868,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19833,7 +19878,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19843,7 +19888,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19853,7 +19898,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "Y", @@ -19863,7 +19908,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19873,7 +19918,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -19883,7 +19928,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19893,7 +19938,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -19903,7 +19948,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19913,7 +19958,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19923,7 +19968,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19933,7 +19978,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19943,7 +19988,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -19953,7 +19998,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19963,7 +20008,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19973,7 +20018,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19983,7 +20028,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19993,7 +20038,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -20003,7 +20048,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -20013,7 +20058,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -20023,7 +20068,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -20033,7 +20078,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -20043,7 +20088,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -20053,7 +20098,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -20063,7 +20108,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -20073,7 +20118,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -20083,7 +20128,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -20093,7 +20138,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -20103,7 +20148,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -20113,7 +20158,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -20123,7 +20168,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -20133,7 +20178,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -20143,7 +20188,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -20153,7 +20198,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -20163,7 +20208,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -20173,7 +20218,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -20183,7 +20228,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -20193,7 +20238,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -20203,7 +20248,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -20213,7 +20258,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "Y", @@ -20223,7 +20268,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "Y", @@ -20233,7 +20278,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -20243,7 +20288,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -20253,7 +20298,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -20263,7 +20308,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -20273,7 +20318,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -20283,7 +20328,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -20293,7 +20338,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -20303,7 +20348,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -20313,7 +20358,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -20323,7 +20368,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -20333,7 +20378,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -20343,7 +20388,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -20353,7 +20398,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -20363,7 +20408,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -20373,7 +20418,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -20383,7 +20428,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -20393,7 +20438,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -20403,7 +20448,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -20413,7 +20458,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -20423,7 +20468,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "Y", @@ -20433,7 +20478,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -20443,7 +20488,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "T" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -20453,7 +20498,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -20463,7 +20508,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "D" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -20473,7 +20518,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "Y", @@ -20483,7 +20528,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "Y", @@ -20493,7 +20538,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -20503,7 +20548,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -20513,7 +20558,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -20523,7 +20568,7 @@ "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -20533,7 +20578,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -20543,7 +20588,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -20553,7 +20598,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "Y", @@ -20563,7 +20608,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" }, { "ssvc:RP:1.0.0": "N", @@ -20573,7 +20618,7 @@ "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.0": "C" + "ssvc:COORDINATE:1.0.1": "C" } ] } From c82851a9739444c582821c2dedccfb46448c7f5a Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 18 Aug 2025 14:29:28 -0400 Subject: [PATCH 256/468] adds cvss v4 decision table documentation --- docs/howto/cvss_v4/eq1.md | 66 +++++++++++ docs/howto/cvss_v4/eq2.md | 66 +++++++++++ docs/howto/cvss_v4/eq3.md | 66 +++++++++++ docs/howto/cvss_v4/eq4.md | 66 +++++++++++ docs/howto/cvss_v4/eq5.md | 66 +++++++++++ docs/howto/cvss_v4/eq6.md | 66 +++++++++++ docs/howto/cvss_v4/index.md | 108 ++++++++++++++++++ docs/howto/cvss_v4/qualitative.md | 101 ++++++++++++++++ mkdocs.yml | 9 ++ .../cvss/qualitative_severity.py | 2 +- src/test/decision_tables/cvss/_v4expected.py | 2 +- 11 files changed, 616 insertions(+), 2 deletions(-) create mode 100644 docs/howto/cvss_v4/eq1.md create mode 100644 docs/howto/cvss_v4/eq2.md create mode 100644 docs/howto/cvss_v4/eq3.md create mode 100644 docs/howto/cvss_v4/eq4.md create mode 100644 docs/howto/cvss_v4/eq5.md create mode 100644 docs/howto/cvss_v4/eq6.md create mode 100644 docs/howto/cvss_v4/index.md create mode 100644 docs/howto/cvss_v4/qualitative.md diff --git a/docs/howto/cvss_v4/eq1.md b/docs/howto/cvss_v4/eq1.md new file mode 100644 index 00000000..c501fb22 --- /dev/null +++ b/docs/howto/cvss_v4/eq1.md @@ -0,0 +1,66 @@ +# CVSS v4 Equivalence Set EQ1 + +Here we describe an example decision model for an analyst assessing the CVSS v4 +equivalence set EQ1. + +## Analyst Units of Work + +!!! info inline end "Analyst Unit of Work" + + The unit of work for an Analyst is a single vulnerability report. + +Analysts are usually tasked with assessing the CVSS score for an individual +vulnerability report. + +## Analyst Decision Outcomes + +The analyst's decision is to choose the appropriate level for CVSS v4 EQ1. + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.equivalence_set_one import LATEST as DT +from ssvc.doc_helpers import example_block + +dp = DT.decision_points[DT.outcome] +print(example_block(dp)) +``` + +## Analyst Decision Points + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.equivalence_set_one import LATEST as DT +from ssvc.doc_helpers import example_block + +for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: + print(example_block(dp)) +``` + +## Analyst Decision Model + +Below we provide an example deployer prioritization policy that maps the decision points just listed to the outcomes described above. + +### Decision Model Visualization + +The following diagram shows the decision model for the EQ1 decision. + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.equivalence_set_one import LATEST as DT +from ssvc.decision_tables.helpers import mapping2mermaid, mermaid_title_from_dt + +rows = DT.mapping +title = mermaid_title_from_dt(DT) +print(mapping2mermaid(rows, title=title)) +``` + +### Table of Values + +The table below shows the values for the decision model. +Each row of the table corresponds to a path through the decision model diagram above. + + +```python exec="true" idprefix="" + +from ssvc.decision_tables.cvss.equivalence_set_one import LATEST as DT +from ssvc.decision_tables.helpers import dt2df_md + +print(dt2df_md(DT)) +``` diff --git a/docs/howto/cvss_v4/eq2.md b/docs/howto/cvss_v4/eq2.md new file mode 100644 index 00000000..4d790c17 --- /dev/null +++ b/docs/howto/cvss_v4/eq2.md @@ -0,0 +1,66 @@ +# CVSS v4 Equivalence Set EQ2 + +Here we describe an example decision model for an analyst assessing the CVSS v4 +equivalence set EQ2. + +## Analyst Units of Work + +!!! info inline end "Analyst Unit of Work" + + The unit of work for an Analyst is a single vulnerability report. + +Analysts are usually tasked with assessing the CVSS score for an individual +vulnerability report. + +## Analyst Decision Outcomes + +The analyst's decision is to choose the appropriate level for CVSS v4 EQ2. + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.equivalence_set_two import LATEST as DT +from ssvc.doc_helpers import example_block + +dp = DT.decision_points[DT.outcome] +print(example_block(dp)) +``` + +## Analyst Decision Points + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.equivalence_set_two import LATEST as DT +from ssvc.doc_helpers import example_block + +for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: + print(example_block(dp)) +``` + +## Analyst Decision Model + +Below we provide an example deployer prioritization policy that maps the decision points just listed to the outcomes described above. + +### Decision Model Visualization + +The following diagram shows the decision model for the EQ2 decision. + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.equivalence_set_two import LATEST as DT +from ssvc.decision_tables.helpers import mapping2mermaid, mermaid_title_from_dt + +rows = DT.mapping +title = mermaid_title_from_dt(DT) +print(mapping2mermaid(rows, title=title)) +``` + +### Table of Values + +The table below shows the values for the decision model. +Each row of the table corresponds to a path through the decision model diagram above. + + +```python exec="true" idprefix="" + +from ssvc.decision_tables.cvss.equivalence_set_two import LATEST as DT +from ssvc.decision_tables.helpers import dt2df_md + +print(dt2df_md(DT)) +``` diff --git a/docs/howto/cvss_v4/eq3.md b/docs/howto/cvss_v4/eq3.md new file mode 100644 index 00000000..2558a49b --- /dev/null +++ b/docs/howto/cvss_v4/eq3.md @@ -0,0 +1,66 @@ +# CVSS v4 Equivalence Set EQ3 + +Here we describe an example decision model for an analyst assessing the CVSS v4 +equivalence set EQ3. + +## Analyst Units of Work + +!!! info inline end "Analyst Unit of Work" + + The unit of work for an Analyst is a single vulnerability report. + +Analysts are usually tasked with assessing the CVSS score for an individual +vulnerability report. + +## Analyst Decision Outcomes + +The analyst's decision is to choose the appropriate level for CVSS v4 EQ3. + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.equivalence_set_three import LATEST as DT +from ssvc.doc_helpers import example_block + +dp = DT.decision_points[DT.outcome] +print(example_block(dp)) +``` + +## Analyst Decision Points + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.equivalence_set_three import LATEST as DT +from ssvc.doc_helpers import example_block + +for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: + print(example_block(dp)) +``` + +## Analyst Decision Model + +Below we provide an example deployer prioritization policy that maps the decision points just listed to the outcomes described above. + +### Decision Model Visualization + +The following diagram shows the decision model for the EQ3 decision. + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.equivalence_set_three import LATEST as DT +from ssvc.decision_tables.helpers import mapping2mermaid, mermaid_title_from_dt + +rows = DT.mapping +title = mermaid_title_from_dt(DT) +print(mapping2mermaid(rows, title=title)) +``` + +### Table of Values + +The table below shows the values for the decision model. +Each row of the table corresponds to a path through the decision model diagram above. + + +```python exec="true" idprefix="" + +from ssvc.decision_tables.cvss.equivalence_set_three import LATEST as DT +from ssvc.decision_tables.helpers import dt2df_md + +print(dt2df_md(DT)) +``` diff --git a/docs/howto/cvss_v4/eq4.md b/docs/howto/cvss_v4/eq4.md new file mode 100644 index 00000000..b3cb3ed5 --- /dev/null +++ b/docs/howto/cvss_v4/eq4.md @@ -0,0 +1,66 @@ +# CVSS v4 Equivalence Set EQ4 + +Here we describe an example decision model for an analyst assessing the CVSS v4 +equivalence set EQ4. + +## Analyst Units of Work + +!!! info inline end "Analyst Unit of Work" + + The unit of work for an Analyst is a single vulnerability report. + +Analysts are usually tasked with assessing the CVSS score for an individual +vulnerability report. + +## Analyst Decision Outcomes + +The analyst's decision is to choose the appropriate level for CVSS v4 EQ4. + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.equivalence_set_four import LATEST as DT +from ssvc.doc_helpers import example_block + +dp = DT.decision_points[DT.outcome] +print(example_block(dp)) +``` + +## Analyst Decision Points + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.equivalence_set_four import LATEST as DT +from ssvc.doc_helpers import example_block + +for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: + print(example_block(dp)) +``` + +## Analyst Decision Model + +Below we provide an example deployer prioritization policy that maps the decision points just listed to the outcomes described above. + +### Decision Model Visualization + +The following diagram shows the decision model for the EQ4 decision. + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.equivalence_set_four import LATEST as DT +from ssvc.decision_tables.helpers import mapping2mermaid, mermaid_title_from_dt + +rows = DT.mapping +title = mermaid_title_from_dt(DT) +print(mapping2mermaid(rows, title=title)) +``` + +### Table of Values + +The table below shows the values for the decision model. +Each row of the table corresponds to a path through the decision model diagram above. + + +```python exec="true" idprefix="" + +from ssvc.decision_tables.cvss.equivalence_set_four import LATEST as DT +from ssvc.decision_tables.helpers import dt2df_md + +print(dt2df_md(DT)) +``` diff --git a/docs/howto/cvss_v4/eq5.md b/docs/howto/cvss_v4/eq5.md new file mode 100644 index 00000000..48b2931b --- /dev/null +++ b/docs/howto/cvss_v4/eq5.md @@ -0,0 +1,66 @@ +# CVSS v4 Equivalence Set EQ5 + +Here we describe an example decision model for an analyst assessing the CVSS v4 +equivalence set EQ5. + +## Analyst Units of Work + +!!! info inline end "Analyst Unit of Work" + + The unit of work for an Analyst is a single vulnerability report. + +Analysts are usually tasked with assessing the CVSS score for an individual +vulnerability report. + +## Analyst Decision Outcomes + +The analyst's decision is to choose the appropriate level for CVSS v4 EQ5. + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.equivalence_set_five import LATEST as DT +from ssvc.doc_helpers import example_block + +dp = DT.decision_points[DT.outcome] +print(example_block(dp)) +``` + +## Analyst Decision Points + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.equivalence_set_five import LATEST as DT +from ssvc.doc_helpers import example_block + +for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: + print(example_block(dp)) +``` + +## Analyst Decision Model + +Below we provide an example deployer prioritization policy that maps the decision points just listed to the outcomes described above. + +### Decision Model Visualization + +The following diagram shows the decision model for the EQ5 decision. + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.equivalence_set_five import LATEST as DT +from ssvc.decision_tables.helpers import mapping2mermaid, mermaid_title_from_dt + +rows = DT.mapping +title = mermaid_title_from_dt(DT) +print(mapping2mermaid(rows, title=title)) +``` + +### Table of Values + +The table below shows the values for the decision model. +Each row of the table corresponds to a path through the decision model diagram above. + + +```python exec="true" idprefix="" + +from ssvc.decision_tables.cvss.equivalence_set_five import LATEST as DT +from ssvc.decision_tables.helpers import dt2df_md + +print(dt2df_md(DT)) +``` diff --git a/docs/howto/cvss_v4/eq6.md b/docs/howto/cvss_v4/eq6.md new file mode 100644 index 00000000..38f8cda5 --- /dev/null +++ b/docs/howto/cvss_v4/eq6.md @@ -0,0 +1,66 @@ +# CVSS v4 Equivalence Set EQ6 + +Here we describe an example decision model for an analyst assessing the CVSS v4 +equivalence set EQ6. + +## Analyst Units of Work + +!!! info inline end "Analyst Unit of Work" + + The unit of work for an Analyst is a single vulnerability report. + +Analysts are usually tasked with assessing the CVSS score for an individual +vulnerability report. + +## Analyst Decision Outcomes + +The analyst's decision is to choose the appropriate level for CVSS v4 EQ6. + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.equivalence_set_six import LATEST as DT +from ssvc.doc_helpers import example_block + +dp = DT.decision_points[DT.outcome] +print(example_block(dp)) +``` + +## Analyst Decision Points + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.equivalence_set_six import LATEST as DT +from ssvc.doc_helpers import example_block + +for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: + print(example_block(dp)) +``` + +## Analyst Decision Model + +Below we provide an example deployer prioritization policy that maps the decision points just listed to the outcomes described above. + +### Decision Model Visualization + +The following diagram shows the decision model for the EQ6 decision. + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.equivalence_set_six import LATEST as DT +from ssvc.decision_tables.helpers import mapping2mermaid, mermaid_title_from_dt + +rows = DT.mapping +title = mermaid_title_from_dt(DT) +print(mapping2mermaid(rows, title=title)) +``` + +### Table of Values + +The table below shows the values for the decision model. +Each row of the table corresponds to a path through the decision model diagram above. + + +```python exec="true" idprefix="" + +from ssvc.decision_tables.cvss.equivalence_set_six import LATEST as DT +from ssvc.decision_tables.helpers import dt2df_md + +print(dt2df_md(DT)) +``` diff --git a/docs/howto/cvss_v4/index.md b/docs/howto/cvss_v4/index.md new file mode 100644 index 00000000..962713d9 --- /dev/null +++ b/docs/howto/cvss_v4/index.md @@ -0,0 +1,108 @@ +# CVSS v4 Assessment With SSVC + +[CVSS v4](https://www.first.org/cvss/v4-0/specification-document) introduces an +updated scoring system that includes several metric groupings referred to +as _Equivalence Sets_. +In SSVC, we can model these individual equivalence sets as decision tables +that can be used by analysts to assess each equivalence set value based on +its component metrics (which we have mapped into SSVC decision points). + +An Analyst can use these decision tables to assess the CVSS v4 equivalence set +values based either on their own assessments or by using a CVSS v4 vector published +by another source. + +!!! question "I thought SSVC and CVSS were different?" + + SSVC and CVSS are indeed different, but they can be used together. + We do not see SSVC as a replacement for CVSS, but rather as a complementary + decision-making framework that can help stakeholders make a variety of + vulnerability response decisions. + In fact, we're very interested in using CVSS vector elements as inputs to + SSVC decision tables to help stakeholders make more informed prioritization + decisions that leverage the community's understanding of a vulnerability's + characteristics and impact assessments. + In the future, we hope to see more SSVC decision tables that are + directly informed by CVSS vectors, allowing analysts to use SSVC to + create a broader set of decision models that incorporate CVSS vector + elements as inputs. + + +## CVSS v4 Equivalence Sets + +Here we provide the decision points for each of the CVSS v4 equivalence sets. + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.qualitative_severity import LATEST as DT +from ssvc.doc_helpers import example_block + +for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: + print(example_block(dp)) +``` + +We provide a detailed decision table for each equivalence set in the pages that follow: + +- [CVSS v4 Equivalence Set EQ1](eq1.md) +- [CVSS v4 Equivalence Set EQ2](eq2.md) +- [CVSS v4 Equivalence Set EQ3](eq3.md) +- [CVSS v4 Equivalence Set EQ4](eq4.md) +- [CVSS v4 Equivalence Set EQ5](eq5.md) +- [CVSS v4 Equivalence Set EQ6](eq6.md) + + +## CVSS v4 Qualitative Severity Rating + +Finally, CVSS v4 provides a _Qualitative Severity Rating_ that maps the six equivalence +sets into a single qualitative rating (None, Low, Medium, High, Critical). + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.qualitative_severity import LATEST as DT +from ssvc.doc_helpers import example_block +dp = DT.decision_points[DT.outcome] +print(example_block(dp)) +``` + +A full decision model for the CVSS v4 Qualitative Severity Rating can be found +in the [CVSS v4 Qualitative Severity Rating](qualitative.md) page. + +!!! question "What about CVSS v4 _MacroVectors_?" + + CVSS v4 _MacroVectors_ are a new addition in CVSS v4 that provide a way to + map the six equivalence sets into a single vector value that can be used + to assign a CVSS v4 base score. + In our implementation here, we simply model the MacroVector as another decision + table that takes the individual equivalence set outcomes as inputs and provides + the Qualitative Severity Rating as its outcome. + + +!!! question "How are CVSS v4 scores handled?" + + We do not provide numerical CVSS v4 scores in this implementation. + The CVSS v4 specification defines a + [lookup table](https://github.com/FIRSTdotorg/cvss-v4-calculator/blob/main/cvss_lookup.js) + and a complex algorithm to compute a score between 0.0 and 10.0 based on + equivalence set values and the CVSS v4 vector. + + In practice, many analysts convert numerical scores into qualitative + severity ratings, such as None, Low, Medium, High, or Critical: + + | Numerical Score | Qualitative Severity Rating | + |-----------------|----------------------------| + | 0.0 | None | + | 0.1 - 3.9 | Low | + | 4.0 - 6.9 | Medium | + | 7.0 - 8.9 | High | + | 9.0 - 10.0 | Critical | + + One of our [original concerns](https://doi.ieeecomputersociety.org/10.1109/MSEC.2020.3044475) + about CVSS v3—and still relevant in CVSS v4—was that numerical scores were + often misused or misinterpreted, leading to poor prioritization decisions. + To avoid this, we focus on mapping equivalence set values directly to + qualitative severity ratings, which is the outcome many organizations actually + care about. + + Using SSVC, we can model the same assessment process that an analyst would + use with CVSS v4, but entirely bypass the numerical score. + The logic is identical: given a set of equivalence values, SSVC produces the + same qualitative severity rating as the [CVSS v4 Calculator](https://www.first.org/cvss/calculator/4-0). + This demonstrates that numerical scores are not + necessary for effective prioritization or decision-making. diff --git a/docs/howto/cvss_v4/qualitative.md b/docs/howto/cvss_v4/qualitative.md new file mode 100644 index 00000000..817d50db --- /dev/null +++ b/docs/howto/cvss_v4/qualitative.md @@ -0,0 +1,101 @@ +# CVSS v4 Qualitative Severity Rating + +Here we describe an example decision model for an analyst assessing the CVSS v4 +Qualitative Severity Rating. +In our decision model, we assume that the analyst has already assessed the +vulnerability report against the CVSS v4 Equivalence Sets: + +- EQ1: [CVSS v4 Equivalence Set 1](eq1.md) +- EQ2: [CVSS v4 Equivalence Set 2](eq2.md) +- EQ3: [CVSS v4 Equivalence Set 3](eq3.md) +- EQ4: [CVSS v4 Equivalence Set 4](eq4.md) +- EQ5: [CVSS v4 Equivalence Set 5](eq5.md) +- EQ6: [CVSS v4 Equivalence Set 6](eq6.md) + +and is now ready to assign a qualitative severity rating based on the outcomes +of those equivalence sets. + +!!! info "How we modeled the CVSS v4 Qualitative Severity Rating" + + The CVSS v4 specification provides a + [mapping](https://github.com/FIRSTdotorg/cvss-v4-calculator/blob/main/cvss_lookup.js) + from each CVSS v4 *MacroVector* (made up of the six equivalence set selections) + to a numerical score between 0.0 and 10.0. + CVSS has traditionally provided the following mapping from numerical score + ranges to qualitative severity ratings: + + | Numerical Score | Qualitative Severity Rating | + |------------------|-----------------------------| + | 0.0 | None | + | 0.1 - 3.9 | Low | + | 4.0 - 6.9 | Medium | + | 7.0 - 8.9 | High | + + In our implementation, we just skip the numerical score step and go directly + from the equivalence set outcomes to the qualitative severity rating that + corresponds to the numerical score in the lookup table linked above. + +## Analyst Units of Work + +!!! info inline end "Analyst Unit of Work" + + The unit of work for an Analyst is a single vulnerability report. + +Analysts are usually tasked with assessing the CVSS score for an individual +vulnerability report. + +## Analyst Decision Outcomes + +The analyst's decision is to choose the appropriate level for the CVSS v4 Qualitative Severity Rating. + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.qualitative_severity import LATEST as DT +from ssvc.doc_helpers import example_block + +dp = DT.decision_points[DT.outcome] +print(example_block(dp)) +``` + +## Analyst Decision Points + +Each of these decision points corresponds to the outcome of one of the six equivalence set +decision tables. + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.qualitative_severity import LATEST as DT +from ssvc.doc_helpers import example_block + +for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: + print(example_block(dp)) +``` + +## Analyst Decision Model + +Below we provide an example deployer prioritization policy that maps the decision points just listed to the outcomes described above. + +### Decision Model Visualization + +The following diagram shows the decision model for the Qualitative Severity Rating decision. + +```python exec="true" idprefix="" +from ssvc.decision_tables.cvss.qualitative_severity import LATEST as DT +from ssvc.decision_tables.helpers import mapping2mermaid, mermaid_title_from_dt + +rows = DT.mapping +title = mermaid_title_from_dt(DT) +print(mapping2mermaid(rows, title=title)) +``` + +### Table of Values + +The table below shows the values for the decision model. +Each row of the table corresponds to a path through the decision model diagram above. + + +```python exec="true" idprefix="" + +from ssvc.decision_tables.cvss.qualitative_severity import LATEST as DT +from ssvc.decision_tables.helpers import dt2df_md + +print(dt2df_md(DT)) +``` diff --git a/mkdocs.yml b/mkdocs.yml index 95671f67..56f2c7c7 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -21,6 +21,15 @@ nav: - About Coordination: 'howto/coordination_intro.md' - Coordination Triage: 'howto/coordination_triage_decision.md' - Publication Decision: 'howto/publication_decision.md' + - CVSS v4 Analyst Models: + - About CVSS v4: 'howto/cvss_v4/index.md' + - Equivalence Set 1: 'howto/cvss_v4/eq1.md' + - Equivalence Set 2: 'howto/cvss_v4/eq2.md' + - Equivalence Set 3: 'howto/cvss_v4/eq3.md' + - Equivalence Set 4: 'howto/cvss_v4/eq4.md' + - Equivalence Set 5: 'howto/cvss_v4/eq5.md' + - Equivalence Set 6: 'howto/cvss_v4/eq6.md' + - Qualitative Severity: 'howto/cvss_v4/qualitative.md' - Customizing SSVC: 'howto/tree_customization.md' - Acuity Ramp: 'howto/acuity_ramp.md' - Understanding SSVC: diff --git a/src/ssvc/decision_tables/cvss/qualitative_severity.py b/src/ssvc/decision_tables/cvss/qualitative_severity.py index 00237d44..9e6f21f1 100644 --- a/src/ssvc/decision_tables/cvss/qualitative_severity.py +++ b/src/ssvc/decision_tables/cvss/qualitative_severity.py @@ -1,6 +1,6 @@ #!/usr/bin/env python """ -Models the CVSS v4.0 Qualitative Severity Ratings from Equivalency Set 1-6 +Models the CVSS v4.0 Qualitative Severity Ratings from Equivalence Set 1-6 """ # Copyright (c) 2025 Carnegie Mellon University. # NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE diff --git a/src/test/decision_tables/cvss/_v4expected.py b/src/test/decision_tables/cvss/_v4expected.py index d809e95d..cb439cc1 100644 --- a/src/test/decision_tables/cvss/_v4expected.py +++ b/src/test/decision_tables/cvss/_v4expected.py @@ -1,6 +1,6 @@ """ This test helper module provides a complete set of expected values for the CVSS v4 Qualitative Severity Rating Scale (QSR) -mapped to the CVSS v4 Equivalency Set combinations. +mapped to the CVSS v4 Equivalence Set combinations. It was generated based on https://github.com/FIRSTdotorg/cvss-v4-calculator/blob/main/cvss_lookup.js """ From ff11531ffaa17f238a2cade27754365d0f308b55 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 18 Aug 2025 14:36:24 -0400 Subject: [PATCH 257/468] remove files from wip --- src/ssvc/decision_tables/_mermaid.py | 64 - src/ssvc/decision_tables/test.md | 1921 -------------------------- 2 files changed, 1985 deletions(-) delete mode 100644 src/ssvc/decision_tables/_mermaid.py delete mode 100644 src/ssvc/decision_tables/test.md diff --git a/src/ssvc/decision_tables/_mermaid.py b/src/ssvc/decision_tables/_mermaid.py deleted file mode 100644 index e105b914..00000000 --- a/src/ssvc/decision_tables/_mermaid.py +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/env python -""" -file: _mermaid -author: adh -created_at: 8/13/25 4:29 PM -""" - -# Copyright (c) 2025 Carnegie Mellon University. -# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE -# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. -# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, -# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT -# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR -# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE -# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE -# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM -# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. -# Licensed under a MIT (SEI)-style license, please see LICENSE or contact -# permission@sei.cmu.edu for full terms. -# [DISTRIBUTION STATEMENT A] This material has been approved for -# public release and unlimited distribution. Please see Copyright notice -# for non-US Government use and distribution. -# This Software includes and/or makes use of Third-Party Software each -# subject to its own license. -# DM24-0278 - -from ssvc.decision_tables.helpers import mapping2mermaid - -# Copyright (c) 2025 Carnegie Mellon University. -# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE -# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. -# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, -# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT -# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR -# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE -# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE -# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM -# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. -# Licensed under a MIT (SEI)-style license, please see LICENSE or contact -# permission@sei.cmu.edu for full terms. -# [DISTRIBUTION STATEMENT A] This material has been approved for -# public release and unlimited distribution. Please see Copyright notice -# for non-US Government use and distribution. -# This Software includes and/or makes use of Third-Party Software each -# subject to its own license. -# DM24-0278 - - -# Example - -if __name__ == "__main__": - - from ssvc.decision_tables.cvss.qualitative_severity import LATEST as DT - - rows = DT.mapping - - # filter rows for invalid - def invalid(row): - if row["cvss:EQ3:1.0.0"] == "L" and row["cvss:EQ6:1.0.0"] == "H": - return True - return False - - rows = [row for row in rows if not invalid(row)] - print(mapping2mermaid(rows)) diff --git a/src/ssvc/decision_tables/test.md b/src/ssvc/decision_tables/test.md deleted file mode 100644 index d6af426c..00000000 --- a/src/ssvc/decision_tables/test.md +++ /dev/null @@ -1,1921 +0,0 @@ -# Title - - -```mermaid -graph LR -n1(( )) -subgraph s1["ssvc:SINV:1.0.0"] -FR_L0([FR]) -C_L0([C]) -UU_L0([UU]) -end -subgraph s2["ssvc:E:1.1.0"] -FR_N_L1([N]) -C_N_L1([N]) -FR_P_L1([P]) -UU_N_L1([N]) -C_P_L1([P]) -FR_A_L1([A]) -UU_P_L1([P]) -C_A_L1([A]) -UU_A_L1([A]) -end -subgraph s3["ssvc:PVA:1.0.0"] -FR_N_L_L2([L]) -C_N_L_L2([L]) -FR_P_L_L2([L]) -FR_N_A_L2([A]) -UU_N_L_L2([L]) -C_P_L_L2([L]) -FR_A_L_L2([L]) -C_N_A_L2([A]) -FR_P_A_L2([A]) -FR_N_P_L2([P]) -UU_P_L_L2([L]) -C_A_L_L2([L]) -UU_N_A_L2([A]) -C_P_A_L2([A]) -FR_A_A_L2([A]) -C_N_P_L2([P]) -FR_P_P_L2([P]) -UU_A_L_L2([L]) -UU_P_A_L2([A]) -C_A_A_L2([A]) -UU_N_P_L2([P]) -C_P_P_L2([P]) -FR_A_P_L2([P]) -UU_A_A_L2([A]) -UU_P_P_L2([P]) -C_A_P_L2([P]) -UU_A_P_L2([P]) -end -subgraph s4["ssvc:PUBLISH:1.0.0"] -FR_N_L_N_L3([N]) -C_N_L_N_L3([N]) -FR_P_L_N_L3([N]) -FR_N_A_N_L3([N]) -UU_N_L_N_L3([N]) -C_P_L_N_L3([N]) -FR_A_L_N_L3([N]) -C_N_A_N_L3([N]) -FR_P_A_N_L3([N]) -FR_N_P_P_L3([P]) -UU_P_L_N_L3([N]) -C_A_L_N_L3([N]) -UU_N_A_N_L3([N]) -C_P_A_N_L3([N]) -FR_A_A_P_L3([P]) -C_N_P_P_L3([P]) -FR_P_P_P_L3([P]) -UU_A_L_P_L3([P]) -UU_P_A_P_L3([P]) -C_A_A_P_L3([P]) -UU_N_P_P_L3([P]) -C_P_P_P_L3([P]) -FR_A_P_P_L3([P]) -UU_A_A_P_L3([P]) -UU_P_P_P_L3([P]) -C_A_P_P_L3([P]) -UU_A_P_P_L3([P]) -end -n1 --- FR_L0 -n1 --- C_L0 -n1 --- UU_L0 -FR_L0 --- FR_N_L1 -FR_N_L1 --- FR_N_L_L2 -FR_N_L_L2 --- FR_N_L_N_L3 -C_L0 --- C_N_L1 -C_N_L1 --- C_N_L_L2 -C_N_L_L2 --- C_N_L_N_L3 -FR_L0 --- FR_P_L1 -FR_P_L1 --- FR_P_L_L2 -FR_P_L_L2 --- FR_P_L_N_L3 -FR_N_L1 --- FR_N_A_L2 -FR_N_A_L2 --- FR_N_A_N_L3 -UU_L0 --- UU_N_L1 -UU_N_L1 --- UU_N_L_L2 -UU_N_L_L2 --- UU_N_L_N_L3 -C_L0 --- C_P_L1 -C_P_L1 --- C_P_L_L2 -C_P_L_L2 --- C_P_L_N_L3 -FR_L0 --- FR_A_L1 -FR_A_L1 --- FR_A_L_L2 -FR_A_L_L2 --- FR_A_L_N_L3 -C_N_L1 --- C_N_A_L2 -C_N_A_L2 --- C_N_A_N_L3 -FR_P_L1 --- FR_P_A_L2 -FR_P_A_L2 --- FR_P_A_N_L3 -FR_N_L1 --- FR_N_P_L2 -FR_N_P_L2 --- FR_N_P_P_L3 -UU_L0 --- UU_P_L1 -UU_P_L1 --- UU_P_L_L2 -UU_P_L_L2 --- UU_P_L_N_L3 -C_L0 --- C_A_L1 -C_A_L1 --- C_A_L_L2 -C_A_L_L2 --- C_A_L_N_L3 -UU_N_L1 --- UU_N_A_L2 -UU_N_A_L2 --- UU_N_A_N_L3 -C_P_L1 --- C_P_A_L2 -C_P_A_L2 --- C_P_A_N_L3 -FR_A_L1 --- FR_A_A_L2 -FR_A_A_L2 --- FR_A_A_P_L3 -C_N_L1 --- C_N_P_L2 -C_N_P_L2 --- C_N_P_P_L3 -FR_P_L1 --- FR_P_P_L2 -FR_P_P_L2 --- FR_P_P_P_L3 -UU_L0 --- UU_A_L1 -UU_A_L1 --- UU_A_L_L2 -UU_A_L_L2 --- UU_A_L_P_L3 -UU_P_L1 --- UU_P_A_L2 -UU_P_A_L2 --- UU_P_A_P_L3 -C_A_L1 --- C_A_A_L2 -C_A_A_L2 --- C_A_A_P_L3 -UU_N_L1 --- UU_N_P_L2 -UU_N_P_L2 --- UU_N_P_P_L3 -C_P_L1 --- C_P_P_L2 -C_P_P_L2 --- C_P_P_P_L3 -FR_A_L1 --- FR_A_P_L2 -FR_A_P_L2 --- FR_A_P_P_L3 -UU_A_L1 --- UU_A_A_L2 -UU_A_A_L2 --- UU_A_A_P_L3 -UU_P_L1 --- UU_P_P_L2 -UU_P_P_L2 --- UU_P_P_P_L3 -C_A_L1 --- C_A_P_L2 -C_A_P_L2 --- C_A_P_P_L3 -UU_A_L1 --- UU_A_P_L2 -UU_A_P_L2 --- UU_A_P_P_L3 -``` - -```mermaid -graph LR -n1(( )) -subgraph s1["cvss:AV:3.0.1"] -P_L0([P]) -L_L0([L]) -A_L0([A]) -N_L0([N]) -end -subgraph s2["cvss:PR:1.0.1"] -P_H_L1([H]) -L_H_L1([H]) -P_L_L1([L]) -A_H_L1([H]) -L_L_L1([L]) -P_N_L1([N]) -N_H_L1([H]) -A_L_L1([L]) -L_N_L1([N]) -N_L_L1([L]) -A_N_L1([N]) -N_N_L1([N]) -end -subgraph s3["cvss:UI:2.0.0"] -P_H_A_L2([A]) -L_H_A_L2([A]) -P_L_A_L2([A]) -P_H_P_L2([P]) -A_H_A_L2([A]) -L_L_A_L2([A]) -P_N_A_L2([A]) -L_H_P_L2([P]) -P_L_P_L2([P]) -P_H_N_L2([N]) -N_H_A_L2([A]) -A_L_A_L2([A]) -L_N_A_L2([A]) -A_H_P_L2([P]) -L_L_P_L2([P]) -P_N_P_L2([P]) -L_H_N_L2([N]) -P_L_N_L2([N]) -N_L_A_L2([A]) -A_N_A_L2([A]) -N_H_P_L2([P]) -A_L_P_L2([P]) -L_N_P_L2([P]) -A_H_N_L2([N]) -L_L_N_L2([N]) -P_N_N_L2([N]) -N_N_A_L2([A]) -N_L_P_L2([P]) -A_N_P_L2([P]) -N_H_N_L2([N]) -A_L_N_L2([N]) -L_N_N_L2([N]) -N_N_P_L2([P]) -N_L_N_L2([N]) -A_N_N_L2([N]) -N_N_N_L2([N]) -end -subgraph s4["cvss:EQ1:1.0.0"] -P_H_A_L_L3([L]) -L_H_A_L_L3([L]) -P_L_A_L_L3([L]) -P_H_P_L_L3([L]) -A_H_A_L_L3([L]) -L_L_A_L_L3([L]) -P_N_A_L_L3([L]) -L_H_P_L_L3([L]) -P_L_P_L_L3([L]) -P_H_N_L_L3([L]) -N_H_A_M_L3([M]) -A_L_A_L_L3([L]) -L_N_A_M_L3([M]) -A_H_P_L_L3([L]) -L_L_P_L_L3([L]) -P_N_P_L_L3([L]) -L_H_N_M_L3([M]) -P_L_N_L_L3([L]) -N_L_A_M_L3([M]) -A_N_A_M_L3([M]) -N_H_P_M_L3([M]) -A_L_P_L_L3([L]) -L_N_P_M_L3([M]) -A_H_N_M_L3([M]) -L_L_N_M_L3([M]) -P_N_N_L_L3([L]) -N_N_A_M_L3([M]) -N_L_P_M_L3([M]) -A_N_P_M_L3([M]) -N_H_N_M_L3([M]) -A_L_N_M_L3([M]) -L_N_N_M_L3([M]) -N_N_P_M_L3([M]) -N_L_N_M_L3([M]) -A_N_N_M_L3([M]) -N_N_N_H_L3([H]) -end -n1 --- P_L0 -n1 --- L_L0 -n1 --- A_L0 -n1 --- N_L0 -P_L0 --- P_H_L1 -P_H_L1 --- P_H_A_L2 -P_H_A_L2 --- P_H_A_L_L3 -L_L0 --- L_H_L1 -L_H_L1 --- L_H_A_L2 -L_H_A_L2 --- L_H_A_L_L3 -P_L0 --- P_L_L1 -P_L_L1 --- P_L_A_L2 -P_L_A_L2 --- P_L_A_L_L3 -P_H_L1 --- P_H_P_L2 -P_H_P_L2 --- P_H_P_L_L3 -A_L0 --- A_H_L1 -A_H_L1 --- A_H_A_L2 -A_H_A_L2 --- A_H_A_L_L3 -L_L0 --- L_L_L1 -L_L_L1 --- L_L_A_L2 -L_L_A_L2 --- L_L_A_L_L3 -P_L0 --- P_N_L1 -P_N_L1 --- P_N_A_L2 -P_N_A_L2 --- P_N_A_L_L3 -L_H_L1 --- L_H_P_L2 -L_H_P_L2 --- L_H_P_L_L3 -P_L_L1 --- P_L_P_L2 -P_L_P_L2 --- P_L_P_L_L3 -P_H_L1 --- P_H_N_L2 -P_H_N_L2 --- P_H_N_L_L3 -N_L0 --- N_H_L1 -N_H_L1 --- N_H_A_L2 -N_H_A_L2 --- N_H_A_M_L3 -A_L0 --- A_L_L1 -A_L_L1 --- A_L_A_L2 -A_L_A_L2 --- A_L_A_L_L3 -L_L0 --- L_N_L1 -L_N_L1 --- L_N_A_L2 -L_N_A_L2 --- L_N_A_M_L3 -A_H_L1 --- A_H_P_L2 -A_H_P_L2 --- A_H_P_L_L3 -L_L_L1 --- L_L_P_L2 -L_L_P_L2 --- L_L_P_L_L3 -P_N_L1 --- P_N_P_L2 -P_N_P_L2 --- P_N_P_L_L3 -L_H_L1 --- L_H_N_L2 -L_H_N_L2 --- L_H_N_M_L3 -P_L_L1 --- P_L_N_L2 -P_L_N_L2 --- P_L_N_L_L3 -N_L0 --- N_L_L1 -N_L_L1 --- N_L_A_L2 -N_L_A_L2 --- N_L_A_M_L3 -A_L0 --- A_N_L1 -A_N_L1 --- A_N_A_L2 -A_N_A_L2 --- A_N_A_M_L3 -N_H_L1 --- N_H_P_L2 -N_H_P_L2 --- N_H_P_M_L3 -A_L_L1 --- A_L_P_L2 -A_L_P_L2 --- A_L_P_L_L3 -L_N_L1 --- L_N_P_L2 -L_N_P_L2 --- L_N_P_M_L3 -A_H_L1 --- A_H_N_L2 -A_H_N_L2 --- A_H_N_M_L3 -L_L_L1 --- L_L_N_L2 -L_L_N_L2 --- L_L_N_M_L3 -P_N_L1 --- P_N_N_L2 -P_N_N_L2 --- P_N_N_L_L3 -N_L0 --- N_N_L1 -N_N_L1 --- N_N_A_L2 -N_N_A_L2 --- N_N_A_M_L3 -N_L_L1 --- N_L_P_L2 -N_L_P_L2 --- N_L_P_M_L3 -A_N_L1 --- A_N_P_L2 -A_N_P_L2 --- A_N_P_M_L3 -N_H_L1 --- N_H_N_L2 -N_H_N_L2 --- N_H_N_M_L3 -A_L_L1 --- A_L_N_L2 -A_L_N_L2 --- A_L_N_M_L3 -L_N_L1 --- L_N_N_L2 -L_N_N_L2 --- L_N_N_M_L3 -N_N_L1 --- N_N_P_L2 -N_N_P_L2 --- N_N_P_M_L3 -N_L_L1 --- N_L_N_L2 -N_L_N_L2 --- N_L_N_M_L3 -A_N_L1 --- A_N_N_L2 -A_N_N_L2 --- A_N_N_M_L3 -N_N_L1 --- N_N_N_L2 -N_N_N_L2 --- N_N_N_H_L3 -``` - -```mermaid -graph LR -n1(( )) -subgraph s1["cvss:EQ1:1.0.0"] -L_L0([L]) -M_L0([M]) -H_L0([H]) -end -subgraph s2["cvss:EQ2:1.0.0"] -L_L_L1([L]) -M_L_L1([L]) -L_H_L1([H]) -H_L_L1([L]) -M_H_L1([H]) -H_H_L1([H]) -end -subgraph s3["cvss:EQ3:1.0.0"] -L_L_L_L2([L]) -M_L_L_L2([L]) -L_H_L_L2([L]) -L_L_M_L2([M]) -H_L_L_L2([L]) -M_H_L_L2([L]) -M_L_M_L2([M]) -L_H_M_L2([M]) -L_L_H_L2([H]) -H_H_L_L2([L]) -H_L_M_L2([M]) -M_H_M_L2([M]) -M_L_H_L2([H]) -L_H_H_L2([H]) -H_H_M_L2([M]) -H_L_H_L2([H]) -M_H_H_L2([H]) -H_H_H_L2([H]) -end -subgraph s4["cvss:EQ4:1.0.0"] -L_L_L_L_L3([L]) -M_L_L_L_L3([L]) -L_H_L_L_L3([L]) -L_L_M_L_L3([L]) -L_L_L_M_L3([M]) -H_L_L_L_L3([L]) -M_H_L_L_L3([L]) -M_L_M_L_L3([L]) -L_H_M_L_L3([L]) -L_L_H_L_L3([L]) -M_L_L_M_L3([M]) -L_H_L_M_L3([M]) -L_L_M_M_L3([M]) -L_L_L_H_L3([H]) -H_H_L_L_L3([L]) -H_L_M_L_L3([L]) -M_H_M_L_L3([L]) -M_L_H_L_L3([L]) -L_H_H_L_L3([L]) -H_L_L_M_L3([M]) -M_H_L_M_L3([M]) -M_L_M_M_L3([M]) -L_H_M_M_L3([M]) -L_L_H_M_L3([M]) -M_L_L_H_L3([H]) -L_H_L_H_L3([H]) -L_L_M_H_L3([H]) -H_H_M_L_L3([L]) -H_L_H_L_L3([L]) -M_H_H_L_L3([L]) -H_H_L_M_L3([M]) -H_L_M_M_L3([M]) -M_H_M_M_L3([M]) -M_L_H_M_L3([M]) -L_H_H_M_L3([M]) -H_L_L_H_L3([H]) -M_H_L_H_L3([H]) -M_L_M_H_L3([H]) -L_H_M_H_L3([H]) -L_L_H_H_L3([H]) -H_H_H_L_L3([L]) -H_H_M_M_L3([M]) -H_L_H_M_L3([M]) -M_H_H_M_L3([M]) -H_H_L_H_L3([H]) -H_L_M_H_L3([H]) -M_H_M_H_L3([H]) -M_L_H_H_L3([H]) -L_H_H_H_L3([H]) -H_H_H_M_L3([M]) -H_H_M_H_L3([H]) -H_L_H_H_L3([H]) -M_H_H_H_L3([H]) -H_H_H_H_L3([H]) -end -subgraph s5["cvss:EQ5:1.0.0"] -L_L_L_L_L_L4([L]) -M_L_L_L_L_L4([L]) -L_H_L_L_L_L4([L]) -L_L_M_L_L_L4([L]) -L_L_L_M_L_L4([L]) -L_L_L_L_M_L4([M]) -H_L_L_L_L_L4([L]) -M_H_L_L_L_L4([L]) -M_L_M_L_L_L4([L]) -L_H_M_L_L_L4([L]) -L_L_H_L_L_L4([L]) -M_L_L_M_L_L4([L]) -L_H_L_M_L_L4([L]) -L_L_M_M_L_L4([L]) -L_L_L_H_L_L4([L]) -M_L_L_L_M_L4([M]) -L_H_L_L_M_L4([M]) -L_L_M_L_M_L4([M]) -L_L_L_M_M_L4([M]) -L_L_L_L_H_L4([H]) -H_H_L_L_L_L4([L]) -H_L_M_L_L_L4([L]) -M_H_M_L_L_L4([L]) -M_L_H_L_L_L4([L]) -L_H_H_L_L_L4([L]) -H_L_L_M_L_L4([L]) -M_H_L_M_L_L4([L]) -M_L_M_M_L_L4([L]) -L_H_M_M_L_L4([L]) -L_L_H_M_L_L4([L]) -M_L_L_H_L_L4([L]) -L_H_L_H_L_L4([L]) -L_L_M_H_L_L4([L]) -H_L_L_L_M_L4([M]) -M_H_L_L_M_L4([M]) -M_L_M_L_M_L4([M]) -L_H_M_L_M_L4([M]) -L_L_H_L_M_L4([M]) -M_L_L_M_M_L4([M]) -L_H_L_M_M_L4([M]) -L_L_M_M_M_L4([M]) -L_L_L_H_M_L4([M]) -M_L_L_L_H_L4([H]) -L_H_L_L_H_L4([H]) -L_L_M_L_H_L4([H]) -L_L_L_M_H_L4([H]) -H_H_M_L_L_L4([L]) -H_L_H_L_L_L4([L]) -M_H_H_L_L_L4([L]) -H_H_L_M_L_L4([L]) -H_L_M_M_L_L4([L]) -M_H_M_M_L_L4([L]) -M_L_H_M_L_L4([L]) -L_H_H_M_L_L4([L]) -H_L_L_H_L_L4([L]) -M_H_L_H_L_L4([L]) -M_L_M_H_L_L4([L]) -L_H_M_H_L_L4([L]) -L_L_H_H_L_L4([L]) -H_H_L_L_M_L4([M]) -H_L_M_L_M_L4([M]) -M_H_M_L_M_L4([M]) -M_L_H_L_M_L4([M]) -L_H_H_L_M_L4([M]) -H_L_L_M_M_L4([M]) -M_H_L_M_M_L4([M]) -M_L_M_M_M_L4([M]) -L_H_M_M_M_L4([M]) -L_L_H_M_M_L4([M]) -M_L_L_H_M_L4([M]) -L_H_L_H_M_L4([M]) -L_L_M_H_M_L4([M]) -H_L_L_L_H_L4([H]) -M_H_L_L_H_L4([H]) -M_L_M_L_H_L4([H]) -L_H_M_L_H_L4([H]) -L_L_H_L_H_L4([H]) -M_L_L_M_H_L4([H]) -L_H_L_M_H_L4([H]) -L_L_M_M_H_L4([H]) -L_L_L_H_H_L4([H]) -H_H_H_L_L_L4([L]) -H_H_M_M_L_L4([L]) -H_L_H_M_L_L4([L]) -M_H_H_M_L_L4([L]) -H_H_L_H_L_L4([L]) -H_L_M_H_L_L4([L]) -M_H_M_H_L_L4([L]) -M_L_H_H_L_L4([L]) -L_H_H_H_L_L4([L]) -H_H_M_L_M_L4([M]) -H_L_H_L_M_L4([M]) -M_H_H_L_M_L4([M]) -H_H_L_M_M_L4([M]) -H_L_M_M_M_L4([M]) -M_H_M_M_M_L4([M]) -M_L_H_M_M_L4([M]) -L_H_H_M_M_L4([M]) -H_L_L_H_M_L4([M]) -M_H_L_H_M_L4([M]) -M_L_M_H_M_L4([M]) -L_H_M_H_M_L4([M]) -L_L_H_H_M_L4([M]) -H_H_L_L_H_L4([H]) -H_L_M_L_H_L4([H]) -M_H_M_L_H_L4([H]) -M_L_H_L_H_L4([H]) -L_H_H_L_H_L4([H]) -H_L_L_M_H_L4([H]) -M_H_L_M_H_L4([H]) -M_L_M_M_H_L4([H]) -L_H_M_M_H_L4([H]) -L_L_H_M_H_L4([H]) -M_L_L_H_H_L4([H]) -L_H_L_H_H_L4([H]) -L_L_M_H_H_L4([H]) -H_H_H_M_L_L4([L]) -H_H_M_H_L_L4([L]) -H_L_H_H_L_L4([L]) -M_H_H_H_L_L4([L]) -H_H_H_L_M_L4([M]) -H_H_M_M_M_L4([M]) -H_L_H_M_M_L4([M]) -M_H_H_M_M_L4([M]) -H_H_L_H_M_L4([M]) -H_L_M_H_M_L4([M]) -M_H_M_H_M_L4([M]) -M_L_H_H_M_L4([M]) -L_H_H_H_M_L4([M]) -H_H_M_L_H_L4([H]) -H_L_H_L_H_L4([H]) -M_H_H_L_H_L4([H]) -H_H_L_M_H_L4([H]) -H_L_M_M_H_L4([H]) -M_H_M_M_H_L4([H]) -M_L_H_M_H_L4([H]) -L_H_H_M_H_L4([H]) -H_L_L_H_H_L4([H]) -M_H_L_H_H_L4([H]) -M_L_M_H_H_L4([H]) -L_H_M_H_H_L4([H]) -L_L_H_H_H_L4([H]) -H_H_H_H_L_L4([L]) -H_H_H_M_M_L4([M]) -H_H_M_H_M_L4([M]) -H_L_H_H_M_L4([M]) -M_H_H_H_M_L4([M]) -H_H_H_L_H_L4([H]) -H_H_M_M_H_L4([H]) -H_L_H_M_H_L4([H]) -M_H_H_M_H_L4([H]) -H_H_L_H_H_L4([H]) -H_L_M_H_H_L4([H]) -M_H_M_H_H_L4([H]) -M_L_H_H_H_L4([H]) -L_H_H_H_H_L4([H]) -H_H_H_H_M_L4([M]) -H_H_H_M_H_L4([H]) -H_H_M_H_H_L4([H]) -H_L_H_H_H_L4([H]) -M_H_H_H_H_L4([H]) -H_H_H_H_H_L4([H]) -end -subgraph s6["cvss:EQ6:1.0.0"] -L_L_L_L_L_L_L5([L]) -M_L_L_L_L_L_L5([L]) -L_H_L_L_L_L_L5([L]) -L_L_M_L_L_L_L5([L]) -L_L_L_M_L_L_L5([L]) -L_L_L_L_M_L_L5([L]) -H_L_L_L_L_L_L5([L]) -M_H_L_L_L_L_L5([L]) -M_L_M_L_L_L_L5([L]) -L_H_M_L_L_L_L5([L]) -L_L_H_L_L_L_L5([L]) -M_L_L_M_L_L_L5([L]) -L_H_L_M_L_L_L5([L]) -L_L_M_M_L_L_L5([L]) -L_L_L_H_L_L_L5([L]) -M_L_L_L_M_L_L5([L]) -L_H_L_L_M_L_L5([L]) -L_L_M_L_M_L_L5([L]) -L_L_L_M_M_L_L5([L]) -L_L_L_L_H_L_L5([L]) -L_L_M_L_L_H_L5([H]) -H_H_L_L_L_L_L5([L]) -H_L_M_L_L_L_L5([L]) -M_H_M_L_L_L_L5([L]) -M_L_H_L_L_L_L5([L]) -L_H_H_L_L_L_L5([L]) -H_L_L_M_L_L_L5([L]) -M_H_L_M_L_L_L5([L]) -M_L_M_M_L_L_L5([L]) -L_H_M_M_L_L_L5([L]) -L_L_H_M_L_L_L5([L]) -M_L_L_H_L_L_L5([L]) -L_H_L_H_L_L_L5([L]) -L_L_M_H_L_L_L5([L]) -H_L_L_L_M_L_L5([L]) -M_H_L_L_M_L_L5([L]) -M_L_M_L_M_L_L5([L]) -L_H_M_L_M_L_L5([L]) -L_L_H_L_M_L_L5([L]) -M_L_L_M_M_L_L5([L]) -L_H_L_M_M_L_L5([L]) -L_L_M_M_M_L_L5([L]) -L_L_L_H_M_L_L5([L]) -M_L_L_L_H_L_L5([L]) -L_H_L_L_H_L_L5([L]) -L_L_M_L_H_L_L5([L]) -L_L_L_M_H_L_L5([L]) -M_L_M_L_L_H_L5([H]) -L_H_M_L_L_H_L5([H]) -L_L_H_L_L_H_L5([H]) -L_L_M_M_L_H_L5([H]) -L_L_M_L_M_H_L5([H]) -H_H_M_L_L_L_L5([L]) -H_L_H_L_L_L_L5([L]) -M_H_H_L_L_L_L5([L]) -H_H_L_M_L_L_L5([L]) -H_L_M_M_L_L_L5([L]) -M_H_M_M_L_L_L5([L]) -M_L_H_M_L_L_L5([L]) -L_H_H_M_L_L_L5([L]) -H_L_L_H_L_L_L5([L]) -M_H_L_H_L_L_L5([L]) -M_L_M_H_L_L_L5([L]) -L_H_M_H_L_L_L5([L]) -L_L_H_H_L_L_L5([L]) -H_H_L_L_M_L_L5([L]) -H_L_M_L_M_L_L5([L]) -M_H_M_L_M_L_L5([L]) -M_L_H_L_M_L_L5([L]) -L_H_H_L_M_L_L5([L]) -H_L_L_M_M_L_L5([L]) -M_H_L_M_M_L_L5([L]) -M_L_M_M_M_L_L5([L]) -L_H_M_M_M_L_L5([L]) -L_L_H_M_M_L_L5([L]) -M_L_L_H_M_L_L5([L]) -L_H_L_H_M_L_L5([L]) -L_L_M_H_M_L_L5([L]) -H_L_L_L_H_L_L5([L]) -M_H_L_L_H_L_L5([L]) -M_L_M_L_H_L_L5([L]) -L_H_M_L_H_L_L5([L]) -L_L_H_L_H_L_L5([L]) -M_L_L_M_H_L_L5([L]) -L_H_L_M_H_L_L5([L]) -L_L_M_M_H_L_L5([L]) -L_L_L_H_H_L_L5([L]) -H_L_M_L_L_H_L5([H]) -M_H_M_L_L_H_L5([H]) -M_L_H_L_L_H_L5([H]) -L_H_H_L_L_H_L5([H]) -M_L_M_M_L_H_L5([H]) -L_H_M_M_L_H_L5([H]) -L_L_H_M_L_H_L5([H]) -L_L_M_H_L_H_L5([H]) -M_L_M_L_M_H_L5([H]) -L_H_M_L_M_H_L5([H]) -L_L_H_L_M_H_L5([H]) -L_L_M_M_M_H_L5([H]) -L_L_M_L_H_H_L5([H]) -H_H_H_L_L_L_L5([L]) -H_H_M_M_L_L_L5([L]) -H_L_H_M_L_L_L5([L]) -M_H_H_M_L_L_L5([L]) -H_H_L_H_L_L_L5([L]) -H_L_M_H_L_L_L5([L]) -M_H_M_H_L_L_L5([L]) -M_L_H_H_L_L_L5([L]) -L_H_H_H_L_L_L5([L]) -H_H_M_L_M_L_L5([L]) -H_L_H_L_M_L_L5([L]) -M_H_H_L_M_L_L5([L]) -H_H_L_M_M_L_L5([L]) -H_L_M_M_M_L_L5([L]) -M_H_M_M_M_L_L5([L]) -M_L_H_M_M_L_L5([L]) -L_H_H_M_M_L_L5([L]) -H_L_L_H_M_L_L5([L]) -M_H_L_H_M_L_L5([L]) -M_L_M_H_M_L_L5([L]) -L_H_M_H_M_L_L5([L]) -L_L_H_H_M_L_L5([L]) -H_H_L_L_H_L_L5([L]) -H_L_M_L_H_L_L5([L]) -M_H_M_L_H_L_L5([L]) -M_L_H_L_H_L_L5([L]) -L_H_H_L_H_L_L5([L]) -H_L_L_M_H_L_L5([L]) -M_H_L_M_H_L_L5([L]) -M_L_M_M_H_L_L5([L]) -L_H_M_M_H_L_L5([L]) -L_L_H_M_H_L_L5([L]) -M_L_L_H_H_L_L5([L]) -L_H_L_H_H_L_L5([L]) -L_L_M_H_H_L_L5([L]) -H_H_M_L_L_H_L5([H]) -H_L_H_L_L_H_L5([H]) -M_H_H_L_L_H_L5([H]) -H_L_M_M_L_H_L5([H]) -M_H_M_M_L_H_L5([H]) -M_L_H_M_L_H_L5([H]) -L_H_H_M_L_H_L5([H]) -M_L_M_H_L_H_L5([H]) -L_H_M_H_L_H_L5([H]) -L_L_H_H_L_H_L5([H]) -H_L_M_L_M_H_L5([H]) -M_H_M_L_M_H_L5([H]) -M_L_H_L_M_H_L5([H]) -L_H_H_L_M_H_L5([H]) -M_L_M_M_M_H_L5([H]) -L_H_M_M_M_H_L5([H]) -L_L_H_M_M_H_L5([H]) -L_L_M_H_M_H_L5([H]) -M_L_M_L_H_H_L5([H]) -L_H_M_L_H_H_L5([H]) -L_L_H_L_H_H_L5([H]) -L_L_M_M_H_H_L5([H]) -H_H_H_M_L_L_L5([L]) -H_H_M_H_L_L_L5([L]) -H_L_H_H_L_L_L5([L]) -M_H_H_H_L_L_L5([L]) -H_H_H_L_M_L_L5([L]) -H_H_M_M_M_L_L5([L]) -H_L_H_M_M_L_L5([L]) -M_H_H_M_M_L_L5([L]) -H_H_L_H_M_L_L5([L]) -H_L_M_H_M_L_L5([L]) -M_H_M_H_M_L_L5([L]) -M_L_H_H_M_L_L5([L]) -L_H_H_H_M_L_L5([L]) -H_H_M_L_H_L_L5([L]) -H_L_H_L_H_L_L5([L]) -M_H_H_L_H_L_L5([L]) -H_H_L_M_H_L_L5([L]) -H_L_M_M_H_L_L5([L]) -M_H_M_M_H_L_L5([L]) -M_L_H_M_H_L_L5([L]) -L_H_H_M_H_L_L5([L]) -H_L_L_H_H_L_L5([L]) -M_H_L_H_H_L_L5([L]) -M_L_M_H_H_L_L5([L]) -L_H_M_H_H_L_L5([L]) -L_L_H_H_H_L_L5([L]) -H_H_H_L_L_H_L5([H]) -H_H_M_M_L_H_L5([H]) -H_L_H_M_L_H_L5([H]) -M_H_H_M_L_H_L5([H]) -H_L_M_H_L_H_L5([H]) -M_H_M_H_L_H_L5([H]) -M_L_H_H_L_H_L5([H]) -L_H_H_H_L_H_L5([H]) -H_H_M_L_M_H_L5([H]) -H_L_H_L_M_H_L5([H]) -M_H_H_L_M_H_L5([H]) -H_L_M_M_M_H_L5([H]) -M_H_M_M_M_H_L5([H]) -M_L_H_M_M_H_L5([H]) -L_H_H_M_M_H_L5([H]) -M_L_M_H_M_H_L5([H]) -L_H_M_H_M_H_L5([H]) -L_L_H_H_M_H_L5([H]) -H_L_M_L_H_H_L5([H]) -M_H_M_L_H_H_L5([H]) -M_L_H_L_H_H_L5([H]) -L_H_H_L_H_H_L5([H]) -M_L_M_M_H_H_L5([H]) -L_H_M_M_H_H_L5([H]) -L_L_H_M_H_H_L5([H]) -L_L_M_H_H_H_L5([H]) -H_H_H_H_L_L_L5([L]) -H_H_H_M_M_L_L5([L]) -H_H_M_H_M_L_L5([L]) -H_L_H_H_M_L_L5([L]) -M_H_H_H_M_L_L5([L]) -H_H_H_L_H_L_L5([L]) -H_H_M_M_H_L_L5([L]) -H_L_H_M_H_L_L5([L]) -M_H_H_M_H_L_L5([L]) -H_H_L_H_H_L_L5([L]) -H_L_M_H_H_L_L5([L]) -M_H_M_H_H_L_L5([L]) -M_L_H_H_H_L_L5([L]) -L_H_H_H_H_L_L5([L]) -H_H_H_M_L_H_L5([H]) -H_H_M_H_L_H_L5([H]) -H_L_H_H_L_H_L5([H]) -M_H_H_H_L_H_L5([H]) -H_H_H_L_M_H_L5([H]) -H_H_M_M_M_H_L5([H]) -H_L_H_M_M_H_L5([H]) -M_H_H_M_M_H_L5([H]) -H_L_M_H_M_H_L5([H]) -M_H_M_H_M_H_L5([H]) -M_L_H_H_M_H_L5([H]) -L_H_H_H_M_H_L5([H]) -H_H_M_L_H_H_L5([H]) -H_L_H_L_H_H_L5([H]) -M_H_H_L_H_H_L5([H]) -H_L_M_M_H_H_L5([H]) -M_H_M_M_H_H_L5([H]) -M_L_H_M_H_H_L5([H]) -L_H_H_M_H_H_L5([H]) -M_L_M_H_H_H_L5([H]) -L_H_M_H_H_H_L5([H]) -L_L_H_H_H_H_L5([H]) -H_H_H_H_M_L_L5([L]) -H_H_H_M_H_L_L5([L]) -H_H_M_H_H_L_L5([L]) -H_L_H_H_H_L_L5([L]) -M_H_H_H_H_L_L5([L]) -H_H_H_H_L_H_L5([H]) -H_H_H_M_M_H_L5([H]) -H_H_M_H_M_H_L5([H]) -H_L_H_H_M_H_L5([H]) -M_H_H_H_M_H_L5([H]) -H_H_H_L_H_H_L5([H]) -H_H_M_M_H_H_L5([H]) -H_L_H_M_H_H_L5([H]) -M_H_H_M_H_H_L5([H]) -H_L_M_H_H_H_L5([H]) -M_H_M_H_H_H_L5([H]) -M_L_H_H_H_H_L5([H]) -L_H_H_H_H_H_L5([H]) -H_H_H_H_H_L_L5([L]) -H_H_H_H_M_H_L5([H]) -H_H_H_M_H_H_L5([H]) -H_H_M_H_H_H_L5([H]) -H_L_H_H_H_H_L5([H]) -M_H_H_H_H_H_L5([H]) -H_H_H_H_H_H_L5([H]) -end -subgraph s7["cvss:CVSS:1.0.0"] -L_L_L_L_L_L_L_L6([L]) -M_L_L_L_L_L_L_L6([L]) -L_H_L_L_L_L_L_L6([L]) -L_L_M_L_L_L_L_L6([L]) -L_L_L_M_L_L_L_L6([L]) -L_L_L_L_M_L_L_L6([L]) -H_L_L_L_L_L_L_L6([L]) -M_H_L_L_L_L_L_L6([L]) -M_L_M_L_L_L_L_L6([L]) -L_H_M_L_L_L_L_L6([L]) -L_L_H_L_L_L_L_L6([L]) -M_L_L_M_L_L_L_L6([L]) -L_H_L_M_L_L_L_L6([L]) -L_L_M_M_L_L_L_L6([L]) -L_L_L_H_L_L_L_L6([L]) -M_L_L_L_M_L_L_L6([L]) -L_H_L_L_M_L_L_L6([L]) -L_L_M_L_M_L_L_L6([L]) -L_L_L_M_M_L_L_L6([L]) -L_L_L_L_H_L_L_L6([L]) -L_L_M_L_L_H_L_L6([L]) -H_H_L_L_L_L_L_L6([L]) -H_L_M_L_L_L_L_L6([L]) -M_H_M_L_L_L_L_L6([L]) -M_L_H_L_L_L_L_L6([L]) -L_H_H_L_L_L_L_L6([L]) -H_L_L_M_L_L_L_L6([L]) -M_H_L_M_L_L_L_L6([L]) -M_L_M_M_L_L_L_L6([L]) -L_H_M_M_L_L_L_L6([L]) -L_L_H_M_L_L_L_L6([L]) -M_L_L_H_L_L_L_L6([L]) -L_H_L_H_L_L_L_L6([L]) -L_L_M_H_L_L_L_L6([L]) -H_L_L_L_M_L_L_L6([L]) -M_H_L_L_M_L_L_L6([L]) -M_L_M_L_M_L_L_L6([L]) -L_H_M_L_M_L_L_L6([L]) -L_L_H_L_M_L_L_L6([L]) -M_L_L_M_M_L_L_L6([L]) -L_H_L_M_M_L_L_L6([L]) -L_L_M_M_M_L_L_L6([L]) -L_L_L_H_M_L_L_L6([L]) -M_L_L_L_H_L_L_L6([L]) -L_H_L_L_H_L_L_L6([L]) -L_L_M_L_H_L_L_L6([L]) -L_L_L_M_H_L_L_L6([L]) -M_L_M_L_L_H_L_L6([L]) -L_H_M_L_L_H_L_L6([L]) -L_L_H_L_L_H_L_L6([L]) -L_L_M_M_L_H_L_L6([L]) -L_L_M_L_M_H_L_L6([L]) -H_H_M_L_L_L_M_L6([M]) -H_L_H_L_L_L_M_L6([M]) -M_H_H_L_L_L_M_L6([M]) -H_H_L_M_L_L_M_L6([M]) -H_L_M_M_L_L_M_L6([M]) -M_H_M_M_L_L_M_L6([M]) -M_L_H_M_L_L_M_L6([M]) -L_H_H_M_L_L_L_L6([L]) -H_L_L_H_L_L_M_L6([M]) -M_H_L_H_L_L_M_L6([M]) -M_L_M_H_L_L_M_L6([M]) -L_H_M_H_L_L_M_L6([M]) -L_L_H_H_L_L_M_L6([M]) -H_H_L_L_M_L_M_L6([M]) -H_L_M_L_M_L_M_L6([M]) -M_H_M_L_M_L_M_L6([M]) -M_L_H_L_M_L_M_L6([M]) -L_H_H_L_M_L_M_L6([M]) -H_L_L_M_M_L_M_L6([M]) -M_H_L_M_M_L_M_L6([M]) -M_L_M_M_M_L_M_L6([M]) -L_H_M_M_M_L_M_L6([M]) -L_L_H_M_M_L_M_L6([M]) -M_L_L_H_M_L_M_L6([M]) -L_H_L_H_M_L_M_L6([M]) -L_L_M_H_M_L_M_L6([M]) -H_L_L_L_H_L_M_L6([M]) -M_H_L_L_H_L_M_L6([M]) -M_L_M_L_H_L_M_L6([M]) -L_H_M_L_H_L_L_L6([L]) -L_L_H_L_H_L_M_L6([M]) -M_L_L_M_H_L_M_L6([M]) -L_H_L_M_H_L_M_L6([M]) -L_L_M_M_H_L_M_L6([M]) -L_L_L_H_H_L_M_L6([M]) -H_L_M_L_L_H_M_L6([M]) -M_H_M_L_L_H_M_L6([M]) -M_L_H_L_L_H_M_L6([M]) -L_H_H_L_L_H_M_L6([M]) -M_L_M_M_L_H_M_L6([M]) -L_H_M_M_L_H_M_L6([M]) -L_L_H_M_L_H_M_L6([M]) -L_L_M_H_L_H_M_L6([M]) -M_L_M_L_M_H_M_L6([M]) -L_H_M_L_M_H_L_L6([L]) -L_L_H_L_M_H_M_L6([M]) -L_L_M_M_M_H_M_L6([M]) -L_L_M_L_H_H_M_L6([M]) -H_H_H_L_L_L_M_L6([M]) -H_H_M_M_L_L_M_L6([M]) -H_L_H_M_L_L_H_L6([H]) -M_H_H_M_L_L_M_L6([M]) -H_H_L_H_L_L_H_L6([H]) -H_L_M_H_L_L_H_L6([H]) -M_H_M_H_L_L_M_L6([M]) -M_L_H_H_L_L_H_L6([H]) -L_H_H_H_L_L_M_L6([M]) -H_H_M_L_M_L_H_L6([H]) -H_L_H_L_M_L_H_L6([H]) -M_H_H_L_M_L_M_L6([M]) -H_H_L_M_M_L_M_L6([M]) -H_L_M_M_M_L_H_L6([H]) -M_H_M_M_M_L_M_L6([M]) -M_L_H_M_M_L_M_L6([M]) -L_H_H_M_M_L_M_L6([M]) -H_L_L_H_M_L_H_L6([H]) -M_H_L_H_M_L_H_L6([H]) -M_L_M_H_M_L_M_L6([M]) -L_H_M_H_M_L_M_L6([M]) -L_L_H_H_M_L_M_L6([M]) -H_H_L_L_H_L_M_L6([M]) -H_L_M_L_H_L_H_L6([H]) -M_H_M_L_H_L_M_L6([M]) -M_L_H_L_H_L_M_L6([M]) -L_H_H_L_H_L_M_L6([M]) -H_L_L_M_H_L_H_L6([H]) -M_H_L_M_H_L_M_L6([M]) -M_L_M_M_H_L_M_L6([M]) -L_H_M_M_H_L_M_L6([M]) -L_L_H_M_H_L_M_L6([M]) -M_L_L_H_H_L_H_L6([H]) -L_H_L_H_H_L_M_L6([M]) -L_L_M_H_H_L_M_L6([M]) -H_H_M_L_L_H_M_L6([M]) -H_L_H_L_L_H_H_L6([H]) -M_H_H_L_L_H_M_L6([M]) -H_L_M_M_L_H_H_L6([H]) -M_H_M_M_L_H_M_L6([M]) -M_L_H_M_L_H_M_L6([M]) -L_H_H_M_L_H_M_L6([M]) -M_L_M_H_L_H_M_L6([M]) -L_H_M_H_L_H_M_L6([M]) -L_L_H_H_L_H_M_L6([M]) -H_L_M_L_M_H_H_L6([H]) -M_H_M_L_M_H_M_L6([M]) -M_L_H_L_M_H_M_L6([M]) -L_H_H_L_M_H_M_L6([M]) -M_L_M_M_M_H_M_L6([M]) -L_H_M_M_M_H_M_L6([M]) -L_L_H_M_M_H_M_L6([M]) -L_L_M_H_M_H_M_L6([M]) -M_L_M_L_H_H_M_L6([M]) -L_H_M_L_H_H_M_L6([M]) -L_L_H_L_H_H_M_L6([M]) -L_L_M_M_H_H_M_L6([M]) -H_H_H_M_L_L_H_L6([H]) -H_H_M_H_L_L_H_L6([H]) -H_L_H_H_L_L_H_L6([H]) -M_H_H_H_L_L_H_L6([H]) -H_H_H_L_M_L_H_L6([H]) -H_H_M_M_M_L_H_L6([H]) -H_L_H_M_M_L_H_L6([H]) -M_H_H_M_M_L_H_L6([H]) -H_H_L_H_M_L_H_L6([H]) -H_L_M_H_M_L_H_L6([H]) -M_H_M_H_M_L_H_L6([H]) -M_L_H_H_M_L_H_L6([H]) -L_H_H_H_M_L_H_L6([H]) -H_H_M_L_H_L_H_L6([H]) -H_L_H_L_H_L_H_L6([H]) -M_H_H_L_H_L_H_L6([H]) -H_H_L_M_H_L_H_L6([H]) -H_L_M_M_H_L_H_L6([H]) -M_H_M_M_H_L_H_L6([H]) -M_L_H_M_H_L_H_L6([H]) -L_H_H_M_H_L_H_L6([H]) -H_L_L_H_H_L_H_L6([H]) -M_H_L_H_H_L_H_L6([H]) -M_L_M_H_H_L_H_L6([H]) -L_H_M_H_H_L_H_L6([H]) -L_L_H_H_H_L_H_L6([H]) -H_H_H_L_L_H_H_L6([H]) -H_H_M_M_L_H_H_L6([H]) -H_L_H_M_L_H_H_L6([H]) -M_H_H_M_L_H_H_L6([H]) -H_L_M_H_L_H_H_L6([H]) -M_H_M_H_L_H_H_L6([H]) -M_L_H_H_L_H_H_L6([H]) -L_H_H_H_L_H_H_L6([H]) -H_H_M_L_M_H_H_L6([H]) -H_L_H_L_M_H_H_L6([H]) -M_H_H_L_M_H_H_L6([H]) -H_L_M_M_M_H_H_L6([H]) -M_H_M_M_M_H_H_L6([H]) -M_L_H_M_M_H_H_L6([H]) -L_H_H_M_M_H_H_L6([H]) -M_L_M_H_M_H_H_L6([H]) -L_H_M_H_M_H_H_L6([H]) -L_L_H_H_M_H_H_L6([H]) -H_L_M_L_H_H_H_L6([H]) -M_H_M_L_H_H_H_L6([H]) -M_L_H_L_H_H_H_L6([H]) -L_H_H_L_H_H_H_L6([H]) -M_L_M_M_H_H_H_L6([H]) -L_H_M_M_H_H_H_L6([H]) -L_L_H_M_H_H_H_L6([H]) -L_L_M_H_H_H_H_L6([H]) -H_H_H_H_L_L_C_L6([C]) -H_H_H_M_M_L_H_L6([H]) -H_H_M_H_M_L_C_L6([C]) -H_L_H_H_M_L_C_L6([C]) -M_H_H_H_M_L_H_L6([H]) -H_H_H_L_H_L_C_L6([C]) -H_H_M_M_H_L_C_L6([C]) -H_L_H_M_H_L_C_L6([C]) -M_H_H_M_H_L_H_L6([H]) -H_H_L_H_H_L_C_L6([C]) -H_L_M_H_H_L_C_L6([C]) -M_H_M_H_H_L_H_L6([H]) -M_L_H_H_H_L_C_L6([C]) -L_H_H_H_H_L_H_L6([H]) -H_H_H_M_L_H_C_L6([C]) -H_H_M_H_L_H_C_L6([C]) -H_L_H_H_L_H_C_L6([C]) -M_H_H_H_L_H_C_L6([C]) -H_H_H_L_M_H_H_L6([H]) -H_H_M_M_M_H_H_L6([H]) -H_L_H_M_M_H_C_L6([C]) -M_H_H_M_M_H_H_L6([H]) -H_L_M_H_M_H_C_L6([C]) -M_H_M_H_M_H_H_L6([H]) -M_L_H_H_M_H_H_L6([H]) -L_H_H_H_M_H_H_L6([H]) -H_H_M_L_H_H_H_L6([H]) -H_L_H_L_H_H_C_L6([C]) -M_H_H_L_H_H_H_L6([H]) -H_L_M_M_H_H_C_L6([C]) -M_H_M_M_H_H_H_L6([H]) -M_L_H_M_H_H_C_L6([C]) -L_H_H_M_H_H_H_L6([H]) -M_L_M_H_H_H_H_L6([H]) -L_H_M_H_H_H_H_L6([H]) -L_L_H_H_H_H_H_L6([H]) -H_H_H_H_M_L_C_L6([C]) -H_H_H_M_H_L_C_L6([C]) -H_H_M_H_H_L_C_L6([C]) -H_L_H_H_H_L_C_L6([C]) -M_H_H_H_H_L_C_L6([C]) -H_H_H_H_L_H_C_L6([C]) -H_H_H_M_M_H_C_L6([C]) -H_H_M_H_M_H_C_L6([C]) -H_L_H_H_M_H_C_L6([C]) -M_H_H_H_M_H_C_L6([C]) -H_H_H_L_H_H_C_L6([C]) -H_H_M_M_H_H_C_L6([C]) -H_L_H_M_H_H_C_L6([C]) -M_H_H_M_H_H_C_L6([C]) -H_L_M_H_H_H_C_L6([C]) -M_H_M_H_H_H_C_L6([C]) -M_L_H_H_H_H_C_L6([C]) -L_H_H_H_H_H_C_L6([C]) -H_H_H_H_H_L_C_L6([C]) -H_H_H_H_M_H_C_L6([C]) -H_H_H_M_H_H_C_L6([C]) -H_H_M_H_H_H_C_L6([C]) -H_L_H_H_H_H_C_L6([C]) -M_H_H_H_H_H_C_L6([C]) -H_H_H_H_H_H_C_L6([C]) -end -n1 --- L_L0 -n1 --- M_L0 -n1 --- H_L0 -L_L0 --- L_L_L1 -L_L_L1 --- L_L_L_L2 -L_L_L_L2 --- L_L_L_L_L3 -L_L_L_L_L3 --- L_L_L_L_L_L4 -L_L_L_L_L_L4 --- L_L_L_L_L_L_L5 -L_L_L_L_L_L_L5 --- L_L_L_L_L_L_L_L6 -M_L0 --- M_L_L1 -M_L_L1 --- M_L_L_L2 -M_L_L_L2 --- M_L_L_L_L3 -M_L_L_L_L3 --- M_L_L_L_L_L4 -M_L_L_L_L_L4 --- M_L_L_L_L_L_L5 -M_L_L_L_L_L_L5 --- M_L_L_L_L_L_L_L6 -L_L0 --- L_H_L1 -L_H_L1 --- L_H_L_L2 -L_H_L_L2 --- L_H_L_L_L3 -L_H_L_L_L3 --- L_H_L_L_L_L4 -L_H_L_L_L_L4 --- L_H_L_L_L_L_L5 -L_H_L_L_L_L_L5 --- L_H_L_L_L_L_L_L6 -L_L_L1 --- L_L_M_L2 -L_L_M_L2 --- L_L_M_L_L3 -L_L_M_L_L3 --- L_L_M_L_L_L4 -L_L_M_L_L_L4 --- L_L_M_L_L_L_L5 -L_L_M_L_L_L_L5 --- L_L_M_L_L_L_L_L6 -L_L_L_L2 --- L_L_L_M_L3 -L_L_L_M_L3 --- L_L_L_M_L_L4 -L_L_L_M_L_L4 --- L_L_L_M_L_L_L5 -L_L_L_M_L_L_L5 --- L_L_L_M_L_L_L_L6 -L_L_L_L_L3 --- L_L_L_L_M_L4 -L_L_L_L_M_L4 --- L_L_L_L_M_L_L5 -L_L_L_L_M_L_L5 --- L_L_L_L_M_L_L_L6 -H_L0 --- H_L_L1 -H_L_L1 --- H_L_L_L2 -H_L_L_L2 --- H_L_L_L_L3 -H_L_L_L_L3 --- H_L_L_L_L_L4 -H_L_L_L_L_L4 --- H_L_L_L_L_L_L5 -H_L_L_L_L_L_L5 --- H_L_L_L_L_L_L_L6 -M_L0 --- M_H_L1 -M_H_L1 --- M_H_L_L2 -M_H_L_L2 --- M_H_L_L_L3 -M_H_L_L_L3 --- M_H_L_L_L_L4 -M_H_L_L_L_L4 --- M_H_L_L_L_L_L5 -M_H_L_L_L_L_L5 --- M_H_L_L_L_L_L_L6 -M_L_L1 --- M_L_M_L2 -M_L_M_L2 --- M_L_M_L_L3 -M_L_M_L_L3 --- M_L_M_L_L_L4 -M_L_M_L_L_L4 --- M_L_M_L_L_L_L5 -M_L_M_L_L_L_L5 --- M_L_M_L_L_L_L_L6 -L_H_L1 --- L_H_M_L2 -L_H_M_L2 --- L_H_M_L_L3 -L_H_M_L_L3 --- L_H_M_L_L_L4 -L_H_M_L_L_L4 --- L_H_M_L_L_L_L5 -L_H_M_L_L_L_L5 --- L_H_M_L_L_L_L_L6 -L_L_L1 --- L_L_H_L2 -L_L_H_L2 --- L_L_H_L_L3 -L_L_H_L_L3 --- L_L_H_L_L_L4 -L_L_H_L_L_L4 --- L_L_H_L_L_L_L5 -L_L_H_L_L_L_L5 --- L_L_H_L_L_L_L_L6 -M_L_L_L2 --- M_L_L_M_L3 -M_L_L_M_L3 --- M_L_L_M_L_L4 -M_L_L_M_L_L4 --- M_L_L_M_L_L_L5 -M_L_L_M_L_L_L5 --- M_L_L_M_L_L_L_L6 -L_H_L_L2 --- L_H_L_M_L3 -L_H_L_M_L3 --- L_H_L_M_L_L4 -L_H_L_M_L_L4 --- L_H_L_M_L_L_L5 -L_H_L_M_L_L_L5 --- L_H_L_M_L_L_L_L6 -L_L_M_L2 --- L_L_M_M_L3 -L_L_M_M_L3 --- L_L_M_M_L_L4 -L_L_M_M_L_L4 --- L_L_M_M_L_L_L5 -L_L_M_M_L_L_L5 --- L_L_M_M_L_L_L_L6 -L_L_L_L2 --- L_L_L_H_L3 -L_L_L_H_L3 --- L_L_L_H_L_L4 -L_L_L_H_L_L4 --- L_L_L_H_L_L_L5 -L_L_L_H_L_L_L5 --- L_L_L_H_L_L_L_L6 -M_L_L_L_L3 --- M_L_L_L_M_L4 -M_L_L_L_M_L4 --- M_L_L_L_M_L_L5 -M_L_L_L_M_L_L5 --- M_L_L_L_M_L_L_L6 -L_H_L_L_L3 --- L_H_L_L_M_L4 -L_H_L_L_M_L4 --- L_H_L_L_M_L_L5 -L_H_L_L_M_L_L5 --- L_H_L_L_M_L_L_L6 -L_L_M_L_L3 --- L_L_M_L_M_L4 -L_L_M_L_M_L4 --- L_L_M_L_M_L_L5 -L_L_M_L_M_L_L5 --- L_L_M_L_M_L_L_L6 -L_L_L_M_L3 --- L_L_L_M_M_L4 -L_L_L_M_M_L4 --- L_L_L_M_M_L_L5 -L_L_L_M_M_L_L5 --- L_L_L_M_M_L_L_L6 -L_L_L_L_L3 --- L_L_L_L_H_L4 -L_L_L_L_H_L4 --- L_L_L_L_H_L_L5 -L_L_L_L_H_L_L5 --- L_L_L_L_H_L_L_L6 -L_L_M_L_L_L4 --- L_L_M_L_L_H_L5 -L_L_M_L_L_H_L5 --- L_L_M_L_L_H_L_L6 -H_L0 --- H_H_L1 -H_H_L1 --- H_H_L_L2 -H_H_L_L2 --- H_H_L_L_L3 -H_H_L_L_L3 --- H_H_L_L_L_L4 -H_H_L_L_L_L4 --- H_H_L_L_L_L_L5 -H_H_L_L_L_L_L5 --- H_H_L_L_L_L_L_L6 -H_L_L1 --- H_L_M_L2 -H_L_M_L2 --- H_L_M_L_L3 -H_L_M_L_L3 --- H_L_M_L_L_L4 -H_L_M_L_L_L4 --- H_L_M_L_L_L_L5 -H_L_M_L_L_L_L5 --- H_L_M_L_L_L_L_L6 -M_H_L1 --- M_H_M_L2 -M_H_M_L2 --- M_H_M_L_L3 -M_H_M_L_L3 --- M_H_M_L_L_L4 -M_H_M_L_L_L4 --- M_H_M_L_L_L_L5 -M_H_M_L_L_L_L5 --- M_H_M_L_L_L_L_L6 -M_L_L1 --- M_L_H_L2 -M_L_H_L2 --- M_L_H_L_L3 -M_L_H_L_L3 --- M_L_H_L_L_L4 -M_L_H_L_L_L4 --- M_L_H_L_L_L_L5 -M_L_H_L_L_L_L5 --- M_L_H_L_L_L_L_L6 -L_H_L1 --- L_H_H_L2 -L_H_H_L2 --- L_H_H_L_L3 -L_H_H_L_L3 --- L_H_H_L_L_L4 -L_H_H_L_L_L4 --- L_H_H_L_L_L_L5 -L_H_H_L_L_L_L5 --- L_H_H_L_L_L_L_L6 -H_L_L_L2 --- H_L_L_M_L3 -H_L_L_M_L3 --- H_L_L_M_L_L4 -H_L_L_M_L_L4 --- H_L_L_M_L_L_L5 -H_L_L_M_L_L_L5 --- H_L_L_M_L_L_L_L6 -M_H_L_L2 --- M_H_L_M_L3 -M_H_L_M_L3 --- M_H_L_M_L_L4 -M_H_L_M_L_L4 --- M_H_L_M_L_L_L5 -M_H_L_M_L_L_L5 --- M_H_L_M_L_L_L_L6 -M_L_M_L2 --- M_L_M_M_L3 -M_L_M_M_L3 --- M_L_M_M_L_L4 -M_L_M_M_L_L4 --- M_L_M_M_L_L_L5 -M_L_M_M_L_L_L5 --- M_L_M_M_L_L_L_L6 -L_H_M_L2 --- L_H_M_M_L3 -L_H_M_M_L3 --- L_H_M_M_L_L4 -L_H_M_M_L_L4 --- L_H_M_M_L_L_L5 -L_H_M_M_L_L_L5 --- L_H_M_M_L_L_L_L6 -L_L_H_L2 --- L_L_H_M_L3 -L_L_H_M_L3 --- L_L_H_M_L_L4 -L_L_H_M_L_L4 --- L_L_H_M_L_L_L5 -L_L_H_M_L_L_L5 --- L_L_H_M_L_L_L_L6 -M_L_L_L2 --- M_L_L_H_L3 -M_L_L_H_L3 --- M_L_L_H_L_L4 -M_L_L_H_L_L4 --- M_L_L_H_L_L_L5 -M_L_L_H_L_L_L5 --- M_L_L_H_L_L_L_L6 -L_H_L_L2 --- L_H_L_H_L3 -L_H_L_H_L3 --- L_H_L_H_L_L4 -L_H_L_H_L_L4 --- L_H_L_H_L_L_L5 -L_H_L_H_L_L_L5 --- L_H_L_H_L_L_L_L6 -L_L_M_L2 --- L_L_M_H_L3 -L_L_M_H_L3 --- L_L_M_H_L_L4 -L_L_M_H_L_L4 --- L_L_M_H_L_L_L5 -L_L_M_H_L_L_L5 --- L_L_M_H_L_L_L_L6 -H_L_L_L_L3 --- H_L_L_L_M_L4 -H_L_L_L_M_L4 --- H_L_L_L_M_L_L5 -H_L_L_L_M_L_L5 --- H_L_L_L_M_L_L_L6 -M_H_L_L_L3 --- M_H_L_L_M_L4 -M_H_L_L_M_L4 --- M_H_L_L_M_L_L5 -M_H_L_L_M_L_L5 --- M_H_L_L_M_L_L_L6 -M_L_M_L_L3 --- M_L_M_L_M_L4 -M_L_M_L_M_L4 --- M_L_M_L_M_L_L5 -M_L_M_L_M_L_L5 --- M_L_M_L_M_L_L_L6 -L_H_M_L_L3 --- L_H_M_L_M_L4 -L_H_M_L_M_L4 --- L_H_M_L_M_L_L5 -L_H_M_L_M_L_L5 --- L_H_M_L_M_L_L_L6 -L_L_H_L_L3 --- L_L_H_L_M_L4 -L_L_H_L_M_L4 --- L_L_H_L_M_L_L5 -L_L_H_L_M_L_L5 --- L_L_H_L_M_L_L_L6 -M_L_L_M_L3 --- M_L_L_M_M_L4 -M_L_L_M_M_L4 --- M_L_L_M_M_L_L5 -M_L_L_M_M_L_L5 --- M_L_L_M_M_L_L_L6 -L_H_L_M_L3 --- L_H_L_M_M_L4 -L_H_L_M_M_L4 --- L_H_L_M_M_L_L5 -L_H_L_M_M_L_L5 --- L_H_L_M_M_L_L_L6 -L_L_M_M_L3 --- L_L_M_M_M_L4 -L_L_M_M_M_L4 --- L_L_M_M_M_L_L5 -L_L_M_M_M_L_L5 --- L_L_M_M_M_L_L_L6 -L_L_L_H_L3 --- L_L_L_H_M_L4 -L_L_L_H_M_L4 --- L_L_L_H_M_L_L5 -L_L_L_H_M_L_L5 --- L_L_L_H_M_L_L_L6 -M_L_L_L_L3 --- M_L_L_L_H_L4 -M_L_L_L_H_L4 --- M_L_L_L_H_L_L5 -M_L_L_L_H_L_L5 --- M_L_L_L_H_L_L_L6 -L_H_L_L_L3 --- L_H_L_L_H_L4 -L_H_L_L_H_L4 --- L_H_L_L_H_L_L5 -L_H_L_L_H_L_L5 --- L_H_L_L_H_L_L_L6 -L_L_M_L_L3 --- L_L_M_L_H_L4 -L_L_M_L_H_L4 --- L_L_M_L_H_L_L5 -L_L_M_L_H_L_L5 --- L_L_M_L_H_L_L_L6 -L_L_L_M_L3 --- L_L_L_M_H_L4 -L_L_L_M_H_L4 --- L_L_L_M_H_L_L5 -L_L_L_M_H_L_L5 --- L_L_L_M_H_L_L_L6 -M_L_M_L_L_L4 --- M_L_M_L_L_H_L5 -M_L_M_L_L_H_L5 --- M_L_M_L_L_H_L_L6 -L_H_M_L_L_L4 --- L_H_M_L_L_H_L5 -L_H_M_L_L_H_L5 --- L_H_M_L_L_H_L_L6 -L_L_H_L_L_L4 --- L_L_H_L_L_H_L5 -L_L_H_L_L_H_L5 --- L_L_H_L_L_H_L_L6 -L_L_M_M_L_L4 --- L_L_M_M_L_H_L5 -L_L_M_M_L_H_L5 --- L_L_M_M_L_H_L_L6 -L_L_M_L_M_L4 --- L_L_M_L_M_H_L5 -L_L_M_L_M_H_L5 --- L_L_M_L_M_H_L_L6 -H_H_L1 --- H_H_M_L2 -H_H_M_L2 --- H_H_M_L_L3 -H_H_M_L_L3 --- H_H_M_L_L_L4 -H_H_M_L_L_L4 --- H_H_M_L_L_L_L5 -H_H_M_L_L_L_L5 --- H_H_M_L_L_L_M_L6 -H_L_L1 --- H_L_H_L2 -H_L_H_L2 --- H_L_H_L_L3 -H_L_H_L_L3 --- H_L_H_L_L_L4 -H_L_H_L_L_L4 --- H_L_H_L_L_L_L5 -H_L_H_L_L_L_L5 --- H_L_H_L_L_L_M_L6 -M_H_L1 --- M_H_H_L2 -M_H_H_L2 --- M_H_H_L_L3 -M_H_H_L_L3 --- M_H_H_L_L_L4 -M_H_H_L_L_L4 --- M_H_H_L_L_L_L5 -M_H_H_L_L_L_L5 --- M_H_H_L_L_L_M_L6 -H_H_L_L2 --- H_H_L_M_L3 -H_H_L_M_L3 --- H_H_L_M_L_L4 -H_H_L_M_L_L4 --- H_H_L_M_L_L_L5 -H_H_L_M_L_L_L5 --- H_H_L_M_L_L_M_L6 -H_L_M_L2 --- H_L_M_M_L3 -H_L_M_M_L3 --- H_L_M_M_L_L4 -H_L_M_M_L_L4 --- H_L_M_M_L_L_L5 -H_L_M_M_L_L_L5 --- H_L_M_M_L_L_M_L6 -M_H_M_L2 --- M_H_M_M_L3 -M_H_M_M_L3 --- M_H_M_M_L_L4 -M_H_M_M_L_L4 --- M_H_M_M_L_L_L5 -M_H_M_M_L_L_L5 --- M_H_M_M_L_L_M_L6 -M_L_H_L2 --- M_L_H_M_L3 -M_L_H_M_L3 --- M_L_H_M_L_L4 -M_L_H_M_L_L4 --- M_L_H_M_L_L_L5 -M_L_H_M_L_L_L5 --- M_L_H_M_L_L_M_L6 -L_H_H_L2 --- L_H_H_M_L3 -L_H_H_M_L3 --- L_H_H_M_L_L4 -L_H_H_M_L_L4 --- L_H_H_M_L_L_L5 -L_H_H_M_L_L_L5 --- L_H_H_M_L_L_L_L6 -H_L_L_L2 --- H_L_L_H_L3 -H_L_L_H_L3 --- H_L_L_H_L_L4 -H_L_L_H_L_L4 --- H_L_L_H_L_L_L5 -H_L_L_H_L_L_L5 --- H_L_L_H_L_L_M_L6 -M_H_L_L2 --- M_H_L_H_L3 -M_H_L_H_L3 --- M_H_L_H_L_L4 -M_H_L_H_L_L4 --- M_H_L_H_L_L_L5 -M_H_L_H_L_L_L5 --- M_H_L_H_L_L_M_L6 -M_L_M_L2 --- M_L_M_H_L3 -M_L_M_H_L3 --- M_L_M_H_L_L4 -M_L_M_H_L_L4 --- M_L_M_H_L_L_L5 -M_L_M_H_L_L_L5 --- M_L_M_H_L_L_M_L6 -L_H_M_L2 --- L_H_M_H_L3 -L_H_M_H_L3 --- L_H_M_H_L_L4 -L_H_M_H_L_L4 --- L_H_M_H_L_L_L5 -L_H_M_H_L_L_L5 --- L_H_M_H_L_L_M_L6 -L_L_H_L2 --- L_L_H_H_L3 -L_L_H_H_L3 --- L_L_H_H_L_L4 -L_L_H_H_L_L4 --- L_L_H_H_L_L_L5 -L_L_H_H_L_L_L5 --- L_L_H_H_L_L_M_L6 -H_H_L_L_L3 --- H_H_L_L_M_L4 -H_H_L_L_M_L4 --- H_H_L_L_M_L_L5 -H_H_L_L_M_L_L5 --- H_H_L_L_M_L_M_L6 -H_L_M_L_L3 --- H_L_M_L_M_L4 -H_L_M_L_M_L4 --- H_L_M_L_M_L_L5 -H_L_M_L_M_L_L5 --- H_L_M_L_M_L_M_L6 -M_H_M_L_L3 --- M_H_M_L_M_L4 -M_H_M_L_M_L4 --- M_H_M_L_M_L_L5 -M_H_M_L_M_L_L5 --- M_H_M_L_M_L_M_L6 -M_L_H_L_L3 --- M_L_H_L_M_L4 -M_L_H_L_M_L4 --- M_L_H_L_M_L_L5 -M_L_H_L_M_L_L5 --- M_L_H_L_M_L_M_L6 -L_H_H_L_L3 --- L_H_H_L_M_L4 -L_H_H_L_M_L4 --- L_H_H_L_M_L_L5 -L_H_H_L_M_L_L5 --- L_H_H_L_M_L_M_L6 -H_L_L_M_L3 --- H_L_L_M_M_L4 -H_L_L_M_M_L4 --- H_L_L_M_M_L_L5 -H_L_L_M_M_L_L5 --- H_L_L_M_M_L_M_L6 -M_H_L_M_L3 --- M_H_L_M_M_L4 -M_H_L_M_M_L4 --- M_H_L_M_M_L_L5 -M_H_L_M_M_L_L5 --- M_H_L_M_M_L_M_L6 -M_L_M_M_L3 --- M_L_M_M_M_L4 -M_L_M_M_M_L4 --- M_L_M_M_M_L_L5 -M_L_M_M_M_L_L5 --- M_L_M_M_M_L_M_L6 -L_H_M_M_L3 --- L_H_M_M_M_L4 -L_H_M_M_M_L4 --- L_H_M_M_M_L_L5 -L_H_M_M_M_L_L5 --- L_H_M_M_M_L_M_L6 -L_L_H_M_L3 --- L_L_H_M_M_L4 -L_L_H_M_M_L4 --- L_L_H_M_M_L_L5 -L_L_H_M_M_L_L5 --- L_L_H_M_M_L_M_L6 -M_L_L_H_L3 --- M_L_L_H_M_L4 -M_L_L_H_M_L4 --- M_L_L_H_M_L_L5 -M_L_L_H_M_L_L5 --- M_L_L_H_M_L_M_L6 -L_H_L_H_L3 --- L_H_L_H_M_L4 -L_H_L_H_M_L4 --- L_H_L_H_M_L_L5 -L_H_L_H_M_L_L5 --- L_H_L_H_M_L_M_L6 -L_L_M_H_L3 --- L_L_M_H_M_L4 -L_L_M_H_M_L4 --- L_L_M_H_M_L_L5 -L_L_M_H_M_L_L5 --- L_L_M_H_M_L_M_L6 -H_L_L_L_L3 --- H_L_L_L_H_L4 -H_L_L_L_H_L4 --- H_L_L_L_H_L_L5 -H_L_L_L_H_L_L5 --- H_L_L_L_H_L_M_L6 -M_H_L_L_L3 --- M_H_L_L_H_L4 -M_H_L_L_H_L4 --- M_H_L_L_H_L_L5 -M_H_L_L_H_L_L5 --- M_H_L_L_H_L_M_L6 -M_L_M_L_L3 --- M_L_M_L_H_L4 -M_L_M_L_H_L4 --- M_L_M_L_H_L_L5 -M_L_M_L_H_L_L5 --- M_L_M_L_H_L_M_L6 -L_H_M_L_L3 --- L_H_M_L_H_L4 -L_H_M_L_H_L4 --- L_H_M_L_H_L_L5 -L_H_M_L_H_L_L5 --- L_H_M_L_H_L_L_L6 -L_L_H_L_L3 --- L_L_H_L_H_L4 -L_L_H_L_H_L4 --- L_L_H_L_H_L_L5 -L_L_H_L_H_L_L5 --- L_L_H_L_H_L_M_L6 -M_L_L_M_L3 --- M_L_L_M_H_L4 -M_L_L_M_H_L4 --- M_L_L_M_H_L_L5 -M_L_L_M_H_L_L5 --- M_L_L_M_H_L_M_L6 -L_H_L_M_L3 --- L_H_L_M_H_L4 -L_H_L_M_H_L4 --- L_H_L_M_H_L_L5 -L_H_L_M_H_L_L5 --- L_H_L_M_H_L_M_L6 -L_L_M_M_L3 --- L_L_M_M_H_L4 -L_L_M_M_H_L4 --- L_L_M_M_H_L_L5 -L_L_M_M_H_L_L5 --- L_L_M_M_H_L_M_L6 -L_L_L_H_L3 --- L_L_L_H_H_L4 -L_L_L_H_H_L4 --- L_L_L_H_H_L_L5 -L_L_L_H_H_L_L5 --- L_L_L_H_H_L_M_L6 -H_L_M_L_L_L4 --- H_L_M_L_L_H_L5 -H_L_M_L_L_H_L5 --- H_L_M_L_L_H_M_L6 -M_H_M_L_L_L4 --- M_H_M_L_L_H_L5 -M_H_M_L_L_H_L5 --- M_H_M_L_L_H_M_L6 -M_L_H_L_L_L4 --- M_L_H_L_L_H_L5 -M_L_H_L_L_H_L5 --- M_L_H_L_L_H_M_L6 -L_H_H_L_L_L4 --- L_H_H_L_L_H_L5 -L_H_H_L_L_H_L5 --- L_H_H_L_L_H_M_L6 -M_L_M_M_L_L4 --- M_L_M_M_L_H_L5 -M_L_M_M_L_H_L5 --- M_L_M_M_L_H_M_L6 -L_H_M_M_L_L4 --- L_H_M_M_L_H_L5 -L_H_M_M_L_H_L5 --- L_H_M_M_L_H_M_L6 -L_L_H_M_L_L4 --- L_L_H_M_L_H_L5 -L_L_H_M_L_H_L5 --- L_L_H_M_L_H_M_L6 -L_L_M_H_L_L4 --- L_L_M_H_L_H_L5 -L_L_M_H_L_H_L5 --- L_L_M_H_L_H_M_L6 -M_L_M_L_M_L4 --- M_L_M_L_M_H_L5 -M_L_M_L_M_H_L5 --- M_L_M_L_M_H_M_L6 -L_H_M_L_M_L4 --- L_H_M_L_M_H_L5 -L_H_M_L_M_H_L5 --- L_H_M_L_M_H_L_L6 -L_L_H_L_M_L4 --- L_L_H_L_M_H_L5 -L_L_H_L_M_H_L5 --- L_L_H_L_M_H_M_L6 -L_L_M_M_M_L4 --- L_L_M_M_M_H_L5 -L_L_M_M_M_H_L5 --- L_L_M_M_M_H_M_L6 -L_L_M_L_H_L4 --- L_L_M_L_H_H_L5 -L_L_M_L_H_H_L5 --- L_L_M_L_H_H_M_L6 -H_H_L1 --- H_H_H_L2 -H_H_H_L2 --- H_H_H_L_L3 -H_H_H_L_L3 --- H_H_H_L_L_L4 -H_H_H_L_L_L4 --- H_H_H_L_L_L_L5 -H_H_H_L_L_L_L5 --- H_H_H_L_L_L_M_L6 -H_H_M_L2 --- H_H_M_M_L3 -H_H_M_M_L3 --- H_H_M_M_L_L4 -H_H_M_M_L_L4 --- H_H_M_M_L_L_L5 -H_H_M_M_L_L_L5 --- H_H_M_M_L_L_M_L6 -H_L_H_L2 --- H_L_H_M_L3 -H_L_H_M_L3 --- H_L_H_M_L_L4 -H_L_H_M_L_L4 --- H_L_H_M_L_L_L5 -H_L_H_M_L_L_L5 --- H_L_H_M_L_L_H_L6 -M_H_H_L2 --- M_H_H_M_L3 -M_H_H_M_L3 --- M_H_H_M_L_L4 -M_H_H_M_L_L4 --- M_H_H_M_L_L_L5 -M_H_H_M_L_L_L5 --- M_H_H_M_L_L_M_L6 -H_H_L_L2 --- H_H_L_H_L3 -H_H_L_H_L3 --- H_H_L_H_L_L4 -H_H_L_H_L_L4 --- H_H_L_H_L_L_L5 -H_H_L_H_L_L_L5 --- H_H_L_H_L_L_H_L6 -H_L_M_L2 --- H_L_M_H_L3 -H_L_M_H_L3 --- H_L_M_H_L_L4 -H_L_M_H_L_L4 --- H_L_M_H_L_L_L5 -H_L_M_H_L_L_L5 --- H_L_M_H_L_L_H_L6 -M_H_M_L2 --- M_H_M_H_L3 -M_H_M_H_L3 --- M_H_M_H_L_L4 -M_H_M_H_L_L4 --- M_H_M_H_L_L_L5 -M_H_M_H_L_L_L5 --- M_H_M_H_L_L_M_L6 -M_L_H_L2 --- M_L_H_H_L3 -M_L_H_H_L3 --- M_L_H_H_L_L4 -M_L_H_H_L_L4 --- M_L_H_H_L_L_L5 -M_L_H_H_L_L_L5 --- M_L_H_H_L_L_H_L6 -L_H_H_L2 --- L_H_H_H_L3 -L_H_H_H_L3 --- L_H_H_H_L_L4 -L_H_H_H_L_L4 --- L_H_H_H_L_L_L5 -L_H_H_H_L_L_L5 --- L_H_H_H_L_L_M_L6 -H_H_M_L_L3 --- H_H_M_L_M_L4 -H_H_M_L_M_L4 --- H_H_M_L_M_L_L5 -H_H_M_L_M_L_L5 --- H_H_M_L_M_L_H_L6 -H_L_H_L_L3 --- H_L_H_L_M_L4 -H_L_H_L_M_L4 --- H_L_H_L_M_L_L5 -H_L_H_L_M_L_L5 --- H_L_H_L_M_L_H_L6 -M_H_H_L_L3 --- M_H_H_L_M_L4 -M_H_H_L_M_L4 --- M_H_H_L_M_L_L5 -M_H_H_L_M_L_L5 --- M_H_H_L_M_L_M_L6 -H_H_L_M_L3 --- H_H_L_M_M_L4 -H_H_L_M_M_L4 --- H_H_L_M_M_L_L5 -H_H_L_M_M_L_L5 --- H_H_L_M_M_L_M_L6 -H_L_M_M_L3 --- H_L_M_M_M_L4 -H_L_M_M_M_L4 --- H_L_M_M_M_L_L5 -H_L_M_M_M_L_L5 --- H_L_M_M_M_L_H_L6 -M_H_M_M_L3 --- M_H_M_M_M_L4 -M_H_M_M_M_L4 --- M_H_M_M_M_L_L5 -M_H_M_M_M_L_L5 --- M_H_M_M_M_L_M_L6 -M_L_H_M_L3 --- M_L_H_M_M_L4 -M_L_H_M_M_L4 --- M_L_H_M_M_L_L5 -M_L_H_M_M_L_L5 --- M_L_H_M_M_L_M_L6 -L_H_H_M_L3 --- L_H_H_M_M_L4 -L_H_H_M_M_L4 --- L_H_H_M_M_L_L5 -L_H_H_M_M_L_L5 --- L_H_H_M_M_L_M_L6 -H_L_L_H_L3 --- H_L_L_H_M_L4 -H_L_L_H_M_L4 --- H_L_L_H_M_L_L5 -H_L_L_H_M_L_L5 --- H_L_L_H_M_L_H_L6 -M_H_L_H_L3 --- M_H_L_H_M_L4 -M_H_L_H_M_L4 --- M_H_L_H_M_L_L5 -M_H_L_H_M_L_L5 --- M_H_L_H_M_L_H_L6 -M_L_M_H_L3 --- M_L_M_H_M_L4 -M_L_M_H_M_L4 --- M_L_M_H_M_L_L5 -M_L_M_H_M_L_L5 --- M_L_M_H_M_L_M_L6 -L_H_M_H_L3 --- L_H_M_H_M_L4 -L_H_M_H_M_L4 --- L_H_M_H_M_L_L5 -L_H_M_H_M_L_L5 --- L_H_M_H_M_L_M_L6 -L_L_H_H_L3 --- L_L_H_H_M_L4 -L_L_H_H_M_L4 --- L_L_H_H_M_L_L5 -L_L_H_H_M_L_L5 --- L_L_H_H_M_L_M_L6 -H_H_L_L_L3 --- H_H_L_L_H_L4 -H_H_L_L_H_L4 --- H_H_L_L_H_L_L5 -H_H_L_L_H_L_L5 --- H_H_L_L_H_L_M_L6 -H_L_M_L_L3 --- H_L_M_L_H_L4 -H_L_M_L_H_L4 --- H_L_M_L_H_L_L5 -H_L_M_L_H_L_L5 --- H_L_M_L_H_L_H_L6 -M_H_M_L_L3 --- M_H_M_L_H_L4 -M_H_M_L_H_L4 --- M_H_M_L_H_L_L5 -M_H_M_L_H_L_L5 --- M_H_M_L_H_L_M_L6 -M_L_H_L_L3 --- M_L_H_L_H_L4 -M_L_H_L_H_L4 --- M_L_H_L_H_L_L5 -M_L_H_L_H_L_L5 --- M_L_H_L_H_L_M_L6 -L_H_H_L_L3 --- L_H_H_L_H_L4 -L_H_H_L_H_L4 --- L_H_H_L_H_L_L5 -L_H_H_L_H_L_L5 --- L_H_H_L_H_L_M_L6 -H_L_L_M_L3 --- H_L_L_M_H_L4 -H_L_L_M_H_L4 --- H_L_L_M_H_L_L5 -H_L_L_M_H_L_L5 --- H_L_L_M_H_L_H_L6 -M_H_L_M_L3 --- M_H_L_M_H_L4 -M_H_L_M_H_L4 --- M_H_L_M_H_L_L5 -M_H_L_M_H_L_L5 --- M_H_L_M_H_L_M_L6 -M_L_M_M_L3 --- M_L_M_M_H_L4 -M_L_M_M_H_L4 --- M_L_M_M_H_L_L5 -M_L_M_M_H_L_L5 --- M_L_M_M_H_L_M_L6 -L_H_M_M_L3 --- L_H_M_M_H_L4 -L_H_M_M_H_L4 --- L_H_M_M_H_L_L5 -L_H_M_M_H_L_L5 --- L_H_M_M_H_L_M_L6 -L_L_H_M_L3 --- L_L_H_M_H_L4 -L_L_H_M_H_L4 --- L_L_H_M_H_L_L5 -L_L_H_M_H_L_L5 --- L_L_H_M_H_L_M_L6 -M_L_L_H_L3 --- M_L_L_H_H_L4 -M_L_L_H_H_L4 --- M_L_L_H_H_L_L5 -M_L_L_H_H_L_L5 --- M_L_L_H_H_L_H_L6 -L_H_L_H_L3 --- L_H_L_H_H_L4 -L_H_L_H_H_L4 --- L_H_L_H_H_L_L5 -L_H_L_H_H_L_L5 --- L_H_L_H_H_L_M_L6 -L_L_M_H_L3 --- L_L_M_H_H_L4 -L_L_M_H_H_L4 --- L_L_M_H_H_L_L5 -L_L_M_H_H_L_L5 --- L_L_M_H_H_L_M_L6 -H_H_M_L_L_L4 --- H_H_M_L_L_H_L5 -H_H_M_L_L_H_L5 --- H_H_M_L_L_H_M_L6 -H_L_H_L_L_L4 --- H_L_H_L_L_H_L5 -H_L_H_L_L_H_L5 --- H_L_H_L_L_H_H_L6 -M_H_H_L_L_L4 --- M_H_H_L_L_H_L5 -M_H_H_L_L_H_L5 --- M_H_H_L_L_H_M_L6 -H_L_M_M_L_L4 --- H_L_M_M_L_H_L5 -H_L_M_M_L_H_L5 --- H_L_M_M_L_H_H_L6 -M_H_M_M_L_L4 --- M_H_M_M_L_H_L5 -M_H_M_M_L_H_L5 --- M_H_M_M_L_H_M_L6 -M_L_H_M_L_L4 --- M_L_H_M_L_H_L5 -M_L_H_M_L_H_L5 --- M_L_H_M_L_H_M_L6 -L_H_H_M_L_L4 --- L_H_H_M_L_H_L5 -L_H_H_M_L_H_L5 --- L_H_H_M_L_H_M_L6 -M_L_M_H_L_L4 --- M_L_M_H_L_H_L5 -M_L_M_H_L_H_L5 --- M_L_M_H_L_H_M_L6 -L_H_M_H_L_L4 --- L_H_M_H_L_H_L5 -L_H_M_H_L_H_L5 --- L_H_M_H_L_H_M_L6 -L_L_H_H_L_L4 --- L_L_H_H_L_H_L5 -L_L_H_H_L_H_L5 --- L_L_H_H_L_H_M_L6 -H_L_M_L_M_L4 --- H_L_M_L_M_H_L5 -H_L_M_L_M_H_L5 --- H_L_M_L_M_H_H_L6 -M_H_M_L_M_L4 --- M_H_M_L_M_H_L5 -M_H_M_L_M_H_L5 --- M_H_M_L_M_H_M_L6 -M_L_H_L_M_L4 --- M_L_H_L_M_H_L5 -M_L_H_L_M_H_L5 --- M_L_H_L_M_H_M_L6 -L_H_H_L_M_L4 --- L_H_H_L_M_H_L5 -L_H_H_L_M_H_L5 --- L_H_H_L_M_H_M_L6 -M_L_M_M_M_L4 --- M_L_M_M_M_H_L5 -M_L_M_M_M_H_L5 --- M_L_M_M_M_H_M_L6 -L_H_M_M_M_L4 --- L_H_M_M_M_H_L5 -L_H_M_M_M_H_L5 --- L_H_M_M_M_H_M_L6 -L_L_H_M_M_L4 --- L_L_H_M_M_H_L5 -L_L_H_M_M_H_L5 --- L_L_H_M_M_H_M_L6 -L_L_M_H_M_L4 --- L_L_M_H_M_H_L5 -L_L_M_H_M_H_L5 --- L_L_M_H_M_H_M_L6 -M_L_M_L_H_L4 --- M_L_M_L_H_H_L5 -M_L_M_L_H_H_L5 --- M_L_M_L_H_H_M_L6 -L_H_M_L_H_L4 --- L_H_M_L_H_H_L5 -L_H_M_L_H_H_L5 --- L_H_M_L_H_H_M_L6 -L_L_H_L_H_L4 --- L_L_H_L_H_H_L5 -L_L_H_L_H_H_L5 --- L_L_H_L_H_H_M_L6 -L_L_M_M_H_L4 --- L_L_M_M_H_H_L5 -L_L_M_M_H_H_L5 --- L_L_M_M_H_H_M_L6 -H_H_H_L2 --- H_H_H_M_L3 -H_H_H_M_L3 --- H_H_H_M_L_L4 -H_H_H_M_L_L4 --- H_H_H_M_L_L_L5 -H_H_H_M_L_L_L5 --- H_H_H_M_L_L_H_L6 -H_H_M_L2 --- H_H_M_H_L3 -H_H_M_H_L3 --- H_H_M_H_L_L4 -H_H_M_H_L_L4 --- H_H_M_H_L_L_L5 -H_H_M_H_L_L_L5 --- H_H_M_H_L_L_H_L6 -H_L_H_L2 --- H_L_H_H_L3 -H_L_H_H_L3 --- H_L_H_H_L_L4 -H_L_H_H_L_L4 --- H_L_H_H_L_L_L5 -H_L_H_H_L_L_L5 --- H_L_H_H_L_L_H_L6 -M_H_H_L2 --- M_H_H_H_L3 -M_H_H_H_L3 --- M_H_H_H_L_L4 -M_H_H_H_L_L4 --- M_H_H_H_L_L_L5 -M_H_H_H_L_L_L5 --- M_H_H_H_L_L_H_L6 -H_H_H_L_L3 --- H_H_H_L_M_L4 -H_H_H_L_M_L4 --- H_H_H_L_M_L_L5 -H_H_H_L_M_L_L5 --- H_H_H_L_M_L_H_L6 -H_H_M_M_L3 --- H_H_M_M_M_L4 -H_H_M_M_M_L4 --- H_H_M_M_M_L_L5 -H_H_M_M_M_L_L5 --- H_H_M_M_M_L_H_L6 -H_L_H_M_L3 --- H_L_H_M_M_L4 -H_L_H_M_M_L4 --- H_L_H_M_M_L_L5 -H_L_H_M_M_L_L5 --- H_L_H_M_M_L_H_L6 -M_H_H_M_L3 --- M_H_H_M_M_L4 -M_H_H_M_M_L4 --- M_H_H_M_M_L_L5 -M_H_H_M_M_L_L5 --- M_H_H_M_M_L_H_L6 -H_H_L_H_L3 --- H_H_L_H_M_L4 -H_H_L_H_M_L4 --- H_H_L_H_M_L_L5 -H_H_L_H_M_L_L5 --- H_H_L_H_M_L_H_L6 -H_L_M_H_L3 --- H_L_M_H_M_L4 -H_L_M_H_M_L4 --- H_L_M_H_M_L_L5 -H_L_M_H_M_L_L5 --- H_L_M_H_M_L_H_L6 -M_H_M_H_L3 --- M_H_M_H_M_L4 -M_H_M_H_M_L4 --- M_H_M_H_M_L_L5 -M_H_M_H_M_L_L5 --- M_H_M_H_M_L_H_L6 -M_L_H_H_L3 --- M_L_H_H_M_L4 -M_L_H_H_M_L4 --- M_L_H_H_M_L_L5 -M_L_H_H_M_L_L5 --- M_L_H_H_M_L_H_L6 -L_H_H_H_L3 --- L_H_H_H_M_L4 -L_H_H_H_M_L4 --- L_H_H_H_M_L_L5 -L_H_H_H_M_L_L5 --- L_H_H_H_M_L_H_L6 -H_H_M_L_L3 --- H_H_M_L_H_L4 -H_H_M_L_H_L4 --- H_H_M_L_H_L_L5 -H_H_M_L_H_L_L5 --- H_H_M_L_H_L_H_L6 -H_L_H_L_L3 --- H_L_H_L_H_L4 -H_L_H_L_H_L4 --- H_L_H_L_H_L_L5 -H_L_H_L_H_L_L5 --- H_L_H_L_H_L_H_L6 -M_H_H_L_L3 --- M_H_H_L_H_L4 -M_H_H_L_H_L4 --- M_H_H_L_H_L_L5 -M_H_H_L_H_L_L5 --- M_H_H_L_H_L_H_L6 -H_H_L_M_L3 --- H_H_L_M_H_L4 -H_H_L_M_H_L4 --- H_H_L_M_H_L_L5 -H_H_L_M_H_L_L5 --- H_H_L_M_H_L_H_L6 -H_L_M_M_L3 --- H_L_M_M_H_L4 -H_L_M_M_H_L4 --- H_L_M_M_H_L_L5 -H_L_M_M_H_L_L5 --- H_L_M_M_H_L_H_L6 -M_H_M_M_L3 --- M_H_M_M_H_L4 -M_H_M_M_H_L4 --- M_H_M_M_H_L_L5 -M_H_M_M_H_L_L5 --- M_H_M_M_H_L_H_L6 -M_L_H_M_L3 --- M_L_H_M_H_L4 -M_L_H_M_H_L4 --- M_L_H_M_H_L_L5 -M_L_H_M_H_L_L5 --- M_L_H_M_H_L_H_L6 -L_H_H_M_L3 --- L_H_H_M_H_L4 -L_H_H_M_H_L4 --- L_H_H_M_H_L_L5 -L_H_H_M_H_L_L5 --- L_H_H_M_H_L_H_L6 -H_L_L_H_L3 --- H_L_L_H_H_L4 -H_L_L_H_H_L4 --- H_L_L_H_H_L_L5 -H_L_L_H_H_L_L5 --- H_L_L_H_H_L_H_L6 -M_H_L_H_L3 --- M_H_L_H_H_L4 -M_H_L_H_H_L4 --- M_H_L_H_H_L_L5 -M_H_L_H_H_L_L5 --- M_H_L_H_H_L_H_L6 -M_L_M_H_L3 --- M_L_M_H_H_L4 -M_L_M_H_H_L4 --- M_L_M_H_H_L_L5 -M_L_M_H_H_L_L5 --- M_L_M_H_H_L_H_L6 -L_H_M_H_L3 --- L_H_M_H_H_L4 -L_H_M_H_H_L4 --- L_H_M_H_H_L_L5 -L_H_M_H_H_L_L5 --- L_H_M_H_H_L_H_L6 -L_L_H_H_L3 --- L_L_H_H_H_L4 -L_L_H_H_H_L4 --- L_L_H_H_H_L_L5 -L_L_H_H_H_L_L5 --- L_L_H_H_H_L_H_L6 -H_H_H_L_L_L4 --- H_H_H_L_L_H_L5 -H_H_H_L_L_H_L5 --- H_H_H_L_L_H_H_L6 -H_H_M_M_L_L4 --- H_H_M_M_L_H_L5 -H_H_M_M_L_H_L5 --- H_H_M_M_L_H_H_L6 -H_L_H_M_L_L4 --- H_L_H_M_L_H_L5 -H_L_H_M_L_H_L5 --- H_L_H_M_L_H_H_L6 -M_H_H_M_L_L4 --- M_H_H_M_L_H_L5 -M_H_H_M_L_H_L5 --- M_H_H_M_L_H_H_L6 -H_L_M_H_L_L4 --- H_L_M_H_L_H_L5 -H_L_M_H_L_H_L5 --- H_L_M_H_L_H_H_L6 -M_H_M_H_L_L4 --- M_H_M_H_L_H_L5 -M_H_M_H_L_H_L5 --- M_H_M_H_L_H_H_L6 -M_L_H_H_L_L4 --- M_L_H_H_L_H_L5 -M_L_H_H_L_H_L5 --- M_L_H_H_L_H_H_L6 -L_H_H_H_L_L4 --- L_H_H_H_L_H_L5 -L_H_H_H_L_H_L5 --- L_H_H_H_L_H_H_L6 -H_H_M_L_M_L4 --- H_H_M_L_M_H_L5 -H_H_M_L_M_H_L5 --- H_H_M_L_M_H_H_L6 -H_L_H_L_M_L4 --- H_L_H_L_M_H_L5 -H_L_H_L_M_H_L5 --- H_L_H_L_M_H_H_L6 -M_H_H_L_M_L4 --- M_H_H_L_M_H_L5 -M_H_H_L_M_H_L5 --- M_H_H_L_M_H_H_L6 -H_L_M_M_M_L4 --- H_L_M_M_M_H_L5 -H_L_M_M_M_H_L5 --- H_L_M_M_M_H_H_L6 -M_H_M_M_M_L4 --- M_H_M_M_M_H_L5 -M_H_M_M_M_H_L5 --- M_H_M_M_M_H_H_L6 -M_L_H_M_M_L4 --- M_L_H_M_M_H_L5 -M_L_H_M_M_H_L5 --- M_L_H_M_M_H_H_L6 -L_H_H_M_M_L4 --- L_H_H_M_M_H_L5 -L_H_H_M_M_H_L5 --- L_H_H_M_M_H_H_L6 -M_L_M_H_M_L4 --- M_L_M_H_M_H_L5 -M_L_M_H_M_H_L5 --- M_L_M_H_M_H_H_L6 -L_H_M_H_M_L4 --- L_H_M_H_M_H_L5 -L_H_M_H_M_H_L5 --- L_H_M_H_M_H_H_L6 -L_L_H_H_M_L4 --- L_L_H_H_M_H_L5 -L_L_H_H_M_H_L5 --- L_L_H_H_M_H_H_L6 -H_L_M_L_H_L4 --- H_L_M_L_H_H_L5 -H_L_M_L_H_H_L5 --- H_L_M_L_H_H_H_L6 -M_H_M_L_H_L4 --- M_H_M_L_H_H_L5 -M_H_M_L_H_H_L5 --- M_H_M_L_H_H_H_L6 -M_L_H_L_H_L4 --- M_L_H_L_H_H_L5 -M_L_H_L_H_H_L5 --- M_L_H_L_H_H_H_L6 -L_H_H_L_H_L4 --- L_H_H_L_H_H_L5 -L_H_H_L_H_H_L5 --- L_H_H_L_H_H_H_L6 -M_L_M_M_H_L4 --- M_L_M_M_H_H_L5 -M_L_M_M_H_H_L5 --- M_L_M_M_H_H_H_L6 -L_H_M_M_H_L4 --- L_H_M_M_H_H_L5 -L_H_M_M_H_H_L5 --- L_H_M_M_H_H_H_L6 -L_L_H_M_H_L4 --- L_L_H_M_H_H_L5 -L_L_H_M_H_H_L5 --- L_L_H_M_H_H_H_L6 -L_L_M_H_H_L4 --- L_L_M_H_H_H_L5 -L_L_M_H_H_H_L5 --- L_L_M_H_H_H_H_L6 -H_H_H_L2 --- H_H_H_H_L3 -H_H_H_H_L3 --- H_H_H_H_L_L4 -H_H_H_H_L_L4 --- H_H_H_H_L_L_L5 -H_H_H_H_L_L_L5 --- H_H_H_H_L_L_C_L6 -H_H_H_M_L3 --- H_H_H_M_M_L4 -H_H_H_M_M_L4 --- H_H_H_M_M_L_L5 -H_H_H_M_M_L_L5 --- H_H_H_M_M_L_H_L6 -H_H_M_H_L3 --- H_H_M_H_M_L4 -H_H_M_H_M_L4 --- H_H_M_H_M_L_L5 -H_H_M_H_M_L_L5 --- H_H_M_H_M_L_C_L6 -H_L_H_H_L3 --- H_L_H_H_M_L4 -H_L_H_H_M_L4 --- H_L_H_H_M_L_L5 -H_L_H_H_M_L_L5 --- H_L_H_H_M_L_C_L6 -M_H_H_H_L3 --- M_H_H_H_M_L4 -M_H_H_H_M_L4 --- M_H_H_H_M_L_L5 -M_H_H_H_M_L_L5 --- M_H_H_H_M_L_H_L6 -H_H_H_L_L3 --- H_H_H_L_H_L4 -H_H_H_L_H_L4 --- H_H_H_L_H_L_L5 -H_H_H_L_H_L_L5 --- H_H_H_L_H_L_C_L6 -H_H_M_M_L3 --- H_H_M_M_H_L4 -H_H_M_M_H_L4 --- H_H_M_M_H_L_L5 -H_H_M_M_H_L_L5 --- H_H_M_M_H_L_C_L6 -H_L_H_M_L3 --- H_L_H_M_H_L4 -H_L_H_M_H_L4 --- H_L_H_M_H_L_L5 -H_L_H_M_H_L_L5 --- H_L_H_M_H_L_C_L6 -M_H_H_M_L3 --- M_H_H_M_H_L4 -M_H_H_M_H_L4 --- M_H_H_M_H_L_L5 -M_H_H_M_H_L_L5 --- M_H_H_M_H_L_H_L6 -H_H_L_H_L3 --- H_H_L_H_H_L4 -H_H_L_H_H_L4 --- H_H_L_H_H_L_L5 -H_H_L_H_H_L_L5 --- H_H_L_H_H_L_C_L6 -H_L_M_H_L3 --- H_L_M_H_H_L4 -H_L_M_H_H_L4 --- H_L_M_H_H_L_L5 -H_L_M_H_H_L_L5 --- H_L_M_H_H_L_C_L6 -M_H_M_H_L3 --- M_H_M_H_H_L4 -M_H_M_H_H_L4 --- M_H_M_H_H_L_L5 -M_H_M_H_H_L_L5 --- M_H_M_H_H_L_H_L6 -M_L_H_H_L3 --- M_L_H_H_H_L4 -M_L_H_H_H_L4 --- M_L_H_H_H_L_L5 -M_L_H_H_H_L_L5 --- M_L_H_H_H_L_C_L6 -L_H_H_H_L3 --- L_H_H_H_H_L4 -L_H_H_H_H_L4 --- L_H_H_H_H_L_L5 -L_H_H_H_H_L_L5 --- L_H_H_H_H_L_H_L6 -H_H_H_M_L_L4 --- H_H_H_M_L_H_L5 -H_H_H_M_L_H_L5 --- H_H_H_M_L_H_C_L6 -H_H_M_H_L_L4 --- H_H_M_H_L_H_L5 -H_H_M_H_L_H_L5 --- H_H_M_H_L_H_C_L6 -H_L_H_H_L_L4 --- H_L_H_H_L_H_L5 -H_L_H_H_L_H_L5 --- H_L_H_H_L_H_C_L6 -M_H_H_H_L_L4 --- M_H_H_H_L_H_L5 -M_H_H_H_L_H_L5 --- M_H_H_H_L_H_C_L6 -H_H_H_L_M_L4 --- H_H_H_L_M_H_L5 -H_H_H_L_M_H_L5 --- H_H_H_L_M_H_H_L6 -H_H_M_M_M_L4 --- H_H_M_M_M_H_L5 -H_H_M_M_M_H_L5 --- H_H_M_M_M_H_H_L6 -H_L_H_M_M_L4 --- H_L_H_M_M_H_L5 -H_L_H_M_M_H_L5 --- H_L_H_M_M_H_C_L6 -M_H_H_M_M_L4 --- M_H_H_M_M_H_L5 -M_H_H_M_M_H_L5 --- M_H_H_M_M_H_H_L6 -H_L_M_H_M_L4 --- H_L_M_H_M_H_L5 -H_L_M_H_M_H_L5 --- H_L_M_H_M_H_C_L6 -M_H_M_H_M_L4 --- M_H_M_H_M_H_L5 -M_H_M_H_M_H_L5 --- M_H_M_H_M_H_H_L6 -M_L_H_H_M_L4 --- M_L_H_H_M_H_L5 -M_L_H_H_M_H_L5 --- M_L_H_H_M_H_H_L6 -L_H_H_H_M_L4 --- L_H_H_H_M_H_L5 -L_H_H_H_M_H_L5 --- L_H_H_H_M_H_H_L6 -H_H_M_L_H_L4 --- H_H_M_L_H_H_L5 -H_H_M_L_H_H_L5 --- H_H_M_L_H_H_H_L6 -H_L_H_L_H_L4 --- H_L_H_L_H_H_L5 -H_L_H_L_H_H_L5 --- H_L_H_L_H_H_C_L6 -M_H_H_L_H_L4 --- M_H_H_L_H_H_L5 -M_H_H_L_H_H_L5 --- M_H_H_L_H_H_H_L6 -H_L_M_M_H_L4 --- H_L_M_M_H_H_L5 -H_L_M_M_H_H_L5 --- H_L_M_M_H_H_C_L6 -M_H_M_M_H_L4 --- M_H_M_M_H_H_L5 -M_H_M_M_H_H_L5 --- M_H_M_M_H_H_H_L6 -M_L_H_M_H_L4 --- M_L_H_M_H_H_L5 -M_L_H_M_H_H_L5 --- M_L_H_M_H_H_C_L6 -L_H_H_M_H_L4 --- L_H_H_M_H_H_L5 -L_H_H_M_H_H_L5 --- L_H_H_M_H_H_H_L6 -M_L_M_H_H_L4 --- M_L_M_H_H_H_L5 -M_L_M_H_H_H_L5 --- M_L_M_H_H_H_H_L6 -L_H_M_H_H_L4 --- L_H_M_H_H_H_L5 -L_H_M_H_H_H_L5 --- L_H_M_H_H_H_H_L6 -L_L_H_H_H_L4 --- L_L_H_H_H_H_L5 -L_L_H_H_H_H_L5 --- L_L_H_H_H_H_H_L6 -H_H_H_H_L3 --- H_H_H_H_M_L4 -H_H_H_H_M_L4 --- H_H_H_H_M_L_L5 -H_H_H_H_M_L_L5 --- H_H_H_H_M_L_C_L6 -H_H_H_M_L3 --- H_H_H_M_H_L4 -H_H_H_M_H_L4 --- H_H_H_M_H_L_L5 -H_H_H_M_H_L_L5 --- H_H_H_M_H_L_C_L6 -H_H_M_H_L3 --- H_H_M_H_H_L4 -H_H_M_H_H_L4 --- H_H_M_H_H_L_L5 -H_H_M_H_H_L_L5 --- H_H_M_H_H_L_C_L6 -H_L_H_H_L3 --- H_L_H_H_H_L4 -H_L_H_H_H_L4 --- H_L_H_H_H_L_L5 -H_L_H_H_H_L_L5 --- H_L_H_H_H_L_C_L6 -M_H_H_H_L3 --- M_H_H_H_H_L4 -M_H_H_H_H_L4 --- M_H_H_H_H_L_L5 -M_H_H_H_H_L_L5 --- M_H_H_H_H_L_C_L6 -H_H_H_H_L_L4 --- H_H_H_H_L_H_L5 -H_H_H_H_L_H_L5 --- H_H_H_H_L_H_C_L6 -H_H_H_M_M_L4 --- H_H_H_M_M_H_L5 -H_H_H_M_M_H_L5 --- H_H_H_M_M_H_C_L6 -H_H_M_H_M_L4 --- H_H_M_H_M_H_L5 -H_H_M_H_M_H_L5 --- H_H_M_H_M_H_C_L6 -H_L_H_H_M_L4 --- H_L_H_H_M_H_L5 -H_L_H_H_M_H_L5 --- H_L_H_H_M_H_C_L6 -M_H_H_H_M_L4 --- M_H_H_H_M_H_L5 -M_H_H_H_M_H_L5 --- M_H_H_H_M_H_C_L6 -H_H_H_L_H_L4 --- H_H_H_L_H_H_L5 -H_H_H_L_H_H_L5 --- H_H_H_L_H_H_C_L6 -H_H_M_M_H_L4 --- H_H_M_M_H_H_L5 -H_H_M_M_H_H_L5 --- H_H_M_M_H_H_C_L6 -H_L_H_M_H_L4 --- H_L_H_M_H_H_L5 -H_L_H_M_H_H_L5 --- H_L_H_M_H_H_C_L6 -M_H_H_M_H_L4 --- M_H_H_M_H_H_L5 -M_H_H_M_H_H_L5 --- M_H_H_M_H_H_C_L6 -H_L_M_H_H_L4 --- H_L_M_H_H_H_L5 -H_L_M_H_H_H_L5 --- H_L_M_H_H_H_C_L6 -M_H_M_H_H_L4 --- M_H_M_H_H_H_L5 -M_H_M_H_H_H_L5 --- M_H_M_H_H_H_C_L6 -M_L_H_H_H_L4 --- M_L_H_H_H_H_L5 -M_L_H_H_H_H_L5 --- M_L_H_H_H_H_C_L6 -L_H_H_H_H_L4 --- L_H_H_H_H_H_L5 -L_H_H_H_H_H_L5 --- L_H_H_H_H_H_C_L6 -H_H_H_H_L3 --- H_H_H_H_H_L4 -H_H_H_H_H_L4 --- H_H_H_H_H_L_L5 -H_H_H_H_H_L_L5 --- H_H_H_H_H_L_C_L6 -H_H_H_H_M_L4 --- H_H_H_H_M_H_L5 -H_H_H_H_M_H_L5 --- H_H_H_H_M_H_C_L6 -H_H_H_M_H_L4 --- H_H_H_M_H_H_L5 -H_H_H_M_H_H_L5 --- H_H_H_M_H_H_C_L6 -H_H_M_H_H_L4 --- H_H_M_H_H_H_L5 -H_H_M_H_H_H_L5 --- H_H_M_H_H_H_C_L6 -H_L_H_H_H_L4 --- H_L_H_H_H_H_L5 -H_L_H_H_H_H_L5 --- H_L_H_H_H_H_C_L6 -M_H_H_H_H_L4 --- M_H_H_H_H_H_L5 -M_H_H_H_H_H_L5 --- M_H_H_H_H_H_C_L6 -H_H_H_H_H_L4 --- H_H_H_H_H_H_L5 -H_H_H_H_H_H_L5 --- H_H_H_H_H_H_C_L6 -``` From 35941bc10aba01b028479ee238fe3e98bdf2f71b Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 18 Aug 2025 14:44:47 -0400 Subject: [PATCH 258/468] strip the invalid macrovector rows back out before printing models --- docs/howto/cvss_v4/qualitative.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/docs/howto/cvss_v4/qualitative.md b/docs/howto/cvss_v4/qualitative.md index 817d50db..5c008829 100644 --- a/docs/howto/cvss_v4/qualitative.md +++ b/docs/howto/cvss_v4/qualitative.md @@ -83,9 +83,18 @@ from ssvc.decision_tables.helpers import mapping2mermaid, mermaid_title_from_dt rows = DT.mapping title = mermaid_title_from_dt(DT) + +# filter rows for invalid +def invalid(row): + if row["cvss:EQ3:1.0.0"] == "L" and row["cvss:EQ6:1.0.0"] == "H": + return True + return False + +rows = [row for row in rows if not invalid(row)] print(mapping2mermaid(rows, title=title)) ``` + ### Table of Values The table below shows the values for the decision model. @@ -97,5 +106,14 @@ Each row of the table corresponds to a path through the decision model diagram a from ssvc.decision_tables.cvss.qualitative_severity import LATEST as DT from ssvc.decision_tables.helpers import dt2df_md +# filter rows for invalid (these don't affect the outcome because they're +# unreachable from valid CVSS vectors) +def invalid(row): + if row["cvss:EQ3:1.0.0"] == "L" and row["cvss:EQ6:1.0.0"] == "H": + return True + return False + +DT.mapping = [row for row in DT.mapping if not invalid(row)] + print(dt2df_md(DT)) ``` From a9d61346b87a8d9ff8cf36aea19d60f12c49815c Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 18 Aug 2025 15:07:45 -0400 Subject: [PATCH 259/468] markdownlint --fix --- docs/howto/cvss_v4/eq1.md | 7 +++---- docs/howto/cvss_v4/eq2.md | 7 +++---- docs/howto/cvss_v4/eq3.md | 7 +++---- docs/howto/cvss_v4/eq4.md | 7 +++---- docs/howto/cvss_v4/eq5.md | 7 +++---- docs/howto/cvss_v4/eq6.md | 7 +++---- docs/howto/cvss_v4/index.md | 11 ++++------- docs/howto/cvss_v4/qualitative.md | 12 +++++------- 8 files changed, 27 insertions(+), 38 deletions(-) diff --git a/docs/howto/cvss_v4/eq1.md b/docs/howto/cvss_v4/eq1.md index c501fb22..b674c7ad 100644 --- a/docs/howto/cvss_v4/eq1.md +++ b/docs/howto/cvss_v4/eq1.md @@ -1,7 +1,7 @@ # CVSS v4 Equivalence Set EQ1 Here we describe an example decision model for an analyst assessing the CVSS v4 -equivalence set EQ1. +equivalence set EQ1. ## Analyst Units of Work @@ -10,10 +10,10 @@ equivalence set EQ1. The unit of work for an Analyst is a single vulnerability report. Analysts are usually tasked with assessing the CVSS score for an individual -vulnerability report. +vulnerability report. ## Analyst Decision Outcomes - + The analyst's decision is to choose the appropriate level for CVSS v4 EQ1. ```python exec="true" idprefix="" @@ -56,7 +56,6 @@ print(mapping2mermaid(rows, title=title)) The table below shows the values for the decision model. Each row of the table corresponds to a path through the decision model diagram above. - ```python exec="true" idprefix="" from ssvc.decision_tables.cvss.equivalence_set_one import LATEST as DT diff --git a/docs/howto/cvss_v4/eq2.md b/docs/howto/cvss_v4/eq2.md index 4d790c17..73a3c3f2 100644 --- a/docs/howto/cvss_v4/eq2.md +++ b/docs/howto/cvss_v4/eq2.md @@ -1,7 +1,7 @@ # CVSS v4 Equivalence Set EQ2 Here we describe an example decision model for an analyst assessing the CVSS v4 -equivalence set EQ2. +equivalence set EQ2. ## Analyst Units of Work @@ -10,10 +10,10 @@ equivalence set EQ2. The unit of work for an Analyst is a single vulnerability report. Analysts are usually tasked with assessing the CVSS score for an individual -vulnerability report. +vulnerability report. ## Analyst Decision Outcomes - + The analyst's decision is to choose the appropriate level for CVSS v4 EQ2. ```python exec="true" idprefix="" @@ -56,7 +56,6 @@ print(mapping2mermaid(rows, title=title)) The table below shows the values for the decision model. Each row of the table corresponds to a path through the decision model diagram above. - ```python exec="true" idprefix="" from ssvc.decision_tables.cvss.equivalence_set_two import LATEST as DT diff --git a/docs/howto/cvss_v4/eq3.md b/docs/howto/cvss_v4/eq3.md index 2558a49b..c21ea005 100644 --- a/docs/howto/cvss_v4/eq3.md +++ b/docs/howto/cvss_v4/eq3.md @@ -1,7 +1,7 @@ # CVSS v4 Equivalence Set EQ3 Here we describe an example decision model for an analyst assessing the CVSS v4 -equivalence set EQ3. +equivalence set EQ3. ## Analyst Units of Work @@ -10,10 +10,10 @@ equivalence set EQ3. The unit of work for an Analyst is a single vulnerability report. Analysts are usually tasked with assessing the CVSS score for an individual -vulnerability report. +vulnerability report. ## Analyst Decision Outcomes - + The analyst's decision is to choose the appropriate level for CVSS v4 EQ3. ```python exec="true" idprefix="" @@ -56,7 +56,6 @@ print(mapping2mermaid(rows, title=title)) The table below shows the values for the decision model. Each row of the table corresponds to a path through the decision model diagram above. - ```python exec="true" idprefix="" from ssvc.decision_tables.cvss.equivalence_set_three import LATEST as DT diff --git a/docs/howto/cvss_v4/eq4.md b/docs/howto/cvss_v4/eq4.md index b3cb3ed5..6f1986ba 100644 --- a/docs/howto/cvss_v4/eq4.md +++ b/docs/howto/cvss_v4/eq4.md @@ -1,7 +1,7 @@ # CVSS v4 Equivalence Set EQ4 Here we describe an example decision model for an analyst assessing the CVSS v4 -equivalence set EQ4. +equivalence set EQ4. ## Analyst Units of Work @@ -10,10 +10,10 @@ equivalence set EQ4. The unit of work for an Analyst is a single vulnerability report. Analysts are usually tasked with assessing the CVSS score for an individual -vulnerability report. +vulnerability report. ## Analyst Decision Outcomes - + The analyst's decision is to choose the appropriate level for CVSS v4 EQ4. ```python exec="true" idprefix="" @@ -56,7 +56,6 @@ print(mapping2mermaid(rows, title=title)) The table below shows the values for the decision model. Each row of the table corresponds to a path through the decision model diagram above. - ```python exec="true" idprefix="" from ssvc.decision_tables.cvss.equivalence_set_four import LATEST as DT diff --git a/docs/howto/cvss_v4/eq5.md b/docs/howto/cvss_v4/eq5.md index 48b2931b..76b8e5ee 100644 --- a/docs/howto/cvss_v4/eq5.md +++ b/docs/howto/cvss_v4/eq5.md @@ -1,7 +1,7 @@ # CVSS v4 Equivalence Set EQ5 Here we describe an example decision model for an analyst assessing the CVSS v4 -equivalence set EQ5. +equivalence set EQ5. ## Analyst Units of Work @@ -10,10 +10,10 @@ equivalence set EQ5. The unit of work for an Analyst is a single vulnerability report. Analysts are usually tasked with assessing the CVSS score for an individual -vulnerability report. +vulnerability report. ## Analyst Decision Outcomes - + The analyst's decision is to choose the appropriate level for CVSS v4 EQ5. ```python exec="true" idprefix="" @@ -56,7 +56,6 @@ print(mapping2mermaid(rows, title=title)) The table below shows the values for the decision model. Each row of the table corresponds to a path through the decision model diagram above. - ```python exec="true" idprefix="" from ssvc.decision_tables.cvss.equivalence_set_five import LATEST as DT diff --git a/docs/howto/cvss_v4/eq6.md b/docs/howto/cvss_v4/eq6.md index 38f8cda5..d0bea8d1 100644 --- a/docs/howto/cvss_v4/eq6.md +++ b/docs/howto/cvss_v4/eq6.md @@ -1,7 +1,7 @@ # CVSS v4 Equivalence Set EQ6 Here we describe an example decision model for an analyst assessing the CVSS v4 -equivalence set EQ6. +equivalence set EQ6. ## Analyst Units of Work @@ -10,10 +10,10 @@ equivalence set EQ6. The unit of work for an Analyst is a single vulnerability report. Analysts are usually tasked with assessing the CVSS score for an individual -vulnerability report. +vulnerability report. ## Analyst Decision Outcomes - + The analyst's decision is to choose the appropriate level for CVSS v4 EQ6. ```python exec="true" idprefix="" @@ -56,7 +56,6 @@ print(mapping2mermaid(rows, title=title)) The table below shows the values for the decision model. Each row of the table corresponds to a path through the decision model diagram above. - ```python exec="true" idprefix="" from ssvc.decision_tables.cvss.equivalence_set_six import LATEST as DT diff --git a/docs/howto/cvss_v4/index.md b/docs/howto/cvss_v4/index.md index 962713d9..710eded3 100644 --- a/docs/howto/cvss_v4/index.md +++ b/docs/howto/cvss_v4/index.md @@ -1,8 +1,8 @@ # CVSS v4 Assessment With SSVC [CVSS v4](https://www.first.org/cvss/v4-0/specification-document) introduces an -updated scoring system that includes several metric groupings referred to -as _Equivalence Sets_. +updated scoring system that includes several metric groupings referred to +as *Equivalence Sets*. In SSVC, we can model these individual equivalence sets as decision tables that can be used by analysts to assess each equivalence set value based on its component metrics (which we have mapped into SSVC decision points). @@ -26,7 +26,6 @@ by another source. create a broader set of decision models that incorporate CVSS vector elements as inputs. - ## CVSS v4 Equivalence Sets Here we provide the decision points for each of the CVSS v4 equivalence sets. @@ -48,10 +47,9 @@ We provide a detailed decision table for each equivalence set in the pages that - [CVSS v4 Equivalence Set EQ5](eq5.md) - [CVSS v4 Equivalence Set EQ6](eq6.md) - ## CVSS v4 Qualitative Severity Rating -Finally, CVSS v4 provides a _Qualitative Severity Rating_ that maps the six equivalence +Finally, CVSS v4 provides a *Qualitative Severity Rating* that maps the six equivalence sets into a single qualitative rating (None, Low, Medium, High, Critical). ```python exec="true" idprefix="" @@ -64,7 +62,7 @@ print(example_block(dp)) A full decision model for the CVSS v4 Qualitative Severity Rating can be found in the [CVSS v4 Qualitative Severity Rating](qualitative.md) page. -!!! question "What about CVSS v4 _MacroVectors_?" +!!! question "What about CVSS v4 *MacroVectors*?" CVSS v4 _MacroVectors_ are a new addition in CVSS v4 that provide a way to map the six equivalence sets into a single vector value that can be used @@ -73,7 +71,6 @@ in the [CVSS v4 Qualitative Severity Rating](qualitative.md) page. table that takes the individual equivalence set outcomes as inputs and provides the Qualitative Severity Rating as its outcome. - !!! question "How are CVSS v4 scores handled?" We do not provide numerical CVSS v4 scores in this implementation. diff --git a/docs/howto/cvss_v4/qualitative.md b/docs/howto/cvss_v4/qualitative.md index 5c008829..11d805d9 100644 --- a/docs/howto/cvss_v4/qualitative.md +++ b/docs/howto/cvss_v4/qualitative.md @@ -1,8 +1,8 @@ # CVSS v4 Qualitative Severity Rating Here we describe an example decision model for an analyst assessing the CVSS v4 -Qualitative Severity Rating. -In our decision model, we assume that the analyst has already assessed the +Qualitative Severity Rating. +In our decision model, we assume that the analyst has already assessed the vulnerability report against the CVSS v4 Equivalence Sets: - EQ1: [CVSS v4 Equivalence Set 1](eq1.md) @@ -12,7 +12,7 @@ vulnerability report against the CVSS v4 Equivalence Sets: - EQ5: [CVSS v4 Equivalence Set 5](eq5.md) - EQ6: [CVSS v4 Equivalence Set 6](eq6.md) -and is now ready to assign a qualitative severity rating based on the outcomes +and is now ready to assign a qualitative severity rating based on the outcomes of those equivalence sets. !!! info "How we modeled the CVSS v4 Qualitative Severity Rating" @@ -42,10 +42,10 @@ of those equivalence sets. The unit of work for an Analyst is a single vulnerability report. Analysts are usually tasked with assessing the CVSS score for an individual -vulnerability report. +vulnerability report. ## Analyst Decision Outcomes - + The analyst's decision is to choose the appropriate level for the CVSS v4 Qualitative Severity Rating. ```python exec="true" idprefix="" @@ -94,13 +94,11 @@ rows = [row for row in rows if not invalid(row)] print(mapping2mermaid(rows, title=title)) ``` - ### Table of Values The table below shows the values for the decision model. Each row of the table corresponds to a path through the decision model diagram above. - ```python exec="true" idprefix="" from ssvc.decision_tables.cvss.qualitative_severity import LATEST as DT From b606f4d854259879a0a9fc7e1d60e41d51b9dd64 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 18 Aug 2025 15:32:26 -0400 Subject: [PATCH 260/468] markdownlint --fix --- docs/howto/coordination_triage_decision.md | 3 --- docs/howto/deployer_tree.md | 1 - docs/howto/publication_decision.md | 2 -- docs/howto/supplier_tree.md | 3 --- 4 files changed, 9 deletions(-) diff --git a/docs/howto/coordination_triage_decision.md b/docs/howto/coordination_triage_decision.md index bb8ab6b7..0113247d 100644 --- a/docs/howto/coordination_triage_decision.md +++ b/docs/howto/coordination_triage_decision.md @@ -116,7 +116,6 @@ title = mermaid_title_from_dt(DT) print(mapping2mermaid(rows, title=title)) ``` - ### Table of Values The table below shows the values for the decision model. @@ -131,5 +130,3 @@ from ssvc.decision_tables.helpers import dt2df_md print(dt2df_md(DT)) ``` - - diff --git a/docs/howto/deployer_tree.md b/docs/howto/deployer_tree.md index f3321559..148881b5 100644 --- a/docs/howto/deployer_tree.md +++ b/docs/howto/deployer_tree.md @@ -159,7 +159,6 @@ print(mapping2mermaid(rows, title=title)) The table below shows the values for the decision model. Each row of the table corresponds to a path through the decision model diagram above. - ```python exec="true" idprefix="" from ssvc.decision_tables.ssvc.deployer_dt import LATEST as DT diff --git a/docs/howto/publication_decision.md b/docs/howto/publication_decision.md index 1329e9e4..2928d79a 100644 --- a/docs/howto/publication_decision.md +++ b/docs/howto/publication_decision.md @@ -157,13 +157,11 @@ title = mermaid_title_from_dt(DT) print(mapping2mermaid(rows, title=title)) ``` - ### Table of Values The table below shows the values for the decision model. Each row of the table corresponds to a path through the decision model diagram above. - ```python exec="true" idprefix="" from ssvc.decision_tables.ssvc.coord_pub_dt import LATEST as DT from ssvc.decision_tables.helpers import dt2df_md diff --git a/docs/howto/supplier_tree.md b/docs/howto/supplier_tree.md index 2e38ce37..aeabc470 100644 --- a/docs/howto/supplier_tree.md +++ b/docs/howto/supplier_tree.md @@ -51,7 +51,6 @@ The organization considers several other factors to build the patch; refactoring be necessary for some patches, while others require relatively small changes. We focus only on the priority of building the patch, and we consider four categories of priority, as outlined in the table below. - ```python exec="true" idprefix="" from ssvc.decision_tables.ssvc.supplier_dt import LATEST as DT from ssvc.doc_helpers import example_block @@ -110,13 +109,11 @@ print(mapping2mermaid(rows, title=title)) ### Table of Values - The table below shows the values for the decision model. Each row of the table corresponds to a path through the decision model diagram above. % include-markdown "../_includes/_scrollable_table.md" heading-offset=1 %} - ```python exec="true" idprefix="" from ssvc.decision_tables.ssvc.supplier_dt import LATEST as DT From 19c3919daa814388c6e0f6d44e29185504aa1e71 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 18 Aug 2025 15:34:41 -0400 Subject: [PATCH 261/468] markdownlint --fix --- docs/adr/0012-ssvc-namespaces.md | 15 ++++++--------- docs/reference/code/namespaces.md | 29 +++++++++++------------------ 2 files changed, 17 insertions(+), 27 deletions(-) diff --git a/docs/adr/0012-ssvc-namespaces.md b/docs/adr/0012-ssvc-namespaces.md index a9458ec1..e96e3817 100644 --- a/docs/adr/0012-ssvc-namespaces.md +++ b/docs/adr/0012-ssvc-namespaces.md @@ -9,14 +9,13 @@ consulted: @tschmidtb51 ## Context and Problem Statement We need to include decision points and other objects that are not directly -defined by the SSVC project team. For example, CVSS vector elements are a +defined by the SSVC project team. For example, CVSS vector elements are a rich source of structured data that can be used to inform SSVC decisions and -modeled as SSVC decision point objects. However, the -[FIRST CVSS SIG](https://www.first.org/cvss) owns the definition of CVSS vector +modeled as SSVC decision point objects. However, the +[FIRST CVSS SIG](https://www.first.org/cvss) owns the definition of CVSS vector elements. So we need a way to describe these objects in SSVC format without making them part of the SSVC specification. - ## Decision Drivers - Need to include decision points based on data, objects, standards, and other @@ -49,7 +48,7 @@ based on other sources). main project. We use the `cvss` namespace to contain CVSS vector elements. **Unregistered namespaces** for objects that we do not create or maintain, but -that others may want for their own use. Unregistered namespaces must start with +that others may want for their own use. Unregistered namespaces must start with an `x_` prefix followed by a reverse domain name, such as `x_org.example`. Unregistered namespaces are intended for experimental or private use. @@ -61,10 +60,10 @@ Unregistered namespaces are intended for experimental or private use. register their namespace with the SSVC project. **Namespace extensions** for objects that are derived from other objects in an -registered or unregistered namespace. Extensions are not intended to be used to +registered or unregistered namespace. Extensions are not intended to be used to introduce new objects, but rather to refine existing objects with additional data or semantics. -Namespace extensions can be used for refining the meaning of decision point +Namespace extensions can be used for refining the meaning of decision point values for a specific constituency, or adding additional nuance to interpretation of a decision point in a specific context. @@ -84,7 +83,6 @@ interpretation of a decision point in a specific context. - Facilitates language translation and localization of SSVC objects to specific constituencies - #### Negative Consequences - Registered namespaces must be managed and maintained @@ -114,7 +112,6 @@ SSVC specification under our control and objects that were derived from other so - Bad, because it made it difficult to distinguish between SSVC project objects and objects based on specifications we neither created nor maintained - ## More Information diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index ec1844a0..8f170785 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -2,7 +2,7 @@ We use namespaces in SSVC to organize the various components of the framework. The bulk of our work is done in the `ssvc` namespace, which contains the core -decision points for SSVC. +decision points for SSVC. !!! question "Why does SSVC need namespaces?" @@ -54,7 +54,6 @@ subgraph base_ns[Base Namespace] end ``` - !!! info inline end "Current Registered Namespaces" The SSVC project currently has a set of registered namespaces that are @@ -76,7 +75,7 @@ A list of the current registered namespaces can be found in the sidebar. Registered namespaces are intended to be used as follows: -- Objects in the `ssvc` namespace are managed by the SSVC +- Objects in the `ssvc` namespace are managed by the SSVC project team. We have complete control over these ones. - Objects in other explicitly registered namespaces are provided for convenience, but the SSVC team is not responsible for modifying the content or semantics of @@ -112,8 +111,6 @@ Registered namespaces are intended to be used as follows: Suggestions for changes to the CVSS specifications should be directed to the [FIRST CVSS Special Interest Group](https://www.first.org/cvss/) (SIG). - - !!! example "Potential Standards-based namespaces" We may in the future add namespaces when needed to reflect different standards @@ -140,8 +137,8 @@ we expect that this will rarely lead to conflicts in practice. - Unregistered namespaces must use the `x_` prefix. - Following the `x_` prefix, unregistered namespaces must use reverse domain name notation of a domain under their control to ensure uniqueness. - Aside from the required `x_` prefix, unregistered namespaces must contain only alphanumeric characters, dots (`.`), and dashes (`-`). - - For any domain using other characters, DNS Punycode must be used +- For any domain using other characters, DNS Punycode must be used !!! warning "Namespace Conflicts" @@ -150,7 +147,6 @@ we expect that this will rarely lead to conflicts in practice. `x_example.test`, and there are no guarantees of global uniqueness for the decision points in the `x_example.test` namespace. - !!! tip "Test Namespace" The `x_example.test` namespace is used for testing purposes and is not intended for production use. @@ -198,6 +194,7 @@ A single fragment identifier (`#`) may be included in an extension segment, but Fragment segments can be used to indicate a specific interpretation or context for the extension. Note: Without a fragment segment, all decision points of an organization fall into one bucket, which is in most cases not intended. Therefore, the use of a fragment segment is recommended. The following diagram illustrates the structure of namespace extensions: + ```mermaid --- title: Namespace Extensions @@ -256,7 +253,6 @@ base_ns -->|/| first available in the default language (`en-US`), and (b) that this extension has been translated into German (Germany). - !!! example "Use of fragment identifiers and language tags" Imagine an Information Sharing and Analysis Organization (ISAO) `isao.example` @@ -287,9 +283,9 @@ base_ns -->|/| first ### Usage Suggestions -Although we reserved the first segment of the extension for language tags, +Although we reserved the first segment of the extension for language tags, there are scenarios where it may be appropriate to use a language tag in a later -segment of the extension. +segment of the extension. !!! tip "Use BCP-47 Language Tags" @@ -314,7 +310,6 @@ segment of the extension. For example, if your organization is `example.com`, you might use an extension like `ssvc//com.example#extension`. - ## Technical requirements The following technical requirements are enforced for SSVC namespaces, @@ -350,17 +345,15 @@ based on the implementation in `src/ssvc/namespaces.py` and the NS_PATTERN regul - If any extension segments are present, the following rules apply: - The first extension segment must be a valid BCP-47 language tag or empty (i.e., `//`). - Subsequent extension segments: - - must start with a letter (upper or lowercase) - - may contain letters, numbers, dots (`.`), hyphens (`-`), and at most one hash (`#`) - - must not contain consecutive dots or hyphens (no `..`, `--`, `.-`, `-.`, `---`, etc.) - - if a hash is present, it separates the main part from an optional fragment part - - are separated by single forward slashes (`/`) + - must start with a letter (upper or lowercase) + - may contain letters, numbers, dots (`.`), hyphens (`-`), and at most one hash (`#`) + - must not contain consecutive dots or hyphens (no `..`, `--`, `.-`, `-.`, `---`, etc.) + - if a hash is present, it separates the main part from an optional fragment part + - are separated by single forward slashes (`/`) - Multiple extension segments are allowed - ## The `ssvc.namespaces` module The `ssvc.namespaces` module provides a way to access and use these namespaces. ::: ssvc.namespaces - From 343e092d4cd65dc76e62a7b47cd2b31601f1a140 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 18 Aug 2025 15:35:10 -0400 Subject: [PATCH 262/468] black src --- src/ssvc/_mixins.py | 23 +++- src/ssvc/csv_analyzer.py | 8 +- src/ssvc/decision_points/cvss/helpers.py | 9 +- ...modified_subsequent_availability_impact.py | 8 +- src/ssvc/decision_points/helpers.py | 26 +++-- .../decision_points/ssvc/mission_impact.py | 4 +- src/ssvc/decision_tables/base.py | 29 ++++- .../cisa/cisa_coordinate_dt.py | 9 +- .../cvss/equivalence_set_five.py | 4 +- .../cvss/equivalence_set_six.py | 4 +- .../cvss/equivalence_set_two.py | 8 +- src/ssvc/decision_tables/helpers.py | 9 +- src/ssvc/decision_tables/ssvc/coord_pub_dt.py | 15 ++- src/ssvc/decision_tables/ssvc/coord_triage.py | 4 +- src/ssvc/decision_tables/ssvc/deployer_dt.py | 20 +++- src/ssvc/decision_tables/ssvc/human_impact.py | 12 +- src/ssvc/decision_tables/ssvc/supplier_dt.py | 21 +++- src/ssvc/decision_tables/ssvc/utlity.py | 53 ++++----- src/ssvc/doctools.py | 64 +++++++---- src/ssvc/dp_groups/cvss/collections.py | 4 +- src/ssvc/dp_groups/ssvc/collections.py | 1 + .../dp_groups/ssvc/coordinator_publication.py | 4 +- src/ssvc/dp_groups/ssvc/coordinator_triage.py | 8 +- src/ssvc/outcomes/basic/ike.py | 8 +- src/ssvc/outcomes/basic/value_complexity.py | 8 +- src/ssvc/outcomes/cvss/lmhc.py | 4 +- src/ssvc/outcomes/ssvc/coordinate.py | 4 +- src/ssvc/outcomes/ssvc/dsoi.py | 8 +- src/ssvc/outcomes/x_com_yahooinc/paranoids.py | 4 +- src/ssvc/policy_generator.py | 16 ++- src/ssvc/registry/__init__.py | 4 +- src/ssvc/registry/base.py | 26 ++++- src/ssvc/registry/events.py | 4 +- src/ssvc/selection.py | 25 ++++- src/ssvc/utils/toposort.py | 22 +++- src/test/decision_points/test_dp_base.py | 14 ++- .../decision_tables/cvss/test_cvss_qsr4.py | 15 ++- .../decision_tables/ssvc/test_coord_triage.py | 18 ++- .../decision_tables/ssvc/test_human_impact.py | 8 +- src/test/decision_tables/test_base.py | 55 +++++++--- src/test/dp_groups/test_dp_groups.py | 12 +- src/test/registry/test_base.py | 103 +++++++++++++----- src/test/test_doc_helpers.py | 8 +- src/test/test_doctools.py | 4 +- src/test/test_mixins.py | 4 +- src/test/test_namespaces_pattern.py | 2 +- src/test/test_policy_generator.py | 20 +++- src/test/test_schema.py | 39 +++++-- src/test/test_selections.py | 20 ++-- src/test/utils/__init__.py | 3 +- src/test/utils/test_toposort.py | 74 +++++++++---- 51 files changed, 633 insertions(+), 246 deletions(-) diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index 2bc78f81..ae82e0fb 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -25,7 +25,13 @@ from datetime import datetime, timezone from typing import Any, Optional -from pydantic import BaseModel, ConfigDict, Field, field_validator, model_validator +from pydantic import ( + BaseModel, + ConfigDict, + Field, + field_validator, + model_validator, +) from semver import Version from ssvc.namespaces import NameSpace @@ -64,7 +70,9 @@ class _SchemaVersioned(BaseModel): Mixin class for version """ - schemaVersion: str = Field(..., description="Schema version of the SSVC object") + schemaVersion: str = Field( + ..., description="Schema version of the SSVC object" + ) @model_validator(mode="before") def set_schema_version(cls, data): @@ -118,7 +126,16 @@ class _Keyed(BaseModel): "(`T*` is explicitly grandfathered in as a valid key, but should not be used for new objects.)", pattern=r"^(([a-zA-Z0-9])|([a-zA-Z0-9][a-zA-Z0-9_]*[a-zA-Z0-9])|(T\*))$", min_length=1, - examples=["E", "A", "SI", "L", "M", "H", "Mixed_case_OK", "alph4num3ric"], + examples=[ + "E", + "A", + "SI", + "L", + "M", + "H", + "Mixed_case_OK", + "alph4num3ric", + ], ) diff --git a/src/ssvc/csv_analyzer.py b/src/ssvc/csv_analyzer.py index c2fc1909..225d7b14 100644 --- a/src/ssvc/csv_analyzer.py +++ b/src/ssvc/csv_analyzer.py @@ -104,7 +104,9 @@ def _imp_df(column_names: list, importances: list) -> pd.DataFrame: a dataframe of feature importances """ df = ( - pd.DataFrame({"feature": column_names, "feature_importance": importances}) + pd.DataFrame( + {"feature": column_names, "feature_importance": importances} + ) .sort_values("feature_importance", ascending=False) .reset_index(drop=True) ) @@ -193,7 +195,9 @@ def _perm_feat_imp(model, x, y): def _parse_args(args) -> argparse.Namespace: # parse command line - parser = argparse.ArgumentParser(description="Analyze an SSVC tree csv file") + parser = argparse.ArgumentParser( + description="Analyze an SSVC tree csv file" + ) parser.add_argument( "csvfile", metavar="csvfile", type=str, help="the csv file to analyze" ) diff --git a/src/ssvc/decision_points/cvss/helpers.py b/src/ssvc/decision_points/cvss/helpers.py index 32f7a9f2..46cddec0 100644 --- a/src/ssvc/decision_points/cvss/helpers.py +++ b/src/ssvc/decision_points/cvss/helpers.py @@ -27,7 +27,10 @@ from ssvc.decision_points.base import DecisionPointValue from ssvc.decision_points.cvss._not_defined import NOT_DEFINED_X -from ssvc.decision_points.cvss.base import CvssDecisionPoint, CvssDecisionPoint as DecisionPoint +from ssvc.decision_points.cvss.base import ( + CvssDecisionPoint, + CvssDecisionPoint as DecisionPoint, +) def _modify_3(dp: DecisionPoint): @@ -94,7 +97,9 @@ def _modify_4(dp: DecisionPoint): for v in _dp_dict["values"]: if v["key"] == "N": v["name"] = "Negligible" - v["description"] = v["description"].replace(" no ", " negligible ") + v["description"] = v["description"].replace( + " no ", " negligible " + ) # we need to bump the version for this change version = _dp_dict["version"] ver = semver.Version.parse(version) diff --git a/src/ssvc/decision_points/cvss/modified/modified_subsequent_availability_impact.py b/src/ssvc/decision_points/cvss/modified/modified_subsequent_availability_impact.py index 271e19f7..7bafd94f 100644 --- a/src/ssvc/decision_points/cvss/modified/modified_subsequent_availability_impact.py +++ b/src/ssvc/decision_points/cvss/modified/modified_subsequent_availability_impact.py @@ -37,9 +37,11 @@ def main(): from ssvc.decision_points.helpers import print_versions_and_diffs print_versions_and_diffs(VERSIONS) - print_versions_and_diffs([ - MSA_NoX, - ]) + print_versions_and_diffs( + [ + MSA_NoX, + ] + ) if __name__ == "__main__": diff --git a/src/ssvc/decision_points/helpers.py b/src/ssvc/decision_points/helpers.py index 9da189ae..5ecec020 100644 --- a/src/ssvc/decision_points/helpers.py +++ b/src/ssvc/decision_points/helpers.py @@ -121,33 +121,45 @@ def dp_diff(dp1: DecisionPoint, dp2: DecisionPoint) -> list[str]: major = True for name in dp2_names.difference(dp1_names): - diffs.append(f"(major or minor) {dp2.name} v{dp2.version} adds value {name}") + diffs.append( + f"(major or minor) {dp2.name} v{dp2.version} adds value {name}" + ) maybe_major = True maybe_minor = True # did the value keys change? for name in intersection: - v1 = {value["name"]: value["key"] for value in dp1.model_dump()["values"]} + v1 = { + value["name"]: value["key"] for value in dp1.model_dump()["values"] + } v1 = v1[name] - v2 = {value["name"]: value["key"] for value in dp2.model_dump()["values"]} + v2 = { + value["name"]: value["key"] for value in dp2.model_dump()["values"] + } v2 = v2[name] if v1 != v2: - diffs.append(f"(minor) {dp2.name} v{dp2.version} value {name} key changed") + diffs.append( + f"(minor) {dp2.name} v{dp2.version} value {name} key changed" + ) minor = True else: - diffs.append(f"{dp2.name} v{dp2.version} value {name} key did not change") + diffs.append( + f"{dp2.name} v{dp2.version} value {name} key did not change" + ) # did the value descriptions change? for name in intersection: v1 = { - value["name"]: value["description"] for value in dp1.model_dump()["values"] + value["name"]: value["description"] + for value in dp1.model_dump()["values"] } v1 = v1[name] v2 = { - value["name"]: value["description"] for value in dp2.model_dump()["values"] + value["name"]: value["description"] + for value in dp2.model_dump()["values"] } v2 = v2[name] diff --git a/src/ssvc/decision_points/ssvc/mission_impact.py b/src/ssvc/decision_points/ssvc/mission_impact.py index c9666fb2..9faad217 100644 --- a/src/ssvc/decision_points/ssvc/mission_impact.py +++ b/src/ssvc/decision_points/ssvc/mission_impact.py @@ -52,7 +52,9 @@ description="Degradation of non-essential functions; chronic degradation would eventually harm essential functions", ) -MI_NONE = DecisionPointValue(name="None", key="N", description="Little to no impact") +MI_NONE = DecisionPointValue( + name="None", key="N", description="Little to no impact" +) # combine MI_NONE and MI_NED into a single value DEGRADED = DecisionPointValue( diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index eeb01e1b..8c905967 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -28,7 +28,12 @@ import pandas as pd from pydantic import BaseModel, Field, field_validator, model_validator -from ssvc._mixins import _Commented, _GenericSsvcObject, _Registered, _SchemaVersioned +from ssvc._mixins import ( + _Commented, + _GenericSsvcObject, + _Registered, + _SchemaVersioned, +) from ssvc.decision_points.base import DecisionPoint from ssvc.registry import get_registry from ssvc.utils.field_specs import DecisionPointDict @@ -145,7 +150,11 @@ def populate_mapping_if_empty(self): outcome_key = self.outcome - dps = [dp for dpid, dp in self.decision_points.items() if dpid != outcome_key] + dps = [ + dp + for dpid, dp in self.decision_points.items() + if dpid != outcome_key + ] mapping = dplist_to_toposort(dps) # mapping is a list of dicts @@ -256,7 +265,9 @@ def check_mapping_coverage(self): f"Duplicate mapping found for decision point combination: {k}." ) else: - raise ValueError(f"Unexpected count in mapping coverage check.{k}: {v}") + raise ValueError( + f"Unexpected count in mapping coverage check.{k}: {v}" + ) # if you made it to here, all the counts were 1, so we're good @@ -290,7 +301,9 @@ def validate_mapping(self): logger.warning("Topological order check found problems:") for problem in problems: logger.warning(f"Problem: {problem}") - raise ValueError("Topological order check failed. See logs for details.") + raise ValueError( + "Topological order check failed. See logs for details." + ) else: logger.debug("Topological order check passed with no problems.") @@ -509,11 +522,15 @@ def _col_check(col: str) -> bool: df[col] = newcol # lowercase all cell values - df = df.apply(lambda col: col.map(lambda x: x.lower() if isinstance(x, str) else x)) + df = df.apply( + lambda col: col.map(lambda x: x.lower() if isinstance(x, str) else x) + ) # Rename columns using DP_REGISTRY - rename_map = {col: _rename_column(col) for col in df.columns if _col_check(col)} + rename_map = { + col: _rename_column(col) for col in df.columns if _col_check(col) + } df = df.rename( columns=rename_map, diff --git a/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py b/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py index 0e4503a9..39666a4d 100644 --- a/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py +++ b/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py @@ -23,14 +23,19 @@ # DM24-0278 from ssvc.decision_points.ssvc.automatable import AUTOMATABLE_2 as Automatable -from ssvc.decision_points.ssvc.exploitation import EXPLOITATION_1_1_0 as Exploitation +from ssvc.decision_points.ssvc.exploitation import ( + EXPLOITATION_1_1_0 as Exploitation, +) from ssvc.decision_points.ssvc.human_impact import ( MISSION_AND_WELL_BEING_IMPACT_1 as MissionAndWellBeingImpact, ) from ssvc.decision_points.ssvc.technical_impact import ( TECHNICAL_IMPACT_1 as TechnicalImpact, ) -from ssvc.decision_tables.base import DecisionTable, decision_table_to_longform_df +from ssvc.decision_tables.base import ( + DecisionTable, + decision_table_to_longform_df, +) from ssvc.namespaces import NameSpace from ssvc.outcomes.cisa.scoring import CISA as Priority diff --git a/src/ssvc/decision_tables/cvss/equivalence_set_five.py b/src/ssvc/decision_tables/cvss/equivalence_set_five.py index 67557fd9..0eb8463b 100644 --- a/src/ssvc/decision_tables/cvss/equivalence_set_five.py +++ b/src/ssvc/decision_tables/cvss/equivalence_set_five.py @@ -30,7 +30,9 @@ from ssvc.decision_points.cvss.equivalence_set_5 import EQ5 -from ssvc.decision_points.cvss.exploit_maturity import EXPLOIT_MATURITY_2_NoX as E +from ssvc.decision_points.cvss.exploit_maturity import ( + EXPLOIT_MATURITY_2_NoX as E, +) from ssvc.decision_tables.base import DecisionTable from ssvc.namespaces import NameSpace diff --git a/src/ssvc/decision_tables/cvss/equivalence_set_six.py b/src/ssvc/decision_tables/cvss/equivalence_set_six.py index 1acd1875..c5fc4a96 100644 --- a/src/ssvc/decision_tables/cvss/equivalence_set_six.py +++ b/src/ssvc/decision_tables/cvss/equivalence_set_six.py @@ -44,7 +44,9 @@ CR_NoX as CR, ) from ssvc.decision_points.cvss.equivalence_set_6 import EQ6 -from ssvc.decision_points.cvss.integrity_impact import INTEGRITY_IMPACT_3_0_0 as VI +from ssvc.decision_points.cvss.integrity_impact import ( + INTEGRITY_IMPACT_3_0_0 as VI, +) from ssvc.decision_points.cvss.integrity_requirement import ( IR_NoX as IR, ) diff --git a/src/ssvc/decision_tables/cvss/equivalence_set_two.py b/src/ssvc/decision_tables/cvss/equivalence_set_two.py index b4b2c48d..38a748c2 100644 --- a/src/ssvc/decision_tables/cvss/equivalence_set_two.py +++ b/src/ssvc/decision_tables/cvss/equivalence_set_two.py @@ -28,8 +28,12 @@ # 0 AC:L and AT:N AC:L/AT:N # 1 not (AC:L and AT:N) AC:L/AT:P or AC:H/AT:N -from ssvc.decision_points.cvss.attack_complexity import ATTACK_COMPLEXITY_3_0_1 as AC -from ssvc.decision_points.cvss.attack_requirements import ATTACK_REQUIREMENTS_1 as AT +from ssvc.decision_points.cvss.attack_complexity import ( + ATTACK_COMPLEXITY_3_0_1 as AC, +) +from ssvc.decision_points.cvss.attack_requirements import ( + ATTACK_REQUIREMENTS_1 as AT, +) from ssvc.decision_points.cvss.equivalence_set_2 import EQ2 from ssvc.decision_tables.base import DecisionTable diff --git a/src/ssvc/decision_tables/helpers.py b/src/ssvc/decision_tables/helpers.py index 31a37e4f..0463d96a 100644 --- a/src/ssvc/decision_tables/helpers.py +++ b/src/ssvc/decision_tables/helpers.py @@ -49,12 +49,16 @@ def write_csv( parts.append("child_trees") target_dir = os.path.join(project_base_path, *parts) - assert os.path.exists(target_dir), f"Target directory {target_dir} does not exist." + assert os.path.exists( + target_dir + ), f"Target directory {target_dir} does not exist." csv_path = os.path.join(target_dir, csvfile) with open(csv_path, "w") as fp: - fp.write(decision_table_to_longform_df(decision_table).to_csv(index=index)) + fp.write( + decision_table_to_longform_df(decision_table).to_csv(index=index) + ) def print_dt_version(dt: DecisionTable, longform=True) -> None: @@ -81,4 +85,3 @@ def main(): if __name__ == "__main__": main() - diff --git a/src/ssvc/decision_tables/ssvc/coord_pub_dt.py b/src/ssvc/decision_tables/ssvc/coord_pub_dt.py index 22f9e401..9a9697ea 100644 --- a/src/ssvc/decision_tables/ssvc/coord_pub_dt.py +++ b/src/ssvc/decision_tables/ssvc/coord_pub_dt.py @@ -24,8 +24,12 @@ # DM24-0278 from ssvc.decision_points.ssvc.exploitation import LATEST as Exploitation -from ssvc.decision_points.ssvc.public_value_added import LATEST as PublicValueAdded -from ssvc.decision_points.ssvc.supplier_involvement import LATEST as SupplierInvolvement +from ssvc.decision_points.ssvc.public_value_added import ( + LATEST as PublicValueAdded, +) +from ssvc.decision_points.ssvc.supplier_involvement import ( + LATEST as SupplierInvolvement, +) from ssvc.decision_tables.base import DecisionTable from ssvc.namespaces import NameSpace from ssvc.outcomes.ssvc.publish import LATEST as Priority @@ -38,7 +42,12 @@ description="This decision table is used to determine the priority of a coordinator publish.", decision_points={ dp.id: dp - for dp in [SupplierInvolvement, Exploitation, PublicValueAdded, Priority] + for dp in [ + SupplierInvolvement, + Exploitation, + PublicValueAdded, + Priority, + ] }, outcome=Priority.id, mapping=[ diff --git a/src/ssvc/decision_tables/ssvc/coord_triage.py b/src/ssvc/decision_tables/ssvc/coord_triage.py index e4c7c391..3929da2b 100644 --- a/src/ssvc/decision_tables/ssvc/coord_triage.py +++ b/src/ssvc/decision_tables/ssvc/coord_triage.py @@ -27,7 +27,9 @@ from ssvc.decision_points.ssvc.report_credibility import ( REPORT_CREDIBILITY_1 as ReportCredibility, ) -from ssvc.decision_points.ssvc.report_public import REPORT_PUBLIC_1 as ReportPublic +from ssvc.decision_points.ssvc.report_public import ( + REPORT_PUBLIC_1 as ReportPublic, +) from ssvc.decision_points.ssvc.supplier_cardinality import ( SUPPLIER_CARDINALITY_1 as SupplierCardinality, ) diff --git a/src/ssvc/decision_tables/ssvc/deployer_dt.py b/src/ssvc/decision_tables/ssvc/deployer_dt.py index 9b46bf42..0d19c1f5 100644 --- a/src/ssvc/decision_tables/ssvc/deployer_dt.py +++ b/src/ssvc/decision_tables/ssvc/deployer_dt.py @@ -23,10 +23,19 @@ # DM24-0278 from ssvc.decision_points.ssvc.automatable import AUTOMATABLE_2 as Automatable -from ssvc.decision_points.ssvc.exploitation import EXPLOITATION_1_1_0 as Exploitation -from ssvc.decision_points.ssvc.human_impact import HUMAN_IMPACT_2_0_2 as HumanImpact -from ssvc.decision_points.ssvc.system_exposure import SYSTEM_EXPOSURE_1_0_1 as Exposure -from ssvc.decision_tables.base import DecisionTable, decision_table_to_longform_df +from ssvc.decision_points.ssvc.exploitation import ( + EXPLOITATION_1_1_0 as Exploitation, +) +from ssvc.decision_points.ssvc.human_impact import ( + HUMAN_IMPACT_2_0_2 as HumanImpact, +) +from ssvc.decision_points.ssvc.system_exposure import ( + SYSTEM_EXPOSURE_1_0_1 as Exposure, +) +from ssvc.decision_tables.base import ( + DecisionTable, + decision_table_to_longform_df, +) from ssvc.namespaces import NameSpace from ssvc.outcomes.ssvc.dsoi import DSOI as DSOI @@ -37,7 +46,8 @@ name="Deployer Patch Application Priority", description="Decision table for evaluating deployer's patch application priority in SSVC", decision_points={ - dp.id: dp for dp in [Exploitation, Exposure, Automatable, HumanImpact, DSOI] + dp.id: dp + for dp in [Exploitation, Exposure, Automatable, HumanImpact, DSOI] }, outcome=DSOI.id, mapping=[ diff --git a/src/ssvc/decision_tables/ssvc/human_impact.py b/src/ssvc/decision_tables/ssvc/human_impact.py index c20436ed..9ba1e432 100644 --- a/src/ssvc/decision_tables/ssvc/human_impact.py +++ b/src/ssvc/decision_tables/ssvc/human_impact.py @@ -21,15 +21,21 @@ # subject to its own license. # DM24-0278 -from ssvc.decision_points.ssvc.human_impact import HUMAN_IMPACT_2_0_2 as HumanImpact -from ssvc.decision_points.ssvc.mission_impact import MISSION_IMPACT_2 as MissionImpact +from ssvc.decision_points.ssvc.human_impact import ( + HUMAN_IMPACT_2_0_2 as HumanImpact, +) +from ssvc.decision_points.ssvc.mission_impact import ( + MISSION_IMPACT_2 as MissionImpact, +) from ssvc.decision_points.ssvc.safety_impact import ( SAFETY_IMPACT_2 as SituatedSafetyImpact, ) from ssvc.decision_tables.base import DecisionTable from ssvc.namespaces import NameSpace -dp_dict = {dp.id: dp for dp in [SituatedSafetyImpact, MissionImpact, HumanImpact]} +dp_dict = { + dp.id: dp for dp in [SituatedSafetyImpact, MissionImpact, HumanImpact] +} HUMAN_IMPACT_1 = DecisionTable( namespace=NameSpace.SSVC, diff --git a/src/ssvc/decision_tables/ssvc/supplier_dt.py b/src/ssvc/decision_tables/ssvc/supplier_dt.py index a1753fd8..e91cb77e 100644 --- a/src/ssvc/decision_tables/ssvc/supplier_dt.py +++ b/src/ssvc/decision_tables/ssvc/supplier_dt.py @@ -25,10 +25,17 @@ # DM24-0278 from ssvc.decision_points.ssvc.exploitation import LATEST as Exploitation -from ssvc.decision_points.ssvc.public_safety_impact import LATEST as PublicSafetyImpact -from ssvc.decision_points.ssvc.technical_impact import LATEST as TechnicalImpact +from ssvc.decision_points.ssvc.public_safety_impact import ( + LATEST as PublicSafetyImpact, +) +from ssvc.decision_points.ssvc.technical_impact import ( + LATEST as TechnicalImpact, +) from ssvc.decision_points.ssvc.utility import LATEST as Utility -from ssvc.decision_tables.base import DecisionTable, decision_table_to_longform_df +from ssvc.decision_tables.base import ( + DecisionTable, + decision_table_to_longform_df, +) from ssvc.namespaces import NameSpace from ssvc.outcomes.ssvc.dsoi import LATEST as DSOI @@ -40,7 +47,13 @@ description="Decision table for evaluating supplier patch development priority in SSVC", decision_points={ dp.id: dp - for dp in [Exploitation, Utility, TechnicalImpact, PublicSafetyImpact, DSOI] + for dp in [ + Exploitation, + Utility, + TechnicalImpact, + PublicSafetyImpact, + DSOI, + ] }, outcome=DSOI.id, mapping=[ diff --git a/src/ssvc/decision_tables/ssvc/utlity.py b/src/ssvc/decision_tables/ssvc/utlity.py index 6293c028..fb51aac1 100644 --- a/src/ssvc/decision_tables/ssvc/utlity.py +++ b/src/ssvc/decision_tables/ssvc/utlity.py @@ -25,40 +25,27 @@ from ssvc.decision_points.ssvc.automatable import LATEST as Automatable from ssvc.decision_points.ssvc.utility import LATEST as Utility from ssvc.decision_points.ssvc.value_density import LATEST as ValueDensity -from ssvc.decision_tables.base import DecisionTable, decision_table_to_longform_df +from ssvc.decision_tables.base import ( + DecisionTable, + decision_table_to_longform_df, +) from ssvc.decision_tables.helpers import write_csv from ssvc.namespaces import NameSpace UTILITY_1 = DecisionTable( - namespace =NameSpace.SSVC, - key='U', - version='1.0.0', - name='Utility', - description='Utility decision table for SSVC', - decision_points={dp.id: dp for dp in [Automatable,ValueDensity,Utility]}, - outcome = Utility.id, - mapping = [ - { - "ssvc:A:2.0.0": "N", - "ssvc:VD:1.0.0": "D", - "ssvc:U:1.0.1": "L" - }, - { - "ssvc:A:2.0.0": "N", - "ssvc:VD:1.0.0": "C", - "ssvc:U:1.0.1": "E" - }, - { - "ssvc:A:2.0.0": "Y", - "ssvc:VD:1.0.0": "D", - "ssvc:U:1.0.1": "E" - }, - { - "ssvc:A:2.0.0": "Y", - "ssvc:VD:1.0.0": "C", - "ssvc:U:1.0.1": "S" - } - ] + namespace=NameSpace.SSVC, + key="U", + version="1.0.0", + name="Utility", + description="Utility decision table for SSVC", + decision_points={dp.id: dp for dp in [Automatable, ValueDensity, Utility]}, + outcome=Utility.id, + mapping=[ + {"ssvc:A:2.0.0": "N", "ssvc:VD:1.0.0": "D", "ssvc:U:1.0.1": "L"}, + {"ssvc:A:2.0.0": "N", "ssvc:VD:1.0.0": "C", "ssvc:U:1.0.1": "E"}, + {"ssvc:A:2.0.0": "Y", "ssvc:VD:1.0.0": "D", "ssvc:U:1.0.1": "E"}, + {"ssvc:A:2.0.0": "Y", "ssvc:VD:1.0.0": "C", "ssvc:U:1.0.1": "S"}, + ], ) VERSIONS = (UTILITY_1,) @@ -75,10 +62,8 @@ def main(): print(decision_table_to_longform_df(UTILITY_1).to_csv(index=False)) csvfile = "utility.csv" - write_csv(UTILITY_1,csvfile) - - + write_csv(UTILITY_1, csvfile) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/src/ssvc/doctools.py b/src/ssvc/doctools.py index ba180ea1..3d11b3fc 100755 --- a/src/ssvc/doctools.py +++ b/src/ssvc/doctools.py @@ -55,7 +55,8 @@ def find_modules_to_import( - directory: str = "../decision_points", package: str = "ssvc.decision_points" + directory: str = "../decision_points", + package: str = "ssvc.decision_points", ) -> bool: """ Find all modules that contain decision points and import them. @@ -140,7 +141,9 @@ def remove_if_exists(file): logger.debug(f"File {file} does not exist, nothing to remove") -def dump_decision_point(jsondir: str, dp: SsvcDecisionPoint, overwrite: bool) -> None: +def dump_decision_point( + jsondir: str, dp: SsvcDecisionPoint, overwrite: bool +) -> None: """ Generate the markdown table, json example, and markdown table file for a decision point. @@ -157,12 +160,16 @@ def dump_decision_point(jsondir: str, dp: SsvcDecisionPoint, overwrite: bool) -> - json_file: The path to the json example file. """ # make dp.name safe for use in a filename - basename = _filename_friendly(dp.name) + f"_{_filename_friendly(dp.version)}" + basename = ( + _filename_friendly(dp.name) + f"_{_filename_friendly(dp.version)}" + ) # - generate json example dump_json(basename, dp, jsondir, overwrite) -def dump_json(basename: str, dp: DecisionPoint, jsondir: str, overwrite: bool) -> str: +def dump_json( + basename: str, dp: DecisionPoint, jsondir: str, overwrite: bool +) -> str: """ Generate the json example for a decision point. @@ -202,8 +209,6 @@ def dump_json(basename: str, dp: DecisionPoint, jsondir: str, overwrite: bool) - return str(json_file) - - def dump_schema(filepath: str, schema: dict) -> None: schema = order_schema(schema) logger.info(f"Writing schema to {filepath}") @@ -211,6 +216,7 @@ def dump_schema(filepath: str, schema: dict) -> None: json.dump(schema, f, indent=2) f.write("\n") + def dump_schemas(jsondir): import ssvc.selection import ssvc.decision_tables.base @@ -229,7 +235,9 @@ def dump_schemas(jsondir): registry_schema_file = f"Ssvc_Object_Registry-{_filename_friendly(ssvc.registry.base.SCHEMA_VERSION, replacement='-')}.schema.json" registry_schema_path = os.path.join(schemadir, registry_schema_file) registry_schema = SsvcObjectRegistry.model_json_schema() - schemapaths.append({"filepath": registry_schema_path, "schema": registry_schema}) + schemapaths.append( + {"filepath": registry_schema_path, "schema": registry_schema} + ) # decision point schema dp_schema_file = f"Decision_Point-{_filename_friendly(ssvc.decision_points.base.SCHEMA_VERSION, replacement='-')}.schema.json" @@ -239,15 +247,26 @@ def dump_schemas(jsondir): # decision table schema decision_table_schema_file = f"Decision_Table-{_filename_friendly(ssvc.decision_tables.base.SCHEMA_VERSION, replacement='-')}.schema.json" - decision_table_schema_path = os.path.join(schemadir, decision_table_schema_file) + decision_table_schema_path = os.path.join( + schemadir, decision_table_schema_file + ) decision_table_schema = DecisionTable.model_json_schema() - schemapaths.append({"filepath": decision_table_schema_path, "schema": decision_table_schema}) + schemapaths.append( + { + "filepath": decision_table_schema_path, + "schema": decision_table_schema, + } + ) # decision point group schema dp_group_schema_file = f"Decision_Point_Group-{_filename_friendly(ssvc.dp_groups.base.SCHEMA_VERSION, replacement='-')}.schema.json" dp_group_schema_path = os.path.join(schemadir, dp_group_schema_file) - dp_group_schema = ssvc.dp_groups.base.DecisionPointGroup.model_json_schema() - schemapaths.append({"filepath": dp_group_schema_path, "schema": dp_group_schema}) + dp_group_schema = ( + ssvc.dp_groups.base.DecisionPointGroup.model_json_schema() + ) + schemapaths.append( + {"filepath": dp_group_schema_path, "schema": dp_group_schema} + ) with EnsureDirExists(schemadir): for d in schemapaths: @@ -255,9 +274,14 @@ def dump_schemas(jsondir): schema = d["schema"] dump_schema(filepath=path, schema=schema) -def dump_decision_table(jsondir: str, dt: DecisionTable, overwrite: bool) -> None: + +def dump_decision_table( + jsondir: str, dt: DecisionTable, overwrite: bool +) -> None: # make dp.name safe for use in a filename - basename = _filename_friendly(dt.name) + f"_{_filename_friendly(dt.version)}" + basename = ( + _filename_friendly(dt.name) + f"_{_filename_friendly(dt.version)}" + ) filename = f"{basename}.json" parts = [ @@ -280,7 +304,7 @@ def dump_decision_table(jsondir: str, dt: DecisionTable, overwrite: bool) -> Non f.write("\n") # newline at end of file except FileExistsError: logger.warning( - f"File {json_file} already exists, use --overwrite to replace" + f"File {json_file} already exists, use --overwrite to replace" ) return str(json_file) @@ -316,10 +340,13 @@ def main(): dp_dir = os.path.join(os.path.abspath(jsondir), "decision_points") dt_dir = os.path.join(os.path.abspath(jsondir), "decision_tables") - find_modules_to_import("./src/ssvc/decision_points", "ssvc.decision_points") + find_modules_to_import( + "./src/ssvc/decision_points", "ssvc.decision_points" + ) find_modules_to_import("./src/ssvc/outcomes", "ssvc.outcomes") - find_modules_to_import("./src/ssvc/decision_tables", "ssvc.decision_tables") - + find_modules_to_import( + "./src/ssvc/decision_tables", "ssvc.decision_tables" + ) registry = get_registry() @@ -339,7 +366,7 @@ def main(): try: logger.info(f"Writing {registry_json}") with open(registry_json, "x") as f: - f.write(registry.model_dump_json(indent=2,exclude_none=True)) + f.write(registry.model_dump_json(indent=2, exclude_none=True)) f.write("\n") # newline at end of file except FileExistsError: logger.warning( @@ -349,7 +376,6 @@ def main(): dump_schemas(jsondir) - if __name__ == "__main__": logger = logging.getLogger() logger.setLevel(logging.DEBUG) diff --git a/src/ssvc/dp_groups/cvss/collections.py b/src/ssvc/dp_groups/cvss/collections.py index c2b61c2c..37bf11b8 100644 --- a/src/ssvc/dp_groups/cvss/collections.py +++ b/src/ssvc/dp_groups/cvss/collections.py @@ -345,7 +345,9 @@ name="CVSSv4", description="All decision points for CVSS v4 (including supplemental metrics)", version="4.0.0", - decision_points=tuple(_BASE_4 + _THREAT_4 + _ENVIRONMENTAL_4 + _SUPPLEMENTAL_4), + decision_points=tuple( + _BASE_4 + _THREAT_4 + _ENVIRONMENTAL_4 + _SUPPLEMENTAL_4 + ), ) CVSSv4_Equivalence_Sets = DecisionPointGroup( diff --git a/src/ssvc/dp_groups/ssvc/collections.py b/src/ssvc/dp_groups/ssvc/collections.py index 836eb12b..5845401c 100644 --- a/src/ssvc/dp_groups/ssvc/collections.py +++ b/src/ssvc/dp_groups/ssvc/collections.py @@ -66,6 +66,7 @@ VERSIONS = (SSVCv1, SSVCv2, SSVCv2_1) LATEST = VERSIONS[-1] + def main(): for version in VERSIONS: print(version.model_dump_json(indent=2)) diff --git a/src/ssvc/dp_groups/ssvc/coordinator_publication.py b/src/ssvc/dp_groups/ssvc/coordinator_publication.py index 77f773d0..1a90aad1 100644 --- a/src/ssvc/dp_groups/ssvc/coordinator_publication.py +++ b/src/ssvc/dp_groups/ssvc/coordinator_publication.py @@ -25,7 +25,9 @@ from ssvc.decision_points.ssvc.exploitation import EXPLOITATION_1 from ssvc.decision_points.ssvc.public_value_added import PUBLIC_VALUE_ADDED_1 -from ssvc.decision_points.ssvc.supplier_involvement import SUPPLIER_INVOLVEMENT_1 +from ssvc.decision_points.ssvc.supplier_involvement import ( + SUPPLIER_INVOLVEMENT_1, +) from ssvc.dp_groups.base import DecisionPointGroup diff --git a/src/ssvc/dp_groups/ssvc/coordinator_triage.py b/src/ssvc/dp_groups/ssvc/coordinator_triage.py index cd625ef4..fa0f1e8d 100644 --- a/src/ssvc/dp_groups/ssvc/coordinator_triage.py +++ b/src/ssvc/dp_groups/ssvc/coordinator_triage.py @@ -24,11 +24,15 @@ # DM24-0278 from ssvc.decision_points.ssvc.automatable import AUTOMATABLE_2 -from ssvc.decision_points.ssvc.public_safety_impact import PUBLIC_SAFETY_IMPACT_2 +from ssvc.decision_points.ssvc.public_safety_impact import ( + PUBLIC_SAFETY_IMPACT_2, +) from ssvc.decision_points.ssvc.report_credibility import REPORT_CREDIBILITY_1 from ssvc.decision_points.ssvc.report_public import REPORT_PUBLIC_1 from ssvc.decision_points.ssvc.safety_impact import SAFETY_IMPACT_1 -from ssvc.decision_points.ssvc.supplier_cardinality import SUPPLIER_CARDINALITY_1 +from ssvc.decision_points.ssvc.supplier_cardinality import ( + SUPPLIER_CARDINALITY_1, +) from ssvc.decision_points.ssvc.supplier_contacted import SUPPLIER_CONTACTED_1 from ssvc.decision_points.ssvc.supplier_engagement import SUPPLIER_ENGAGEMENT_1 from ssvc.decision_points.ssvc.utility import UTILITY_1_0_1 diff --git a/src/ssvc/outcomes/basic/ike.py b/src/ssvc/outcomes/basic/ike.py index 485b91e3..e18f3c7e 100644 --- a/src/ssvc/outcomes/basic/ike.py +++ b/src/ssvc/outcomes/basic/ike.py @@ -31,9 +31,13 @@ _DELETE = DecisionPointValue(name="Delete", key="D", description="Delete") -_DELEGATE = DecisionPointValue(name="Delegate", key="G", description="Delegate") +_DELEGATE = DecisionPointValue( + name="Delegate", key="G", description="Delegate" +) -_SCHEDULE = DecisionPointValue(name="Schedule", key="S", description="Schedule") +_SCHEDULE = DecisionPointValue( + name="Schedule", key="S", description="Schedule" +) _DO = DecisionPointValue(name="Do", key="O", description="Do") diff --git a/src/ssvc/outcomes/basic/value_complexity.py b/src/ssvc/outcomes/basic/value_complexity.py index 2f6fef04..4d88f335 100644 --- a/src/ssvc/outcomes/basic/value_complexity.py +++ b/src/ssvc/outcomes/basic/value_complexity.py @@ -35,9 +35,13 @@ name="Reconsider Later", key="R", description="Reconsider Later" ) -_EASY_WIN = DecisionPointValue(name="Easy Win", key="E", description="Easy Win") +_EASY_WIN = DecisionPointValue( + name="Easy Win", key="E", description="Easy Win" +) -_DO_FIRST = DecisionPointValue(name="Do First", key="F", description="Do First") +_DO_FIRST = DecisionPointValue( + name="Do First", key="F", description="Do First" +) VALUE_COMPLEXITY = DecisionPoint( name="Value, Complexity", diff --git a/src/ssvc/outcomes/cvss/lmhc.py b/src/ssvc/outcomes/cvss/lmhc.py index b1791608..fae0aeec 100644 --- a/src/ssvc/outcomes/cvss/lmhc.py +++ b/src/ssvc/outcomes/cvss/lmhc.py @@ -24,7 +24,9 @@ _LOW = DecisionPointValue(name="Low", key="L", description="Low (0.1-3.9)") -_MEDIUM = DecisionPointValue(name="Medium", key="M", description="Medium (4.0-6.9)") +_MEDIUM = DecisionPointValue( + name="Medium", key="M", description="Medium (4.0-6.9)" +) _HIGH = DecisionPointValue(name="High", key="H", description="High (7.0-8.9)") diff --git a/src/ssvc/outcomes/ssvc/coordinate.py b/src/ssvc/outcomes/ssvc/coordinate.py index 136d987e..38163666 100644 --- a/src/ssvc/outcomes/ssvc/coordinate.py +++ b/src/ssvc/outcomes/ssvc/coordinate.py @@ -24,7 +24,9 @@ _TRACK = DecisionPointValue(name="Track", key="T", description="Track") -_COORDINATE = DecisionPointValue(name="Coordinate", key="C", description="Coordinate") +_COORDINATE = DecisionPointValue( + name="Coordinate", key="C", description="Coordinate" +) COORDINATE = SsvcDecisionPoint( name="Decline, Track, Coordinate", diff --git a/src/ssvc/outcomes/ssvc/dsoi.py b/src/ssvc/outcomes/ssvc/dsoi.py index cf477abb..0f6cc8f5 100644 --- a/src/ssvc/outcomes/ssvc/dsoi.py +++ b/src/ssvc/outcomes/ssvc/dsoi.py @@ -27,13 +27,17 @@ _DEFER = DecisionPointValue(name="Defer", key="D", description="Defer") -_SCHEDULED = DecisionPointValue(name="Scheduled", key="S", description="Scheduled") +_SCHEDULED = DecisionPointValue( + name="Scheduled", key="S", description="Scheduled" +) _OUT_OF_CYCLE = DecisionPointValue( name="Out-of-Cycle", key="O", description="Out-of-Cycle" ) -_IMMEDIATE = DecisionPointValue(name="Immediate", key="I", description="Immediate") +_IMMEDIATE = DecisionPointValue( + name="Immediate", key="I", description="Immediate" +) DSOI = SsvcDecisionPoint( name="Defer, Scheduled, Out-of-Cycle, Immediate", diff --git a/src/ssvc/outcomes/x_com_yahooinc/paranoids.py b/src/ssvc/outcomes/x_com_yahooinc/paranoids.py index 140e7bf9..3011d85c 100644 --- a/src/ssvc/outcomes/x_com_yahooinc/paranoids.py +++ b/src/ssvc/outcomes/x_com_yahooinc/paranoids.py @@ -41,7 +41,9 @@ _ACT_1 = DecisionPointValue(name="Act 1", key="1", description="Act") -_ACT_ASAP_0 = DecisionPointValue(name="Act ASAP 0", key="0", description="Act ASAP") +_ACT_ASAP_0 = DecisionPointValue( + name="Act ASAP 0", key="0", description="Act ASAP" +) THE_PARANOIDS = DecisionPoint( name="theParanoids", diff --git a/src/ssvc/policy_generator.py b/src/ssvc/policy_generator.py index 79c83319..b62302e8 100644 --- a/src/ssvc/policy_generator.py +++ b/src/ssvc/policy_generator.py @@ -92,7 +92,9 @@ def __init__( # validate that the outcome weights sum to 1.0 total = sum(outcome_weights) if not math.isclose(total, 1.0): - raise ValueError(f"Outcome weights must sum to 1.0, but sum to {total}") + raise ValueError( + f"Outcome weights must sum to 1.0, but sum to {total}" + ) self.outcome_weights = outcome_weights logger.debug(f"Outcome weights: {self.outcome_weights}") @@ -213,7 +215,9 @@ def _assign_outcomes(self): logger.debug(f"Layer count: {len(layers)}") logger.debug(f"Layer sizes: {[len(layer) for layer in layers]}") - outcome_counts = [round(node_count * weight) for weight in self.outcome_weights] + outcome_counts = [ + round(node_count * weight) for weight in self.outcome_weights + ] toposort = list(nx.topological_sort(self.G)) logger.debug(f"Toposort: {toposort[:4]}...{toposort[-4:]}") @@ -302,11 +306,15 @@ def _confirm_topological_order(self, node_order: list) -> None: # all nodes must be in the graph for node in node_order: if node not in self.G.nodes: - raise ValueError(f"Node order contains node {node} not in the graph") + raise ValueError( + f"Node order contains node {node} not in the graph" + ) for node in self.G.nodes: if node not in node_order: - raise ValueError(f"Graph contains node {node} not in the node order") + raise ValueError( + f"Graph contains node {node} not in the node order" + ) node_idx = {node: i for i, node in enumerate(node_order)} diff --git a/src/ssvc/registry/__init__.py b/src/ssvc/registry/__init__.py index db36cb32..eb203c91 100644 --- a/src/ssvc/registry/__init__.py +++ b/src/ssvc/registry/__init__.py @@ -57,7 +57,9 @@ def _handle_registration(obj): if isinstance(obj, (DecisionPoint, DecisionPointValue, DecisionTable)): registry.register(obj) - logger.debug("Registered object %s of type %s", obj.id, type(obj).__name__) + logger.debug( + "Registered object %s of type %s", obj.id, type(obj).__name__ + ) else: logger.warning( f"Object {obj.id} is not a recognized SSVC type: {type(obj)}" diff --git a/src/ssvc/registry/base.py b/src/ssvc/registry/base.py index 11c69fa5..afc00faf 100644 --- a/src/ssvc/registry/base.py +++ b/src/ssvc/registry/base.py @@ -226,7 +226,9 @@ def lookup_by_id( return lookup_by_id(objtype=objtype, objid=objid, registry=self) -def register(obj: _RegisterableClass, registry: SsvcObjectRegistry = None) -> None: +def register( + obj: _RegisterableClass, registry: SsvcObjectRegistry = None +) -> None: """ Register an object in the SSVC object registry. @@ -286,7 +288,9 @@ def _insert( # check to see if the namespace is already registered nsobj = typesobj.namespaces.get(ns) if nsobj is None: - logger.debug(f"Registering new namespace '{ns}' for object type '{objtype}'.") + logger.debug( + f"Registering new namespace '{ns}' for object type '{objtype}'." + ) nsobj = _Namespace(namespace=ns) registry.types[objtype].namespaces[ns] = nsobj @@ -414,7 +418,9 @@ def lookup_by_id( return lookup_version(**args, registry=registry) -def get_all(objtype: str, registry: SsvcObjectRegistry) -> list[_GenericSsvcObject]: +def get_all( + objtype: str, registry: SsvcObjectRegistry +) -> list[_GenericSsvcObject]: """ Get all objects of a specific type from the registry. @@ -440,7 +446,9 @@ def get_all(objtype: str, registry: SsvcObjectRegistry) -> list[_GenericSsvcObje return all_objects -def lookup_objtype(objtype: str, registry: SsvcObjectRegistry) -> _NsType | None: +def lookup_objtype( + objtype: str, registry: SsvcObjectRegistry +) -> _NsType | None: """ Lookup an object type in the registry by its name. Returns None if the type is not found. @@ -497,7 +505,11 @@ def lookup_key( def lookup_version( - objtype: str, namespace: str, key: str, version: str, registry: SsvcObjectRegistry + objtype: str, + namespace: str, + key: str, + version: str, + registry: SsvcObjectRegistry, ) -> _ValuedVersion | _NonValuedVersion | None: """ Lookup a version in the registry by object type, namespace, key, and version string. @@ -624,7 +636,9 @@ def lookup( # start at the deepest level and work up if value_key is not None: - return lookup_value(objtype, namespace, key, version, value_key, registry) + return lookup_value( + objtype, namespace, key, version, value_key, registry + ) if version is not None: return lookup_version(objtype, namespace, key, version, registry) diff --git a/src/ssvc/registry/events.py b/src/ssvc/registry/events.py index 7f26bd44..6c356d91 100644 --- a/src/ssvc/registry/events.py +++ b/src/ssvc/registry/events.py @@ -37,7 +37,9 @@ def notify_registration(obj): """Notify all hooks about a new registration.""" for hook in _registration_hooks: try: - logger.debug(f"Notifying {hook.__name__} about registration of {obj.id}") + logger.debug( + f"Notifying {hook.__name__} about registration of {obj.id}" + ) hook(obj) except Exception as e: logger.warning(f"Registration hook failed: {e}") diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 4c5efce3..0fbc9b71 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -126,7 +126,8 @@ def from_decision_point( "key": decision_point.key, "version": decision_point.version, "values": [ - MinimalDecisionPointValue(key=val.key) for val in decision_point.values + MinimalDecisionPointValue(key=val.key) + for val in decision_point.values ], } for attr in ("name", "description"): @@ -157,7 +158,9 @@ def model_json_schema(cls, **kwargs): if "required" in schema and isinstance(schema["required"], list): # remove description from required list if it exists schema["required"] = [ - field for field in schema["required"] if field not in not_required + field + for field in schema["required"] + if field not in not_required ] return schema @@ -180,7 +183,9 @@ def model_json_schema(cls, **kwargs): if "required" in schema and isinstance(schema["required"], list): # remove description from required list if it exists schema["required"] = [ - field for field in schema["required"] if field not in not_required + field + for field in schema["required"] + if field not in not_required ] return schema @@ -276,7 +281,9 @@ def set_schema_version(cls, data): # target_ids should be a non-empty list if not None @field_validator("target_ids", mode="before") @classmethod - def validate_target_ids(cls, value: Optional[list[str]]) -> Optional[list[str]]: + def validate_target_ids( + cls, value: Optional[list[str]] + ) -> Optional[list[str]]: """ Validate the target_ids field. If target_ids is provided, it must be a non-empty list of strings. @@ -341,7 +348,9 @@ def model_json_schema(cls, **kwargs): if isinstance(prop, dict) and "required" in prop: # remove non-required fields from the required list prop["required"] = [ - r for r in prop["required"] if r not in non_required_fields + r + for r in prop["required"] + if r not in non_required_fields ] return order_schema(schema) @@ -373,7 +382,11 @@ def main() -> None: ], ) - print(selections.model_dump_json(indent=2, exclude_none=True, exclude_unset=True)) + print( + selections.model_dump_json( + indent=2, exclude_none=True, exclude_unset=True + ) + ) print("# Schema for SelectionList") schema = SelectionList.model_json_schema() diff --git a/src/ssvc/utils/toposort.py b/src/ssvc/utils/toposort.py index 2afab804..8bafe787 100644 --- a/src/ssvc/utils/toposort.py +++ b/src/ssvc/utils/toposort.py @@ -35,7 +35,9 @@ def graph_from_dplist(decision_points: list[DecisionPoint]) -> nx.DiGraph: - logger.debug(f"Creating graph from dplist: {[dp.id for dp in decision_points]}") + logger.debug( + f"Creating graph from dplist: {[dp.id for dp in decision_points]}" + ) value_lookup = dplist_to_value_lookup(decision_points) value_tuples = [tuple(v.keys()) for v in value_lookup] logger.debug(f"Value tuples: {value_tuples}") @@ -65,7 +67,7 @@ def graph_from_value_tuples(value_tuples: list[tuple[int, ...]]) -> nx.DiGraph: neighbor = tuple(neighbor) if neighbor in G: G.add_edge(node, neighbor) - + return G @@ -83,7 +85,9 @@ def dplist_to_lookup(decision_points: list[DecisionPoint]) -> dict[int, str]: return dp_lookup -def lookup_value(t: tuple[int, ...], lookup: list[dict[int, str]]) -> tuple[str, ...]: +def lookup_value( + t: tuple[int, ...], lookup: list[dict[int, str]] +) -> tuple[str, ...]: # given # t = (0, 0, 0) # lookup = [{0: 'V', 1: 'R', 2: 'S', 3: 'HS'}, {0: 'H', 1: 'S', 2: 'B', 3: 'N'}, {0: 'F', 1: 'R', 2: 'B', 3: 'N'}] @@ -92,14 +96,18 @@ def lookup_value(t: tuple[int, ...], lookup: list[dict[int, str]]) -> tuple[str, return tuple(l) -def tuple_to_dict(t: tuple[str, ...], lookup: dict[int, str]) -> dict[str, str]: +def tuple_to_dict( + t: tuple[str, ...], lookup: dict[int, str] +) -> dict[str, str]: # given # t = ('V', 'H', 'F') # return {'ER': 'V', 'GM': 'H', 'RC': 'F'} return {lookup[i]: t[i] for i in range(len(t))} -def dplist_to_toposort(decision_points: list[DecisionPoint]) -> list[dict[str, str]]: +def dplist_to_toposort( + decision_points: list[DecisionPoint], +) -> list[dict[str, str]]: logger.debug("Creating graph from list of decision points") G = graph_from_dplist(decision_points) logger.debug( @@ -107,7 +115,9 @@ def dplist_to_toposort(decision_points: list[DecisionPoint]) -> list[dict[str, s ) sorted_nodes = nx.topological_sort(G) - logger.debug("Topological sort completed, converting graph nodes to dictionaries") + logger.debug( + "Topological sort completed, converting graph nodes to dictionaries" + ) sorted_list = [] dp_lookup = dplist_to_lookup(decision_points) value_lookup = dplist_to_value_lookup(decision_points) diff --git a/src/test/decision_points/test_dp_base.py b/src/test/decision_points/test_dp_base.py index 2d7cdd95..babc8912 100644 --- a/src/test/decision_points/test_dp_base.py +++ b/src/test/decision_points/test_dp_base.py @@ -60,7 +60,13 @@ def tearDown(self) -> None: self.registry.reset() def test_decision_point_basics(self): - from ssvc._mixins import _Base, _Keyed, _Namespaced, _Valued, _Versioned + from ssvc._mixins import ( + _Base, + _Keyed, + _Namespaced, + _Valued, + _Versioned, + ) # inherits from mixins mixins = [_Valued, _Base, _Keyed, _Versioned, _Namespaced] @@ -86,7 +92,11 @@ def test_registry(self): (objtype, ns, key, version) = _get_keys(dp) self.assertEqual( dp, - self.registry.types[objtype].namespaces[ns].keys[key].versions[version].obj, + self.registry.types[objtype] + .namespaces[ns] + .keys[key] + .versions[version] + .obj, ) def test_ssvc_value(self): diff --git a/src/test/decision_tables/cvss/test_cvss_qsr4.py b/src/test/decision_tables/cvss/test_cvss_qsr4.py index d59eb427..deb4918e 100644 --- a/src/test/decision_tables/cvss/test_cvss_qsr4.py +++ b/src/test/decision_tables/cvss/test_cvss_qsr4.py @@ -30,15 +30,20 @@ # create a dict of the expected rows for lookups in tests _EXPECTED = { - tuple([v for k, v in row.items() if k != QSR_4.outcome]): row for row in V4_EXPECTED + tuple([v for k, v in row.items() if k != QSR_4.outcome]): row + for row in V4_EXPECTED } class MyTestCase(unittest.TestCase): def setUp(self): self.qsr4 = QSR_4 - self.eq3 = [k for k in self.qsr4.decision_points.keys() if "EQ3" in k][0] - self.eq6 = [k for k in self.qsr4.decision_points.keys() if "EQ6" in k][0] + self.eq3 = [k for k in self.qsr4.decision_points.keys() if "EQ3" in k][ + 0 + ] + self.eq6 = [k for k in self.qsr4.decision_points.keys() if "EQ6" in k][ + 0 + ] def test_mapping_for_expected(self): for row in V4_EXPECTED: @@ -73,7 +78,9 @@ def test_mapping_for_invalids(self): self.assertIn(new_key, _EXPECTED) expected_row = _EXPECTED[new_key] - self.assertEqual(expected_row[self.qsr4.outcome], row[self.qsr4.outcome]) + self.assertEqual( + expected_row[self.qsr4.outcome], row[self.qsr4.outcome] + ) if __name__ == "__main__": diff --git a/src/test/decision_tables/ssvc/test_coord_triage.py b/src/test/decision_tables/ssvc/test_coord_triage.py index 77ed2a68..9cadefa9 100644 --- a/src/test/decision_tables/ssvc/test_coord_triage.py +++ b/src/test/decision_tables/ssvc/test_coord_triage.py @@ -110,7 +110,9 @@ def test_mapping(self): for i, row in enumerate(self.ct.mapping): with self.subTest(row=row): - val_tup = tuple([v for k, v in row.items() if k != self.outcome]) + val_tup = tuple( + [v for k, v in row.items() if k != self.outcome] + ) # short circuit rows where we explicitly set a different outcome if val_tup in expect_track: @@ -121,7 +123,11 @@ def test_mapping(self): continue multiparty_supereffective_safety_impact = all( - (row[self.sc] == "M", row[self.u] == "S", row[self.psi] == "S") + ( + row[self.sc] == "M", + row[self.u] == "S", + row[self.psi] == "S", + ) ) # everything from here on should be a decline @@ -136,10 +142,14 @@ def test_mapping(self): if row[self.rp] == "Y" or row[self.scon] == "N": if row[self.rc] == "NC": - self.assertEqual("D", row[self.outcome], f"Row {i}: {row}") + self.assertEqual( + "D", row[self.outcome], f"Row {i}: {row}" + ) if not multiparty_supereffective_safety_impact: - self.assertEqual("D", row[self.outcome], f"Row {i}: {row}") + self.assertEqual( + "D", row[self.outcome], f"Row {i}: {row}" + ) elif row[self.rc] == "NC": # Report Credibility: If the report is not credible, # then CERT/CC will decline the case. diff --git a/src/test/decision_tables/ssvc/test_human_impact.py b/src/test/decision_tables/ssvc/test_human_impact.py index 94b9ce95..61b89f5e 100644 --- a/src/test/decision_tables/ssvc/test_human_impact.py +++ b/src/test/decision_tables/ssvc/test_human_impact.py @@ -25,8 +25,12 @@ class MyTestCase(unittest.TestCase): def setUp(self): self.hi: "DecisionTable" = HI - self.si: str = [k for k in self.hi.decision_points.keys() if "SI" in k][0] - self.mi: str = [k for k in self.hi.decision_points.keys() if "MI" in k][0] + self.si: str = [ + k for k in self.hi.decision_points.keys() if "SI" in k + ][0] + self.mi: str = [ + k for k in self.hi.decision_points.keys() if "MI" in k + ][0] self.outcome: str = self.hi.outcome def test_mapping(self): diff --git a/src/test/decision_tables/test_base.py b/src/test/decision_tables/test_base.py index f78d07ac..3cdf4505 100644 --- a/src/test/decision_tables/test_base.py +++ b/src/test/decision_tables/test_base.py @@ -42,13 +42,25 @@ def setUp(self): self.tmpdir = tempfile.TemporaryDirectory() # Create dummy decision point values - self.dp1v1 = DecisionPointValue(name="a", key="a", description="A value") - self.dp1v2 = DecisionPointValue(name="b", key="b", description="B value") + self.dp1v1 = DecisionPointValue( + name="a", key="a", description="A value" + ) + self.dp1v2 = DecisionPointValue( + name="b", key="b", description="B value" + ) - self.dp2v1 = DecisionPointValue(name="x", key="x", description="X value") - self.dp2v2 = DecisionPointValue(name="y", key="y", description="Y value") - self.dp2v3 = DecisionPointValue(name="z", key="z", description="Z value") - self.dp2v4 = DecisionPointValue(name="w", key="w", description="W value") + self.dp2v1 = DecisionPointValue( + name="x", key="x", description="X value" + ) + self.dp2v2 = DecisionPointValue( + name="y", key="y", description="Y value" + ) + self.dp2v3 = DecisionPointValue( + name="z", key="z", description="Z value" + ) + self.dp2v4 = DecisionPointValue( + name="w", key="w", description="W value" + ) # Create dummy decision points and group self.dp1 = DecisionPoint( @@ -68,9 +80,15 @@ def setUp(self): values=(self.dp2v1, self.dp2v2, self.dp2v3, self.dp2v4), ) # Create dummy outcome group - self.ogv1 = DecisionPointValue(name="o1", key="o1", description="Outcome 1") - self.ogv2 = DecisionPointValue(name="o2", key="o2", description="Outcome 2") - self.ogv3 = DecisionPointValue(name="o3", key="o3", description="Outcome 3") + self.ogv1 = DecisionPointValue( + name="o1", key="o1", description="Outcome 1" + ) + self.ogv2 = DecisionPointValue( + name="o2", key="o2", description="Outcome 2" + ) + self.ogv3 = DecisionPointValue( + name="o3", key="o3", description="Outcome 3" + ) self.og = OutcomeGroup( name="outcome", @@ -170,7 +188,9 @@ def test_model_dump_json(self): for row in d["mapping"]: row_keys = set(row.keys()) self.assertEqual( - row_keys, expect_keys, "Row keys do not match expected decision points" + row_keys, + expect_keys, + "Row keys do not match expected decision points", ) def test_populate_mapping_if_none(self): @@ -222,7 +242,8 @@ def test_distribute_outcomes_evenly_function(self): # Check if the new mapping has outcomes assigned for row in new_mapping: self.assertIsNotNone( - row[outcome_key], "Outcome should not be None after distribution" + row[outcome_key], + "Outcome should not be None after distribution", ) # Check if the length of new mapping matches original mapping @@ -368,7 +389,9 @@ def test_single_dp_dt(self): # Check if the mapping contains the correct outcomes for row in single_dt.mapping: self.assertIn(single_dt.outcome, row) - self.assertIn(row[single_dt.outcome], [v.key for v in self.og.values]) + self.assertIn( + row[single_dt.outcome], [v.key for v in self.og.values] + ) def test_should_reject_duplicate_conflicting_mappings(self): dt = self.dt @@ -378,7 +401,9 @@ def test_should_reject_duplicate_conflicting_mappings(self): new_row = dict(dt.mapping[0]) # copy the first row self.assertEqual( - new_row[dt.outcome], self.ogv1.key, "First row should have outcome o1" + new_row[dt.outcome], + self.ogv1.key, + "First row should have outcome o1", ) new_row[dt.outcome] = self.ogv2.key # change the outcome to o2 # insert it at position 1 @@ -397,7 +422,9 @@ def test_should_warn_duplicate_nonconflicting_mappings(self): new_row = dict(dt.mapping[0]) # copy the first row self.assertEqual( - new_row[dt.outcome], self.ogv1.key, "First row should have outcome o1" + new_row[dt.outcome], + self.ogv1.key, + "First row should have outcome o1", ) # do not change the outcome, just duplicate the row # insert it at position 1 diff --git a/src/test/dp_groups/test_dp_groups.py b/src/test/dp_groups/test_dp_groups.py index e5ae99b5..56df5d59 100644 --- a/src/test/dp_groups/test_dp_groups.py +++ b/src/test/dp_groups/test_dp_groups.py @@ -35,9 +35,15 @@ def setUp(self) -> None: description=f"Description of Decision Point {i}", version="1.0.0", values=( - DecisionPointValue(name="foo", key="FOO", description="foo"), - DecisionPointValue(name="bar", key="BAR", description="bar"), - DecisionPointValue(name="baz", key="BAZ", description="baz"), + DecisionPointValue( + name="foo", key="FOO", description="foo" + ), + DecisionPointValue( + name="bar", key="BAR", description="bar" + ), + DecisionPointValue( + name="baz", key="BAZ", description="baz" + ), ), ) self.dps.append(dp) diff --git a/src/test/registry/test_base.py b/src/test/registry/test_base.py index 564d2b71..fe0c398a 100644 --- a/src/test/registry/test_base.py +++ b/src/test/registry/test_base.py @@ -36,7 +36,9 @@ def setUp(self): name="test_registry", description="A test registry" ) main_reg = get_registry() - main_reg.reset(force=True) # reset the main registry to ensure a clean state + main_reg.reset( + force=True + ) # reset the main registry to ensure a clean state def tearDown(self): pass @@ -73,8 +75,12 @@ class Dummy: namespace="x_test", key="TEST", values=[ - DecisionPointValue(key="A", name="AAA", description="Option A"), - DecisionPointValue(key="B", name="BBB", description="Option B"), + DecisionPointValue( + key="A", name="AAA", description="Option A" + ), + DecisionPointValue( + key="B", name="BBB", description="Option B" + ), ], registered=False, ) @@ -89,9 +95,15 @@ class DpSubclass(DecisionPoint): namespace="x_test", key="TEST2", values=[ - DecisionPointValue(key="A", name="AAA", description="Option A"), - DecisionPointValue(key="B", name="BBB", description="Option B"), - DecisionPointValue(key="C", name="CCC", description="Option C"), + DecisionPointValue( + key="A", name="AAA", description="Option A" + ), + DecisionPointValue( + key="B", name="BBB", description="Option B" + ), + DecisionPointValue( + key="C", name="CCC", description="Option C" + ), ], registered=False, ) @@ -107,8 +119,12 @@ def test_valued_version(self): version="2.0.0", key="TEST", values=[ - DecisionPointValue(key="A", name="AAA", description="Option A"), - DecisionPointValue(key="B", name="BBB", description="Option B"), + DecisionPointValue( + key="A", name="AAA", description="Option A" + ), + DecisionPointValue( + key="B", name="BBB", description="Option B" + ), ], registered=False, ) @@ -128,11 +144,21 @@ def test_nonvalued_version(self): name="TestDP", description="A test decision point", values=( - DecisionPointValue(key="A", name="AAA", description="Option A"), - DecisionPointValue(key="B", name="BBB", description="Option B"), - DecisionPointValue(key="C", name="CCC", description="Option C"), - DecisionPointValue(key="D", name="DDD", description="Option D"), - DecisionPointValue(key="E", name="EEE", description="Option E"), + DecisionPointValue( + key="A", name="AAA", description="Option A" + ), + DecisionPointValue( + key="B", name="BBB", description="Option B" + ), + DecisionPointValue( + key="C", name="CCC", description="Option C" + ), + DecisionPointValue( + key="D", name="DDD", description="Option D" + ), + DecisionPointValue( + key="E", name="EEE", description="Option E" + ), ), registered=False, ) @@ -143,9 +169,15 @@ def test_nonvalued_version(self): name="TestDP", description="A test decision point", values=( - DecisionPointValue(key="A", name="AAA", description="Option A"), - DecisionPointValue(key="B", name="BBB", description="Option B"), - DecisionPointValue(key="C", name="CCC", description="Option C"), + DecisionPointValue( + key="A", name="AAA", description="Option A" + ), + DecisionPointValue( + key="B", name="BBB", description="Option B" + ), + DecisionPointValue( + key="C", name="CCC", description="Option C" + ), ), registered=False, ) @@ -182,7 +214,8 @@ def test_nonvalued_version(self): self.assertIsNotNone(ver.obj.mapping) self.assertEqual( - math.prod(len(dp.values) for dp in [dp1, dp2]), len(ver.obj.mapping) + math.prod(len(dp.values) for dp in [dp1, dp2]), + len(ver.obj.mapping), ) @patch("ssvc.registry.base._NonValuedVersion") @@ -239,8 +272,12 @@ def test__insert(self): namespace="x_test", key="TEST", values=[ - DecisionPointValue(key="A", name="AAA", description="Option A"), - DecisionPointValue(key="B", name="BBB", description="Option B"), + DecisionPointValue( + key="A", name="AAA", description="Option A" + ), + DecisionPointValue( + key="B", name="BBB", description="Option B" + ), ], registered=False, ) @@ -269,8 +306,12 @@ def test__compare(self): namespace="x_test", key="TEST", values=[ - DecisionPointValue(key="A", name="AAA", description="Option A"), - DecisionPointValue(key="B", name="BBB", description="Option B"), + DecisionPointValue( + key="A", name="AAA", description="Option A" + ), + DecisionPointValue( + key="B", name="BBB", description="Option B" + ), ], registered=False, ) @@ -281,8 +322,12 @@ def test__compare(self): namespace="x_test", key="TEST", values=[ - DecisionPointValue(key="AA", name="AAAA", description="Option A"), - DecisionPointValue(key="B", name="BBB", description="Option B"), + DecisionPointValue( + key="AA", name="AAAA", description="Option A" + ), + DecisionPointValue( + key="B", name="BBB", description="Option B" + ), ], registered=False, ) @@ -303,7 +348,9 @@ def test_lookup_latest(self): for v in range(1, 100): version = str( semver.Version( - major=v, minor=random.randint(0, 20), patch=random.randint(0, 50) + major=v, + minor=random.randint(0, 20), + patch=random.randint(0, 50), ) ) @@ -314,8 +361,12 @@ def test_lookup_latest(self): key="TEST", version=version, values=[ - DecisionPointValue(key="A", name=f"AAA{v}", description="Option A"), - DecisionPointValue(key="B", name="BBB", description="Option B"), + DecisionPointValue( + key="A", name=f"AAA{v}", description="Option A" + ), + DecisionPointValue( + key="B", name="BBB", description="Option B" + ), ], registered=False, ) diff --git a/src/test/test_doc_helpers.py b/src/test/test_doc_helpers.py index 73d54650..dcb428db 100644 --- a/src/test/test_doc_helpers.py +++ b/src/test/test_doc_helpers.py @@ -32,8 +32,12 @@ def setUp(self): key="TK", version="1.0.0", values=( - DecisionPointValue(name="A", key="A", description="A Definition"), - DecisionPointValue(name="B", key="B", description="B Definition"), + DecisionPointValue( + name="A", key="A", description="A Definition" + ), + DecisionPointValue( + name="B", key="B", description="B Definition" + ), ), ) diff --git a/src/test/test_doctools.py b/src/test/test_doctools.py index 21bc0498..49d579bf 100644 --- a/src/test/test_doctools.py +++ b/src/test/test_doctools.py @@ -156,7 +156,9 @@ def test_dump_json(self): if "already exists" in line: found = True break - self.assertTrue(found, "Expected warning about existing file not found") + self.assertTrue( + found, "Expected warning about existing file not found" + ) # should overwrite the file overwrite = True diff --git a/src/test/test_mixins.py b/src/test/test_mixins.py index 3ffc55cb..601398dd 100644 --- a/src/test/test_mixins.py +++ b/src/test/test_mixins.py @@ -198,7 +198,9 @@ def test_mixin_combos(self): "has_default": True, }, ] - keys_with_defaults = [x["args"].keys() for x in mixins if x["has_default"]] + keys_with_defaults = [ + x["args"].keys() for x in mixins if x["has_default"] + ] # flatten the list keys_with_defaults = [ item for sublist in keys_with_defaults for item in sublist diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index 716aa6f3..2de3b1b2 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -88,7 +88,7 @@ def setUp(self): "ab", # too short "x_", # too short after prefix "x_x_some-weird-private-one", # double x_ not allowed - "x_example.test///org.example#fragment", # three slashes in a row (was an mistake in ABNF previously) + "x_example.test///org.example#fragment", # three slashes in a row (was an mistake in ABNF previously) ] def test_ns_pattern(self): diff --git a/src/test/test_policy_generator.py b/src/test/test_policy_generator.py index 9505da3b..8f3c3af6 100644 --- a/src/test/test_policy_generator.py +++ b/src/test/test_policy_generator.py @@ -59,7 +59,9 @@ def setUp(self) -> None: namespace="x_example.test", values=tuple( [ - DecisionPointValue(name=v, key=v, description=v) + DecisionPointValue( + name=v, key=v, description=v + ) for v in self.dp_values ] ), @@ -272,7 +274,9 @@ def test_create_policy(self): self.assertEqual(16, len(pg.policy)) idx_cols = [col for col in pg.policy.columns if col.startswith("idx_")] - other_cols = [col for col in pg.policy.columns if not col.startswith("idx_")] + other_cols = [ + col for col in pg.policy.columns if not col.startswith("idx_") + ] for c in self.dp_names: @@ -283,7 +287,9 @@ def test_create_policy(self): self.assertIn("idx_outcome", pg.policy.columns) for outcome in self.og_names: - self.assertTrue(any([outcome in val for val in pg.policy.outcome.values])) + self.assertTrue( + any([outcome in val for val in pg.policy.outcome.values]) + ) def test_validate_paths(self): pg = PolicyGenerator( @@ -336,8 +342,12 @@ def test_confirm_topological_order(self): self.assertIsNone(pg._confirm_topological_order([0, 1, 2, 3, 4, 5])) self.assertIsNone(pg._confirm_topological_order([0, 1, 3, 2, 4, 5])) - self.assertRaises(ValueError, pg._confirm_topological_order, [0, 1, 2, 4, 3, 5]) - self.assertRaises(ValueError, pg._confirm_topological_order, [0, 1, 2, 3, 5]) + self.assertRaises( + ValueError, pg._confirm_topological_order, [0, 1, 2, 4, 3, 5] + ) + self.assertRaises( + ValueError, pg._confirm_topological_order, [0, 1, 2, 3, 5] + ) if __name__ == "__main__": diff --git a/src/test/test_schema.py b/src/test/test_schema.py index 51f63f98..fcc33703 100644 --- a/src/test/test_schema.py +++ b/src/test/test_schema.py @@ -29,8 +29,12 @@ import ssvc.decision_points # noqa F401 # importing these causes the decision points to register themselves -from ssvc.decision_points.ssvc.critical_software import CRITICAL_SOFTWARE_1 # noqa -from ssvc.decision_points.ssvc.high_value_asset import HIGH_VALUE_ASSET_1 # noqa +from ssvc.decision_points.ssvc.critical_software import ( + CRITICAL_SOFTWARE_1, +) # noqa +from ssvc.decision_points.ssvc.high_value_asset import ( + HIGH_VALUE_ASSET_1, +) # noqa # importing these causes the decision points to register themselves from ssvc.dp_groups.ssvc.collections import SSVCv1, SSVCv2, SSVCv2_1 # noqa @@ -68,18 +72,26 @@ def setUp(self) -> None: self.logger = logger self.registry = get_registry() - self.registered_dps = list(get_all("DecisionPoint", registry=self.registry)) + self.registered_dps = list( + get_all("DecisionPoint", registry=self.registry) + ) my_file_path = os.path.abspath(__file__) my_dir = os.path.dirname(my_file_path) - self.schema_dir = os.path.join(my_dir, "..", "..", "data", "schema", "v2") + self.schema_dir = os.path.join( + my_dir, "..", "..", "data", "schema", "v2" + ) def test_confirm_registered_decision_points(self): - self.assertGreater(len(self.registered_dps), 0, "No decision points registered") + self.assertGreater( + len(self.registered_dps), 0, "No decision points registered" + ) def test_decision_point_validation(self): - schema_path = os.path.join(self.schema_dir, "Decision_Point-2-0-0.schema.json") + schema_path = os.path.join( + self.schema_dir, "Decision_Point-2-0-0.schema.json" + ) schema_path = os.path.abspath(schema_path) with open(schema_path, "r") as f: @@ -91,11 +103,15 @@ def test_decision_point_validation(self): loaded = json.loads(as_json) try: - Draft202012Validator(schema, registry=_schema_registry).validate(loaded) + Draft202012Validator( + schema, registry=_schema_registry + ).validate(loaded) except jsonschema.exceptions.ValidationError as e: exp = e - self.assertIsNone(exp, f"Validation failed for {dp.name} {dp.version}") + self.assertIsNone( + exp, f"Validation failed for {dp.name} {dp.version}" + ) self.logger.debug( f"Validation passed for Decision Point ({dp.namespace}) {dp.name} v{dp.version}" ) @@ -115,12 +131,15 @@ def test_decision_point_group_validation(self): loaded = json.loads(as_json) try: - Draft202012Validator(schema, registry=_schema_registry).validate(loaded) + Draft202012Validator( + schema, registry=_schema_registry + ).validate(loaded) except jsonschema.exceptions.ValidationError as e: exp = e self.assertIsNone( - exp, f"Validation failed for {dp_group.name} {dp_group.version}" + exp, + f"Validation failed for {dp_group.name} {dp_group.version}", ) self.logger.debug( f"Validation passed for Decision Point Group {dp_group.name} v{dp_group.version}" diff --git a/src/test/test_selections.py b/src/test/test_selections.py index aac0d75e..156777b5 100644 --- a/src/test/test_selections.py +++ b/src/test/test_selections.py @@ -54,7 +54,9 @@ def test_minimal_selection_init(self): "values", ] for attr in required_attrs: - self.assertTrue(hasattr(self.s1, attr), f"Attribute {attr} is missing") + self.assertTrue( + hasattr(self.s1, attr), f"Attribute {attr} is missing" + ) # namespace is a valid NamespaceString self.assertIsInstance(self.s1.namespace, str) self.assertRegex( @@ -83,7 +85,8 @@ def test_minimal_selection_init(self): f"Value {value} is not a MinimalDecisionPoint", ) self.assertTrue( - hasattr(value, "key"), f"Attribute 'key' is missing from {value}" + hasattr(value, "key"), + f"Attribute 'key' is missing from {value}", ) self.assertIsInstance(value.key, str) @@ -129,7 +132,9 @@ def test_minimal_decision_point_value_validators(self): self.assertIsNone(value.description) # Test with empty strings - value_empty = MinimalDecisionPointValue(key="test_key", name="", description="") + value_empty = MinimalDecisionPointValue( + key="test_key", name="", description="" + ) self.assertIsNone(value_empty.name) self.assertIsNone(value_empty.description) @@ -193,9 +198,7 @@ def test_reference_model(self): ] for uri in uris: - ref = selection.Reference( - uri=uri, summary="Test description" - ) + ref = selection.Reference(uri=uri, summary="Test description") self.assertIn(uri, str(ref.uri)) self.assertEqual(ref.summary, "Test description") @@ -229,7 +232,6 @@ def test_reference_model_without_summary(self): self.assertIn(uri, str(ref.uri)) - def test_selection_list_validators(self): """Test SelectionList validators.""" # Test schema version is set automatically @@ -317,7 +319,9 @@ def test_model_json_schema_customization(self): schema = SelectionList.model_json_schema() # Check schema metadata - self.assertEqual(schema["title"], "Decision Point Value Selection List") + self.assertEqual( + schema["title"], "Decision Point Value Selection List" + ) self.assertEqual( schema["$schema"], "https://json-schema.org/draft/2020-12/schema" ) diff --git a/src/test/utils/__init__.py b/src/test/utils/__init__.py index c28d8571..684d6c79 100644 --- a/src/test/utils/__init__.py +++ b/src/test/utils/__init__.py @@ -25,9 +25,10 @@ # subject to its own license. # DM24-0278 + def main(): pass -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/src/test/utils/test_toposort.py b/src/test/utils/test_toposort.py index 8b93f605..19f14221 100644 --- a/src/test/utils/test_toposort.py +++ b/src/test/utils/test_toposort.py @@ -1,4 +1,3 @@ - # Copyright (c) 2025 Carnegie Mellon University. # NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE # ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. @@ -79,8 +78,12 @@ def setUp(self): version="1.0.0", description="Test DP 1", values=[ - DecisionPointValue(name="Value 1", key="V1", description="value 1 description"), - DecisionPointValue(name="Value 2", key="V2", description="value 2 description"), + DecisionPointValue( + name="Value 1", key="V1", description="value 1 description" + ), + DecisionPointValue( + name="Value 2", key="V2", description="value 2 description" + ), ], ) self.dp2 = DecisionPoint( @@ -90,8 +93,12 @@ def setUp(self): version="1.0.0", description="Test DP 2", values=[ - DecisionPointValue(name="Value A", key="VA", description="value A description"), - DecisionPointValue(name="Value B", key="VB", description="value B description"), + DecisionPointValue( + name="Value A", key="VA", description="value A description" + ), + DecisionPointValue( + name="Value B", key="VB", description="value B description" + ), ], ) @@ -146,7 +153,7 @@ def test_off_by_one(self): self.assertFalse(_off_by_one(t4)) self.assertFalse(_off_by_one(t5)) - @patch('ssvc.utils.toposort.graph_from_value_tuples') + @patch("ssvc.utils.toposort.graph_from_value_tuples") def test_graph_from_dplist(self, mock_graph_from_value_tuples): mock_graph_from_value_tuples.return_value = nx.DiGraph() @@ -154,12 +161,13 @@ def test_graph_from_dplist(self, mock_graph_from_value_tuples): self.assertIsInstance(result, nx.DiGraph) - mock_graph_from_value_tuples.assert_called_once_with( - [tuple(range(len(self.dp1.values))), tuple(range(len(self.dp2.values)))] + [ + tuple(range(len(self.dp1.values))), + tuple(range(len(self.dp2.values))), + ] ) - pass def test_graph_from_value_tuples(self): @@ -173,16 +181,23 @@ def test_graph_from_value_tuples(self): G = toposort.graph_from_value_tuples(values) self.assertIsInstance(G, nx.DiGraph) - self.assertEqual(len(G.nodes), node_count) # 3! = 6, 2! = 2, 2! = 2, total = 6 + 2 + 2 = 10 + self.assertEqual( + len(G.nodes), node_count + ) # 3! = 6, 2! = 2, 2! = 2, total = 6 + 2 + 2 = 10 - for u,v in itertools.product(G.nodes(), G.nodes()): + for u, v in itertools.product(G.nodes(), G.nodes()): if _off_by_one(_diff(u, v)): # edges should point from v to u - self.assertTrue(G.has_edge(v, u), f"Expected edge from {u} to {v} but it does not exist.") + self.assertTrue( + G.has_edge(v, u), + f"Expected edge from {u} to {v} but it does not exist.", + ) else: # edges should not point from v to u - self.assertFalse(G.has_edge(v, u), f"Expected no edge from {u} to {v} but it exists.") - + self.assertFalse( + G.has_edge(v, u), + f"Expected no edge from {u} to {v} but it exists.", + ) def test_dplist_to_value_lookup(self): value_lookup = toposort.dplist_to_value_lookup(self.decision_points) @@ -213,10 +228,14 @@ def test_tuple_to_dict(self): dp_lookup = toposort.dplist_to_lookup(self.decision_points) value_lookup = toposort.dplist_to_value_lookup(self.decision_points) - nodes = list(itertools.product(range(len(self.dp1.values)), range(len(self.dp2.values)))) + nodes = list( + itertools.product( + range(len(self.dp1.values)), range(len(self.dp2.values)) + ) + ) for node in nodes: node = tuple(node) - vals = toposort.lookup_value(node,value_lookup) + vals = toposort.lookup_value(node, value_lookup) result = toposort.tuple_to_dict(vals, dp_lookup) expected = { @@ -225,14 +244,19 @@ def test_tuple_to_dict(self): } self.assertEqual(result, expected) - def test_dplist_to_toposort(self): dplist = self.decision_points result = toposort.dplist_to_toposort(dplist) # result is a list of dicts of str:str self.assertIsInstance(result, list) self.assertTrue(all(isinstance(item, dict) for item in result)) - self.assertTrue(all(isinstance(k, str) and isinstance(v, str) for item in result for k, v in item.items())) + self.assertTrue( + all( + isinstance(k, str) and isinstance(v, str) + for item in result + for k, v in item.items() + ) + ) # check the shape of the result # length of each dict should match the number of decision points @@ -242,15 +266,19 @@ def test_dplist_to_toposort(self): self.assertEqual(len(result), expected_length) # lowest item should be V1,VA - expected_lowest = {self.dp1.id: self.dp1.values[0].key, self.dp2.id: self.dp2.values[0].key} + expected_lowest = { + self.dp1.id: self.dp1.values[0].key, + self.dp2.id: self.dp2.values[0].key, + } self.assertEqual(result[0], expected_lowest) # highest item should be V2,VB - expected_highest = {self.dp1.id: self.dp1.values[-1].key, self.dp2.id: self.dp2.values[-1].key} + expected_highest = { + self.dp1.id: self.dp1.values[-1].key, + self.dp2.id: self.dp2.values[-1].key, + } self.assertEqual(result[-1], expected_highest) -if __name__ == '__main__': +if __name__ == "__main__": unittest.main() - - From ba7ce141bb4b789442897e165dadc72ea1278071 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 19 Aug 2025 11:27:49 -0400 Subject: [PATCH 263/468] add uv to manage pyproject.toml --- src/pyproject.toml | 25 +- src/uv.lock | 1641 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 1662 insertions(+), 4 deletions(-) create mode 100644 src/uv.lock diff --git a/src/pyproject.toml b/src/pyproject.toml index 83b62dbb..66c01339 100644 --- a/src/pyproject.toml +++ b/src/pyproject.toml @@ -20,7 +20,7 @@ authors = [ ] description = "Tools for working with a Stakeholder Specific Vulnerability Categorization (SSVC)" readme = {file="README.md", content-type="text/markdown"} -requires-python = ">=3.8" +requires-python = ">=3.10" keywords =["ssvc","vulnerability management","vulnerability management"] license = {file="LICENSE.md"} classifiers = [ @@ -31,8 +31,25 @@ classifiers = [ "Topic :: Software Development :: Libraries :: Python Modules", ] dependencies = [ - "mkdocs","mkdocs-material","mkdocs-material-extensions","mkdocstrings","mkdocstrings-python", - "mkdocs-include-markdown-plugin", "pandas","scipy", "dataclasses-json", "jsonschema" + "mkdocs==1.6.1", + "mkdocs-material==9.6.16", + "mkdocs-material-extensions==1.3.1", + "mkdocstrings==0.30.0", + "mkdocstrings-python==1.16.12", + "mkdocs-include-markdown-plugin==7.1.6", + "pandas==2.3.1", + "scipy", + "dataclasses-json", + "jsonschema==4.25.0", + "mkdocs-bibtex==4.4.0", + "mkdocs-table-reader-plugin==3.1.0", + "mkdocs-print-site-plugin==2.8", + "markdown-exec==1.11.0", + "thefuzz==0.22.1", + "scikit-learn==1.6.1", + "networkx==3.4.2", + "pydantic==2.11.7", + "semver==3.0.4", ] dynamic = ["version",] @@ -67,4 +84,4 @@ minversion = "6.0" addopts = "-ra -q" testpaths = [ "test", -] \ No newline at end of file +] diff --git a/src/uv.lock b/src/uv.lock new file mode 100644 index 00000000..6eb176b1 --- /dev/null +++ b/src/uv.lock @@ -0,0 +1,1641 @@ +version = 1 +revision = 3 +requires-python = ">=3.10" +resolution-markers = [ + "python_full_version >= '3.12'", + "python_full_version == '3.11.*'", + "python_full_version < '3.11'", +] + +[[package]] +name = "annotated-types" +version = "0.7.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/ee/67/531ea369ba64dcff5ec9c3402f9f51bf748cec26dde048a2f973a4eea7f5/annotated_types-0.7.0.tar.gz", hash = "sha256:aff07c09a53a08bc8cfccb9c85b05f1aa9a2a6f23728d790723543408344ce89", size = 16081, upload-time = "2024-05-20T21:33:25.928Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/78/b6/6307fbef88d9b5ee7421e68d78a9f162e0da4900bc5f5793f6d3d0e34fb8/annotated_types-0.7.0-py3-none-any.whl", hash = "sha256:1f02e8b43a8fbbc3f3e0d4f0f4bfc8131bcb4eebe8849b8e5c773f3a1c582a53", size = 13643, upload-time = "2024-05-20T21:33:24.1Z" }, +] + +[[package]] +name = "attrs" +version = "25.3.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/5a/b0/1367933a8532ee6ff8d63537de4f1177af4bff9f3e829baf7331f595bb24/attrs-25.3.0.tar.gz", hash = "sha256:75d7cefc7fb576747b2c81b4442d4d4a1ce0900973527c011d1030fd3bf4af1b", size = 812032, upload-time = "2025-03-13T11:10:22.779Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/77/06/bb80f5f86020c4551da315d78b3ab75e8228f89f0162f2c3a819e407941a/attrs-25.3.0-py3-none-any.whl", hash = "sha256:427318ce031701fea540783410126f03899a97ffc6f61596ad581ac2e40e3bc3", size = 63815, upload-time = "2025-03-13T11:10:21.14Z" }, +] + +[[package]] +name = "babel" +version = "2.17.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/7d/6b/d52e42361e1aa00709585ecc30b3f9684b3ab62530771402248b1b1d6240/babel-2.17.0.tar.gz", hash = "sha256:0c54cffb19f690cdcc52a3b50bcbf71e07a808d1c80d549f2459b9d2cf0afb9d", size = 9951852, upload-time = "2025-02-01T15:17:41.026Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/b7/b8/3fe70c75fe32afc4bb507f75563d39bc5642255d1d94f1f23604725780bf/babel-2.17.0-py3-none-any.whl", hash = "sha256:4d0b53093fdfb4b21c92b5213dba5a1b23885afa8383709427046b21c366e5f2", size = 10182537, upload-time = "2025-02-01T15:17:37.39Z" }, +] + +[[package]] +name = "backrefs" +version = "5.9" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/eb/a7/312f673df6a79003279e1f55619abbe7daebbb87c17c976ddc0345c04c7b/backrefs-5.9.tar.gz", hash = "sha256:808548cb708d66b82ee231f962cb36faaf4f2baab032f2fbb783e9c2fdddaa59", size = 5765857, upload-time = "2025-06-22T19:34:13.97Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/19/4d/798dc1f30468134906575156c089c492cf79b5a5fd373f07fe26c4d046bf/backrefs-5.9-py310-none-any.whl", hash = "sha256:db8e8ba0e9de81fcd635f440deab5ae5f2591b54ac1ebe0550a2ca063488cd9f", size = 380267, upload-time = "2025-06-22T19:34:05.252Z" }, + { url = "https://files.pythonhosted.org/packages/55/07/f0b3375bf0d06014e9787797e6b7cc02b38ac9ff9726ccfe834d94e9991e/backrefs-5.9-py311-none-any.whl", hash = "sha256:6907635edebbe9b2dc3de3a2befff44d74f30a4562adbb8b36f21252ea19c5cf", size = 392072, upload-time = "2025-06-22T19:34:06.743Z" }, + { url = "https://files.pythonhosted.org/packages/9d/12/4f345407259dd60a0997107758ba3f221cf89a9b5a0f8ed5b961aef97253/backrefs-5.9-py312-none-any.whl", hash = "sha256:7fdf9771f63e6028d7fee7e0c497c81abda597ea45d6b8f89e8ad76994f5befa", size = 397947, upload-time = "2025-06-22T19:34:08.172Z" }, + { url = "https://files.pythonhosted.org/packages/10/bf/fa31834dc27a7f05e5290eae47c82690edc3a7b37d58f7fb35a1bdbf355b/backrefs-5.9-py313-none-any.whl", hash = "sha256:cc37b19fa219e93ff825ed1fed8879e47b4d89aa7a1884860e2db64ccd7c676b", size = 399843, upload-time = "2025-06-22T19:34:09.68Z" }, + { url = "https://files.pythonhosted.org/packages/fc/24/b29af34b2c9c41645a9f4ff117bae860291780d73880f449e0b5d948c070/backrefs-5.9-py314-none-any.whl", hash = "sha256:df5e169836cc8acb5e440ebae9aad4bf9d15e226d3bad049cf3f6a5c20cc8dc9", size = 411762, upload-time = "2025-06-22T19:34:11.037Z" }, + { url = "https://files.pythonhosted.org/packages/41/ff/392bff89415399a979be4a65357a41d92729ae8580a66073d8ec8d810f98/backrefs-5.9-py39-none-any.whl", hash = "sha256:f48ee18f6252b8f5777a22a00a09a85de0ca931658f1dd96d4406a34f3748c60", size = 380265, upload-time = "2025-06-22T19:34:12.405Z" }, +] + +[[package]] +name = "bracex" +version = "2.6" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/63/9a/fec38644694abfaaeca2798b58e276a8e61de49e2e37494ace423395febc/bracex-2.6.tar.gz", hash = "sha256:98f1347cd77e22ee8d967a30ad4e310b233f7754dbf31ff3fceb76145ba47dc7", size = 26642, upload-time = "2025-06-22T19:12:31.254Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/9d/2a/9186535ce58db529927f6cf5990a849aa9e052eea3e2cfefe20b9e1802da/bracex-2.6-py3-none-any.whl", hash = "sha256:0b0049264e7340b3ec782b5cb99beb325f36c3782a32e36e876452fd49a09952", size = 11508, upload-time = "2025-06-22T19:12:29.781Z" }, +] + +[[package]] +name = "certifi" +version = "2025.8.3" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/dc/67/960ebe6bf230a96cda2e0abcf73af550ec4f090005363542f0765df162e0/certifi-2025.8.3.tar.gz", hash = "sha256:e564105f78ded564e3ae7c923924435e1daa7463faeab5bb932bc53ffae63407", size = 162386, upload-time = "2025-08-03T03:07:47.08Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e5/48/1549795ba7742c948d2ad169c1c8cdbae65bc450d6cd753d124b17c8cd32/certifi-2025.8.3-py3-none-any.whl", hash = "sha256:f6c12493cfb1b06ba2ff328595af9350c65d6644968e5d3a2ffd78699af217a5", size = 161216, upload-time = "2025-08-03T03:07:45.777Z" }, +] + +[[package]] +name = "charset-normalizer" +version = "3.4.3" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/83/2d/5fd176ceb9b2fc619e63405525573493ca23441330fcdaee6bef9460e924/charset_normalizer-3.4.3.tar.gz", hash = "sha256:6fce4b8500244f6fcb71465d4a4930d132ba9ab8e71a7859e6a5d59851068d14", size = 122371, upload-time = "2025-08-09T07:57:28.46Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/d6/98/f3b8013223728a99b908c9344da3aa04ee6e3fa235f19409033eda92fb78/charset_normalizer-3.4.3-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:fb7f67a1bfa6e40b438170ebdc8158b78dc465a5a67b6dde178a46987b244a72", size = 207695, upload-time = "2025-08-09T07:55:36.452Z" }, + { url = "https://files.pythonhosted.org/packages/21/40/5188be1e3118c82dcb7c2a5ba101b783822cfb413a0268ed3be0468532de/charset_normalizer-3.4.3-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:cc9370a2da1ac13f0153780040f465839e6cccb4a1e44810124b4e22483c93fe", size = 147153, upload-time = "2025-08-09T07:55:38.467Z" }, + { url = "https://files.pythonhosted.org/packages/37/60/5d0d74bc1e1380f0b72c327948d9c2aca14b46a9efd87604e724260f384c/charset_normalizer-3.4.3-cp310-cp310-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:07a0eae9e2787b586e129fdcbe1af6997f8d0e5abaa0bc98c0e20e124d67e601", size = 160428, upload-time = "2025-08-09T07:55:40.072Z" }, + { url = "https://files.pythonhosted.org/packages/85/9a/d891f63722d9158688de58d050c59dc3da560ea7f04f4c53e769de5140f5/charset_normalizer-3.4.3-cp310-cp310-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:74d77e25adda8581ffc1c720f1c81ca082921329452eba58b16233ab1842141c", size = 157627, upload-time = "2025-08-09T07:55:41.706Z" }, + { url = "https://files.pythonhosted.org/packages/65/1a/7425c952944a6521a9cfa7e675343f83fd82085b8af2b1373a2409c683dc/charset_normalizer-3.4.3-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:d0e909868420b7049dafd3a31d45125b31143eec59235311fc4c57ea26a4acd2", size = 152388, upload-time = "2025-08-09T07:55:43.262Z" }, + { url = "https://files.pythonhosted.org/packages/f0/c9/a2c9c2a355a8594ce2446085e2ec97fd44d323c684ff32042e2a6b718e1d/charset_normalizer-3.4.3-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:c6f162aabe9a91a309510d74eeb6507fab5fff92337a15acbe77753d88d9dcf0", size = 150077, upload-time = "2025-08-09T07:55:44.903Z" }, + { url = "https://files.pythonhosted.org/packages/3b/38/20a1f44e4851aa1c9105d6e7110c9d020e093dfa5836d712a5f074a12bf7/charset_normalizer-3.4.3-cp310-cp310-musllinux_1_2_ppc64le.whl", hash = "sha256:4ca4c094de7771a98d7fbd67d9e5dbf1eb73efa4f744a730437d8a3a5cf994f0", size = 161631, upload-time = "2025-08-09T07:55:46.346Z" }, + { url = "https://files.pythonhosted.org/packages/a4/fa/384d2c0f57edad03d7bec3ebefb462090d8905b4ff5a2d2525f3bb711fac/charset_normalizer-3.4.3-cp310-cp310-musllinux_1_2_s390x.whl", hash = "sha256:02425242e96bcf29a49711b0ca9f37e451da7c70562bc10e8ed992a5a7a25cc0", size = 159210, upload-time = "2025-08-09T07:55:47.539Z" }, + { url = "https://files.pythonhosted.org/packages/33/9e/eca49d35867ca2db336b6ca27617deed4653b97ebf45dfc21311ce473c37/charset_normalizer-3.4.3-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:78deba4d8f9590fe4dae384aeff04082510a709957e968753ff3c48399f6f92a", size = 153739, upload-time = "2025-08-09T07:55:48.744Z" }, + { url = "https://files.pythonhosted.org/packages/2a/91/26c3036e62dfe8de8061182d33be5025e2424002125c9500faff74a6735e/charset_normalizer-3.4.3-cp310-cp310-win32.whl", hash = "sha256:d79c198e27580c8e958906f803e63cddb77653731be08851c7df0b1a14a8fc0f", size = 99825, upload-time = "2025-08-09T07:55:50.305Z" }, + { url = "https://files.pythonhosted.org/packages/e2/c6/f05db471f81af1fa01839d44ae2a8bfeec8d2a8b4590f16c4e7393afd323/charset_normalizer-3.4.3-cp310-cp310-win_amd64.whl", hash = "sha256:c6e490913a46fa054e03699c70019ab869e990270597018cef1d8562132c2669", size = 107452, upload-time = "2025-08-09T07:55:51.461Z" }, + { url = "https://files.pythonhosted.org/packages/7f/b5/991245018615474a60965a7c9cd2b4efbaabd16d582a5547c47ee1c7730b/charset_normalizer-3.4.3-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:b256ee2e749283ef3ddcff51a675ff43798d92d746d1a6e4631bf8c707d22d0b", size = 204483, upload-time = "2025-08-09T07:55:53.12Z" }, + { url = "https://files.pythonhosted.org/packages/c7/2a/ae245c41c06299ec18262825c1569c5d3298fc920e4ddf56ab011b417efd/charset_normalizer-3.4.3-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:13faeacfe61784e2559e690fc53fa4c5ae97c6fcedb8eb6fb8d0a15b475d2c64", size = 145520, upload-time = "2025-08-09T07:55:54.712Z" }, + { url = "https://files.pythonhosted.org/packages/3a/a4/b3b6c76e7a635748c4421d2b92c7b8f90a432f98bda5082049af37ffc8e3/charset_normalizer-3.4.3-cp311-cp311-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:00237675befef519d9af72169d8604a067d92755e84fe76492fef5441db05b91", size = 158876, upload-time = "2025-08-09T07:55:56.024Z" }, + { url = "https://files.pythonhosted.org/packages/e2/e6/63bb0e10f90a8243c5def74b5b105b3bbbfb3e7bb753915fe333fb0c11ea/charset_normalizer-3.4.3-cp311-cp311-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:585f3b2a80fbd26b048a0be90c5aae8f06605d3c92615911c3a2b03a8a3b796f", size = 156083, upload-time = "2025-08-09T07:55:57.582Z" }, + { url = "https://files.pythonhosted.org/packages/87/df/b7737ff046c974b183ea9aa111b74185ac8c3a326c6262d413bd5a1b8c69/charset_normalizer-3.4.3-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:0e78314bdc32fa80696f72fa16dc61168fda4d6a0c014e0380f9d02f0e5d8a07", size = 150295, upload-time = "2025-08-09T07:55:59.147Z" }, + { url = "https://files.pythonhosted.org/packages/61/f1/190d9977e0084d3f1dc169acd060d479bbbc71b90bf3e7bf7b9927dec3eb/charset_normalizer-3.4.3-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:96b2b3d1a83ad55310de8c7b4a2d04d9277d5591f40761274856635acc5fcb30", size = 148379, upload-time = "2025-08-09T07:56:00.364Z" }, + { url = "https://files.pythonhosted.org/packages/4c/92/27dbe365d34c68cfe0ca76f1edd70e8705d82b378cb54ebbaeabc2e3029d/charset_normalizer-3.4.3-cp311-cp311-musllinux_1_2_ppc64le.whl", hash = "sha256:939578d9d8fd4299220161fdd76e86c6a251987476f5243e8864a7844476ba14", size = 160018, upload-time = "2025-08-09T07:56:01.678Z" }, + { url = "https://files.pythonhosted.org/packages/99/04/baae2a1ea1893a01635d475b9261c889a18fd48393634b6270827869fa34/charset_normalizer-3.4.3-cp311-cp311-musllinux_1_2_s390x.whl", hash = "sha256:fd10de089bcdcd1be95a2f73dbe6254798ec1bda9f450d5828c96f93e2536b9c", size = 157430, upload-time = "2025-08-09T07:56:02.87Z" }, + { url = "https://files.pythonhosted.org/packages/2f/36/77da9c6a328c54d17b960c89eccacfab8271fdaaa228305330915b88afa9/charset_normalizer-3.4.3-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:1e8ac75d72fa3775e0b7cb7e4629cec13b7514d928d15ef8ea06bca03ef01cae", size = 151600, upload-time = "2025-08-09T07:56:04.089Z" }, + { url = "https://files.pythonhosted.org/packages/64/d4/9eb4ff2c167edbbf08cdd28e19078bf195762e9bd63371689cab5ecd3d0d/charset_normalizer-3.4.3-cp311-cp311-win32.whl", hash = "sha256:6cf8fd4c04756b6b60146d98cd8a77d0cdae0e1ca20329da2ac85eed779b6849", size = 99616, upload-time = "2025-08-09T07:56:05.658Z" }, + { url = "https://files.pythonhosted.org/packages/f4/9c/996a4a028222e7761a96634d1820de8a744ff4327a00ada9c8942033089b/charset_normalizer-3.4.3-cp311-cp311-win_amd64.whl", hash = "sha256:31a9a6f775f9bcd865d88ee350f0ffb0e25936a7f930ca98995c05abf1faf21c", size = 107108, upload-time = "2025-08-09T07:56:07.176Z" }, + { url = "https://files.pythonhosted.org/packages/e9/5e/14c94999e418d9b87682734589404a25854d5f5d0408df68bc15b6ff54bb/charset_normalizer-3.4.3-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:e28e334d3ff134e88989d90ba04b47d84382a828c061d0d1027b1b12a62b39b1", size = 205655, upload-time = "2025-08-09T07:56:08.475Z" }, + { url = "https://files.pythonhosted.org/packages/7d/a8/c6ec5d389672521f644505a257f50544c074cf5fc292d5390331cd6fc9c3/charset_normalizer-3.4.3-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:0cacf8f7297b0c4fcb74227692ca46b4a5852f8f4f24b3c766dd94a1075c4884", size = 146223, upload-time = "2025-08-09T07:56:09.708Z" }, + { url = "https://files.pythonhosted.org/packages/fc/eb/a2ffb08547f4e1e5415fb69eb7db25932c52a52bed371429648db4d84fb1/charset_normalizer-3.4.3-cp312-cp312-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:c6fd51128a41297f5409deab284fecbe5305ebd7e5a1f959bee1c054622b7018", size = 159366, upload-time = "2025-08-09T07:56:11.326Z" }, + { url = "https://files.pythonhosted.org/packages/82/10/0fd19f20c624b278dddaf83b8464dcddc2456cb4b02bb902a6da126b87a1/charset_normalizer-3.4.3-cp312-cp312-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:3cfb2aad70f2c6debfbcb717f23b7eb55febc0bb23dcffc0f076009da10c6392", size = 157104, upload-time = "2025-08-09T07:56:13.014Z" }, + { url = "https://files.pythonhosted.org/packages/16/ab/0233c3231af734f5dfcf0844aa9582d5a1466c985bbed6cedab85af9bfe3/charset_normalizer-3.4.3-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:1606f4a55c0fd363d754049cdf400175ee96c992b1f8018b993941f221221c5f", size = 151830, upload-time = "2025-08-09T07:56:14.428Z" }, + { url = "https://files.pythonhosted.org/packages/ae/02/e29e22b4e02839a0e4a06557b1999d0a47db3567e82989b5bb21f3fbbd9f/charset_normalizer-3.4.3-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:027b776c26d38b7f15b26a5da1044f376455fb3766df8fc38563b4efbc515154", size = 148854, upload-time = "2025-08-09T07:56:16.051Z" }, + { url = "https://files.pythonhosted.org/packages/05/6b/e2539a0a4be302b481e8cafb5af8792da8093b486885a1ae4d15d452bcec/charset_normalizer-3.4.3-cp312-cp312-musllinux_1_2_ppc64le.whl", hash = "sha256:42e5088973e56e31e4fa58eb6bd709e42fc03799c11c42929592889a2e54c491", size = 160670, upload-time = "2025-08-09T07:56:17.314Z" }, + { url = "https://files.pythonhosted.org/packages/31/e7/883ee5676a2ef217a40ce0bffcc3d0dfbf9e64cbcfbdf822c52981c3304b/charset_normalizer-3.4.3-cp312-cp312-musllinux_1_2_s390x.whl", hash = "sha256:cc34f233c9e71701040d772aa7490318673aa7164a0efe3172b2981218c26d93", size = 158501, upload-time = "2025-08-09T07:56:18.641Z" }, + { url = "https://files.pythonhosted.org/packages/c1/35/6525b21aa0db614cf8b5792d232021dca3df7f90a1944db934efa5d20bb1/charset_normalizer-3.4.3-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:320e8e66157cc4e247d9ddca8e21f427efc7a04bbd0ac8a9faf56583fa543f9f", size = 153173, upload-time = "2025-08-09T07:56:20.289Z" }, + { url = "https://files.pythonhosted.org/packages/50/ee/f4704bad8201de513fdc8aac1cabc87e38c5818c93857140e06e772b5892/charset_normalizer-3.4.3-cp312-cp312-win32.whl", hash = "sha256:fb6fecfd65564f208cbf0fba07f107fb661bcd1a7c389edbced3f7a493f70e37", size = 99822, upload-time = "2025-08-09T07:56:21.551Z" }, + { url = "https://files.pythonhosted.org/packages/39/f5/3b3836ca6064d0992c58c7561c6b6eee1b3892e9665d650c803bd5614522/charset_normalizer-3.4.3-cp312-cp312-win_amd64.whl", hash = "sha256:86df271bf921c2ee3818f0522e9a5b8092ca2ad8b065ece5d7d9d0e9f4849bcc", size = 107543, upload-time = "2025-08-09T07:56:23.115Z" }, + { url = "https://files.pythonhosted.org/packages/65/ca/2135ac97709b400c7654b4b764daf5c5567c2da45a30cdd20f9eefe2d658/charset_normalizer-3.4.3-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:14c2a87c65b351109f6abfc424cab3927b3bdece6f706e4d12faaf3d52ee5efe", size = 205326, upload-time = "2025-08-09T07:56:24.721Z" }, + { url = "https://files.pythonhosted.org/packages/71/11/98a04c3c97dd34e49c7d247083af03645ca3730809a5509443f3c37f7c99/charset_normalizer-3.4.3-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:41d1fc408ff5fdfb910200ec0e74abc40387bccb3252f3f27c0676731df2b2c8", size = 146008, upload-time = "2025-08-09T07:56:26.004Z" }, + { url = "https://files.pythonhosted.org/packages/60/f5/4659a4cb3c4ec146bec80c32d8bb16033752574c20b1252ee842a95d1a1e/charset_normalizer-3.4.3-cp313-cp313-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:1bb60174149316da1c35fa5233681f7c0f9f514509b8e399ab70fea5f17e45c9", size = 159196, upload-time = "2025-08-09T07:56:27.25Z" }, + { url = "https://files.pythonhosted.org/packages/86/9e/f552f7a00611f168b9a5865a1414179b2c6de8235a4fa40189f6f79a1753/charset_normalizer-3.4.3-cp313-cp313-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:30d006f98569de3459c2fc1f2acde170b7b2bd265dc1943e87e1a4efe1b67c31", size = 156819, upload-time = "2025-08-09T07:56:28.515Z" }, + { url = "https://files.pythonhosted.org/packages/7e/95/42aa2156235cbc8fa61208aded06ef46111c4d3f0de233107b3f38631803/charset_normalizer-3.4.3-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:416175faf02e4b0810f1f38bcb54682878a4af94059a1cd63b8747244420801f", size = 151350, upload-time = "2025-08-09T07:56:29.716Z" }, + { url = "https://files.pythonhosted.org/packages/c2/a9/3865b02c56f300a6f94fc631ef54f0a8a29da74fb45a773dfd3dcd380af7/charset_normalizer-3.4.3-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:6aab0f181c486f973bc7262a97f5aca3ee7e1437011ef0c2ec04b5a11d16c927", size = 148644, upload-time = "2025-08-09T07:56:30.984Z" }, + { url = "https://files.pythonhosted.org/packages/77/d9/cbcf1a2a5c7d7856f11e7ac2d782aec12bdfea60d104e60e0aa1c97849dc/charset_normalizer-3.4.3-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:fdabf8315679312cfa71302f9bd509ded4f2f263fb5b765cf1433b39106c3cc9", size = 160468, upload-time = "2025-08-09T07:56:32.252Z" }, + { url = "https://files.pythonhosted.org/packages/f6/42/6f45efee8697b89fda4d50580f292b8f7f9306cb2971d4b53f8914e4d890/charset_normalizer-3.4.3-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:bd28b817ea8c70215401f657edef3a8aa83c29d447fb0b622c35403780ba11d5", size = 158187, upload-time = "2025-08-09T07:56:33.481Z" }, + { url = "https://files.pythonhosted.org/packages/70/99/f1c3bdcfaa9c45b3ce96f70b14f070411366fa19549c1d4832c935d8e2c3/charset_normalizer-3.4.3-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:18343b2d246dc6761a249ba1fb13f9ee9a2bcd95decc767319506056ea4ad4dc", size = 152699, upload-time = "2025-08-09T07:56:34.739Z" }, + { url = "https://files.pythonhosted.org/packages/a3/ad/b0081f2f99a4b194bcbb1934ef3b12aa4d9702ced80a37026b7607c72e58/charset_normalizer-3.4.3-cp313-cp313-win32.whl", hash = "sha256:6fb70de56f1859a3f71261cbe41005f56a7842cc348d3aeb26237560bfa5e0ce", size = 99580, upload-time = "2025-08-09T07:56:35.981Z" }, + { url = "https://files.pythonhosted.org/packages/9a/8f/ae790790c7b64f925e5c953b924aaa42a243fb778fed9e41f147b2a5715a/charset_normalizer-3.4.3-cp313-cp313-win_amd64.whl", hash = "sha256:cf1ebb7d78e1ad8ec2a8c4732c7be2e736f6e5123a4146c5b89c9d1f585f8cef", size = 107366, upload-time = "2025-08-09T07:56:37.339Z" }, + { url = "https://files.pythonhosted.org/packages/8e/91/b5a06ad970ddc7a0e513112d40113e834638f4ca1120eb727a249fb2715e/charset_normalizer-3.4.3-cp314-cp314-macosx_10_13_universal2.whl", hash = "sha256:3cd35b7e8aedeb9e34c41385fda4f73ba609e561faedfae0a9e75e44ac558a15", size = 204342, upload-time = "2025-08-09T07:56:38.687Z" }, + { url = "https://files.pythonhosted.org/packages/ce/ec/1edc30a377f0a02689342f214455c3f6c2fbedd896a1d2f856c002fc3062/charset_normalizer-3.4.3-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:b89bc04de1d83006373429975f8ef9e7932534b8cc9ca582e4db7d20d91816db", size = 145995, upload-time = "2025-08-09T07:56:40.048Z" }, + { url = "https://files.pythonhosted.org/packages/17/e5/5e67ab85e6d22b04641acb5399c8684f4d37caf7558a53859f0283a650e9/charset_normalizer-3.4.3-cp314-cp314-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:2001a39612b241dae17b4687898843f254f8748b796a2e16f1051a17078d991d", size = 158640, upload-time = "2025-08-09T07:56:41.311Z" }, + { url = "https://files.pythonhosted.org/packages/f1/e5/38421987f6c697ee3722981289d554957c4be652f963d71c5e46a262e135/charset_normalizer-3.4.3-cp314-cp314-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:8dcfc373f888e4fb39a7bc57e93e3b845e7f462dacc008d9749568b1c4ece096", size = 156636, upload-time = "2025-08-09T07:56:43.195Z" }, + { url = "https://files.pythonhosted.org/packages/a0/e4/5a075de8daa3ec0745a9a3b54467e0c2967daaaf2cec04c845f73493e9a1/charset_normalizer-3.4.3-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:18b97b8404387b96cdbd30ad660f6407799126d26a39ca65729162fd810a99aa", size = 150939, upload-time = "2025-08-09T07:56:44.819Z" }, + { url = "https://files.pythonhosted.org/packages/02/f7/3611b32318b30974131db62b4043f335861d4d9b49adc6d57c1149cc49d4/charset_normalizer-3.4.3-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:ccf600859c183d70eb47e05a44cd80a4ce77394d1ac0f79dbd2dd90a69a3a049", size = 148580, upload-time = "2025-08-09T07:56:46.684Z" }, + { url = "https://files.pythonhosted.org/packages/7e/61/19b36f4bd67f2793ab6a99b979b4e4f3d8fc754cbdffb805335df4337126/charset_normalizer-3.4.3-cp314-cp314-musllinux_1_2_ppc64le.whl", hash = "sha256:53cd68b185d98dde4ad8990e56a58dea83a4162161b1ea9272e5c9182ce415e0", size = 159870, upload-time = "2025-08-09T07:56:47.941Z" }, + { url = "https://files.pythonhosted.org/packages/06/57/84722eefdd338c04cf3030ada66889298eaedf3e7a30a624201e0cbe424a/charset_normalizer-3.4.3-cp314-cp314-musllinux_1_2_s390x.whl", hash = "sha256:30a96e1e1f865f78b030d65241c1ee850cdf422d869e9028e2fc1d5e4db73b92", size = 157797, upload-time = "2025-08-09T07:56:49.756Z" }, + { url = "https://files.pythonhosted.org/packages/72/2a/aff5dd112b2f14bcc3462c312dce5445806bfc8ab3a7328555da95330e4b/charset_normalizer-3.4.3-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:d716a916938e03231e86e43782ca7878fb602a125a91e7acb8b5112e2e96ac16", size = 152224, upload-time = "2025-08-09T07:56:51.369Z" }, + { url = "https://files.pythonhosted.org/packages/b7/8c/9839225320046ed279c6e839d51f028342eb77c91c89b8ef2549f951f3ec/charset_normalizer-3.4.3-cp314-cp314-win32.whl", hash = "sha256:c6dbd0ccdda3a2ba7c2ecd9d77b37f3b5831687d8dc1b6ca5f56a4880cc7b7ce", size = 100086, upload-time = "2025-08-09T07:56:52.722Z" }, + { url = "https://files.pythonhosted.org/packages/ee/7a/36fbcf646e41f710ce0a563c1c9a343c6edf9be80786edeb15b6f62e17db/charset_normalizer-3.4.3-cp314-cp314-win_amd64.whl", hash = "sha256:73dc19b562516fc9bcf6e5d6e596df0b4eb98d87e4f79f3ae71840e6ed21361c", size = 107400, upload-time = "2025-08-09T07:56:55.172Z" }, + { url = "https://files.pythonhosted.org/packages/8a/1f/f041989e93b001bc4e44bb1669ccdcf54d3f00e628229a85b08d330615c5/charset_normalizer-3.4.3-py3-none-any.whl", hash = "sha256:ce571ab16d890d23b5c278547ba694193a45011ff86a9162a71307ed9f86759a", size = 53175, upload-time = "2025-08-09T07:57:26.864Z" }, +] + +[[package]] +name = "click" +version = "8.2.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "colorama", marker = "sys_platform == 'win32'" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/60/6c/8ca2efa64cf75a977a0d7fac081354553ebe483345c734fb6b6515d96bbc/click-8.2.1.tar.gz", hash = "sha256:27c491cc05d968d271d5a1db13e3b5a184636d9d930f148c50b038f0d0646202", size = 286342, upload-time = "2025-05-20T23:19:49.832Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/85/32/10bb5764d90a8eee674e9dc6f4db6a0ab47c8c4d0d83c27f7c39ac415a4d/click-8.2.1-py3-none-any.whl", hash = "sha256:61a3265b914e850b85317d0b3109c7f8cd35a670f963866005d6ef1d5175a12b", size = 102215, upload-time = "2025-05-20T23:19:47.796Z" }, +] + +[[package]] +name = "colorama" +version = "0.4.6" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/d8/53/6f443c9a4a8358a93a6792e2acffb9d9d5cb0a5cfd8802644b7b1c9a02e4/colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44", size = 27697, upload-time = "2022-10-25T02:36:22.414Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/d1/d6/3965ed04c63042e047cb6a3e6ed1a63a35087b6a609aa3a15ed8ac56c221/colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6", size = 25335, upload-time = "2022-10-25T02:36:20.889Z" }, +] + +[[package]] +name = "dataclasses-json" +version = "0.6.7" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "marshmallow" }, + { name = "typing-inspect" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/64/a4/f71d9cf3a5ac257c993b5ca3f93df5f7fb395c725e7f1e6479d2514173c3/dataclasses_json-0.6.7.tar.gz", hash = "sha256:b6b3e528266ea45b9535223bc53ca645f5208833c29229e847b3f26a1cc55fc0", size = 32227, upload-time = "2024-06-09T16:20:19.103Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/c3/be/d0d44e092656fe7a06b55e6103cbce807cdbdee17884a5367c68c9860853/dataclasses_json-0.6.7-py3-none-any.whl", hash = "sha256:0dbf33f26c8d5305befd61b39d2b3414e8a407bedc2834dea9b8d642666fb40a", size = 28686, upload-time = "2024-06-09T16:20:16.715Z" }, +] + +[[package]] +name = "ghp-import" +version = "2.1.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "python-dateutil" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/d9/29/d40217cbe2f6b1359e00c6c307bb3fc876ba74068cbab3dde77f03ca0dc4/ghp-import-2.1.0.tar.gz", hash = "sha256:9c535c4c61193c2df8871222567d7fd7e5014d835f97dc7b7439069e2413d343", size = 10943, upload-time = "2022-05-02T15:47:16.11Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/f7/ec/67fbef5d497f86283db54c22eec6f6140243aae73265799baaaa19cd17fb/ghp_import-2.1.0-py3-none-any.whl", hash = "sha256:8337dd7b50877f163d4c0289bc1f1c7f127550241988d568c1db512c4324a619", size = 11034, upload-time = "2022-05-02T15:47:14.552Z" }, +] + +[[package]] +name = "griffe" +version = "1.12.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "colorama" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/81/ca/29f36e00c74844ae50d139cf5a8b1751887b2f4d5023af65d460268ad7aa/griffe-1.12.1.tar.gz", hash = "sha256:29f5a6114c0aeda7d9c86a570f736883f8a2c5b38b57323d56b3d1c000565567", size = 411863, upload-time = "2025-08-14T21:08:15.38Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/13/f2/4fab6c3e5bcaf38a44cc8a974d2752eaad4c129e45d6533d926a30edd133/griffe-1.12.1-py3-none-any.whl", hash = "sha256:2d7c12334de00089c31905424a00abcfd931b45b8b516967f224133903d302cc", size = 138940, upload-time = "2025-08-14T21:08:13.382Z" }, +] + +[[package]] +name = "idna" +version = "3.10" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/f1/70/7703c29685631f5a7590aa73f1f1d3fa9a380e654b86af429e0934a32f7d/idna-3.10.tar.gz", hash = "sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9", size = 190490, upload-time = "2024-09-15T18:07:39.745Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/76/c6/c88e154df9c4e1a2a66ccf0005a88dfb2650c1dffb6f5ce603dfbd452ce3/idna-3.10-py3-none-any.whl", hash = "sha256:946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3", size = 70442, upload-time = "2024-09-15T18:07:37.964Z" }, +] + +[[package]] +name = "jinja2" +version = "3.1.6" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "markupsafe" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/df/bf/f7da0350254c0ed7c72f3e33cef02e048281fec7ecec5f032d4aac52226b/jinja2-3.1.6.tar.gz", hash = "sha256:0137fb05990d35f1275a587e9aee6d56da821fc83491a0fb838183be43f66d6d", size = 245115, upload-time = "2025-03-05T20:05:02.478Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/62/a1/3d680cbfd5f4b8f15abc1d571870c5fc3e594bb582bc3b64ea099db13e56/jinja2-3.1.6-py3-none-any.whl", hash = "sha256:85ece4451f492d0c13c5dd7c13a64681a86afae63a5f347908daf103ce6d2f67", size = 134899, upload-time = "2025-03-05T20:05:00.369Z" }, +] + +[[package]] +name = "joblib" +version = "1.5.1" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/dc/fe/0f5a938c54105553436dbff7a61dc4fed4b1b2c98852f8833beaf4d5968f/joblib-1.5.1.tar.gz", hash = "sha256:f4f86e351f39fe3d0d32a9f2c3d8af1ee4cec285aafcb27003dda5205576b444", size = 330475, upload-time = "2025-05-23T12:04:37.097Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/7d/4f/1195bbac8e0c2acc5f740661631d8d750dc38d4a32b23ee5df3cde6f4e0d/joblib-1.5.1-py3-none-any.whl", hash = "sha256:4719a31f054c7d766948dcd83e9613686b27114f190f717cec7eaa2084f8a74a", size = 307746, upload-time = "2025-05-23T12:04:35.124Z" }, +] + +[[package]] +name = "jsonschema" +version = "4.25.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "attrs" }, + { name = "jsonschema-specifications" }, + { name = "referencing" }, + { name = "rpds-py" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/d5/00/a297a868e9d0784450faa7365c2172a7d6110c763e30ba861867c32ae6a9/jsonschema-4.25.0.tar.gz", hash = "sha256:e63acf5c11762c0e6672ffb61482bdf57f0876684d8d249c0fe2d730d48bc55f", size = 356830, upload-time = "2025-07-18T15:39:45.11Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/fe/54/c86cd8e011fe98803d7e382fd67c0df5ceab8d2b7ad8c5a81524f791551c/jsonschema-4.25.0-py3-none-any.whl", hash = "sha256:24c2e8da302de79c8b9382fee3e76b355e44d2a4364bb207159ce10b517bd716", size = 89184, upload-time = "2025-07-18T15:39:42.956Z" }, +] + +[[package]] +name = "jsonschema-specifications" +version = "2025.4.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "referencing" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/bf/ce/46fbd9c8119cfc3581ee5643ea49464d168028cfb5caff5fc0596d0cf914/jsonschema_specifications-2025.4.1.tar.gz", hash = "sha256:630159c9f4dbea161a6a2205c3011cc4f18ff381b189fff48bb39b9bf26ae608", size = 15513, upload-time = "2025-04-23T12:34:07.418Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/01/0e/b27cdbaccf30b890c40ed1da9fd4a3593a5cf94dae54fb34f8a4b74fcd3f/jsonschema_specifications-2025.4.1-py3-none-any.whl", hash = "sha256:4653bffbd6584f7de83a67e0d620ef16900b390ddc7939d56684d6c81e33f1af", size = 18437, upload-time = "2025-04-23T12:34:05.422Z" }, +] + +[[package]] +name = "latexcodec" +version = "3.0.1" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/27/dd/4270b2c5e2ee49316c3859e62293bd2ea8e382339d63ab7bbe9f39c0ec3b/latexcodec-3.0.1.tar.gz", hash = "sha256:e78a6911cd72f9dec35031c6ec23584de6842bfbc4610a9678868d14cdfb0357", size = 31222, upload-time = "2025-06-17T18:47:34.051Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/b5/40/23569737873cc9637fd488606347e9dd92b9fa37ba4fcda1f98ee5219a97/latexcodec-3.0.1-py3-none-any.whl", hash = "sha256:a9eb8200bff693f0437a69581f7579eb6bca25c4193515c09900ce76451e452e", size = 18532, upload-time = "2025-06-17T18:47:30.726Z" }, +] + +[[package]] +name = "markdown" +version = "3.8.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/d7/c2/4ab49206c17f75cb08d6311171f2d65798988db4360c4d1485bd0eedd67c/markdown-3.8.2.tar.gz", hash = "sha256:247b9a70dd12e27f67431ce62523e675b866d254f900c4fe75ce3dda62237c45", size = 362071, upload-time = "2025-06-19T17:12:44.483Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/96/2b/34cc11786bc00d0f04d0f5fdc3a2b1ae0b6239eef72d3d345805f9ad92a1/markdown-3.8.2-py3-none-any.whl", hash = "sha256:5c83764dbd4e00bdd94d85a19b8d55ccca20fe35b2e678a1422b380324dd5f24", size = 106827, upload-time = "2025-06-19T17:12:42.994Z" }, +] + +[[package]] +name = "markdown-exec" +version = "1.11.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "pymdown-extensions" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/e8/e4/ddd5ca350f2b072e51a22359cb51e94b5fdbe85810351e7484ccfd923324/markdown_exec-1.11.0.tar.gz", hash = "sha256:e0313a0dff715869a311d24853b3a7ecbbaa12e74eb0f3cf7d91401a7d8f0082", size = 81826, upload-time = "2025-06-28T10:30:43.781Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/22/41/5551f05c0e6430e3d2dcbd40965840a4cf280c045a529552690f04b7c0a0/markdown_exec-1.11.0-py3-none-any.whl", hash = "sha256:0526957984980f55c02b425d32e8ac8bb21090c109c7012ff905d3ddcc468ceb", size = 34747, upload-time = "2025-06-28T10:30:42.265Z" }, +] + +[[package]] +name = "markupsafe" +version = "3.0.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/b2/97/5d42485e71dfc078108a86d6de8fa46db44a1a9295e89c5d6d4a06e23a62/markupsafe-3.0.2.tar.gz", hash = "sha256:ee55d3edf80167e48ea11a923c7386f4669df67d7994554387f84e7d8b0a2bf0", size = 20537, upload-time = "2024-10-18T15:21:54.129Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/04/90/d08277ce111dd22f77149fd1a5d4653eeb3b3eaacbdfcbae5afb2600eebd/MarkupSafe-3.0.2-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8", size = 14357, upload-time = "2024-10-18T15:20:51.44Z" }, + { url = "https://files.pythonhosted.org/packages/04/e1/6e2194baeae0bca1fae6629dc0cbbb968d4d941469cbab11a3872edff374/MarkupSafe-3.0.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:9e2d922824181480953426608b81967de705c3cef4d1af983af849d7bd619158", size = 12393, upload-time = "2024-10-18T15:20:52.426Z" }, + { url = "https://files.pythonhosted.org/packages/1d/69/35fa85a8ece0a437493dc61ce0bb6d459dcba482c34197e3efc829aa357f/MarkupSafe-3.0.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:38a9ef736c01fccdd6600705b09dc574584b89bea478200c5fbf112a6b0d5579", size = 21732, upload-time = "2024-10-18T15:20:53.578Z" }, + { url = "https://files.pythonhosted.org/packages/22/35/137da042dfb4720b638d2937c38a9c2df83fe32d20e8c8f3185dbfef05f7/MarkupSafe-3.0.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bbcb445fa71794da8f178f0f6d66789a28d7319071af7a496d4d507ed566270d", size = 20866, upload-time = "2024-10-18T15:20:55.06Z" }, + { url = "https://files.pythonhosted.org/packages/29/28/6d029a903727a1b62edb51863232152fd335d602def598dade38996887f0/MarkupSafe-3.0.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:57cb5a3cf367aeb1d316576250f65edec5bb3be939e9247ae594b4bcbc317dfb", size = 20964, upload-time = "2024-10-18T15:20:55.906Z" }, + { url = "https://files.pythonhosted.org/packages/cc/cd/07438f95f83e8bc028279909d9c9bd39e24149b0d60053a97b2bc4f8aa51/MarkupSafe-3.0.2-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:3809ede931876f5b2ec92eef964286840ed3540dadf803dd570c3b7e13141a3b", size = 21977, upload-time = "2024-10-18T15:20:57.189Z" }, + { url = "https://files.pythonhosted.org/packages/29/01/84b57395b4cc062f9c4c55ce0df7d3108ca32397299d9df00fedd9117d3d/MarkupSafe-3.0.2-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:e07c3764494e3776c602c1e78e298937c3315ccc9043ead7e685b7f2b8d47b3c", size = 21366, upload-time = "2024-10-18T15:20:58.235Z" }, + { url = "https://files.pythonhosted.org/packages/bd/6e/61ebf08d8940553afff20d1fb1ba7294b6f8d279df9fd0c0db911b4bbcfd/MarkupSafe-3.0.2-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:b424c77b206d63d500bcb69fa55ed8d0e6a3774056bdc4839fc9298a7edca171", size = 21091, upload-time = "2024-10-18T15:20:59.235Z" }, + { url = "https://files.pythonhosted.org/packages/11/23/ffbf53694e8c94ebd1e7e491de185124277964344733c45481f32ede2499/MarkupSafe-3.0.2-cp310-cp310-win32.whl", hash = "sha256:fcabf5ff6eea076f859677f5f0b6b5c1a51e70a376b0579e0eadef8db48c6b50", size = 15065, upload-time = "2024-10-18T15:21:00.307Z" }, + { url = "https://files.pythonhosted.org/packages/44/06/e7175d06dd6e9172d4a69a72592cb3f7a996a9c396eee29082826449bbc3/MarkupSafe-3.0.2-cp310-cp310-win_amd64.whl", hash = "sha256:6af100e168aa82a50e186c82875a5893c5597a0c1ccdb0d8b40240b1f28b969a", size = 15514, upload-time = "2024-10-18T15:21:01.122Z" }, + { url = "https://files.pythonhosted.org/packages/6b/28/bbf83e3f76936960b850435576dd5e67034e200469571be53f69174a2dfd/MarkupSafe-3.0.2-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:9025b4018f3a1314059769c7bf15441064b2207cb3f065e6ea1e7359cb46db9d", size = 14353, upload-time = "2024-10-18T15:21:02.187Z" }, + { url = "https://files.pythonhosted.org/packages/6c/30/316d194b093cde57d448a4c3209f22e3046c5bb2fb0820b118292b334be7/MarkupSafe-3.0.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:93335ca3812df2f366e80509ae119189886b0f3c2b81325d39efdb84a1e2ae93", size = 12392, upload-time = "2024-10-18T15:21:02.941Z" }, + { url = "https://files.pythonhosted.org/packages/f2/96/9cdafba8445d3a53cae530aaf83c38ec64c4d5427d975c974084af5bc5d2/MarkupSafe-3.0.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2cb8438c3cbb25e220c2ab33bb226559e7afb3baec11c4f218ffa7308603c832", size = 23984, upload-time = "2024-10-18T15:21:03.953Z" }, + { url = "https://files.pythonhosted.org/packages/f1/a4/aefb044a2cd8d7334c8a47d3fb2c9f328ac48cb349468cc31c20b539305f/MarkupSafe-3.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a123e330ef0853c6e822384873bef7507557d8e4a082961e1defa947aa59ba84", size = 23120, upload-time = "2024-10-18T15:21:06.495Z" }, + { url = "https://files.pythonhosted.org/packages/8d/21/5e4851379f88f3fad1de30361db501300d4f07bcad047d3cb0449fc51f8c/MarkupSafe-3.0.2-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1e084f686b92e5b83186b07e8a17fc09e38fff551f3602b249881fec658d3eca", size = 23032, upload-time = "2024-10-18T15:21:07.295Z" }, + { url = "https://files.pythonhosted.org/packages/00/7b/e92c64e079b2d0d7ddf69899c98842f3f9a60a1ae72657c89ce2655c999d/MarkupSafe-3.0.2-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:d8213e09c917a951de9d09ecee036d5c7d36cb6cb7dbaece4c71a60d79fb9798", size = 24057, upload-time = "2024-10-18T15:21:08.073Z" }, + { url = "https://files.pythonhosted.org/packages/f9/ac/46f960ca323037caa0a10662ef97d0a4728e890334fc156b9f9e52bcc4ca/MarkupSafe-3.0.2-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:5b02fb34468b6aaa40dfc198d813a641e3a63b98c2b05a16b9f80b7ec314185e", size = 23359, upload-time = "2024-10-18T15:21:09.318Z" }, + { url = "https://files.pythonhosted.org/packages/69/84/83439e16197337b8b14b6a5b9c2105fff81d42c2a7c5b58ac7b62ee2c3b1/MarkupSafe-3.0.2-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:0bff5e0ae4ef2e1ae4fdf2dfd5b76c75e5c2fa4132d05fc1b0dabcd20c7e28c4", size = 23306, upload-time = "2024-10-18T15:21:10.185Z" }, + { url = "https://files.pythonhosted.org/packages/9a/34/a15aa69f01e2181ed8d2b685c0d2f6655d5cca2c4db0ddea775e631918cd/MarkupSafe-3.0.2-cp311-cp311-win32.whl", hash = "sha256:6c89876f41da747c8d3677a2b540fb32ef5715f97b66eeb0c6b66f5e3ef6f59d", size = 15094, upload-time = "2024-10-18T15:21:11.005Z" }, + { url = "https://files.pythonhosted.org/packages/da/b8/3a3bd761922d416f3dc5d00bfbed11f66b1ab89a0c2b6e887240a30b0f6b/MarkupSafe-3.0.2-cp311-cp311-win_amd64.whl", hash = "sha256:70a87b411535ccad5ef2f1df5136506a10775d267e197e4cf531ced10537bd6b", size = 15521, upload-time = "2024-10-18T15:21:12.911Z" }, + { url = "https://files.pythonhosted.org/packages/22/09/d1f21434c97fc42f09d290cbb6350d44eb12f09cc62c9476effdb33a18aa/MarkupSafe-3.0.2-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:9778bd8ab0a994ebf6f84c2b949e65736d5575320a17ae8984a77fab08db94cf", size = 14274, upload-time = "2024-10-18T15:21:13.777Z" }, + { url = "https://files.pythonhosted.org/packages/6b/b0/18f76bba336fa5aecf79d45dcd6c806c280ec44538b3c13671d49099fdd0/MarkupSafe-3.0.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:846ade7b71e3536c4e56b386c2a47adf5741d2d8b94ec9dc3e92e5e1ee1e2225", size = 12348, upload-time = "2024-10-18T15:21:14.822Z" }, + { url = "https://files.pythonhosted.org/packages/e0/25/dd5c0f6ac1311e9b40f4af06c78efde0f3b5cbf02502f8ef9501294c425b/MarkupSafe-3.0.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1c99d261bd2d5f6b59325c92c73df481e05e57f19837bdca8413b9eac4bd8028", size = 24149, upload-time = "2024-10-18T15:21:15.642Z" }, + { url = "https://files.pythonhosted.org/packages/f3/f0/89e7aadfb3749d0f52234a0c8c7867877876e0a20b60e2188e9850794c17/MarkupSafe-3.0.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e17c96c14e19278594aa4841ec148115f9c7615a47382ecb6b82bd8fea3ab0c8", size = 23118, upload-time = "2024-10-18T15:21:17.133Z" }, + { url = "https://files.pythonhosted.org/packages/d5/da/f2eeb64c723f5e3777bc081da884b414671982008c47dcc1873d81f625b6/MarkupSafe-3.0.2-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:88416bd1e65dcea10bc7569faacb2c20ce071dd1f87539ca2ab364bf6231393c", size = 22993, upload-time = "2024-10-18T15:21:18.064Z" }, + { url = "https://files.pythonhosted.org/packages/da/0e/1f32af846df486dce7c227fe0f2398dc7e2e51d4a370508281f3c1c5cddc/MarkupSafe-3.0.2-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:2181e67807fc2fa785d0592dc2d6206c019b9502410671cc905d132a92866557", size = 24178, upload-time = "2024-10-18T15:21:18.859Z" }, + { url = "https://files.pythonhosted.org/packages/c4/f6/bb3ca0532de8086cbff5f06d137064c8410d10779c4c127e0e47d17c0b71/MarkupSafe-3.0.2-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:52305740fe773d09cffb16f8ed0427942901f00adedac82ec8b67752f58a1b22", size = 23319, upload-time = "2024-10-18T15:21:19.671Z" }, + { url = "https://files.pythonhosted.org/packages/a2/82/8be4c96ffee03c5b4a034e60a31294daf481e12c7c43ab8e34a1453ee48b/MarkupSafe-3.0.2-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:ad10d3ded218f1039f11a75f8091880239651b52e9bb592ca27de44eed242a48", size = 23352, upload-time = "2024-10-18T15:21:20.971Z" }, + { url = "https://files.pythonhosted.org/packages/51/ae/97827349d3fcffee7e184bdf7f41cd6b88d9919c80f0263ba7acd1bbcb18/MarkupSafe-3.0.2-cp312-cp312-win32.whl", hash = "sha256:0f4ca02bea9a23221c0182836703cbf8930c5e9454bacce27e767509fa286a30", size = 15097, upload-time = "2024-10-18T15:21:22.646Z" }, + { url = "https://files.pythonhosted.org/packages/c1/80/a61f99dc3a936413c3ee4e1eecac96c0da5ed07ad56fd975f1a9da5bc630/MarkupSafe-3.0.2-cp312-cp312-win_amd64.whl", hash = "sha256:8e06879fc22a25ca47312fbe7c8264eb0b662f6db27cb2d3bbbc74b1df4b9b87", size = 15601, upload-time = "2024-10-18T15:21:23.499Z" }, + { url = "https://files.pythonhosted.org/packages/83/0e/67eb10a7ecc77a0c2bbe2b0235765b98d164d81600746914bebada795e97/MarkupSafe-3.0.2-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:ba9527cdd4c926ed0760bc301f6728ef34d841f405abf9d4f959c478421e4efd", size = 14274, upload-time = "2024-10-18T15:21:24.577Z" }, + { url = "https://files.pythonhosted.org/packages/2b/6d/9409f3684d3335375d04e5f05744dfe7e9f120062c9857df4ab490a1031a/MarkupSafe-3.0.2-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:f8b3d067f2e40fe93e1ccdd6b2e1d16c43140e76f02fb1319a05cf2b79d99430", size = 12352, upload-time = "2024-10-18T15:21:25.382Z" }, + { url = "https://files.pythonhosted.org/packages/d2/f5/6eadfcd3885ea85fe2a7c128315cc1bb7241e1987443d78c8fe712d03091/MarkupSafe-3.0.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:569511d3b58c8791ab4c2e1285575265991e6d8f8700c7be0e88f86cb0672094", size = 24122, upload-time = "2024-10-18T15:21:26.199Z" }, + { url = "https://files.pythonhosted.org/packages/0c/91/96cf928db8236f1bfab6ce15ad070dfdd02ed88261c2afafd4b43575e9e9/MarkupSafe-3.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:15ab75ef81add55874e7ab7055e9c397312385bd9ced94920f2802310c930396", size = 23085, upload-time = "2024-10-18T15:21:27.029Z" }, + { url = "https://files.pythonhosted.org/packages/c2/cf/c9d56af24d56ea04daae7ac0940232d31d5a8354f2b457c6d856b2057d69/MarkupSafe-3.0.2-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f3818cb119498c0678015754eba762e0d61e5b52d34c8b13d770f0719f7b1d79", size = 22978, upload-time = "2024-10-18T15:21:27.846Z" }, + { url = "https://files.pythonhosted.org/packages/2a/9f/8619835cd6a711d6272d62abb78c033bda638fdc54c4e7f4272cf1c0962b/MarkupSafe-3.0.2-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:cdb82a876c47801bb54a690c5ae105a46b392ac6099881cdfb9f6e95e4014c6a", size = 24208, upload-time = "2024-10-18T15:21:28.744Z" }, + { url = "https://files.pythonhosted.org/packages/f9/bf/176950a1792b2cd2102b8ffeb5133e1ed984547b75db47c25a67d3359f77/MarkupSafe-3.0.2-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:cabc348d87e913db6ab4aa100f01b08f481097838bdddf7c7a84b7575b7309ca", size = 23357, upload-time = "2024-10-18T15:21:29.545Z" }, + { url = "https://files.pythonhosted.org/packages/ce/4f/9a02c1d335caabe5c4efb90e1b6e8ee944aa245c1aaaab8e8a618987d816/MarkupSafe-3.0.2-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:444dcda765c8a838eaae23112db52f1efaf750daddb2d9ca300bcae1039adc5c", size = 23344, upload-time = "2024-10-18T15:21:30.366Z" }, + { url = "https://files.pythonhosted.org/packages/ee/55/c271b57db36f748f0e04a759ace9f8f759ccf22b4960c270c78a394f58be/MarkupSafe-3.0.2-cp313-cp313-win32.whl", hash = "sha256:bcf3e58998965654fdaff38e58584d8937aa3096ab5354d493c77d1fdd66d7a1", size = 15101, upload-time = "2024-10-18T15:21:31.207Z" }, + { url = "https://files.pythonhosted.org/packages/29/88/07df22d2dd4df40aba9f3e402e6dc1b8ee86297dddbad4872bd5e7b0094f/MarkupSafe-3.0.2-cp313-cp313-win_amd64.whl", hash = "sha256:e6a2a455bd412959b57a172ce6328d2dd1f01cb2135efda2e4576e8a23fa3b0f", size = 15603, upload-time = "2024-10-18T15:21:32.032Z" }, + { url = "https://files.pythonhosted.org/packages/62/6a/8b89d24db2d32d433dffcd6a8779159da109842434f1dd2f6e71f32f738c/MarkupSafe-3.0.2-cp313-cp313t-macosx_10_13_universal2.whl", hash = "sha256:b5a6b3ada725cea8a5e634536b1b01c30bcdcd7f9c6fff4151548d5bf6b3a36c", size = 14510, upload-time = "2024-10-18T15:21:33.625Z" }, + { url = "https://files.pythonhosted.org/packages/7a/06/a10f955f70a2e5a9bf78d11a161029d278eeacbd35ef806c3fd17b13060d/MarkupSafe-3.0.2-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:a904af0a6162c73e3edcb969eeeb53a63ceeb5d8cf642fade7d39e7963a22ddb", size = 12486, upload-time = "2024-10-18T15:21:34.611Z" }, + { url = "https://files.pythonhosted.org/packages/34/cf/65d4a571869a1a9078198ca28f39fba5fbb910f952f9dbc5220afff9f5e6/MarkupSafe-3.0.2-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4aa4e5faecf353ed117801a068ebab7b7e09ffb6e1d5e412dc852e0da018126c", size = 25480, upload-time = "2024-10-18T15:21:35.398Z" }, + { url = "https://files.pythonhosted.org/packages/0c/e3/90e9651924c430b885468b56b3d597cabf6d72be4b24a0acd1fa0e12af67/MarkupSafe-3.0.2-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c0ef13eaeee5b615fb07c9a7dadb38eac06a0608b41570d8ade51c56539e509d", size = 23914, upload-time = "2024-10-18T15:21:36.231Z" }, + { url = "https://files.pythonhosted.org/packages/66/8c/6c7cf61f95d63bb866db39085150df1f2a5bd3335298f14a66b48e92659c/MarkupSafe-3.0.2-cp313-cp313t-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d16a81a06776313e817c951135cf7340a3e91e8c1ff2fac444cfd75fffa04afe", size = 23796, upload-time = "2024-10-18T15:21:37.073Z" }, + { url = "https://files.pythonhosted.org/packages/bb/35/cbe9238ec3f47ac9a7c8b3df7a808e7cb50fe149dc7039f5f454b3fba218/MarkupSafe-3.0.2-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:6381026f158fdb7c72a168278597a5e3a5222e83ea18f543112b2662a9b699c5", size = 25473, upload-time = "2024-10-18T15:21:37.932Z" }, + { url = "https://files.pythonhosted.org/packages/e6/32/7621a4382488aa283cc05e8984a9c219abad3bca087be9ec77e89939ded9/MarkupSafe-3.0.2-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:3d79d162e7be8f996986c064d1c7c817f6df3a77fe3d6859f6f9e7be4b8c213a", size = 24114, upload-time = "2024-10-18T15:21:39.799Z" }, + { url = "https://files.pythonhosted.org/packages/0d/80/0985960e4b89922cb5a0bac0ed39c5b96cbc1a536a99f30e8c220a996ed9/MarkupSafe-3.0.2-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:131a3c7689c85f5ad20f9f6fb1b866f402c445b220c19fe4308c0b147ccd2ad9", size = 24098, upload-time = "2024-10-18T15:21:40.813Z" }, + { url = "https://files.pythonhosted.org/packages/82/78/fedb03c7d5380df2427038ec8d973587e90561b2d90cd472ce9254cf348b/MarkupSafe-3.0.2-cp313-cp313t-win32.whl", hash = "sha256:ba8062ed2cf21c07a9e295d5b8a2a5ce678b913b45fdf68c32d95d6c1291e0b6", size = 15208, upload-time = "2024-10-18T15:21:41.814Z" }, + { url = "https://files.pythonhosted.org/packages/4f/65/6079a46068dfceaeabb5dcad6d674f5f5c61a6fa5673746f42a9f4c233b3/MarkupSafe-3.0.2-cp313-cp313t-win_amd64.whl", hash = "sha256:e444a31f8db13eb18ada366ab3cf45fd4b31e4db1236a4448f68778c1d1a5a2f", size = 15739, upload-time = "2024-10-18T15:21:42.784Z" }, +] + +[[package]] +name = "marshmallow" +version = "3.26.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "packaging" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/ab/5e/5e53d26b42ab75491cda89b871dab9e97c840bf12c63ec58a1919710cd06/marshmallow-3.26.1.tar.gz", hash = "sha256:e6d8affb6cb61d39d26402096dc0aee12d5a26d490a121f118d2e81dc0719dc6", size = 221825, upload-time = "2025-02-03T15:32:25.093Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/34/75/51952c7b2d3873b44a0028b1bd26a25078c18f92f256608e8d1dc61b39fd/marshmallow-3.26.1-py3-none-any.whl", hash = "sha256:3350409f20a70a7e4e11a27661187b77cdcaeb20abca41c1454fe33636bea09c", size = 50878, upload-time = "2025-02-03T15:32:22.295Z" }, +] + +[[package]] +name = "mergedeep" +version = "1.3.4" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/3a/41/580bb4006e3ed0361b8151a01d324fb03f420815446c7def45d02f74c270/mergedeep-1.3.4.tar.gz", hash = "sha256:0096d52e9dad9939c3d975a774666af186eda617e6ca84df4c94dec30004f2a8", size = 4661, upload-time = "2021-02-05T18:55:30.623Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/2c/19/04f9b178c2d8a15b076c8b5140708fa6ffc5601fb6f1e975537072df5b2a/mergedeep-1.3.4-py3-none-any.whl", hash = "sha256:70775750742b25c0d8f36c55aed03d24c3384d17c951b3175d898bd778ef0307", size = 6354, upload-time = "2021-02-05T18:55:29.583Z" }, +] + +[[package]] +name = "mkdocs" +version = "1.6.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "click" }, + { name = "colorama", marker = "sys_platform == 'win32'" }, + { name = "ghp-import" }, + { name = "jinja2" }, + { name = "markdown" }, + { name = "markupsafe" }, + { name = "mergedeep" }, + { name = "mkdocs-get-deps" }, + { name = "packaging" }, + { name = "pathspec" }, + { name = "pyyaml" }, + { name = "pyyaml-env-tag" }, + { name = "watchdog" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/bc/c6/bbd4f061bd16b378247f12953ffcb04786a618ce5e904b8c5a01a0309061/mkdocs-1.6.1.tar.gz", hash = "sha256:7b432f01d928c084353ab39c57282f29f92136665bdd6abf7c1ec8d822ef86f2", size = 3889159, upload-time = "2024-08-30T12:24:06.899Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/22/5b/dbc6a8cddc9cfa9c4971d59fb12bb8d42e161b7e7f8cc89e49137c5b279c/mkdocs-1.6.1-py3-none-any.whl", hash = "sha256:db91759624d1647f3f34aa0c3f327dd2601beae39a366d6e064c03468d35c20e", size = 3864451, upload-time = "2024-08-30T12:24:05.054Z" }, +] + +[[package]] +name = "mkdocs-autorefs" +version = "1.4.2" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "markdown" }, + { name = "markupsafe" }, + { name = "mkdocs" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/47/0c/c9826f35b99c67fa3a7cddfa094c1a6c43fafde558c309c6e4403e5b37dc/mkdocs_autorefs-1.4.2.tar.gz", hash = "sha256:e2ebe1abd2b67d597ed19378c0fff84d73d1dbce411fce7a7cc6f161888b6749", size = 54961, upload-time = "2025-05-20T13:09:09.886Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/87/dc/fc063b78f4b769d1956319351704e23ebeba1e9e1d6a41b4b602325fd7e4/mkdocs_autorefs-1.4.2-py3-none-any.whl", hash = "sha256:83d6d777b66ec3c372a1aad4ae0cf77c243ba5bcda5bf0c6b8a2c5e7a3d89f13", size = 24969, upload-time = "2025-05-20T13:09:08.237Z" }, +] + +[[package]] +name = "mkdocs-bibtex" +version = "4.4.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "mkdocs" }, + { name = "pybtex" }, + { name = "pypandoc" }, + { name = "requests" }, + { name = "responses" }, + { name = "setuptools" }, + { name = "validators" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/18/37/e7518cabcf1f11e99b973b850f753d632588ce329d634c2517b3b450fc5c/mkdocs_bibtex-4.4.0.tar.gz", hash = "sha256:32a1e0624ab0e0edc3539a90a5ffe0a2cb965f03ad5df8746a9fc9e049b6778b", size = 34852, upload-time = "2025-07-01T14:57:36.464Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e6/ef/2a0971707b21f5490a557c9e1b0ac428d5d47e7ef604536d092ca186a28c/mkdocs_bibtex-4.4.0-py3-none-any.whl", hash = "sha256:fc0ce0f9641b63f900585a48cc09f5817345bbaba1435abf361e21fafe279723", size = 14449, upload-time = "2025-07-01T14:57:35.273Z" }, +] + +[[package]] +name = "mkdocs-get-deps" +version = "0.2.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "mergedeep" }, + { name = "platformdirs" }, + { name = "pyyaml" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/98/f5/ed29cd50067784976f25ed0ed6fcd3c2ce9eb90650aa3b2796ddf7b6870b/mkdocs_get_deps-0.2.0.tar.gz", hash = "sha256:162b3d129c7fad9b19abfdcb9c1458a651628e4b1dea628ac68790fb3061c60c", size = 10239, upload-time = "2023-11-20T17:51:09.981Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/9f/d4/029f984e8d3f3b6b726bd33cafc473b75e9e44c0f7e80a5b29abc466bdea/mkdocs_get_deps-0.2.0-py3-none-any.whl", hash = "sha256:2bf11d0b133e77a0dd036abeeb06dec8775e46efa526dc70667d8863eefc6134", size = 9521, upload-time = "2023-11-20T17:51:08.587Z" }, +] + +[[package]] +name = "mkdocs-include-markdown-plugin" +version = "7.1.6" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "mkdocs" }, + { name = "wcmatch" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/2c/17/988d97ac6849b196f54d45ca9c60ca894880c160a512785f03834704b3d9/mkdocs_include_markdown_plugin-7.1.6.tar.gz", hash = "sha256:a0753cb82704c10a287f1e789fc9848f82b6beb8749814b24b03dd9f67816677", size = 23391, upload-time = "2025-06-13T18:25:51.193Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e2/a1/6cf1667a05e5f468e1263fcf848772bca8cc9e358cd57ae19a01f92c9f6f/mkdocs_include_markdown_plugin-7.1.6-py3-none-any.whl", hash = "sha256:7975a593514887c18ecb68e11e35c074c5499cfa3e51b18cd16323862e1f7345", size = 27161, upload-time = "2025-06-13T18:25:49.847Z" }, +] + +[[package]] +name = "mkdocs-material" +version = "9.6.16" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "babel" }, + { name = "backrefs" }, + { name = "colorama" }, + { name = "jinja2" }, + { name = "markdown" }, + { name = "mkdocs" }, + { name = "mkdocs-material-extensions" }, + { name = "paginate" }, + { name = "pygments" }, + { name = "pymdown-extensions" }, + { name = "requests" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/dd/84/aec27a468c5e8c27689c71b516fb5a0d10b8fca45b9ad2dd9d6e43bc4296/mkdocs_material-9.6.16.tar.gz", hash = "sha256:d07011df4a5c02ee0877496d9f1bfc986cfb93d964799b032dd99fe34c0e9d19", size = 4028828, upload-time = "2025-07-26T15:53:47.542Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/65/f4/90ad67125b4dd66e7884e4dbdfab82e3679eb92b751116f8bb25ccfe2f0c/mkdocs_material-9.6.16-py3-none-any.whl", hash = "sha256:8d1a1282b892fe1fdf77bfeb08c485ba3909dd743c9ba69a19a40f637c6ec18c", size = 9223743, upload-time = "2025-07-26T15:53:44.236Z" }, +] + +[[package]] +name = "mkdocs-material-extensions" +version = "1.3.1" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/79/9b/9b4c96d6593b2a541e1cb8b34899a6d021d208bb357042823d4d2cabdbe7/mkdocs_material_extensions-1.3.1.tar.gz", hash = "sha256:10c9511cea88f568257f960358a467d12b970e1f7b2c0e5fb2bb48cab1928443", size = 11847, upload-time = "2023-11-22T19:09:45.208Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/5b/54/662a4743aa81d9582ee9339d4ffa3c8fd40a4965e033d77b9da9774d3960/mkdocs_material_extensions-1.3.1-py3-none-any.whl", hash = "sha256:adff8b62700b25cb77b53358dad940f3ef973dd6db797907c49e3c2ef3ab4e31", size = 8728, upload-time = "2023-11-22T19:09:43.465Z" }, +] + +[[package]] +name = "mkdocs-print-site-plugin" +version = "2.8" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "mkdocs-material" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/a9/18/5c71f48b83191fb30cc58617fea20f56647eaa6cafd06a7fb34c738c5acb/mkdocs_print_site_plugin-2.8.tar.gz", hash = "sha256:ab1c89cdb468352975e3bb3bb0ef25dcc2bb88931b03f173206dc95ab02f843f", size = 231688, upload-time = "2025-08-03T14:15:07.579Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/3f/3e/7513f2f37c563da65d1b91781e047f4a1c0ceac8206d4f6042428428e4ad/mkdocs_print_site_plugin-2.8-py3-none-any.whl", hash = "sha256:838bd0a9b7141c11c0f1fdaa51ffe70c35740bec1f07c0806f8018e92f93f9da", size = 21477, upload-time = "2025-08-03T14:15:06.301Z" }, +] + +[[package]] +name = "mkdocs-table-reader-plugin" +version = "3.1.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "mkdocs" }, + { name = "pandas" }, + { name = "pyyaml" }, + { name = "tabulate" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/a1/1b/ca35e4b51a1814924153f7c8afa5a9c2f961688a9c275fa9f4afe7f5083a/mkdocs_table_reader_plugin-3.1.0.tar.gz", hash = "sha256:eb15688ee8c0cd1a842f506f18973b87be22bd7baa5e2e551089de6b7f9ec25b", size = 12510, upload-time = "2024-08-29T14:08:09.54Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/b3/6f/dcc966874f74f8580b99d2ffecbdc85dfd00c4a5039fedbee4ddd7fc8c7f/mkdocs_table_reader_plugin-3.1.0-py3-none-any.whl", hash = "sha256:50a1302661c14d96b90ba0434ae96110441e0c653ce23559e3c6911fe79e7bd2", size = 10564, upload-time = "2024-08-29T14:08:07.367Z" }, +] + +[[package]] +name = "mkdocstrings" +version = "0.30.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "jinja2" }, + { name = "markdown" }, + { name = "markupsafe" }, + { name = "mkdocs" }, + { name = "mkdocs-autorefs" }, + { name = "pymdown-extensions" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/e2/0a/7e4776217d4802009c8238c75c5345e23014a4706a8414a62c0498858183/mkdocstrings-0.30.0.tar.gz", hash = "sha256:5d8019b9c31ddacd780b6784ffcdd6f21c408f34c0bd1103b5351d609d5b4444", size = 106597, upload-time = "2025-07-22T23:48:45.998Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/de/b4/3c5eac68f31e124a55d255d318c7445840fa1be55e013f507556d6481913/mkdocstrings-0.30.0-py3-none-any.whl", hash = "sha256:ae9e4a0d8c1789697ac776f2e034e2ddd71054ae1cf2c2bb1433ccfd07c226f2", size = 36579, upload-time = "2025-07-22T23:48:44.152Z" }, +] + +[[package]] +name = "mkdocstrings-python" +version = "1.16.12" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "griffe" }, + { name = "mkdocs-autorefs" }, + { name = "mkdocstrings" }, + { name = "typing-extensions", marker = "python_full_version < '3.11'" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/bf/ed/b886f8c714fd7cccc39b79646b627dbea84cd95c46be43459ef46852caf0/mkdocstrings_python-1.16.12.tar.gz", hash = "sha256:9b9eaa066e0024342d433e332a41095c4e429937024945fea511afe58f63175d", size = 206065, upload-time = "2025-06-03T12:52:49.276Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/3b/dd/a24ee3de56954bfafb6ede7cd63c2413bb842cc48eb45e41c43a05a33074/mkdocstrings_python-1.16.12-py3-none-any.whl", hash = "sha256:22ded3a63b3d823d57457a70ff9860d5a4de9e8b1e482876fc9baabaf6f5f374", size = 124287, upload-time = "2025-06-03T12:52:47.819Z" }, +] + +[[package]] +name = "mypy-extensions" +version = "1.1.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/a2/6e/371856a3fb9d31ca8dac321cda606860fa4548858c0cc45d9d1d4ca2628b/mypy_extensions-1.1.0.tar.gz", hash = "sha256:52e68efc3284861e772bbcd66823fde5ae21fd2fdb51c62a211403730b916558", size = 6343, upload-time = "2025-04-22T14:54:24.164Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/79/7b/2c79738432f5c924bef5071f933bcc9efd0473bac3b4aa584a6f7c1c8df8/mypy_extensions-1.1.0-py3-none-any.whl", hash = "sha256:1be4cccdb0f2482337c4743e60421de3a356cd97508abadd57d47403e94f5505", size = 4963, upload-time = "2025-04-22T14:54:22.983Z" }, +] + +[[package]] +name = "networkx" +version = "3.4.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/fd/1d/06475e1cd5264c0b870ea2cc6fdb3e37177c1e565c43f56ff17a10e3937f/networkx-3.4.2.tar.gz", hash = "sha256:307c3669428c5362aab27c8a1260aa8f47c4e91d3891f48be0141738d8d053e1", size = 2151368, upload-time = "2024-10-21T12:39:38.695Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/b9/54/dd730b32ea14ea797530a4479b2ed46a6fb250f682a9cfb997e968bf0261/networkx-3.4.2-py3-none-any.whl", hash = "sha256:df5d4365b724cf81b8c6a7312509d0c22386097011ad1abe274afd5e9d3bbc5f", size = 1723263, upload-time = "2024-10-21T12:39:36.247Z" }, +] + +[[package]] +name = "numpy" +version = "2.2.6" +source = { registry = "https://pypi.org/simple" } +resolution-markers = [ + "python_full_version < '3.11'", +] +sdist = { url = "https://files.pythonhosted.org/packages/76/21/7d2a95e4bba9dc13d043ee156a356c0a8f0c6309dff6b21b4d71a073b8a8/numpy-2.2.6.tar.gz", hash = "sha256:e29554e2bef54a90aa5cc07da6ce955accb83f21ab5de01a62c8478897b264fd", size = 20276440, upload-time = "2025-05-17T22:38:04.611Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/9a/3e/ed6db5be21ce87955c0cbd3009f2803f59fa08df21b5df06862e2d8e2bdd/numpy-2.2.6-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:b412caa66f72040e6d268491a59f2c43bf03eb6c96dd8f0307829feb7fa2b6fb", size = 21165245, upload-time = "2025-05-17T21:27:58.555Z" }, + { url = "https://files.pythonhosted.org/packages/22/c2/4b9221495b2a132cc9d2eb862e21d42a009f5a60e45fc44b00118c174bff/numpy-2.2.6-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:8e41fd67c52b86603a91c1a505ebaef50b3314de0213461c7a6e99c9a3beff90", size = 14360048, upload-time = "2025-05-17T21:28:21.406Z" }, + { url = "https://files.pythonhosted.org/packages/fd/77/dc2fcfc66943c6410e2bf598062f5959372735ffda175b39906d54f02349/numpy-2.2.6-cp310-cp310-macosx_14_0_arm64.whl", hash = "sha256:37e990a01ae6ec7fe7fa1c26c55ecb672dd98b19c3d0e1d1f326fa13cb38d163", size = 5340542, upload-time = "2025-05-17T21:28:30.931Z" }, + { url = "https://files.pythonhosted.org/packages/7a/4f/1cb5fdc353a5f5cc7feb692db9b8ec2c3d6405453f982435efc52561df58/numpy-2.2.6-cp310-cp310-macosx_14_0_x86_64.whl", hash = "sha256:5a6429d4be8ca66d889b7cf70f536a397dc45ba6faeb5f8c5427935d9592e9cf", size = 6878301, upload-time = "2025-05-17T21:28:41.613Z" }, + { url = "https://files.pythonhosted.org/packages/eb/17/96a3acd228cec142fcb8723bd3cc39c2a474f7dcf0a5d16731980bcafa95/numpy-2.2.6-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:efd28d4e9cd7d7a8d39074a4d44c63eda73401580c5c76acda2ce969e0a38e83", size = 14297320, upload-time = "2025-05-17T21:29:02.78Z" }, + { url = "https://files.pythonhosted.org/packages/b4/63/3de6a34ad7ad6646ac7d2f55ebc6ad439dbbf9c4370017c50cf403fb19b5/numpy-2.2.6-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:fc7b73d02efb0e18c000e9ad8b83480dfcd5dfd11065997ed4c6747470ae8915", size = 16801050, upload-time = "2025-05-17T21:29:27.675Z" }, + { url = "https://files.pythonhosted.org/packages/07/b6/89d837eddef52b3d0cec5c6ba0456c1bf1b9ef6a6672fc2b7873c3ec4e2e/numpy-2.2.6-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:74d4531beb257d2c3f4b261bfb0fc09e0f9ebb8842d82a7b4209415896adc680", size = 15807034, upload-time = "2025-05-17T21:29:51.102Z" }, + { url = "https://files.pythonhosted.org/packages/01/c8/dc6ae86e3c61cfec1f178e5c9f7858584049b6093f843bca541f94120920/numpy-2.2.6-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:8fc377d995680230e83241d8a96def29f204b5782f371c532579b4f20607a289", size = 18614185, upload-time = "2025-05-17T21:30:18.703Z" }, + { url = "https://files.pythonhosted.org/packages/5b/c5/0064b1b7e7c89137b471ccec1fd2282fceaae0ab3a9550f2568782d80357/numpy-2.2.6-cp310-cp310-win32.whl", hash = "sha256:b093dd74e50a8cba3e873868d9e93a85b78e0daf2e98c6797566ad8044e8363d", size = 6527149, upload-time = "2025-05-17T21:30:29.788Z" }, + { url = "https://files.pythonhosted.org/packages/a3/dd/4b822569d6b96c39d1215dbae0582fd99954dcbcf0c1a13c61783feaca3f/numpy-2.2.6-cp310-cp310-win_amd64.whl", hash = "sha256:f0fd6321b839904e15c46e0d257fdd101dd7f530fe03fd6359c1ea63738703f3", size = 12904620, upload-time = "2025-05-17T21:30:48.994Z" }, + { url = "https://files.pythonhosted.org/packages/da/a8/4f83e2aa666a9fbf56d6118faaaf5f1974d456b1823fda0a176eff722839/numpy-2.2.6-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:f9f1adb22318e121c5c69a09142811a201ef17ab257a1e66ca3025065b7f53ae", size = 21176963, upload-time = "2025-05-17T21:31:19.36Z" }, + { url = "https://files.pythonhosted.org/packages/b3/2b/64e1affc7972decb74c9e29e5649fac940514910960ba25cd9af4488b66c/numpy-2.2.6-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:c820a93b0255bc360f53eca31a0e676fd1101f673dda8da93454a12e23fc5f7a", size = 14406743, upload-time = "2025-05-17T21:31:41.087Z" }, + { url = "https://files.pythonhosted.org/packages/4a/9f/0121e375000b5e50ffdd8b25bf78d8e1a5aa4cca3f185d41265198c7b834/numpy-2.2.6-cp311-cp311-macosx_14_0_arm64.whl", hash = "sha256:3d70692235e759f260c3d837193090014aebdf026dfd167834bcba43e30c2a42", size = 5352616, upload-time = "2025-05-17T21:31:50.072Z" }, + { url = "https://files.pythonhosted.org/packages/31/0d/b48c405c91693635fbe2dcd7bc84a33a602add5f63286e024d3b6741411c/numpy-2.2.6-cp311-cp311-macosx_14_0_x86_64.whl", hash = "sha256:481b49095335f8eed42e39e8041327c05b0f6f4780488f61286ed3c01368d491", size = 6889579, upload-time = "2025-05-17T21:32:01.712Z" }, + { url = "https://files.pythonhosted.org/packages/52/b8/7f0554d49b565d0171eab6e99001846882000883998e7b7d9f0d98b1f934/numpy-2.2.6-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b64d8d4d17135e00c8e346e0a738deb17e754230d7e0810ac5012750bbd85a5a", size = 14312005, upload-time = "2025-05-17T21:32:23.332Z" }, + { url = "https://files.pythonhosted.org/packages/b3/dd/2238b898e51bd6d389b7389ffb20d7f4c10066d80351187ec8e303a5a475/numpy-2.2.6-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ba10f8411898fc418a521833e014a77d3ca01c15b0c6cdcce6a0d2897e6dbbdf", size = 16821570, upload-time = "2025-05-17T21:32:47.991Z" }, + { url = "https://files.pythonhosted.org/packages/83/6c/44d0325722cf644f191042bf47eedad61c1e6df2432ed65cbe28509d404e/numpy-2.2.6-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:bd48227a919f1bafbdda0583705e547892342c26fb127219d60a5c36882609d1", size = 15818548, upload-time = "2025-05-17T21:33:11.728Z" }, + { url = "https://files.pythonhosted.org/packages/ae/9d/81e8216030ce66be25279098789b665d49ff19eef08bfa8cb96d4957f422/numpy-2.2.6-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:9551a499bf125c1d4f9e250377c1ee2eddd02e01eac6644c080162c0c51778ab", size = 18620521, upload-time = "2025-05-17T21:33:39.139Z" }, + { url = "https://files.pythonhosted.org/packages/6a/fd/e19617b9530b031db51b0926eed5345ce8ddc669bb3bc0044b23e275ebe8/numpy-2.2.6-cp311-cp311-win32.whl", hash = "sha256:0678000bb9ac1475cd454c6b8c799206af8107e310843532b04d49649c717a47", size = 6525866, upload-time = "2025-05-17T21:33:50.273Z" }, + { url = "https://files.pythonhosted.org/packages/31/0a/f354fb7176b81747d870f7991dc763e157a934c717b67b58456bc63da3df/numpy-2.2.6-cp311-cp311-win_amd64.whl", hash = "sha256:e8213002e427c69c45a52bbd94163084025f533a55a59d6f9c5b820774ef3303", size = 12907455, upload-time = "2025-05-17T21:34:09.135Z" }, + { url = "https://files.pythonhosted.org/packages/82/5d/c00588b6cf18e1da539b45d3598d3557084990dcc4331960c15ee776ee41/numpy-2.2.6-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:41c5a21f4a04fa86436124d388f6ed60a9343a6f767fced1a8a71c3fbca038ff", size = 20875348, upload-time = "2025-05-17T21:34:39.648Z" }, + { url = "https://files.pythonhosted.org/packages/66/ee/560deadcdde6c2f90200450d5938f63a34b37e27ebff162810f716f6a230/numpy-2.2.6-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:de749064336d37e340f640b05f24e9e3dd678c57318c7289d222a8a2f543e90c", size = 14119362, upload-time = "2025-05-17T21:35:01.241Z" }, + { url = "https://files.pythonhosted.org/packages/3c/65/4baa99f1c53b30adf0acd9a5519078871ddde8d2339dc5a7fde80d9d87da/numpy-2.2.6-cp312-cp312-macosx_14_0_arm64.whl", hash = "sha256:894b3a42502226a1cac872f840030665f33326fc3dac8e57c607905773cdcde3", size = 5084103, upload-time = "2025-05-17T21:35:10.622Z" }, + { url = "https://files.pythonhosted.org/packages/cc/89/e5a34c071a0570cc40c9a54eb472d113eea6d002e9ae12bb3a8407fb912e/numpy-2.2.6-cp312-cp312-macosx_14_0_x86_64.whl", hash = "sha256:71594f7c51a18e728451bb50cc60a3ce4e6538822731b2933209a1f3614e9282", size = 6625382, upload-time = "2025-05-17T21:35:21.414Z" }, + { url = "https://files.pythonhosted.org/packages/f8/35/8c80729f1ff76b3921d5c9487c7ac3de9b2a103b1cd05e905b3090513510/numpy-2.2.6-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f2618db89be1b4e05f7a1a847a9c1c0abd63e63a1607d892dd54668dd92faf87", size = 14018462, upload-time = "2025-05-17T21:35:42.174Z" }, + { url = "https://files.pythonhosted.org/packages/8c/3d/1e1db36cfd41f895d266b103df00ca5b3cbe965184df824dec5c08c6b803/numpy-2.2.6-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:fd83c01228a688733f1ded5201c678f0c53ecc1006ffbc404db9f7a899ac6249", size = 16527618, upload-time = "2025-05-17T21:36:06.711Z" }, + { url = "https://files.pythonhosted.org/packages/61/c6/03ed30992602c85aa3cd95b9070a514f8b3c33e31124694438d88809ae36/numpy-2.2.6-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:37c0ca431f82cd5fa716eca9506aefcabc247fb27ba69c5062a6d3ade8cf8f49", size = 15505511, upload-time = "2025-05-17T21:36:29.965Z" }, + { url = "https://files.pythonhosted.org/packages/b7/25/5761d832a81df431e260719ec45de696414266613c9ee268394dd5ad8236/numpy-2.2.6-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:fe27749d33bb772c80dcd84ae7e8df2adc920ae8297400dabec45f0dedb3f6de", size = 18313783, upload-time = "2025-05-17T21:36:56.883Z" }, + { url = "https://files.pythonhosted.org/packages/57/0a/72d5a3527c5ebffcd47bde9162c39fae1f90138c961e5296491ce778e682/numpy-2.2.6-cp312-cp312-win32.whl", hash = "sha256:4eeaae00d789f66c7a25ac5f34b71a7035bb474e679f410e5e1a94deb24cf2d4", size = 6246506, upload-time = "2025-05-17T21:37:07.368Z" }, + { url = "https://files.pythonhosted.org/packages/36/fa/8c9210162ca1b88529ab76b41ba02d433fd54fecaf6feb70ef9f124683f1/numpy-2.2.6-cp312-cp312-win_amd64.whl", hash = "sha256:c1f9540be57940698ed329904db803cf7a402f3fc200bfe599334c9bd84a40b2", size = 12614190, upload-time = "2025-05-17T21:37:26.213Z" }, + { url = "https://files.pythonhosted.org/packages/f9/5c/6657823f4f594f72b5471f1db1ab12e26e890bb2e41897522d134d2a3e81/numpy-2.2.6-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:0811bb762109d9708cca4d0b13c4f67146e3c3b7cf8d34018c722adb2d957c84", size = 20867828, upload-time = "2025-05-17T21:37:56.699Z" }, + { url = "https://files.pythonhosted.org/packages/dc/9e/14520dc3dadf3c803473bd07e9b2bd1b69bc583cb2497b47000fed2fa92f/numpy-2.2.6-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:287cc3162b6f01463ccd86be154f284d0893d2b3ed7292439ea97eafa8170e0b", size = 14143006, upload-time = "2025-05-17T21:38:18.291Z" }, + { url = "https://files.pythonhosted.org/packages/4f/06/7e96c57d90bebdce9918412087fc22ca9851cceaf5567a45c1f404480e9e/numpy-2.2.6-cp313-cp313-macosx_14_0_arm64.whl", hash = "sha256:f1372f041402e37e5e633e586f62aa53de2eac8d98cbfb822806ce4bbefcb74d", size = 5076765, upload-time = "2025-05-17T21:38:27.319Z" }, + { url = "https://files.pythonhosted.org/packages/73/ed/63d920c23b4289fdac96ddbdd6132e9427790977d5457cd132f18e76eae0/numpy-2.2.6-cp313-cp313-macosx_14_0_x86_64.whl", hash = "sha256:55a4d33fa519660d69614a9fad433be87e5252f4b03850642f88993f7b2ca566", size = 6617736, upload-time = "2025-05-17T21:38:38.141Z" }, + { url = "https://files.pythonhosted.org/packages/85/c5/e19c8f99d83fd377ec8c7e0cf627a8049746da54afc24ef0a0cb73d5dfb5/numpy-2.2.6-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f92729c95468a2f4f15e9bb94c432a9229d0d50de67304399627a943201baa2f", size = 14010719, upload-time = "2025-05-17T21:38:58.433Z" }, + { url = "https://files.pythonhosted.org/packages/19/49/4df9123aafa7b539317bf6d342cb6d227e49f7a35b99c287a6109b13dd93/numpy-2.2.6-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:1bc23a79bfabc5d056d106f9befb8d50c31ced2fbc70eedb8155aec74a45798f", size = 16526072, upload-time = "2025-05-17T21:39:22.638Z" }, + { url = "https://files.pythonhosted.org/packages/b2/6c/04b5f47f4f32f7c2b0e7260442a8cbcf8168b0e1a41ff1495da42f42a14f/numpy-2.2.6-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:e3143e4451880bed956e706a3220b4e5cf6172ef05fcc397f6f36a550b1dd868", size = 15503213, upload-time = "2025-05-17T21:39:45.865Z" }, + { url = "https://files.pythonhosted.org/packages/17/0a/5cd92e352c1307640d5b6fec1b2ffb06cd0dabe7d7b8227f97933d378422/numpy-2.2.6-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:b4f13750ce79751586ae2eb824ba7e1e8dba64784086c98cdbbcc6a42112ce0d", size = 18316632, upload-time = "2025-05-17T21:40:13.331Z" }, + { url = "https://files.pythonhosted.org/packages/f0/3b/5cba2b1d88760ef86596ad0f3d484b1cbff7c115ae2429678465057c5155/numpy-2.2.6-cp313-cp313-win32.whl", hash = "sha256:5beb72339d9d4fa36522fc63802f469b13cdbe4fdab4a288f0c441b74272ebfd", size = 6244532, upload-time = "2025-05-17T21:43:46.099Z" }, + { url = "https://files.pythonhosted.org/packages/cb/3b/d58c12eafcb298d4e6d0d40216866ab15f59e55d148a5658bb3132311fcf/numpy-2.2.6-cp313-cp313-win_amd64.whl", hash = "sha256:b0544343a702fa80c95ad5d3d608ea3599dd54d4632df855e4c8d24eb6ecfa1c", size = 12610885, upload-time = "2025-05-17T21:44:05.145Z" }, + { url = "https://files.pythonhosted.org/packages/6b/9e/4bf918b818e516322db999ac25d00c75788ddfd2d2ade4fa66f1f38097e1/numpy-2.2.6-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:0bca768cd85ae743b2affdc762d617eddf3bcf8724435498a1e80132d04879e6", size = 20963467, upload-time = "2025-05-17T21:40:44Z" }, + { url = "https://files.pythonhosted.org/packages/61/66/d2de6b291507517ff2e438e13ff7b1e2cdbdb7cb40b3ed475377aece69f9/numpy-2.2.6-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:fc0c5673685c508a142ca65209b4e79ed6740a4ed6b2267dbba90f34b0b3cfda", size = 14225144, upload-time = "2025-05-17T21:41:05.695Z" }, + { url = "https://files.pythonhosted.org/packages/e4/25/480387655407ead912e28ba3a820bc69af9adf13bcbe40b299d454ec011f/numpy-2.2.6-cp313-cp313t-macosx_14_0_arm64.whl", hash = "sha256:5bd4fc3ac8926b3819797a7c0e2631eb889b4118a9898c84f585a54d475b7e40", size = 5200217, upload-time = "2025-05-17T21:41:15.903Z" }, + { url = "https://files.pythonhosted.org/packages/aa/4a/6e313b5108f53dcbf3aca0c0f3e9c92f4c10ce57a0a721851f9785872895/numpy-2.2.6-cp313-cp313t-macosx_14_0_x86_64.whl", hash = "sha256:fee4236c876c4e8369388054d02d0e9bb84821feb1a64dd59e137e6511a551f8", size = 6712014, upload-time = "2025-05-17T21:41:27.321Z" }, + { url = "https://files.pythonhosted.org/packages/b7/30/172c2d5c4be71fdf476e9de553443cf8e25feddbe185e0bd88b096915bcc/numpy-2.2.6-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e1dda9c7e08dc141e0247a5b8f49cf05984955246a327d4c48bda16821947b2f", size = 14077935, upload-time = "2025-05-17T21:41:49.738Z" }, + { url = "https://files.pythonhosted.org/packages/12/fb/9e743f8d4e4d3c710902cf87af3512082ae3d43b945d5d16563f26ec251d/numpy-2.2.6-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f447e6acb680fd307f40d3da4852208af94afdfab89cf850986c3ca00562f4fa", size = 16600122, upload-time = "2025-05-17T21:42:14.046Z" }, + { url = "https://files.pythonhosted.org/packages/12/75/ee20da0e58d3a66f204f38916757e01e33a9737d0b22373b3eb5a27358f9/numpy-2.2.6-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:389d771b1623ec92636b0786bc4ae56abafad4a4c513d36a55dce14bd9ce8571", size = 15586143, upload-time = "2025-05-17T21:42:37.464Z" }, + { url = "https://files.pythonhosted.org/packages/76/95/bef5b37f29fc5e739947e9ce5179ad402875633308504a52d188302319c8/numpy-2.2.6-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:8e9ace4a37db23421249ed236fdcdd457d671e25146786dfc96835cd951aa7c1", size = 18385260, upload-time = "2025-05-17T21:43:05.189Z" }, + { url = "https://files.pythonhosted.org/packages/09/04/f2f83279d287407cf36a7a8053a5abe7be3622a4363337338f2585e4afda/numpy-2.2.6-cp313-cp313t-win32.whl", hash = "sha256:038613e9fb8c72b0a41f025a7e4c3f0b7a1b5d768ece4796b674c8f3fe13efff", size = 6377225, upload-time = "2025-05-17T21:43:16.254Z" }, + { url = "https://files.pythonhosted.org/packages/67/0e/35082d13c09c02c011cf21570543d202ad929d961c02a147493cb0c2bdf5/numpy-2.2.6-cp313-cp313t-win_amd64.whl", hash = "sha256:6031dd6dfecc0cf9f668681a37648373bddd6421fff6c66ec1624eed0180ee06", size = 12771374, upload-time = "2025-05-17T21:43:35.479Z" }, + { url = "https://files.pythonhosted.org/packages/9e/3b/d94a75f4dbf1ef5d321523ecac21ef23a3cd2ac8b78ae2aac40873590229/numpy-2.2.6-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:0b605b275d7bd0c640cad4e5d30fa701a8d59302e127e5f79138ad62762c3e3d", size = 21040391, upload-time = "2025-05-17T21:44:35.948Z" }, + { url = "https://files.pythonhosted.org/packages/17/f4/09b2fa1b58f0fb4f7c7963a1649c64c4d315752240377ed74d9cd878f7b5/numpy-2.2.6-pp310-pypy310_pp73-macosx_14_0_x86_64.whl", hash = "sha256:7befc596a7dc9da8a337f79802ee8adb30a552a94f792b9c9d18c840055907db", size = 6786754, upload-time = "2025-05-17T21:44:47.446Z" }, + { url = "https://files.pythonhosted.org/packages/af/30/feba75f143bdc868a1cc3f44ccfa6c4b9ec522b36458e738cd00f67b573f/numpy-2.2.6-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ce47521a4754c8f4593837384bd3424880629f718d87c5d44f8ed763edd63543", size = 16643476, upload-time = "2025-05-17T21:45:11.871Z" }, + { url = "https://files.pythonhosted.org/packages/37/48/ac2a9584402fb6c0cd5b5d1a91dcf176b15760130dd386bbafdbfe3640bf/numpy-2.2.6-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:d042d24c90c41b54fd506da306759e06e568864df8ec17ccc17e9e884634fd00", size = 12812666, upload-time = "2025-05-17T21:45:31.426Z" }, +] + +[[package]] +name = "numpy" +version = "2.3.2" +source = { registry = "https://pypi.org/simple" } +resolution-markers = [ + "python_full_version >= '3.12'", + "python_full_version == '3.11.*'", +] +sdist = { url = "https://files.pythonhosted.org/packages/37/7d/3fec4199c5ffb892bed55cff901e4f39a58c81df9c44c280499e92cad264/numpy-2.3.2.tar.gz", hash = "sha256:e0486a11ec30cdecb53f184d496d1c6a20786c81e55e41640270130056f8ee48", size = 20489306, upload-time = "2025-07-24T21:32:07.553Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/96/26/1320083986108998bd487e2931eed2aeedf914b6e8905431487543ec911d/numpy-2.3.2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:852ae5bed3478b92f093e30f785c98e0cb62fa0a939ed057c31716e18a7a22b9", size = 21259016, upload-time = "2025-07-24T20:24:35.214Z" }, + { url = "https://files.pythonhosted.org/packages/c4/2b/792b341463fa93fc7e55abbdbe87dac316c5b8cb5e94fb7a59fb6fa0cda5/numpy-2.3.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:7a0e27186e781a69959d0230dd9909b5e26024f8da10683bd6344baea1885168", size = 14451158, upload-time = "2025-07-24T20:24:58.397Z" }, + { url = "https://files.pythonhosted.org/packages/b7/13/e792d7209261afb0c9f4759ffef6135b35c77c6349a151f488f531d13595/numpy-2.3.2-cp311-cp311-macosx_14_0_arm64.whl", hash = "sha256:f0a1a8476ad77a228e41619af2fa9505cf69df928e9aaa165746584ea17fed2b", size = 5379817, upload-time = "2025-07-24T20:25:07.746Z" }, + { url = "https://files.pythonhosted.org/packages/49/ce/055274fcba4107c022b2113a213c7287346563f48d62e8d2a5176ad93217/numpy-2.3.2-cp311-cp311-macosx_14_0_x86_64.whl", hash = "sha256:cbc95b3813920145032412f7e33d12080f11dc776262df1712e1638207dde9e8", size = 6913606, upload-time = "2025-07-24T20:25:18.84Z" }, + { url = "https://files.pythonhosted.org/packages/17/f2/e4d72e6bc5ff01e2ab613dc198d560714971900c03674b41947e38606502/numpy-2.3.2-cp311-cp311-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:f75018be4980a7324edc5930fe39aa391d5734531b1926968605416ff58c332d", size = 14589652, upload-time = "2025-07-24T20:25:40.356Z" }, + { url = "https://files.pythonhosted.org/packages/c8/b0/fbeee3000a51ebf7222016e2939b5c5ecf8000a19555d04a18f1e02521b8/numpy-2.3.2-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:20b8200721840f5621b7bd03f8dcd78de33ec522fc40dc2641aa09537df010c3", size = 16938816, upload-time = "2025-07-24T20:26:05.721Z" }, + { url = "https://files.pythonhosted.org/packages/a9/ec/2f6c45c3484cc159621ea8fc000ac5a86f1575f090cac78ac27193ce82cd/numpy-2.3.2-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:1f91e5c028504660d606340a084db4b216567ded1056ea2b4be4f9d10b67197f", size = 16370512, upload-time = "2025-07-24T20:26:30.545Z" }, + { url = "https://files.pythonhosted.org/packages/b5/01/dd67cf511850bd7aefd6347aaae0956ed415abea741ae107834aae7d6d4e/numpy-2.3.2-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:fb1752a3bb9a3ad2d6b090b88a9a0ae1cd6f004ef95f75825e2f382c183b2097", size = 18884947, upload-time = "2025-07-24T20:26:58.24Z" }, + { url = "https://files.pythonhosted.org/packages/a7/17/2cf60fd3e6a61d006778735edf67a222787a8c1a7842aed43ef96d777446/numpy-2.3.2-cp311-cp311-win32.whl", hash = "sha256:4ae6863868aaee2f57503c7a5052b3a2807cf7a3914475e637a0ecd366ced220", size = 6599494, upload-time = "2025-07-24T20:27:09.786Z" }, + { url = "https://files.pythonhosted.org/packages/d5/03/0eade211c504bda872a594f045f98ddcc6caef2b7c63610946845e304d3f/numpy-2.3.2-cp311-cp311-win_amd64.whl", hash = "sha256:240259d6564f1c65424bcd10f435145a7644a65a6811cfc3201c4a429ba79170", size = 13087889, upload-time = "2025-07-24T20:27:29.558Z" }, + { url = "https://files.pythonhosted.org/packages/13/32/2c7979d39dafb2a25087e12310fc7f3b9d3c7d960df4f4bc97955ae0ce1d/numpy-2.3.2-cp311-cp311-win_arm64.whl", hash = "sha256:4209f874d45f921bde2cff1ffcd8a3695f545ad2ffbef6d3d3c6768162efab89", size = 10459560, upload-time = "2025-07-24T20:27:46.803Z" }, + { url = "https://files.pythonhosted.org/packages/00/6d/745dd1c1c5c284d17725e5c802ca4d45cfc6803519d777f087b71c9f4069/numpy-2.3.2-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:bc3186bea41fae9d8e90c2b4fb5f0a1f5a690682da79b92574d63f56b529080b", size = 20956420, upload-time = "2025-07-24T20:28:18.002Z" }, + { url = "https://files.pythonhosted.org/packages/bc/96/e7b533ea5740641dd62b07a790af5d9d8fec36000b8e2d0472bd7574105f/numpy-2.3.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:2f4f0215edb189048a3c03bd5b19345bdfa7b45a7a6f72ae5945d2a28272727f", size = 14184660, upload-time = "2025-07-24T20:28:39.522Z" }, + { url = "https://files.pythonhosted.org/packages/2b/53/102c6122db45a62aa20d1b18c9986f67e6b97e0d6fbc1ae13e3e4c84430c/numpy-2.3.2-cp312-cp312-macosx_14_0_arm64.whl", hash = "sha256:8b1224a734cd509f70816455c3cffe13a4f599b1bf7130f913ba0e2c0b2006c0", size = 5113382, upload-time = "2025-07-24T20:28:48.544Z" }, + { url = "https://files.pythonhosted.org/packages/2b/21/376257efcbf63e624250717e82b4fae93d60178f09eb03ed766dbb48ec9c/numpy-2.3.2-cp312-cp312-macosx_14_0_x86_64.whl", hash = "sha256:3dcf02866b977a38ba3ec10215220609ab9667378a9e2150615673f3ffd6c73b", size = 6647258, upload-time = "2025-07-24T20:28:59.104Z" }, + { url = "https://files.pythonhosted.org/packages/91/ba/f4ebf257f08affa464fe6036e13f2bf9d4642a40228781dc1235da81be9f/numpy-2.3.2-cp312-cp312-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:572d5512df5470f50ada8d1972c5f1082d9a0b7aa5944db8084077570cf98370", size = 14281409, upload-time = "2025-07-24T20:40:30.298Z" }, + { url = "https://files.pythonhosted.org/packages/59/ef/f96536f1df42c668cbacb727a8c6da7afc9c05ece6d558927fb1722693e1/numpy-2.3.2-cp312-cp312-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:8145dd6d10df13c559d1e4314df29695613575183fa2e2d11fac4c208c8a1f73", size = 16641317, upload-time = "2025-07-24T20:40:56.625Z" }, + { url = "https://files.pythonhosted.org/packages/f6/a7/af813a7b4f9a42f498dde8a4c6fcbff8100eed00182cc91dbaf095645f38/numpy-2.3.2-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:103ea7063fa624af04a791c39f97070bf93b96d7af7eb23530cd087dc8dbe9dc", size = 16056262, upload-time = "2025-07-24T20:41:20.797Z" }, + { url = "https://files.pythonhosted.org/packages/8b/5d/41c4ef8404caaa7f05ed1cfb06afe16a25895260eacbd29b4d84dff2920b/numpy-2.3.2-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:fc927d7f289d14f5e037be917539620603294454130b6de200091e23d27dc9be", size = 18579342, upload-time = "2025-07-24T20:41:50.753Z" }, + { url = "https://files.pythonhosted.org/packages/a1/4f/9950e44c5a11636f4a3af6e825ec23003475cc9a466edb7a759ed3ea63bd/numpy-2.3.2-cp312-cp312-win32.whl", hash = "sha256:d95f59afe7f808c103be692175008bab926b59309ade3e6d25009e9a171f7036", size = 6320610, upload-time = "2025-07-24T20:42:01.551Z" }, + { url = "https://files.pythonhosted.org/packages/7c/2f/244643a5ce54a94f0a9a2ab578189c061e4a87c002e037b0829dd77293b6/numpy-2.3.2-cp312-cp312-win_amd64.whl", hash = "sha256:9e196ade2400c0c737d93465327d1ae7c06c7cb8a1756121ebf54b06ca183c7f", size = 12786292, upload-time = "2025-07-24T20:42:20.738Z" }, + { url = "https://files.pythonhosted.org/packages/54/cd/7b5f49d5d78db7badab22d8323c1b6ae458fbf86c4fdfa194ab3cd4eb39b/numpy-2.3.2-cp312-cp312-win_arm64.whl", hash = "sha256:ee807923782faaf60d0d7331f5e86da7d5e3079e28b291973c545476c2b00d07", size = 10194071, upload-time = "2025-07-24T20:42:36.657Z" }, + { url = "https://files.pythonhosted.org/packages/1c/c0/c6bb172c916b00700ed3bf71cb56175fd1f7dbecebf8353545d0b5519f6c/numpy-2.3.2-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:c8d9727f5316a256425892b043736d63e89ed15bbfe6556c5ff4d9d4448ff3b3", size = 20949074, upload-time = "2025-07-24T20:43:07.813Z" }, + { url = "https://files.pythonhosted.org/packages/20/4e/c116466d22acaf4573e58421c956c6076dc526e24a6be0903219775d862e/numpy-2.3.2-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:efc81393f25f14d11c9d161e46e6ee348637c0a1e8a54bf9dedc472a3fae993b", size = 14177311, upload-time = "2025-07-24T20:43:29.335Z" }, + { url = "https://files.pythonhosted.org/packages/78/45/d4698c182895af189c463fc91d70805d455a227261d950e4e0f1310c2550/numpy-2.3.2-cp313-cp313-macosx_14_0_arm64.whl", hash = "sha256:dd937f088a2df683cbb79dda9a772b62a3e5a8a7e76690612c2737f38c6ef1b6", size = 5106022, upload-time = "2025-07-24T20:43:37.999Z" }, + { url = "https://files.pythonhosted.org/packages/9f/76/3e6880fef4420179309dba72a8c11f6166c431cf6dee54c577af8906f914/numpy-2.3.2-cp313-cp313-macosx_14_0_x86_64.whl", hash = "sha256:11e58218c0c46c80509186e460d79fbdc9ca1eb8d8aee39d8f2dc768eb781089", size = 6640135, upload-time = "2025-07-24T20:43:49.28Z" }, + { url = "https://files.pythonhosted.org/packages/34/fa/87ff7f25b3c4ce9085a62554460b7db686fef1e0207e8977795c7b7d7ba1/numpy-2.3.2-cp313-cp313-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:5ad4ebcb683a1f99f4f392cc522ee20a18b2bb12a2c1c42c3d48d5a1adc9d3d2", size = 14278147, upload-time = "2025-07-24T20:44:10.328Z" }, + { url = "https://files.pythonhosted.org/packages/1d/0f/571b2c7a3833ae419fe69ff7b479a78d313581785203cc70a8db90121b9a/numpy-2.3.2-cp313-cp313-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:938065908d1d869c7d75d8ec45f735a034771c6ea07088867f713d1cd3bbbe4f", size = 16635989, upload-time = "2025-07-24T20:44:34.88Z" }, + { url = "https://files.pythonhosted.org/packages/24/5a/84ae8dca9c9a4c592fe11340b36a86ffa9fd3e40513198daf8a97839345c/numpy-2.3.2-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:66459dccc65d8ec98cc7df61307b64bf9e08101f9598755d42d8ae65d9a7a6ee", size = 16053052, upload-time = "2025-07-24T20:44:58.872Z" }, + { url = "https://files.pythonhosted.org/packages/57/7c/e5725d99a9133b9813fcf148d3f858df98511686e853169dbaf63aec6097/numpy-2.3.2-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:a7af9ed2aa9ec5950daf05bb11abc4076a108bd3c7db9aa7251d5f107079b6a6", size = 18577955, upload-time = "2025-07-24T20:45:26.714Z" }, + { url = "https://files.pythonhosted.org/packages/ae/11/7c546fcf42145f29b71e4d6f429e96d8d68e5a7ba1830b2e68d7418f0bbd/numpy-2.3.2-cp313-cp313-win32.whl", hash = "sha256:906a30249315f9c8e17b085cc5f87d3f369b35fedd0051d4a84686967bdbbd0b", size = 6311843, upload-time = "2025-07-24T20:49:24.444Z" }, + { url = "https://files.pythonhosted.org/packages/aa/6f/a428fd1cb7ed39b4280d057720fed5121b0d7754fd2a9768640160f5517b/numpy-2.3.2-cp313-cp313-win_amd64.whl", hash = "sha256:c63d95dc9d67b676e9108fe0d2182987ccb0f11933c1e8959f42fa0da8d4fa56", size = 12782876, upload-time = "2025-07-24T20:49:43.227Z" }, + { url = "https://files.pythonhosted.org/packages/65/85/4ea455c9040a12595fb6c43f2c217257c7b52dd0ba332c6a6c1d28b289fe/numpy-2.3.2-cp313-cp313-win_arm64.whl", hash = "sha256:b05a89f2fb84d21235f93de47129dd4f11c16f64c87c33f5e284e6a3a54e43f2", size = 10192786, upload-time = "2025-07-24T20:49:59.443Z" }, + { url = "https://files.pythonhosted.org/packages/80/23/8278f40282d10c3f258ec3ff1b103d4994bcad78b0cba9208317f6bb73da/numpy-2.3.2-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:4e6ecfeddfa83b02318f4d84acf15fbdbf9ded18e46989a15a8b6995dfbf85ab", size = 21047395, upload-time = "2025-07-24T20:45:58.821Z" }, + { url = "https://files.pythonhosted.org/packages/1f/2d/624f2ce4a5df52628b4ccd16a4f9437b37c35f4f8a50d00e962aae6efd7a/numpy-2.3.2-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:508b0eada3eded10a3b55725b40806a4b855961040180028f52580c4729916a2", size = 14300374, upload-time = "2025-07-24T20:46:20.207Z" }, + { url = "https://files.pythonhosted.org/packages/f6/62/ff1e512cdbb829b80a6bd08318a58698867bca0ca2499d101b4af063ee97/numpy-2.3.2-cp313-cp313t-macosx_14_0_arm64.whl", hash = "sha256:754d6755d9a7588bdc6ac47dc4ee97867271b17cee39cb87aef079574366db0a", size = 5228864, upload-time = "2025-07-24T20:46:30.58Z" }, + { url = "https://files.pythonhosted.org/packages/7d/8e/74bc18078fff03192d4032cfa99d5a5ca937807136d6f5790ce07ca53515/numpy-2.3.2-cp313-cp313t-macosx_14_0_x86_64.whl", hash = "sha256:a9f66e7d2b2d7712410d3bc5684149040ef5f19856f20277cd17ea83e5006286", size = 6737533, upload-time = "2025-07-24T20:46:46.111Z" }, + { url = "https://files.pythonhosted.org/packages/19/ea/0731efe2c9073ccca5698ef6a8c3667c4cf4eea53fcdcd0b50140aba03bc/numpy-2.3.2-cp313-cp313t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:de6ea4e5a65d5a90c7d286ddff2b87f3f4ad61faa3db8dabe936b34c2275b6f8", size = 14352007, upload-time = "2025-07-24T20:47:07.1Z" }, + { url = "https://files.pythonhosted.org/packages/cf/90/36be0865f16dfed20f4bc7f75235b963d5939707d4b591f086777412ff7b/numpy-2.3.2-cp313-cp313t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:a3ef07ec8cbc8fc9e369c8dcd52019510c12da4de81367d8b20bc692aa07573a", size = 16701914, upload-time = "2025-07-24T20:47:32.459Z" }, + { url = "https://files.pythonhosted.org/packages/94/30/06cd055e24cb6c38e5989a9e747042b4e723535758e6153f11afea88c01b/numpy-2.3.2-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:27c9f90e7481275c7800dc9c24b7cc40ace3fdb970ae4d21eaff983a32f70c91", size = 16132708, upload-time = "2025-07-24T20:47:58.129Z" }, + { url = "https://files.pythonhosted.org/packages/9a/14/ecede608ea73e58267fd7cb78f42341b3b37ba576e778a1a06baffbe585c/numpy-2.3.2-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:07b62978075b67eee4065b166d000d457c82a1efe726cce608b9db9dd66a73a5", size = 18651678, upload-time = "2025-07-24T20:48:25.402Z" }, + { url = "https://files.pythonhosted.org/packages/40/f3/2fe6066b8d07c3685509bc24d56386534c008b462a488b7f503ba82b8923/numpy-2.3.2-cp313-cp313t-win32.whl", hash = "sha256:c771cfac34a4f2c0de8e8c97312d07d64fd8f8ed45bc9f5726a7e947270152b5", size = 6441832, upload-time = "2025-07-24T20:48:37.181Z" }, + { url = "https://files.pythonhosted.org/packages/0b/ba/0937d66d05204d8f28630c9c60bc3eda68824abde4cf756c4d6aad03b0c6/numpy-2.3.2-cp313-cp313t-win_amd64.whl", hash = "sha256:72dbebb2dcc8305c431b2836bcc66af967df91be793d63a24e3d9b741374c450", size = 12927049, upload-time = "2025-07-24T20:48:56.24Z" }, + { url = "https://files.pythonhosted.org/packages/e9/ed/13542dd59c104d5e654dfa2ac282c199ba64846a74c2c4bcdbc3a0f75df1/numpy-2.3.2-cp313-cp313t-win_arm64.whl", hash = "sha256:72c6df2267e926a6d5286b0a6d556ebe49eae261062059317837fda12ddf0c1a", size = 10262935, upload-time = "2025-07-24T20:49:13.136Z" }, + { url = "https://files.pythonhosted.org/packages/c9/7c/7659048aaf498f7611b783e000c7268fcc4dcf0ce21cd10aad7b2e8f9591/numpy-2.3.2-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:448a66d052d0cf14ce9865d159bfc403282c9bc7bb2a31b03cc18b651eca8b1a", size = 20950906, upload-time = "2025-07-24T20:50:30.346Z" }, + { url = "https://files.pythonhosted.org/packages/80/db/984bea9d4ddf7112a04cfdfb22b1050af5757864cfffe8e09e44b7f11a10/numpy-2.3.2-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:546aaf78e81b4081b2eba1d105c3b34064783027a06b3ab20b6eba21fb64132b", size = 14185607, upload-time = "2025-07-24T20:50:51.923Z" }, + { url = "https://files.pythonhosted.org/packages/e4/76/b3d6f414f4eca568f469ac112a3b510938d892bc5a6c190cb883af080b77/numpy-2.3.2-cp314-cp314-macosx_14_0_arm64.whl", hash = "sha256:87c930d52f45df092f7578889711a0768094debf73cfcde105e2d66954358125", size = 5114110, upload-time = "2025-07-24T20:51:01.041Z" }, + { url = "https://files.pythonhosted.org/packages/9e/d2/6f5e6826abd6bca52392ed88fe44a4b52aacb60567ac3bc86c67834c3a56/numpy-2.3.2-cp314-cp314-macosx_14_0_x86_64.whl", hash = "sha256:8dc082ea901a62edb8f59713c6a7e28a85daddcb67454c839de57656478f5b19", size = 6642050, upload-time = "2025-07-24T20:51:11.64Z" }, + { url = "https://files.pythonhosted.org/packages/c4/43/f12b2ade99199e39c73ad182f103f9d9791f48d885c600c8e05927865baf/numpy-2.3.2-cp314-cp314-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:af58de8745f7fa9ca1c0c7c943616c6fe28e75d0c81f5c295810e3c83b5be92f", size = 14296292, upload-time = "2025-07-24T20:51:33.488Z" }, + { url = "https://files.pythonhosted.org/packages/5d/f9/77c07d94bf110a916b17210fac38680ed8734c236bfed9982fd8524a7b47/numpy-2.3.2-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:fed5527c4cf10f16c6d0b6bee1f89958bccb0ad2522c8cadc2efd318bcd545f5", size = 16638913, upload-time = "2025-07-24T20:51:58.517Z" }, + { url = "https://files.pythonhosted.org/packages/9b/d1/9d9f2c8ea399cc05cfff8a7437453bd4e7d894373a93cdc46361bbb49a7d/numpy-2.3.2-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:095737ed986e00393ec18ec0b21b47c22889ae4b0cd2d5e88342e08b01141f58", size = 16071180, upload-time = "2025-07-24T20:52:22.827Z" }, + { url = "https://files.pythonhosted.org/packages/4c/41/82e2c68aff2a0c9bf315e47d61951099fed65d8cb2c8d9dc388cb87e947e/numpy-2.3.2-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:b5e40e80299607f597e1a8a247ff8d71d79c5b52baa11cc1cce30aa92d2da6e0", size = 18576809, upload-time = "2025-07-24T20:52:51.015Z" }, + { url = "https://files.pythonhosted.org/packages/14/14/4b4fd3efb0837ed252d0f583c5c35a75121038a8c4e065f2c259be06d2d8/numpy-2.3.2-cp314-cp314-win32.whl", hash = "sha256:7d6e390423cc1f76e1b8108c9b6889d20a7a1f59d9a60cac4a050fa734d6c1e2", size = 6366410, upload-time = "2025-07-24T20:56:44.949Z" }, + { url = "https://files.pythonhosted.org/packages/11/9e/b4c24a6b8467b61aced5c8dc7dcfce23621baa2e17f661edb2444a418040/numpy-2.3.2-cp314-cp314-win_amd64.whl", hash = "sha256:b9d0878b21e3918d76d2209c924ebb272340da1fb51abc00f986c258cd5e957b", size = 12918821, upload-time = "2025-07-24T20:57:06.479Z" }, + { url = "https://files.pythonhosted.org/packages/0e/0f/0dc44007c70b1007c1cef86b06986a3812dd7106d8f946c09cfa75782556/numpy-2.3.2-cp314-cp314-win_arm64.whl", hash = "sha256:2738534837c6a1d0c39340a190177d7d66fdf432894f469728da901f8f6dc910", size = 10477303, upload-time = "2025-07-24T20:57:22.879Z" }, + { url = "https://files.pythonhosted.org/packages/8b/3e/075752b79140b78ddfc9c0a1634d234cfdbc6f9bbbfa6b7504e445ad7d19/numpy-2.3.2-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:4d002ecf7c9b53240be3bb69d80f86ddbd34078bae04d87be81c1f58466f264e", size = 21047524, upload-time = "2025-07-24T20:53:22.086Z" }, + { url = "https://files.pythonhosted.org/packages/fe/6d/60e8247564a72426570d0e0ea1151b95ce5bd2f1597bb878a18d32aec855/numpy-2.3.2-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:293b2192c6bcce487dbc6326de5853787f870aeb6c43f8f9c6496db5b1781e45", size = 14300519, upload-time = "2025-07-24T20:53:44.053Z" }, + { url = "https://files.pythonhosted.org/packages/4d/73/d8326c442cd428d47a067070c3ac6cc3b651a6e53613a1668342a12d4479/numpy-2.3.2-cp314-cp314t-macosx_14_0_arm64.whl", hash = "sha256:0a4f2021a6da53a0d580d6ef5db29947025ae8b35b3250141805ea9a32bbe86b", size = 5228972, upload-time = "2025-07-24T20:53:53.81Z" }, + { url = "https://files.pythonhosted.org/packages/34/2e/e71b2d6dad075271e7079db776196829019b90ce3ece5c69639e4f6fdc44/numpy-2.3.2-cp314-cp314t-macosx_14_0_x86_64.whl", hash = "sha256:9c144440db4bf3bb6372d2c3e49834cc0ff7bb4c24975ab33e01199e645416f2", size = 6737439, upload-time = "2025-07-24T20:54:04.742Z" }, + { url = "https://files.pythonhosted.org/packages/15/b0/d004bcd56c2c5e0500ffc65385eb6d569ffd3363cb5e593ae742749b2daa/numpy-2.3.2-cp314-cp314t-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:f92d6c2a8535dc4fe4419562294ff957f83a16ebdec66df0805e473ffaad8bd0", size = 14352479, upload-time = "2025-07-24T20:54:25.819Z" }, + { url = "https://files.pythonhosted.org/packages/11/e3/285142fcff8721e0c99b51686426165059874c150ea9ab898e12a492e291/numpy-2.3.2-cp314-cp314t-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:cefc2219baa48e468e3db7e706305fcd0c095534a192a08f31e98d83a7d45fb0", size = 16702805, upload-time = "2025-07-24T20:54:50.814Z" }, + { url = "https://files.pythonhosted.org/packages/33/c3/33b56b0e47e604af2c7cd065edca892d180f5899599b76830652875249a3/numpy-2.3.2-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:76c3e9501ceb50b2ff3824c3589d5d1ab4ac857b0ee3f8f49629d0de55ecf7c2", size = 16133830, upload-time = "2025-07-24T20:55:17.306Z" }, + { url = "https://files.pythonhosted.org/packages/6e/ae/7b1476a1f4d6a48bc669b8deb09939c56dd2a439db1ab03017844374fb67/numpy-2.3.2-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:122bf5ed9a0221b3419672493878ba4967121514b1d7d4656a7580cd11dddcbf", size = 18652665, upload-time = "2025-07-24T20:55:46.665Z" }, + { url = "https://files.pythonhosted.org/packages/14/ba/5b5c9978c4bb161034148ade2de9db44ec316fab89ce8c400db0e0c81f86/numpy-2.3.2-cp314-cp314t-win32.whl", hash = "sha256:6f1ae3dcb840edccc45af496f312528c15b1f79ac318169d094e85e4bb35fdf1", size = 6514777, upload-time = "2025-07-24T20:55:57.66Z" }, + { url = "https://files.pythonhosted.org/packages/eb/46/3dbaf0ae7c17cdc46b9f662c56da2054887b8d9e737c1476f335c83d33db/numpy-2.3.2-cp314-cp314t-win_amd64.whl", hash = "sha256:087ffc25890d89a43536f75c5fe8770922008758e8eeeef61733957041ed2f9b", size = 13111856, upload-time = "2025-07-24T20:56:17.318Z" }, + { url = "https://files.pythonhosted.org/packages/c1/9e/1652778bce745a67b5fe05adde60ed362d38eb17d919a540e813d30f6874/numpy-2.3.2-cp314-cp314t-win_arm64.whl", hash = "sha256:092aeb3449833ea9c0bf0089d70c29ae480685dd2377ec9cdbbb620257f84631", size = 10544226, upload-time = "2025-07-24T20:56:34.509Z" }, + { url = "https://files.pythonhosted.org/packages/cf/ea/50ebc91d28b275b23b7128ef25c3d08152bc4068f42742867e07a870a42a/numpy-2.3.2-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:14a91ebac98813a49bc6aa1a0dfc09513dcec1d97eaf31ca21a87221a1cdcb15", size = 21130338, upload-time = "2025-07-24T20:57:54.37Z" }, + { url = "https://files.pythonhosted.org/packages/9f/57/cdd5eac00dd5f137277355c318a955c0d8fb8aa486020c22afd305f8b88f/numpy-2.3.2-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:71669b5daae692189540cffc4c439468d35a3f84f0c88b078ecd94337f6cb0ec", size = 14375776, upload-time = "2025-07-24T20:58:16.303Z" }, + { url = "https://files.pythonhosted.org/packages/83/85/27280c7f34fcd305c2209c0cdca4d70775e4859a9eaa92f850087f8dea50/numpy-2.3.2-pp311-pypy311_pp73-macosx_14_0_arm64.whl", hash = "sha256:69779198d9caee6e547adb933941ed7520f896fd9656834c300bdf4dd8642712", size = 5304882, upload-time = "2025-07-24T20:58:26.199Z" }, + { url = "https://files.pythonhosted.org/packages/48/b4/6500b24d278e15dd796f43824e69939d00981d37d9779e32499e823aa0aa/numpy-2.3.2-pp311-pypy311_pp73-macosx_14_0_x86_64.whl", hash = "sha256:2c3271cc4097beb5a60f010bcc1cc204b300bb3eafb4399376418a83a1c6373c", size = 6818405, upload-time = "2025-07-24T20:58:37.341Z" }, + { url = "https://files.pythonhosted.org/packages/9b/c9/142c1e03f199d202da8e980c2496213509291b6024fd2735ad28ae7065c7/numpy-2.3.2-pp311-pypy311_pp73-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:8446acd11fe3dc1830568c941d44449fd5cb83068e5c70bd5a470d323d448296", size = 14419651, upload-time = "2025-07-24T20:58:59.048Z" }, + { url = "https://files.pythonhosted.org/packages/8b/95/8023e87cbea31a750a6c00ff9427d65ebc5fef104a136bfa69f76266d614/numpy-2.3.2-pp311-pypy311_pp73-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:aa098a5ab53fa407fded5870865c6275a5cd4101cfdef8d6fafc48286a96e981", size = 16760166, upload-time = "2025-07-24T21:28:56.38Z" }, + { url = "https://files.pythonhosted.org/packages/78/e3/6690b3f85a05506733c7e90b577e4762517404ea78bab2ca3a5cb1aeb78d/numpy-2.3.2-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:6936aff90dda378c09bea075af0d9c675fe3a977a9d2402f95a87f440f59f619", size = 12977811, upload-time = "2025-07-24T21:29:18.234Z" }, +] + +[[package]] +name = "packaging" +version = "25.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/a1/d4/1fc4078c65507b51b96ca8f8c3ba19e6a61c8253c72794544580a7b6c24d/packaging-25.0.tar.gz", hash = "sha256:d443872c98d677bf60f6a1f2f8c1cb748e8fe762d2bf9d3148b5599295b0fc4f", size = 165727, upload-time = "2025-04-19T11:48:59.673Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/20/12/38679034af332785aac8774540895e234f4d07f7545804097de4b666afd8/packaging-25.0-py3-none-any.whl", hash = "sha256:29572ef2b1f17581046b3a2227d5c611fb25ec70ca1ba8554b24b0e69331a484", size = 66469, upload-time = "2025-04-19T11:48:57.875Z" }, +] + +[[package]] +name = "paginate" +version = "0.5.7" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/ec/46/68dde5b6bc00c1296ec6466ab27dddede6aec9af1b99090e1107091b3b84/paginate-0.5.7.tar.gz", hash = "sha256:22bd083ab41e1a8b4f3690544afb2c60c25e5c9a63a30fa2f483f6c60c8e5945", size = 19252, upload-time = "2024-08-25T14:17:24.139Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/90/96/04b8e52da071d28f5e21a805b19cb9390aa17a47462ac87f5e2696b9566d/paginate-0.5.7-py2.py3-none-any.whl", hash = "sha256:b885e2af73abcf01d9559fd5216b57ef722f8c42affbb63942377668e35c7591", size = 13746, upload-time = "2024-08-25T14:17:22.55Z" }, +] + +[[package]] +name = "pandas" +version = "2.3.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "numpy", version = "2.2.6", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version < '3.11'" }, + { name = "numpy", version = "2.3.2", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version >= '3.11'" }, + { name = "python-dateutil" }, + { name = "pytz" }, + { name = "tzdata" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/d1/6f/75aa71f8a14267117adeeed5d21b204770189c0a0025acbdc03c337b28fc/pandas-2.3.1.tar.gz", hash = "sha256:0a95b9ac964fe83ce317827f80304d37388ea77616b1425f0ae41c9d2d0d7bb2", size = 4487493, upload-time = "2025-07-07T19:20:04.079Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/c4/ca/aa97b47287221fa37a49634532e520300088e290b20d690b21ce3e448143/pandas-2.3.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:22c2e866f7209ebc3a8f08d75766566aae02bcc91d196935a1d9e59c7b990ac9", size = 11542731, upload-time = "2025-07-07T19:18:12.619Z" }, + { url = "https://files.pythonhosted.org/packages/80/bf/7938dddc5f01e18e573dcfb0f1b8c9357d9b5fa6ffdee6e605b92efbdff2/pandas-2.3.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:3583d348546201aff730c8c47e49bc159833f971c2899d6097bce68b9112a4f1", size = 10790031, upload-time = "2025-07-07T19:18:16.611Z" }, + { url = "https://files.pythonhosted.org/packages/ee/2f/9af748366763b2a494fed477f88051dbf06f56053d5c00eba652697e3f94/pandas-2.3.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0f951fbb702dacd390561e0ea45cdd8ecfa7fb56935eb3dd78e306c19104b9b0", size = 11724083, upload-time = "2025-07-07T19:18:20.512Z" }, + { url = "https://files.pythonhosted.org/packages/2c/95/79ab37aa4c25d1e7df953dde407bb9c3e4ae47d154bc0dd1692f3a6dcf8c/pandas-2.3.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:cd05b72ec02ebfb993569b4931b2e16fbb4d6ad6ce80224a3ee838387d83a191", size = 12342360, upload-time = "2025-07-07T19:18:23.194Z" }, + { url = "https://files.pythonhosted.org/packages/75/a7/d65e5d8665c12c3c6ff5edd9709d5836ec9b6f80071b7f4a718c6106e86e/pandas-2.3.1-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:1b916a627919a247d865aed068eb65eb91a344b13f5b57ab9f610b7716c92de1", size = 13202098, upload-time = "2025-07-07T19:18:25.558Z" }, + { url = "https://files.pythonhosted.org/packages/65/f3/4c1dbd754dbaa79dbf8b537800cb2fa1a6e534764fef50ab1f7533226c5c/pandas-2.3.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:fe67dc676818c186d5a3d5425250e40f179c2a89145df477dd82945eaea89e97", size = 13837228, upload-time = "2025-07-07T19:18:28.344Z" }, + { url = "https://files.pythonhosted.org/packages/3f/d6/d7f5777162aa9b48ec3910bca5a58c9b5927cfd9cfde3aa64322f5ba4b9f/pandas-2.3.1-cp310-cp310-win_amd64.whl", hash = "sha256:2eb789ae0274672acbd3c575b0598d213345660120a257b47b5dafdc618aec83", size = 11336561, upload-time = "2025-07-07T19:18:31.211Z" }, + { url = "https://files.pythonhosted.org/packages/76/1c/ccf70029e927e473a4476c00e0d5b32e623bff27f0402d0a92b7fc29bb9f/pandas-2.3.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:2b0540963d83431f5ce8870ea02a7430adca100cec8a050f0811f8e31035541b", size = 11566608, upload-time = "2025-07-07T19:18:33.86Z" }, + { url = "https://files.pythonhosted.org/packages/ec/d3/3c37cb724d76a841f14b8f5fe57e5e3645207cc67370e4f84717e8bb7657/pandas-2.3.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:fe7317f578c6a153912bd2292f02e40c1d8f253e93c599e82620c7f69755c74f", size = 10823181, upload-time = "2025-07-07T19:18:36.151Z" }, + { url = "https://files.pythonhosted.org/packages/8a/4c/367c98854a1251940edf54a4df0826dcacfb987f9068abf3e3064081a382/pandas-2.3.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e6723a27ad7b244c0c79d8e7007092d7c8f0f11305770e2f4cd778b3ad5f9f85", size = 11793570, upload-time = "2025-07-07T19:18:38.385Z" }, + { url = "https://files.pythonhosted.org/packages/07/5f/63760ff107bcf5146eee41b38b3985f9055e710a72fdd637b791dea3495c/pandas-2.3.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3462c3735fe19f2638f2c3a40bd94ec2dc5ba13abbb032dd2fa1f540a075509d", size = 12378887, upload-time = "2025-07-07T19:18:41.284Z" }, + { url = "https://files.pythonhosted.org/packages/15/53/f31a9b4dfe73fe4711c3a609bd8e60238022f48eacedc257cd13ae9327a7/pandas-2.3.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:98bcc8b5bf7afed22cc753a28bc4d9e26e078e777066bc53fac7904ddef9a678", size = 13230957, upload-time = "2025-07-07T19:18:44.187Z" }, + { url = "https://files.pythonhosted.org/packages/e0/94/6fce6bf85b5056d065e0a7933cba2616dcb48596f7ba3c6341ec4bcc529d/pandas-2.3.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:4d544806b485ddf29e52d75b1f559142514e60ef58a832f74fb38e48d757b299", size = 13883883, upload-time = "2025-07-07T19:18:46.498Z" }, + { url = "https://files.pythonhosted.org/packages/c8/7b/bdcb1ed8fccb63d04bdb7635161d0ec26596d92c9d7a6cce964e7876b6c1/pandas-2.3.1-cp311-cp311-win_amd64.whl", hash = "sha256:b3cd4273d3cb3707b6fffd217204c52ed92859533e31dc03b7c5008aa933aaab", size = 11340212, upload-time = "2025-07-07T19:18:49.293Z" }, + { url = "https://files.pythonhosted.org/packages/46/de/b8445e0f5d217a99fe0eeb2f4988070908979bec3587c0633e5428ab596c/pandas-2.3.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:689968e841136f9e542020698ee1c4fbe9caa2ed2213ae2388dc7b81721510d3", size = 11588172, upload-time = "2025-07-07T19:18:52.054Z" }, + { url = "https://files.pythonhosted.org/packages/1e/e0/801cdb3564e65a5ac041ab99ea6f1d802a6c325bb6e58c79c06a3f1cd010/pandas-2.3.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:025e92411c16cbe5bb2a4abc99732a6b132f439b8aab23a59fa593eb00704232", size = 10717365, upload-time = "2025-07-07T19:18:54.785Z" }, + { url = "https://files.pythonhosted.org/packages/51/a5/c76a8311833c24ae61a376dbf360eb1b1c9247a5d9c1e8b356563b31b80c/pandas-2.3.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9b7ff55f31c4fcb3e316e8f7fa194566b286d6ac430afec0d461163312c5841e", size = 11280411, upload-time = "2025-07-07T19:18:57.045Z" }, + { url = "https://files.pythonhosted.org/packages/da/01/e383018feba0a1ead6cf5fe8728e5d767fee02f06a3d800e82c489e5daaf/pandas-2.3.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7dcb79bf373a47d2a40cf7232928eb7540155abbc460925c2c96d2d30b006eb4", size = 11988013, upload-time = "2025-07-07T19:18:59.771Z" }, + { url = "https://files.pythonhosted.org/packages/5b/14/cec7760d7c9507f11c97d64f29022e12a6cc4fc03ac694535e89f88ad2ec/pandas-2.3.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:56a342b231e8862c96bdb6ab97170e203ce511f4d0429589c8ede1ee8ece48b8", size = 12767210, upload-time = "2025-07-07T19:19:02.944Z" }, + { url = "https://files.pythonhosted.org/packages/50/b9/6e2d2c6728ed29fb3d4d4d302504fb66f1a543e37eb2e43f352a86365cdf/pandas-2.3.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:ca7ed14832bce68baef331f4d7f294411bed8efd032f8109d690df45e00c4679", size = 13440571, upload-time = "2025-07-07T19:19:06.82Z" }, + { url = "https://files.pythonhosted.org/packages/80/a5/3a92893e7399a691bad7664d977cb5e7c81cf666c81f89ea76ba2bff483d/pandas-2.3.1-cp312-cp312-win_amd64.whl", hash = "sha256:ac942bfd0aca577bef61f2bc8da8147c4ef6879965ef883d8e8d5d2dc3e744b8", size = 10987601, upload-time = "2025-07-07T19:19:09.589Z" }, + { url = "https://files.pythonhosted.org/packages/32/ed/ff0a67a2c5505e1854e6715586ac6693dd860fbf52ef9f81edee200266e7/pandas-2.3.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:9026bd4a80108fac2239294a15ef9003c4ee191a0f64b90f170b40cfb7cf2d22", size = 11531393, upload-time = "2025-07-07T19:19:12.245Z" }, + { url = "https://files.pythonhosted.org/packages/c7/db/d8f24a7cc9fb0972adab0cc80b6817e8bef888cfd0024eeb5a21c0bb5c4a/pandas-2.3.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:6de8547d4fdb12421e2d047a2c446c623ff4c11f47fddb6b9169eb98ffba485a", size = 10668750, upload-time = "2025-07-07T19:19:14.612Z" }, + { url = "https://files.pythonhosted.org/packages/0f/b0/80f6ec783313f1e2356b28b4fd8d2148c378370045da918c73145e6aab50/pandas-2.3.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:782647ddc63c83133b2506912cc6b108140a38a37292102aaa19c81c83db2928", size = 11342004, upload-time = "2025-07-07T19:19:16.857Z" }, + { url = "https://files.pythonhosted.org/packages/e9/e2/20a317688435470872885e7fc8f95109ae9683dec7c50be29b56911515a5/pandas-2.3.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2ba6aff74075311fc88504b1db890187a3cd0f887a5b10f5525f8e2ef55bfdb9", size = 12050869, upload-time = "2025-07-07T19:19:19.265Z" }, + { url = "https://files.pythonhosted.org/packages/55/79/20d746b0a96c67203a5bee5fb4e00ac49c3e8009a39e1f78de264ecc5729/pandas-2.3.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:e5635178b387bd2ba4ac040f82bc2ef6e6b500483975c4ebacd34bec945fda12", size = 12750218, upload-time = "2025-07-07T19:19:21.547Z" }, + { url = "https://files.pythonhosted.org/packages/7c/0f/145c8b41e48dbf03dd18fdd7f24f8ba95b8254a97a3379048378f33e7838/pandas-2.3.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:6f3bf5ec947526106399a9e1d26d40ee2b259c66422efdf4de63c848492d91bb", size = 13416763, upload-time = "2025-07-07T19:19:23.939Z" }, + { url = "https://files.pythonhosted.org/packages/b2/c0/54415af59db5cdd86a3d3bf79863e8cc3fa9ed265f0745254061ac09d5f2/pandas-2.3.1-cp313-cp313-win_amd64.whl", hash = "sha256:1c78cf43c8fde236342a1cb2c34bcff89564a7bfed7e474ed2fffa6aed03a956", size = 10987482, upload-time = "2025-07-07T19:19:42.699Z" }, + { url = "https://files.pythonhosted.org/packages/48/64/2fd2e400073a1230e13b8cd604c9bc95d9e3b962e5d44088ead2e8f0cfec/pandas-2.3.1-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:8dfc17328e8da77be3cf9f47509e5637ba8f137148ed0e9b5241e1baf526e20a", size = 12029159, upload-time = "2025-07-07T19:19:26.362Z" }, + { url = "https://files.pythonhosted.org/packages/d8/0a/d84fd79b0293b7ef88c760d7dca69828d867c89b6d9bc52d6a27e4d87316/pandas-2.3.1-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:ec6c851509364c59a5344458ab935e6451b31b818be467eb24b0fe89bd05b6b9", size = 11393287, upload-time = "2025-07-07T19:19:29.157Z" }, + { url = "https://files.pythonhosted.org/packages/50/ae/ff885d2b6e88f3c7520bb74ba319268b42f05d7e583b5dded9837da2723f/pandas-2.3.1-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:911580460fc4884d9b05254b38a6bfadddfcc6aaef856fb5859e7ca202e45275", size = 11309381, upload-time = "2025-07-07T19:19:31.436Z" }, + { url = "https://files.pythonhosted.org/packages/85/86/1fa345fc17caf5d7780d2699985c03dbe186c68fee00b526813939062bb0/pandas-2.3.1-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2f4d6feeba91744872a600e6edbbd5b033005b431d5ae8379abee5bcfa479fab", size = 11883998, upload-time = "2025-07-07T19:19:34.267Z" }, + { url = "https://files.pythonhosted.org/packages/81/aa/e58541a49b5e6310d89474333e994ee57fea97c8aaa8fc7f00b873059bbf/pandas-2.3.1-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:fe37e757f462d31a9cd7580236a82f353f5713a80e059a29753cf938c6775d96", size = 12704705, upload-time = "2025-07-07T19:19:36.856Z" }, + { url = "https://files.pythonhosted.org/packages/d5/f9/07086f5b0f2a19872554abeea7658200824f5835c58a106fa8f2ae96a46c/pandas-2.3.1-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:5db9637dbc24b631ff3707269ae4559bce4b7fd75c1c4d7e13f40edc42df4444", size = 13189044, upload-time = "2025-07-07T19:19:39.999Z" }, +] + +[[package]] +name = "pathspec" +version = "0.12.1" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/ca/bc/f35b8446f4531a7cb215605d100cd88b7ac6f44ab3fc94870c120ab3adbf/pathspec-0.12.1.tar.gz", hash = "sha256:a482d51503a1ab33b1c67a6c3813a26953dbdc71c31dacaef9a838c4e29f5712", size = 51043, upload-time = "2023-12-10T22:30:45Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/cc/20/ff623b09d963f88bfde16306a54e12ee5ea43e9b597108672ff3a408aad6/pathspec-0.12.1-py3-none-any.whl", hash = "sha256:a0d503e138a4c123b27490a4f7beda6a01c6f288df0e4a8b79c7eb0dc7b4cc08", size = 31191, upload-time = "2023-12-10T22:30:43.14Z" }, +] + +[[package]] +name = "platformdirs" +version = "4.3.8" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/fe/8b/3c73abc9c759ecd3f1f7ceff6685840859e8070c4d947c93fae71f6a0bf2/platformdirs-4.3.8.tar.gz", hash = "sha256:3d512d96e16bcb959a814c9f348431070822a6496326a4be0911c40b5a74c2bc", size = 21362, upload-time = "2025-05-07T22:47:42.121Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/fe/39/979e8e21520d4e47a0bbe349e2713c0aac6f3d853d0e5b34d76206c439aa/platformdirs-4.3.8-py3-none-any.whl", hash = "sha256:ff7059bb7eb1179e2685604f4aaf157cfd9535242bd23742eadc3c13542139b4", size = 18567, upload-time = "2025-05-07T22:47:40.376Z" }, +] + +[[package]] +name = "pybtex" +version = "0.25.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "latexcodec" }, + { name = "pyyaml" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/5f/bc/c2be05ca72f8c103670e983df8be26d1e288bc6556f487fa8cccaa27779f/pybtex-0.25.1.tar.gz", hash = "sha256:9eaf90267c7e83e225af89fea65c370afbf65f458220d3946a9e3049e1eca491", size = 406157, upload-time = "2025-06-26T13:27:41.903Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/25/68/ceb5d6679baa326261f5d3e5113d9cfed6efef2810afd9f18bffb8ed312b/pybtex-0.25.1-py2.py3-none-any.whl", hash = "sha256:9053b0d619409a0a83f38abad5d9921de5f7b3ede00742beafcd9f10ad0d8c5c", size = 127437, upload-time = "2025-06-26T13:27:43.585Z" }, +] + +[[package]] +name = "pydantic" +version = "2.11.7" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "annotated-types" }, + { name = "pydantic-core" }, + { name = "typing-extensions" }, + { name = "typing-inspection" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/00/dd/4325abf92c39ba8623b5af936ddb36ffcfe0beae70405d456ab1fb2f5b8c/pydantic-2.11.7.tar.gz", hash = "sha256:d989c3c6cb79469287b1569f7447a17848c998458d49ebe294e975b9baf0f0db", size = 788350, upload-time = "2025-06-14T08:33:17.137Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/6a/c0/ec2b1c8712ca690e5d61979dee872603e92b8a32f94cc1b72d53beab008a/pydantic-2.11.7-py3-none-any.whl", hash = "sha256:dde5df002701f6de26248661f6835bbe296a47bf73990135c7d07ce741b9623b", size = 444782, upload-time = "2025-06-14T08:33:14.905Z" }, +] + +[[package]] +name = "pydantic-core" +version = "2.33.2" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "typing-extensions" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/ad/88/5f2260bdfae97aabf98f1778d43f69574390ad787afb646292a638c923d4/pydantic_core-2.33.2.tar.gz", hash = "sha256:7cb8bc3605c29176e1b105350d2e6474142d7c1bd1d9327c4a9bdb46bf827acc", size = 435195, upload-time = "2025-04-23T18:33:52.104Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e5/92/b31726561b5dae176c2d2c2dc43a9c5bfba5d32f96f8b4c0a600dd492447/pydantic_core-2.33.2-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:2b3d326aaef0c0399d9afffeb6367d5e26ddc24d351dbc9c636840ac355dc5d8", size = 2028817, upload-time = "2025-04-23T18:30:43.919Z" }, + { url = "https://files.pythonhosted.org/packages/a3/44/3f0b95fafdaca04a483c4e685fe437c6891001bf3ce8b2fded82b9ea3aa1/pydantic_core-2.33.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:0e5b2671f05ba48b94cb90ce55d8bdcaaedb8ba00cc5359f6810fc918713983d", size = 1861357, upload-time = "2025-04-23T18:30:46.372Z" }, + { url = "https://files.pythonhosted.org/packages/30/97/e8f13b55766234caae05372826e8e4b3b96e7b248be3157f53237682e43c/pydantic_core-2.33.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0069c9acc3f3981b9ff4cdfaf088e98d83440a4c7ea1bc07460af3d4dc22e72d", size = 1898011, upload-time = "2025-04-23T18:30:47.591Z" }, + { url = "https://files.pythonhosted.org/packages/9b/a3/99c48cf7bafc991cc3ee66fd544c0aae8dc907b752f1dad2d79b1b5a471f/pydantic_core-2.33.2-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:d53b22f2032c42eaaf025f7c40c2e3b94568ae077a606f006d206a463bc69572", size = 1982730, upload-time = "2025-04-23T18:30:49.328Z" }, + { url = "https://files.pythonhosted.org/packages/de/8e/a5b882ec4307010a840fb8b58bd9bf65d1840c92eae7534c7441709bf54b/pydantic_core-2.33.2-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:0405262705a123b7ce9f0b92f123334d67b70fd1f20a9372b907ce1080c7ba02", size = 2136178, upload-time = "2025-04-23T18:30:50.907Z" }, + { url = "https://files.pythonhosted.org/packages/e4/bb/71e35fc3ed05af6834e890edb75968e2802fe98778971ab5cba20a162315/pydantic_core-2.33.2-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:4b25d91e288e2c4e0662b8038a28c6a07eaac3e196cfc4ff69de4ea3db992a1b", size = 2736462, upload-time = "2025-04-23T18:30:52.083Z" }, + { url = "https://files.pythonhosted.org/packages/31/0d/c8f7593e6bc7066289bbc366f2235701dcbebcd1ff0ef8e64f6f239fb47d/pydantic_core-2.33.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6bdfe4b3789761f3bcb4b1ddf33355a71079858958e3a552f16d5af19768fef2", size = 2005652, upload-time = "2025-04-23T18:30:53.389Z" }, + { url = "https://files.pythonhosted.org/packages/d2/7a/996d8bd75f3eda405e3dd219ff5ff0a283cd8e34add39d8ef9157e722867/pydantic_core-2.33.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:efec8db3266b76ef9607c2c4c419bdb06bf335ae433b80816089ea7585816f6a", size = 2113306, upload-time = "2025-04-23T18:30:54.661Z" }, + { url = "https://files.pythonhosted.org/packages/ff/84/daf2a6fb2db40ffda6578a7e8c5a6e9c8affb251a05c233ae37098118788/pydantic_core-2.33.2-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:031c57d67ca86902726e0fae2214ce6770bbe2f710dc33063187a68744a5ecac", size = 2073720, upload-time = "2025-04-23T18:30:56.11Z" }, + { url = "https://files.pythonhosted.org/packages/77/fb/2258da019f4825128445ae79456a5499c032b55849dbd5bed78c95ccf163/pydantic_core-2.33.2-cp310-cp310-musllinux_1_1_armv7l.whl", hash = "sha256:f8de619080e944347f5f20de29a975c2d815d9ddd8be9b9b7268e2e3ef68605a", size = 2244915, upload-time = "2025-04-23T18:30:57.501Z" }, + { url = "https://files.pythonhosted.org/packages/d8/7a/925ff73756031289468326e355b6fa8316960d0d65f8b5d6b3a3e7866de7/pydantic_core-2.33.2-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:73662edf539e72a9440129f231ed3757faab89630d291b784ca99237fb94db2b", size = 2241884, upload-time = "2025-04-23T18:30:58.867Z" }, + { url = "https://files.pythonhosted.org/packages/0b/b0/249ee6d2646f1cdadcb813805fe76265745c4010cf20a8eba7b0e639d9b2/pydantic_core-2.33.2-cp310-cp310-win32.whl", hash = "sha256:0a39979dcbb70998b0e505fb1556a1d550a0781463ce84ebf915ba293ccb7e22", size = 1910496, upload-time = "2025-04-23T18:31:00.078Z" }, + { url = "https://files.pythonhosted.org/packages/66/ff/172ba8f12a42d4b552917aa65d1f2328990d3ccfc01d5b7c943ec084299f/pydantic_core-2.33.2-cp310-cp310-win_amd64.whl", hash = "sha256:b0379a2b24882fef529ec3b4987cb5d003b9cda32256024e6fe1586ac45fc640", size = 1955019, upload-time = "2025-04-23T18:31:01.335Z" }, + { url = "https://files.pythonhosted.org/packages/3f/8d/71db63483d518cbbf290261a1fc2839d17ff89fce7089e08cad07ccfce67/pydantic_core-2.33.2-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:4c5b0a576fb381edd6d27f0a85915c6daf2f8138dc5c267a57c08a62900758c7", size = 2028584, upload-time = "2025-04-23T18:31:03.106Z" }, + { url = "https://files.pythonhosted.org/packages/24/2f/3cfa7244ae292dd850989f328722d2aef313f74ffc471184dc509e1e4e5a/pydantic_core-2.33.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:e799c050df38a639db758c617ec771fd8fb7a5f8eaaa4b27b101f266b216a246", size = 1855071, upload-time = "2025-04-23T18:31:04.621Z" }, + { url = "https://files.pythonhosted.org/packages/b3/d3/4ae42d33f5e3f50dd467761304be2fa0a9417fbf09735bc2cce003480f2a/pydantic_core-2.33.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:dc46a01bf8d62f227d5ecee74178ffc448ff4e5197c756331f71efcc66dc980f", size = 1897823, upload-time = "2025-04-23T18:31:06.377Z" }, + { url = "https://files.pythonhosted.org/packages/f4/f3/aa5976e8352b7695ff808599794b1fba2a9ae2ee954a3426855935799488/pydantic_core-2.33.2-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:a144d4f717285c6d9234a66778059f33a89096dfb9b39117663fd8413d582dcc", size = 1983792, upload-time = "2025-04-23T18:31:07.93Z" }, + { url = "https://files.pythonhosted.org/packages/d5/7a/cda9b5a23c552037717f2b2a5257e9b2bfe45e687386df9591eff7b46d28/pydantic_core-2.33.2-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:73cf6373c21bc80b2e0dc88444f41ae60b2f070ed02095754eb5a01df12256de", size = 2136338, upload-time = "2025-04-23T18:31:09.283Z" }, + { url = "https://files.pythonhosted.org/packages/2b/9f/b8f9ec8dd1417eb9da784e91e1667d58a2a4a7b7b34cf4af765ef663a7e5/pydantic_core-2.33.2-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:3dc625f4aa79713512d1976fe9f0bc99f706a9dee21dfd1810b4bbbf228d0e8a", size = 2730998, upload-time = "2025-04-23T18:31:11.7Z" }, + { url = "https://files.pythonhosted.org/packages/47/bc/cd720e078576bdb8255d5032c5d63ee5c0bf4b7173dd955185a1d658c456/pydantic_core-2.33.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:881b21b5549499972441da4758d662aeea93f1923f953e9cbaff14b8b9565aef", size = 2003200, upload-time = "2025-04-23T18:31:13.536Z" }, + { url = "https://files.pythonhosted.org/packages/ca/22/3602b895ee2cd29d11a2b349372446ae9727c32e78a94b3d588a40fdf187/pydantic_core-2.33.2-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:bdc25f3681f7b78572699569514036afe3c243bc3059d3942624e936ec93450e", size = 2113890, upload-time = "2025-04-23T18:31:15.011Z" }, + { url = "https://files.pythonhosted.org/packages/ff/e6/e3c5908c03cf00d629eb38393a98fccc38ee0ce8ecce32f69fc7d7b558a7/pydantic_core-2.33.2-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:fe5b32187cbc0c862ee201ad66c30cf218e5ed468ec8dc1cf49dec66e160cc4d", size = 2073359, upload-time = "2025-04-23T18:31:16.393Z" }, + { url = "https://files.pythonhosted.org/packages/12/e7/6a36a07c59ebefc8777d1ffdaf5ae71b06b21952582e4b07eba88a421c79/pydantic_core-2.33.2-cp311-cp311-musllinux_1_1_armv7l.whl", hash = "sha256:bc7aee6f634a6f4a95676fcb5d6559a2c2a390330098dba5e5a5f28a2e4ada30", size = 2245883, upload-time = "2025-04-23T18:31:17.892Z" }, + { url = "https://files.pythonhosted.org/packages/16/3f/59b3187aaa6cc0c1e6616e8045b284de2b6a87b027cce2ffcea073adf1d2/pydantic_core-2.33.2-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:235f45e5dbcccf6bd99f9f472858849f73d11120d76ea8707115415f8e5ebebf", size = 2241074, upload-time = "2025-04-23T18:31:19.205Z" }, + { url = "https://files.pythonhosted.org/packages/e0/ed/55532bb88f674d5d8f67ab121a2a13c385df382de2a1677f30ad385f7438/pydantic_core-2.33.2-cp311-cp311-win32.whl", hash = "sha256:6368900c2d3ef09b69cb0b913f9f8263b03786e5b2a387706c5afb66800efd51", size = 1910538, upload-time = "2025-04-23T18:31:20.541Z" }, + { url = "https://files.pythonhosted.org/packages/fe/1b/25b7cccd4519c0b23c2dd636ad39d381abf113085ce4f7bec2b0dc755eb1/pydantic_core-2.33.2-cp311-cp311-win_amd64.whl", hash = "sha256:1e063337ef9e9820c77acc768546325ebe04ee38b08703244c1309cccc4f1bab", size = 1952909, upload-time = "2025-04-23T18:31:22.371Z" }, + { url = "https://files.pythonhosted.org/packages/49/a9/d809358e49126438055884c4366a1f6227f0f84f635a9014e2deb9b9de54/pydantic_core-2.33.2-cp311-cp311-win_arm64.whl", hash = "sha256:6b99022f1d19bc32a4c2a0d544fc9a76e3be90f0b3f4af413f87d38749300e65", size = 1897786, upload-time = "2025-04-23T18:31:24.161Z" }, + { url = "https://files.pythonhosted.org/packages/18/8a/2b41c97f554ec8c71f2a8a5f85cb56a8b0956addfe8b0efb5b3d77e8bdc3/pydantic_core-2.33.2-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:a7ec89dc587667f22b6a0b6579c249fca9026ce7c333fc142ba42411fa243cdc", size = 2009000, upload-time = "2025-04-23T18:31:25.863Z" }, + { url = "https://files.pythonhosted.org/packages/a1/02/6224312aacb3c8ecbaa959897af57181fb6cf3a3d7917fd44d0f2917e6f2/pydantic_core-2.33.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:3c6db6e52c6d70aa0d00d45cdb9b40f0433b96380071ea80b09277dba021ddf7", size = 1847996, upload-time = "2025-04-23T18:31:27.341Z" }, + { url = "https://files.pythonhosted.org/packages/d6/46/6dcdf084a523dbe0a0be59d054734b86a981726f221f4562aed313dbcb49/pydantic_core-2.33.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4e61206137cbc65e6d5256e1166f88331d3b6238e082d9f74613b9b765fb9025", size = 1880957, upload-time = "2025-04-23T18:31:28.956Z" }, + { url = "https://files.pythonhosted.org/packages/ec/6b/1ec2c03837ac00886ba8160ce041ce4e325b41d06a034adbef11339ae422/pydantic_core-2.33.2-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:eb8c529b2819c37140eb51b914153063d27ed88e3bdc31b71198a198e921e011", size = 1964199, upload-time = "2025-04-23T18:31:31.025Z" }, + { url = "https://files.pythonhosted.org/packages/2d/1d/6bf34d6adb9debd9136bd197ca72642203ce9aaaa85cfcbfcf20f9696e83/pydantic_core-2.33.2-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:c52b02ad8b4e2cf14ca7b3d918f3eb0ee91e63b3167c32591e57c4317e134f8f", size = 2120296, upload-time = "2025-04-23T18:31:32.514Z" }, + { url = "https://files.pythonhosted.org/packages/e0/94/2bd0aaf5a591e974b32a9f7123f16637776c304471a0ab33cf263cf5591a/pydantic_core-2.33.2-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:96081f1605125ba0855dfda83f6f3df5ec90c61195421ba72223de35ccfb2f88", size = 2676109, upload-time = "2025-04-23T18:31:33.958Z" }, + { url = "https://files.pythonhosted.org/packages/f9/41/4b043778cf9c4285d59742281a769eac371b9e47e35f98ad321349cc5d61/pydantic_core-2.33.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8f57a69461af2a5fa6e6bbd7a5f60d3b7e6cebb687f55106933188e79ad155c1", size = 2002028, upload-time = "2025-04-23T18:31:39.095Z" }, + { url = "https://files.pythonhosted.org/packages/cb/d5/7bb781bf2748ce3d03af04d5c969fa1308880e1dca35a9bd94e1a96a922e/pydantic_core-2.33.2-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:572c7e6c8bb4774d2ac88929e3d1f12bc45714ae5ee6d9a788a9fb35e60bb04b", size = 2100044, upload-time = "2025-04-23T18:31:41.034Z" }, + { url = "https://files.pythonhosted.org/packages/fe/36/def5e53e1eb0ad896785702a5bbfd25eed546cdcf4087ad285021a90ed53/pydantic_core-2.33.2-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:db4b41f9bd95fbe5acd76d89920336ba96f03e149097365afe1cb092fceb89a1", size = 2058881, upload-time = "2025-04-23T18:31:42.757Z" }, + { url = "https://files.pythonhosted.org/packages/01/6c/57f8d70b2ee57fc3dc8b9610315949837fa8c11d86927b9bb044f8705419/pydantic_core-2.33.2-cp312-cp312-musllinux_1_1_armv7l.whl", hash = "sha256:fa854f5cf7e33842a892e5c73f45327760bc7bc516339fda888c75ae60edaeb6", size = 2227034, upload-time = "2025-04-23T18:31:44.304Z" }, + { url = "https://files.pythonhosted.org/packages/27/b9/9c17f0396a82b3d5cbea4c24d742083422639e7bb1d5bf600e12cb176a13/pydantic_core-2.33.2-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:5f483cfb75ff703095c59e365360cb73e00185e01aaea067cd19acffd2ab20ea", size = 2234187, upload-time = "2025-04-23T18:31:45.891Z" }, + { url = "https://files.pythonhosted.org/packages/b0/6a/adf5734ffd52bf86d865093ad70b2ce543415e0e356f6cacabbc0d9ad910/pydantic_core-2.33.2-cp312-cp312-win32.whl", hash = "sha256:9cb1da0f5a471435a7bc7e439b8a728e8b61e59784b2af70d7c169f8dd8ae290", size = 1892628, upload-time = "2025-04-23T18:31:47.819Z" }, + { url = "https://files.pythonhosted.org/packages/43/e4/5479fecb3606c1368d496a825d8411e126133c41224c1e7238be58b87d7e/pydantic_core-2.33.2-cp312-cp312-win_amd64.whl", hash = "sha256:f941635f2a3d96b2973e867144fde513665c87f13fe0e193c158ac51bfaaa7b2", size = 1955866, upload-time = "2025-04-23T18:31:49.635Z" }, + { url = "https://files.pythonhosted.org/packages/0d/24/8b11e8b3e2be9dd82df4b11408a67c61bb4dc4f8e11b5b0fc888b38118b5/pydantic_core-2.33.2-cp312-cp312-win_arm64.whl", hash = "sha256:cca3868ddfaccfbc4bfb1d608e2ccaaebe0ae628e1416aeb9c4d88c001bb45ab", size = 1888894, upload-time = "2025-04-23T18:31:51.609Z" }, + { url = "https://files.pythonhosted.org/packages/46/8c/99040727b41f56616573a28771b1bfa08a3d3fe74d3d513f01251f79f172/pydantic_core-2.33.2-cp313-cp313-macosx_10_12_x86_64.whl", hash = "sha256:1082dd3e2d7109ad8b7da48e1d4710c8d06c253cbc4a27c1cff4fbcaa97a9e3f", size = 2015688, upload-time = "2025-04-23T18:31:53.175Z" }, + { url = "https://files.pythonhosted.org/packages/3a/cc/5999d1eb705a6cefc31f0b4a90e9f7fc400539b1a1030529700cc1b51838/pydantic_core-2.33.2-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:f517ca031dfc037a9c07e748cefd8d96235088b83b4f4ba8939105d20fa1dcd6", size = 1844808, upload-time = "2025-04-23T18:31:54.79Z" }, + { url = "https://files.pythonhosted.org/packages/6f/5e/a0a7b8885c98889a18b6e376f344da1ef323d270b44edf8174d6bce4d622/pydantic_core-2.33.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0a9f2c9dd19656823cb8250b0724ee9c60a82f3cdf68a080979d13092a3b0fef", size = 1885580, upload-time = "2025-04-23T18:31:57.393Z" }, + { url = "https://files.pythonhosted.org/packages/3b/2a/953581f343c7d11a304581156618c3f592435523dd9d79865903272c256a/pydantic_core-2.33.2-cp313-cp313-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:2b0a451c263b01acebe51895bfb0e1cc842a5c666efe06cdf13846c7418caa9a", size = 1973859, upload-time = "2025-04-23T18:31:59.065Z" }, + { url = "https://files.pythonhosted.org/packages/e6/55/f1a813904771c03a3f97f676c62cca0c0a4138654107c1b61f19c644868b/pydantic_core-2.33.2-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:1ea40a64d23faa25e62a70ad163571c0b342b8bf66d5fa612ac0dec4f069d916", size = 2120810, upload-time = "2025-04-23T18:32:00.78Z" }, + { url = "https://files.pythonhosted.org/packages/aa/c3/053389835a996e18853ba107a63caae0b9deb4a276c6b472931ea9ae6e48/pydantic_core-2.33.2-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:0fb2d542b4d66f9470e8065c5469ec676978d625a8b7a363f07d9a501a9cb36a", size = 2676498, upload-time = "2025-04-23T18:32:02.418Z" }, + { url = "https://files.pythonhosted.org/packages/eb/3c/f4abd740877a35abade05e437245b192f9d0ffb48bbbbd708df33d3cda37/pydantic_core-2.33.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9fdac5d6ffa1b5a83bca06ffe7583f5576555e6c8b3a91fbd25ea7780f825f7d", size = 2000611, upload-time = "2025-04-23T18:32:04.152Z" }, + { url = "https://files.pythonhosted.org/packages/59/a7/63ef2fed1837d1121a894d0ce88439fe3e3b3e48c7543b2a4479eb99c2bd/pydantic_core-2.33.2-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:04a1a413977ab517154eebb2d326da71638271477d6ad87a769102f7c2488c56", size = 2107924, upload-time = "2025-04-23T18:32:06.129Z" }, + { url = "https://files.pythonhosted.org/packages/04/8f/2551964ef045669801675f1cfc3b0d74147f4901c3ffa42be2ddb1f0efc4/pydantic_core-2.33.2-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:c8e7af2f4e0194c22b5b37205bfb293d166a7344a5b0d0eaccebc376546d77d5", size = 2063196, upload-time = "2025-04-23T18:32:08.178Z" }, + { url = "https://files.pythonhosted.org/packages/26/bd/d9602777e77fc6dbb0c7db9ad356e9a985825547dce5ad1d30ee04903918/pydantic_core-2.33.2-cp313-cp313-musllinux_1_1_armv7l.whl", hash = "sha256:5c92edd15cd58b3c2d34873597a1e20f13094f59cf88068adb18947df5455b4e", size = 2236389, upload-time = "2025-04-23T18:32:10.242Z" }, + { url = "https://files.pythonhosted.org/packages/42/db/0e950daa7e2230423ab342ae918a794964b053bec24ba8af013fc7c94846/pydantic_core-2.33.2-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:65132b7b4a1c0beded5e057324b7e16e10910c106d43675d9bd87d4f38dde162", size = 2239223, upload-time = "2025-04-23T18:32:12.382Z" }, + { url = "https://files.pythonhosted.org/packages/58/4d/4f937099c545a8a17eb52cb67fe0447fd9a373b348ccfa9a87f141eeb00f/pydantic_core-2.33.2-cp313-cp313-win32.whl", hash = "sha256:52fb90784e0a242bb96ec53f42196a17278855b0f31ac7c3cc6f5c1ec4811849", size = 1900473, upload-time = "2025-04-23T18:32:14.034Z" }, + { url = "https://files.pythonhosted.org/packages/a0/75/4a0a9bac998d78d889def5e4ef2b065acba8cae8c93696906c3a91f310ca/pydantic_core-2.33.2-cp313-cp313-win_amd64.whl", hash = "sha256:c083a3bdd5a93dfe480f1125926afcdbf2917ae714bdb80b36d34318b2bec5d9", size = 1955269, upload-time = "2025-04-23T18:32:15.783Z" }, + { url = "https://files.pythonhosted.org/packages/f9/86/1beda0576969592f1497b4ce8e7bc8cbdf614c352426271b1b10d5f0aa64/pydantic_core-2.33.2-cp313-cp313-win_arm64.whl", hash = "sha256:e80b087132752f6b3d714f041ccf74403799d3b23a72722ea2e6ba2e892555b9", size = 1893921, upload-time = "2025-04-23T18:32:18.473Z" }, + { url = "https://files.pythonhosted.org/packages/a4/7d/e09391c2eebeab681df2b74bfe6c43422fffede8dc74187b2b0bf6fd7571/pydantic_core-2.33.2-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:61c18fba8e5e9db3ab908620af374db0ac1baa69f0f32df4f61ae23f15e586ac", size = 1806162, upload-time = "2025-04-23T18:32:20.188Z" }, + { url = "https://files.pythonhosted.org/packages/f1/3d/847b6b1fed9f8ed3bb95a9ad04fbd0b212e832d4f0f50ff4d9ee5a9f15cf/pydantic_core-2.33.2-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:95237e53bb015f67b63c91af7518a62a8660376a6a0db19b89acc77a4d6199f5", size = 1981560, upload-time = "2025-04-23T18:32:22.354Z" }, + { url = "https://files.pythonhosted.org/packages/6f/9a/e73262f6c6656262b5fdd723ad90f518f579b7bc8622e43a942eec53c938/pydantic_core-2.33.2-cp313-cp313t-win_amd64.whl", hash = "sha256:c2fc0a768ef76c15ab9238afa6da7f69895bb5d1ee83aeea2e3509af4472d0b9", size = 1935777, upload-time = "2025-04-23T18:32:25.088Z" }, + { url = "https://files.pythonhosted.org/packages/30/68/373d55e58b7e83ce371691f6eaa7175e3a24b956c44628eb25d7da007917/pydantic_core-2.33.2-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:5c4aa4e82353f65e548c476b37e64189783aa5384903bfea4f41580f255fddfa", size = 2023982, upload-time = "2025-04-23T18:32:53.14Z" }, + { url = "https://files.pythonhosted.org/packages/a4/16/145f54ac08c96a63d8ed6442f9dec17b2773d19920b627b18d4f10a061ea/pydantic_core-2.33.2-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:d946c8bf0d5c24bf4fe333af284c59a19358aa3ec18cb3dc4370080da1e8ad29", size = 1858412, upload-time = "2025-04-23T18:32:55.52Z" }, + { url = "https://files.pythonhosted.org/packages/41/b1/c6dc6c3e2de4516c0bb2c46f6a373b91b5660312342a0cf5826e38ad82fa/pydantic_core-2.33.2-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:87b31b6846e361ef83fedb187bb5b4372d0da3f7e28d85415efa92d6125d6e6d", size = 1892749, upload-time = "2025-04-23T18:32:57.546Z" }, + { url = "https://files.pythonhosted.org/packages/12/73/8cd57e20afba760b21b742106f9dbdfa6697f1570b189c7457a1af4cd8a0/pydantic_core-2.33.2-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:aa9d91b338f2df0508606f7009fde642391425189bba6d8c653afd80fd6bb64e", size = 2067527, upload-time = "2025-04-23T18:32:59.771Z" }, + { url = "https://files.pythonhosted.org/packages/e3/d5/0bb5d988cc019b3cba4a78f2d4b3854427fc47ee8ec8e9eaabf787da239c/pydantic_core-2.33.2-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:2058a32994f1fde4ca0480ab9d1e75a0e8c87c22b53a3ae66554f9af78f2fe8c", size = 2108225, upload-time = "2025-04-23T18:33:04.51Z" }, + { url = "https://files.pythonhosted.org/packages/f1/c5/00c02d1571913d496aabf146106ad8239dc132485ee22efe08085084ff7c/pydantic_core-2.33.2-pp310-pypy310_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:0e03262ab796d986f978f79c943fc5f620381be7287148b8010b4097f79a39ec", size = 2069490, upload-time = "2025-04-23T18:33:06.391Z" }, + { url = "https://files.pythonhosted.org/packages/22/a8/dccc38768274d3ed3a59b5d06f59ccb845778687652daa71df0cab4040d7/pydantic_core-2.33.2-pp310-pypy310_pp73-musllinux_1_1_armv7l.whl", hash = "sha256:1a8695a8d00c73e50bff9dfda4d540b7dee29ff9b8053e38380426a85ef10052", size = 2237525, upload-time = "2025-04-23T18:33:08.44Z" }, + { url = "https://files.pythonhosted.org/packages/d4/e7/4f98c0b125dda7cf7ccd14ba936218397b44f50a56dd8c16a3091df116c3/pydantic_core-2.33.2-pp310-pypy310_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:fa754d1850735a0b0e03bcffd9d4b4343eb417e47196e4485d9cca326073a42c", size = 2238446, upload-time = "2025-04-23T18:33:10.313Z" }, + { url = "https://files.pythonhosted.org/packages/ce/91/2ec36480fdb0b783cd9ef6795753c1dea13882f2e68e73bce76ae8c21e6a/pydantic_core-2.33.2-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:a11c8d26a50bfab49002947d3d237abe4d9e4b5bdc8846a63537b6488e197808", size = 2066678, upload-time = "2025-04-23T18:33:12.224Z" }, + { url = "https://files.pythonhosted.org/packages/7b/27/d4ae6487d73948d6f20dddcd94be4ea43e74349b56eba82e9bdee2d7494c/pydantic_core-2.33.2-pp311-pypy311_pp73-macosx_10_12_x86_64.whl", hash = "sha256:dd14041875d09cc0f9308e37a6f8b65f5585cf2598a53aa0123df8b129d481f8", size = 2025200, upload-time = "2025-04-23T18:33:14.199Z" }, + { url = "https://files.pythonhosted.org/packages/f1/b8/b3cb95375f05d33801024079b9392a5ab45267a63400bf1866e7ce0f0de4/pydantic_core-2.33.2-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:d87c561733f66531dced0da6e864f44ebf89a8fba55f31407b00c2f7f9449593", size = 1859123, upload-time = "2025-04-23T18:33:16.555Z" }, + { url = "https://files.pythonhosted.org/packages/05/bc/0d0b5adeda59a261cd30a1235a445bf55c7e46ae44aea28f7bd6ed46e091/pydantic_core-2.33.2-pp311-pypy311_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2f82865531efd18d6e07a04a17331af02cb7a651583c418df8266f17a63c6612", size = 1892852, upload-time = "2025-04-23T18:33:18.513Z" }, + { url = "https://files.pythonhosted.org/packages/3e/11/d37bdebbda2e449cb3f519f6ce950927b56d62f0b84fd9cb9e372a26a3d5/pydantic_core-2.33.2-pp311-pypy311_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2bfb5112df54209d820d7bf9317c7a6c9025ea52e49f46b6a2060104bba37de7", size = 2067484, upload-time = "2025-04-23T18:33:20.475Z" }, + { url = "https://files.pythonhosted.org/packages/8c/55/1f95f0a05ce72ecb02a8a8a1c3be0579bbc29b1d5ab68f1378b7bebc5057/pydantic_core-2.33.2-pp311-pypy311_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:64632ff9d614e5eecfb495796ad51b0ed98c453e447a76bcbeeb69615079fc7e", size = 2108896, upload-time = "2025-04-23T18:33:22.501Z" }, + { url = "https://files.pythonhosted.org/packages/53/89/2b2de6c81fa131f423246a9109d7b2a375e83968ad0800d6e57d0574629b/pydantic_core-2.33.2-pp311-pypy311_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:f889f7a40498cc077332c7ab6b4608d296d852182211787d4f3ee377aaae66e8", size = 2069475, upload-time = "2025-04-23T18:33:24.528Z" }, + { url = "https://files.pythonhosted.org/packages/b8/e9/1f7efbe20d0b2b10f6718944b5d8ece9152390904f29a78e68d4e7961159/pydantic_core-2.33.2-pp311-pypy311_pp73-musllinux_1_1_armv7l.whl", hash = "sha256:de4b83bb311557e439b9e186f733f6c645b9417c84e2eb8203f3f820a4b988bf", size = 2239013, upload-time = "2025-04-23T18:33:26.621Z" }, + { url = "https://files.pythonhosted.org/packages/3c/b2/5309c905a93811524a49b4e031e9851a6b00ff0fb668794472ea7746b448/pydantic_core-2.33.2-pp311-pypy311_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:82f68293f055f51b51ea42fafc74b6aad03e70e191799430b90c13d643059ebb", size = 2238715, upload-time = "2025-04-23T18:33:28.656Z" }, + { url = "https://files.pythonhosted.org/packages/32/56/8a7ca5d2cd2cda1d245d34b1c9a942920a718082ae8e54e5f3e5a58b7add/pydantic_core-2.33.2-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:329467cecfb529c925cf2bbd4d60d2c509bc2fb52a20c1045bf09bb70971a9c1", size = 2066757, upload-time = "2025-04-23T18:33:30.645Z" }, +] + +[[package]] +name = "pygments" +version = "2.19.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/b0/77/a5b8c569bf593b0140bde72ea885a803b82086995367bf2037de0159d924/pygments-2.19.2.tar.gz", hash = "sha256:636cb2477cec7f8952536970bc533bc43743542f70392ae026374600add5b887", size = 4968631, upload-time = "2025-06-21T13:39:12.283Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/c7/21/705964c7812476f378728bdf590ca4b771ec72385c533964653c68e86bdc/pygments-2.19.2-py3-none-any.whl", hash = "sha256:86540386c03d588bb81d44bc3928634ff26449851e99741617ecb9037ee5ec0b", size = 1225217, upload-time = "2025-06-21T13:39:07.939Z" }, +] + +[[package]] +name = "pymdown-extensions" +version = "10.16.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "markdown" }, + { name = "pyyaml" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/55/b3/6d2b3f149bc5413b0a29761c2c5832d8ce904a1d7f621e86616d96f505cc/pymdown_extensions-10.16.1.tar.gz", hash = "sha256:aace82bcccba3efc03e25d584e6a22d27a8e17caa3f4dd9f207e49b787aa9a91", size = 853277, upload-time = "2025-07-28T16:19:34.167Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e4/06/43084e6cbd4b3bc0e80f6be743b2e79fbc6eed8de9ad8c629939fa55d972/pymdown_extensions-10.16.1-py3-none-any.whl", hash = "sha256:d6ba157a6c03146a7fb122b2b9a121300056384eafeec9c9f9e584adfdb2a32d", size = 266178, upload-time = "2025-07-28T16:19:31.401Z" }, +] + +[[package]] +name = "pypandoc" +version = "1.15" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/e1/88/26e650d053df5f3874aa3c05901a14166ce3271f58bfe114fd776987efbd/pypandoc-1.15.tar.gz", hash = "sha256:ea25beebe712ae41d63f7410c08741a3cab0e420f6703f95bc9b3a749192ce13", size = 32940, upload-time = "2025-01-08T17:39:58.705Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/61/06/0763e0ccc81754d3eadb21b2cb86cf21bdedc9b52698c2ad6785db7f0a4e/pypandoc-1.15-py3-none-any.whl", hash = "sha256:4ededcc76c8770f27aaca6dff47724578428eca84212a31479403a9731fc2b16", size = 21321, upload-time = "2025-01-08T17:39:09.928Z" }, +] + +[[package]] +name = "python-dateutil" +version = "2.9.0.post0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "six" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/66/c0/0c8b6ad9f17a802ee498c46e004a0eb49bc148f2fd230864601a86dcf6db/python-dateutil-2.9.0.post0.tar.gz", hash = "sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3", size = 342432, upload-time = "2024-03-01T18:36:20.211Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/ec/57/56b9bcc3c9c6a792fcbaf139543cee77261f3651ca9da0c93f5c1221264b/python_dateutil-2.9.0.post0-py2.py3-none-any.whl", hash = "sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427", size = 229892, upload-time = "2024-03-01T18:36:18.57Z" }, +] + +[[package]] +name = "pytz" +version = "2025.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/f8/bf/abbd3cdfb8fbc7fb3d4d38d320f2441b1e7cbe29be4f23797b4a2b5d8aac/pytz-2025.2.tar.gz", hash = "sha256:360b9e3dbb49a209c21ad61809c7fb453643e048b38924c765813546746e81c3", size = 320884, upload-time = "2025-03-25T02:25:00.538Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/81/c4/34e93fe5f5429d7570ec1fa436f1986fb1f00c3e0f43a589fe2bbcd22c3f/pytz-2025.2-py2.py3-none-any.whl", hash = "sha256:5ddf76296dd8c44c26eb8f4b6f35488f3ccbf6fbbd7adee0b7262d43f0ec2f00", size = 509225, upload-time = "2025-03-25T02:24:58.468Z" }, +] + +[[package]] +name = "pyyaml" +version = "6.0.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/54/ed/79a089b6be93607fa5cdaedf301d7dfb23af5f25c398d5ead2525b063e17/pyyaml-6.0.2.tar.gz", hash = "sha256:d584d9ec91ad65861cc08d42e834324ef890a082e591037abe114850ff7bbc3e", size = 130631, upload-time = "2024-08-06T20:33:50.674Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/9b/95/a3fac87cb7158e231b5a6012e438c647e1a87f09f8e0d123acec8ab8bf71/PyYAML-6.0.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086", size = 184199, upload-time = "2024-08-06T20:31:40.178Z" }, + { url = "https://files.pythonhosted.org/packages/c7/7a/68bd47624dab8fd4afbfd3c48e3b79efe09098ae941de5b58abcbadff5cb/PyYAML-6.0.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:29717114e51c84ddfba879543fb232a6ed60086602313ca38cce623c1d62cfbf", size = 171758, upload-time = "2024-08-06T20:31:42.173Z" }, + { url = "https://files.pythonhosted.org/packages/49/ee/14c54df452143b9ee9f0f29074d7ca5516a36edb0b4cc40c3f280131656f/PyYAML-6.0.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8824b5a04a04a047e72eea5cec3bc266db09e35de6bdfe34c9436ac5ee27d237", size = 718463, upload-time = "2024-08-06T20:31:44.263Z" }, + { url = "https://files.pythonhosted.org/packages/4d/61/de363a97476e766574650d742205be468921a7b532aa2499fcd886b62530/PyYAML-6.0.2-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:7c36280e6fb8385e520936c3cb3b8042851904eba0e58d277dca80a5cfed590b", size = 719280, upload-time = "2024-08-06T20:31:50.199Z" }, + { url = "https://files.pythonhosted.org/packages/6b/4e/1523cb902fd98355e2e9ea5e5eb237cbc5f3ad5f3075fa65087aa0ecb669/PyYAML-6.0.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ec031d5d2feb36d1d1a24380e4db6d43695f3748343d99434e6f5f9156aaa2ed", size = 751239, upload-time = "2024-08-06T20:31:52.292Z" }, + { url = "https://files.pythonhosted.org/packages/b7/33/5504b3a9a4464893c32f118a9cc045190a91637b119a9c881da1cf6b7a72/PyYAML-6.0.2-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:936d68689298c36b53b29f23c6dbb74de12b4ac12ca6cfe0e047bedceea56180", size = 695802, upload-time = "2024-08-06T20:31:53.836Z" }, + { url = "https://files.pythonhosted.org/packages/5c/20/8347dcabd41ef3a3cdc4f7b7a2aff3d06598c8779faa189cdbf878b626a4/PyYAML-6.0.2-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:23502f431948090f597378482b4812b0caae32c22213aecf3b55325e049a6c68", size = 720527, upload-time = "2024-08-06T20:31:55.565Z" }, + { url = "https://files.pythonhosted.org/packages/be/aa/5afe99233fb360d0ff37377145a949ae258aaab831bde4792b32650a4378/PyYAML-6.0.2-cp310-cp310-win32.whl", hash = "sha256:2e99c6826ffa974fe6e27cdb5ed0021786b03fc98e5ee3c5bfe1fd5015f42b99", size = 144052, upload-time = "2024-08-06T20:31:56.914Z" }, + { url = "https://files.pythonhosted.org/packages/b5/84/0fa4b06f6d6c958d207620fc60005e241ecedceee58931bb20138e1e5776/PyYAML-6.0.2-cp310-cp310-win_amd64.whl", hash = "sha256:a4d3091415f010369ae4ed1fc6b79def9416358877534caf6a0fdd2146c87a3e", size = 161774, upload-time = "2024-08-06T20:31:58.304Z" }, + { url = "https://files.pythonhosted.org/packages/f8/aa/7af4e81f7acba21a4c6be026da38fd2b872ca46226673c89a758ebdc4fd2/PyYAML-6.0.2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:cc1c1159b3d456576af7a3e4d1ba7e6924cb39de8f67111c735f6fc832082774", size = 184612, upload-time = "2024-08-06T20:32:03.408Z" }, + { url = "https://files.pythonhosted.org/packages/8b/62/b9faa998fd185f65c1371643678e4d58254add437edb764a08c5a98fb986/PyYAML-6.0.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:1e2120ef853f59c7419231f3bf4e7021f1b936f6ebd222406c3b60212205d2ee", size = 172040, upload-time = "2024-08-06T20:32:04.926Z" }, + { url = "https://files.pythonhosted.org/packages/ad/0c/c804f5f922a9a6563bab712d8dcc70251e8af811fce4524d57c2c0fd49a4/PyYAML-6.0.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5d225db5a45f21e78dd9358e58a98702a0302f2659a3c6cd320564b75b86f47c", size = 736829, upload-time = "2024-08-06T20:32:06.459Z" }, + { url = "https://files.pythonhosted.org/packages/51/16/6af8d6a6b210c8e54f1406a6b9481febf9c64a3109c541567e35a49aa2e7/PyYAML-6.0.2-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:5ac9328ec4831237bec75defaf839f7d4564be1e6b25ac710bd1a96321cc8317", size = 764167, upload-time = "2024-08-06T20:32:08.338Z" }, + { url = "https://files.pythonhosted.org/packages/75/e4/2c27590dfc9992f73aabbeb9241ae20220bd9452df27483b6e56d3975cc5/PyYAML-6.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3ad2a3decf9aaba3d29c8f537ac4b243e36bef957511b4766cb0057d32b0be85", size = 762952, upload-time = "2024-08-06T20:32:14.124Z" }, + { url = "https://files.pythonhosted.org/packages/9b/97/ecc1abf4a823f5ac61941a9c00fe501b02ac3ab0e373c3857f7d4b83e2b6/PyYAML-6.0.2-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:ff3824dc5261f50c9b0dfb3be22b4567a6f938ccce4587b38952d85fd9e9afe4", size = 735301, upload-time = "2024-08-06T20:32:16.17Z" }, + { url = "https://files.pythonhosted.org/packages/45/73/0f49dacd6e82c9430e46f4a027baa4ca205e8b0a9dce1397f44edc23559d/PyYAML-6.0.2-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:797b4f722ffa07cc8d62053e4cff1486fa6dc094105d13fea7b1de7d8bf71c9e", size = 756638, upload-time = "2024-08-06T20:32:18.555Z" }, + { url = "https://files.pythonhosted.org/packages/22/5f/956f0f9fc65223a58fbc14459bf34b4cc48dec52e00535c79b8db361aabd/PyYAML-6.0.2-cp311-cp311-win32.whl", hash = "sha256:11d8f3dd2b9c1207dcaf2ee0bbbfd5991f571186ec9cc78427ba5bd32afae4b5", size = 143850, upload-time = "2024-08-06T20:32:19.889Z" }, + { url = "https://files.pythonhosted.org/packages/ed/23/8da0bbe2ab9dcdd11f4f4557ccaf95c10b9811b13ecced089d43ce59c3c8/PyYAML-6.0.2-cp311-cp311-win_amd64.whl", hash = "sha256:e10ce637b18caea04431ce14fabcf5c64a1c61ec9c56b071a4b7ca131ca52d44", size = 161980, upload-time = "2024-08-06T20:32:21.273Z" }, + { url = "https://files.pythonhosted.org/packages/86/0c/c581167fc46d6d6d7ddcfb8c843a4de25bdd27e4466938109ca68492292c/PyYAML-6.0.2-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:c70c95198c015b85feafc136515252a261a84561b7b1d51e3384e0655ddf25ab", size = 183873, upload-time = "2024-08-06T20:32:25.131Z" }, + { url = "https://files.pythonhosted.org/packages/a8/0c/38374f5bb272c051e2a69281d71cba6fdb983413e6758b84482905e29a5d/PyYAML-6.0.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:ce826d6ef20b1bc864f0a68340c8b3287705cae2f8b4b1d932177dcc76721725", size = 173302, upload-time = "2024-08-06T20:32:26.511Z" }, + { url = "https://files.pythonhosted.org/packages/c3/93/9916574aa8c00aa06bbac729972eb1071d002b8e158bd0e83a3b9a20a1f7/PyYAML-6.0.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1f71ea527786de97d1a0cc0eacd1defc0985dcf6b3f17bb77dcfc8c34bec4dc5", size = 739154, upload-time = "2024-08-06T20:32:28.363Z" }, + { url = "https://files.pythonhosted.org/packages/95/0f/b8938f1cbd09739c6da569d172531567dbcc9789e0029aa070856f123984/PyYAML-6.0.2-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:9b22676e8097e9e22e36d6b7bda33190d0d400f345f23d4065d48f4ca7ae0425", size = 766223, upload-time = "2024-08-06T20:32:30.058Z" }, + { url = "https://files.pythonhosted.org/packages/b9/2b/614b4752f2e127db5cc206abc23a8c19678e92b23c3db30fc86ab731d3bd/PyYAML-6.0.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:80bab7bfc629882493af4aa31a4cfa43a4c57c83813253626916b8c7ada83476", size = 767542, upload-time = "2024-08-06T20:32:31.881Z" }, + { url = "https://files.pythonhosted.org/packages/d4/00/dd137d5bcc7efea1836d6264f049359861cf548469d18da90cd8216cf05f/PyYAML-6.0.2-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:0833f8694549e586547b576dcfaba4a6b55b9e96098b36cdc7ebefe667dfed48", size = 731164, upload-time = "2024-08-06T20:32:37.083Z" }, + { url = "https://files.pythonhosted.org/packages/c9/1f/4f998c900485e5c0ef43838363ba4a9723ac0ad73a9dc42068b12aaba4e4/PyYAML-6.0.2-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:8b9c7197f7cb2738065c481a0461e50ad02f18c78cd75775628afb4d7137fb3b", size = 756611, upload-time = "2024-08-06T20:32:38.898Z" }, + { url = "https://files.pythonhosted.org/packages/df/d1/f5a275fdb252768b7a11ec63585bc38d0e87c9e05668a139fea92b80634c/PyYAML-6.0.2-cp312-cp312-win32.whl", hash = "sha256:ef6107725bd54b262d6dedcc2af448a266975032bc85ef0172c5f059da6325b4", size = 140591, upload-time = "2024-08-06T20:32:40.241Z" }, + { url = "https://files.pythonhosted.org/packages/0c/e8/4f648c598b17c3d06e8753d7d13d57542b30d56e6c2dedf9c331ae56312e/PyYAML-6.0.2-cp312-cp312-win_amd64.whl", hash = "sha256:7e7401d0de89a9a855c839bc697c079a4af81cf878373abd7dc625847d25cbd8", size = 156338, upload-time = "2024-08-06T20:32:41.93Z" }, + { url = "https://files.pythonhosted.org/packages/ef/e3/3af305b830494fa85d95f6d95ef7fa73f2ee1cc8ef5b495c7c3269fb835f/PyYAML-6.0.2-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:efdca5630322a10774e8e98e1af481aad470dd62c3170801852d752aa7a783ba", size = 181309, upload-time = "2024-08-06T20:32:43.4Z" }, + { url = "https://files.pythonhosted.org/packages/45/9f/3b1c20a0b7a3200524eb0076cc027a970d320bd3a6592873c85c92a08731/PyYAML-6.0.2-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:50187695423ffe49e2deacb8cd10510bc361faac997de9efef88badc3bb9e2d1", size = 171679, upload-time = "2024-08-06T20:32:44.801Z" }, + { url = "https://files.pythonhosted.org/packages/7c/9a/337322f27005c33bcb656c655fa78325b730324c78620e8328ae28b64d0c/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0ffe8360bab4910ef1b9e87fb812d8bc0a308b0d0eef8c8f44e0254ab3b07133", size = 733428, upload-time = "2024-08-06T20:32:46.432Z" }, + { url = "https://files.pythonhosted.org/packages/a3/69/864fbe19e6c18ea3cc196cbe5d392175b4cf3d5d0ac1403ec3f2d237ebb5/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:17e311b6c678207928d649faa7cb0d7b4c26a0ba73d41e99c4fff6b6c3276484", size = 763361, upload-time = "2024-08-06T20:32:51.188Z" }, + { url = "https://files.pythonhosted.org/packages/04/24/b7721e4845c2f162d26f50521b825fb061bc0a5afcf9a386840f23ea19fa/PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:70b189594dbe54f75ab3a1acec5f1e3faa7e8cf2f1e08d9b561cb41b845f69d5", size = 759523, upload-time = "2024-08-06T20:32:53.019Z" }, + { url = "https://files.pythonhosted.org/packages/2b/b2/e3234f59ba06559c6ff63c4e10baea10e5e7df868092bf9ab40e5b9c56b6/PyYAML-6.0.2-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:41e4e3953a79407c794916fa277a82531dd93aad34e29c2a514c2c0c5fe971cc", size = 726660, upload-time = "2024-08-06T20:32:54.708Z" }, + { url = "https://files.pythonhosted.org/packages/fe/0f/25911a9f080464c59fab9027482f822b86bf0608957a5fcc6eaac85aa515/PyYAML-6.0.2-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:68ccc6023a3400877818152ad9a1033e3db8625d899c72eacb5a668902e4d652", size = 751597, upload-time = "2024-08-06T20:32:56.985Z" }, + { url = "https://files.pythonhosted.org/packages/14/0d/e2c3b43bbce3cf6bd97c840b46088a3031085179e596d4929729d8d68270/PyYAML-6.0.2-cp313-cp313-win32.whl", hash = "sha256:bc2fa7c6b47d6bc618dd7fb02ef6fdedb1090ec036abab80d4681424b84c1183", size = 140527, upload-time = "2024-08-06T20:33:03.001Z" }, + { url = "https://files.pythonhosted.org/packages/fa/de/02b54f42487e3d3c6efb3f89428677074ca7bf43aae402517bc7cca949f3/PyYAML-6.0.2-cp313-cp313-win_amd64.whl", hash = "sha256:8388ee1976c416731879ac16da0aff3f63b286ffdd57cdeb95f3f2e085687563", size = 156446, upload-time = "2024-08-06T20:33:04.33Z" }, +] + +[[package]] +name = "pyyaml-env-tag" +version = "1.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "pyyaml" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/eb/2e/79c822141bfd05a853236b504869ebc6b70159afc570e1d5a20641782eaa/pyyaml_env_tag-1.1.tar.gz", hash = "sha256:2eb38b75a2d21ee0475d6d97ec19c63287a7e140231e4214969d0eac923cd7ff", size = 5737, upload-time = "2025-05-13T15:24:01.64Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/04/11/432f32f8097b03e3cd5fe57e88efb685d964e2e5178a48ed61e841f7fdce/pyyaml_env_tag-1.1-py3-none-any.whl", hash = "sha256:17109e1a528561e32f026364712fee1264bc2ea6715120891174ed1b980d2e04", size = 4722, upload-time = "2025-05-13T15:23:59.629Z" }, +] + +[[package]] +name = "rapidfuzz" +version = "3.13.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/ed/f6/6895abc3a3d056b9698da3199b04c0e56226d530ae44a470edabf8b664f0/rapidfuzz-3.13.0.tar.gz", hash = "sha256:d2eaf3839e52cbcc0accbe9817a67b4b0fcf70aaeb229cfddc1c28061f9ce5d8", size = 57904226, upload-time = "2025-04-03T20:38:51.226Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/de/27/ca10b3166024ae19a7e7c21f73c58dfd4b7fef7420e5497ee64ce6b73453/rapidfuzz-3.13.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:aafc42a1dc5e1beeba52cd83baa41372228d6d8266f6d803c16dbabbcc156255", size = 1998899, upload-time = "2025-04-03T20:35:08.764Z" }, + { url = "https://files.pythonhosted.org/packages/f0/38/c4c404b13af0315483a6909b3a29636e18e1359307fb74a333fdccb3730d/rapidfuzz-3.13.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:85c9a131a44a95f9cac2eb6e65531db014e09d89c4f18c7b1fa54979cb9ff1f3", size = 1449949, upload-time = "2025-04-03T20:35:11.26Z" }, + { url = "https://files.pythonhosted.org/packages/12/ae/15c71d68a6df6b8e24595421fdf5bcb305888318e870b7be8d935a9187ee/rapidfuzz-3.13.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:7d7cec4242d30dd521ef91c0df872e14449d1dffc2a6990ede33943b0dae56c3", size = 1424199, upload-time = "2025-04-03T20:35:12.954Z" }, + { url = "https://files.pythonhosted.org/packages/dc/9a/765beb9e14d7b30d12e2d6019e8b93747a0bedbc1d0cce13184fa3825426/rapidfuzz-3.13.0-cp310-cp310-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e297c09972698c95649e89121e3550cee761ca3640cd005e24aaa2619175464e", size = 5352400, upload-time = "2025-04-03T20:35:15.421Z" }, + { url = "https://files.pythonhosted.org/packages/e2/b8/49479fe6f06b06cd54d6345ed16de3d1ac659b57730bdbe897df1e059471/rapidfuzz-3.13.0-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ef0f5f03f61b0e5a57b1df7beafd83df993fd5811a09871bad6038d08e526d0d", size = 1652465, upload-time = "2025-04-03T20:35:18.43Z" }, + { url = "https://files.pythonhosted.org/packages/6f/d8/08823d496b7dd142a7b5d2da04337df6673a14677cfdb72f2604c64ead69/rapidfuzz-3.13.0-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:d8cf5f7cd6e4d5eb272baf6a54e182b2c237548d048e2882258336533f3f02b7", size = 1616590, upload-time = "2025-04-03T20:35:20.482Z" }, + { url = "https://files.pythonhosted.org/packages/38/d4/5cfbc9a997e544f07f301c54d42aac9e0d28d457d543169e4ec859b8ce0d/rapidfuzz-3.13.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9256218ac8f1a957806ec2fb9a6ddfc6c32ea937c0429e88cf16362a20ed8602", size = 3086956, upload-time = "2025-04-03T20:35:22.756Z" }, + { url = "https://files.pythonhosted.org/packages/25/1e/06d8932a72fa9576095234a15785136407acf8f9a7dbc8136389a3429da1/rapidfuzz-3.13.0-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:e1bdd2e6d0c5f9706ef7595773a81ca2b40f3b33fd7f9840b726fb00c6c4eb2e", size = 2494220, upload-time = "2025-04-03T20:35:25.563Z" }, + { url = "https://files.pythonhosted.org/packages/03/16/5acf15df63119d5ca3d9a54b82807866ff403461811d077201ca351a40c3/rapidfuzz-3.13.0-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:5280be8fd7e2bee5822e254fe0a5763aa0ad57054b85a32a3d9970e9b09bbcbf", size = 7585481, upload-time = "2025-04-03T20:35:27.426Z" }, + { url = "https://files.pythonhosted.org/packages/e1/cf/ebade4009431ea8e715e59e882477a970834ddaacd1a670095705b86bd0d/rapidfuzz-3.13.0-cp310-cp310-musllinux_1_2_ppc64le.whl", hash = "sha256:fd742c03885db1fce798a1cd87a20f47f144ccf26d75d52feb6f2bae3d57af05", size = 2894842, upload-time = "2025-04-03T20:35:29.457Z" }, + { url = "https://files.pythonhosted.org/packages/a7/bd/0732632bd3f906bf613229ee1b7cbfba77515db714a0e307becfa8a970ae/rapidfuzz-3.13.0-cp310-cp310-musllinux_1_2_s390x.whl", hash = "sha256:5435fcac94c9ecf0504bf88a8a60c55482c32e18e108d6079a0089c47f3f8cf6", size = 3438517, upload-time = "2025-04-03T20:35:31.381Z" }, + { url = "https://files.pythonhosted.org/packages/83/89/d3bd47ec9f4b0890f62aea143a1e35f78f3d8329b93d9495b4fa8a3cbfc3/rapidfuzz-3.13.0-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:93a755266856599be4ab6346273f192acde3102d7aa0735e2f48b456397a041f", size = 4412773, upload-time = "2025-04-03T20:35:33.425Z" }, + { url = "https://files.pythonhosted.org/packages/b3/57/1a152a07883e672fc117c7f553f5b933f6e43c431ac3fd0e8dae5008f481/rapidfuzz-3.13.0-cp310-cp310-win32.whl", hash = "sha256:3abe6a4e8eb4cfc4cda04dd650a2dc6d2934cbdeda5def7e6fd1c20f6e7d2a0b", size = 1842334, upload-time = "2025-04-03T20:35:35.648Z" }, + { url = "https://files.pythonhosted.org/packages/a7/68/7248addf95b6ca51fc9d955161072285da3059dd1472b0de773cff910963/rapidfuzz-3.13.0-cp310-cp310-win_amd64.whl", hash = "sha256:e8ddb58961401da7d6f55f185512c0d6bd24f529a637078d41dd8ffa5a49c107", size = 1624392, upload-time = "2025-04-03T20:35:37.294Z" }, + { url = "https://files.pythonhosted.org/packages/68/23/f41c749f2c61ed1ed5575eaf9e73ef9406bfedbf20a3ffa438d15b5bf87e/rapidfuzz-3.13.0-cp310-cp310-win_arm64.whl", hash = "sha256:c523620d14ebd03a8d473c89e05fa1ae152821920c3ff78b839218ff69e19ca3", size = 865584, upload-time = "2025-04-03T20:35:39.005Z" }, + { url = "https://files.pythonhosted.org/packages/87/17/9be9eff5a3c7dfc831c2511262082c6786dca2ce21aa8194eef1cb71d67a/rapidfuzz-3.13.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:d395a5cad0c09c7f096433e5fd4224d83b53298d53499945a9b0e5a971a84f3a", size = 1999453, upload-time = "2025-04-03T20:35:40.804Z" }, + { url = "https://files.pythonhosted.org/packages/75/67/62e57896ecbabe363f027d24cc769d55dd49019e576533ec10e492fcd8a2/rapidfuzz-3.13.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:b7b3eda607a019169f7187328a8d1648fb9a90265087f6903d7ee3a8eee01805", size = 1450881, upload-time = "2025-04-03T20:35:42.734Z" }, + { url = "https://files.pythonhosted.org/packages/96/5c/691c5304857f3476a7b3df99e91efc32428cbe7d25d234e967cc08346c13/rapidfuzz-3.13.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:98e0bfa602e1942d542de077baf15d658bd9d5dcfe9b762aff791724c1c38b70", size = 1422990, upload-time = "2025-04-03T20:35:45.158Z" }, + { url = "https://files.pythonhosted.org/packages/46/81/7a7e78f977496ee2d613154b86b203d373376bcaae5de7bde92f3ad5a192/rapidfuzz-3.13.0-cp311-cp311-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:bef86df6d59667d9655905b02770a0c776d2853971c0773767d5ef8077acd624", size = 5342309, upload-time = "2025-04-03T20:35:46.952Z" }, + { url = "https://files.pythonhosted.org/packages/51/44/12fdd12a76b190fe94bf38d252bb28ddf0ab7a366b943e792803502901a2/rapidfuzz-3.13.0-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:fedd316c165beed6307bf754dee54d3faca2c47e1f3bcbd67595001dfa11e969", size = 1656881, upload-time = "2025-04-03T20:35:49.954Z" }, + { url = "https://files.pythonhosted.org/packages/27/ae/0d933e660c06fcfb087a0d2492f98322f9348a28b2cc3791a5dbadf6e6fb/rapidfuzz-3.13.0-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:5158da7f2ec02a930be13bac53bb5903527c073c90ee37804090614cab83c29e", size = 1608494, upload-time = "2025-04-03T20:35:51.646Z" }, + { url = "https://files.pythonhosted.org/packages/3d/2c/4b2f8aafdf9400e5599b6ed2f14bc26ca75f5a923571926ccbc998d4246a/rapidfuzz-3.13.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3b6f913ee4618ddb6d6f3e387b76e8ec2fc5efee313a128809fbd44e65c2bbb2", size = 3072160, upload-time = "2025-04-03T20:35:53.472Z" }, + { url = "https://files.pythonhosted.org/packages/60/7d/030d68d9a653c301114101c3003b31ce01cf2c3224034cd26105224cd249/rapidfuzz-3.13.0-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:d25fdbce6459ccbbbf23b4b044f56fbd1158b97ac50994eaae2a1c0baae78301", size = 2491549, upload-time = "2025-04-03T20:35:55.391Z" }, + { url = "https://files.pythonhosted.org/packages/8e/cd/7040ba538fc6a8ddc8816a05ecf46af9988b46c148ddd7f74fb0fb73d012/rapidfuzz-3.13.0-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:25343ccc589a4579fbde832e6a1e27258bfdd7f2eb0f28cb836d6694ab8591fc", size = 7584142, upload-time = "2025-04-03T20:35:57.71Z" }, + { url = "https://files.pythonhosted.org/packages/c1/96/85f7536fbceb0aa92c04a1c37a3fc4fcd4e80649e9ed0fb585382df82edc/rapidfuzz-3.13.0-cp311-cp311-musllinux_1_2_ppc64le.whl", hash = "sha256:a9ad1f37894e3ffb76bbab76256e8a8b789657183870be11aa64e306bb5228fd", size = 2896234, upload-time = "2025-04-03T20:35:59.969Z" }, + { url = "https://files.pythonhosted.org/packages/55/fd/460e78438e7019f2462fe9d4ecc880577ba340df7974c8a4cfe8d8d029df/rapidfuzz-3.13.0-cp311-cp311-musllinux_1_2_s390x.whl", hash = "sha256:5dc71ef23845bb6b62d194c39a97bb30ff171389c9812d83030c1199f319098c", size = 3437420, upload-time = "2025-04-03T20:36:01.91Z" }, + { url = "https://files.pythonhosted.org/packages/cc/df/c3c308a106a0993befd140a414c5ea78789d201cf1dfffb8fd9749718d4f/rapidfuzz-3.13.0-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:b7f4c65facdb94f44be759bbd9b6dda1fa54d0d6169cdf1a209a5ab97d311a75", size = 4410860, upload-time = "2025-04-03T20:36:04.352Z" }, + { url = "https://files.pythonhosted.org/packages/75/ee/9d4ece247f9b26936cdeaae600e494af587ce9bf8ddc47d88435f05cfd05/rapidfuzz-3.13.0-cp311-cp311-win32.whl", hash = "sha256:b5104b62711565e0ff6deab2a8f5dbf1fbe333c5155abe26d2cfd6f1849b6c87", size = 1843161, upload-time = "2025-04-03T20:36:06.802Z" }, + { url = "https://files.pythonhosted.org/packages/c9/5a/d00e1f63564050a20279015acb29ecaf41646adfacc6ce2e1e450f7f2633/rapidfuzz-3.13.0-cp311-cp311-win_amd64.whl", hash = "sha256:9093cdeb926deb32a4887ebe6910f57fbcdbc9fbfa52252c10b56ef2efb0289f", size = 1629962, upload-time = "2025-04-03T20:36:09.133Z" }, + { url = "https://files.pythonhosted.org/packages/3b/74/0a3de18bc2576b794f41ccd07720b623e840fda219ab57091897f2320fdd/rapidfuzz-3.13.0-cp311-cp311-win_arm64.whl", hash = "sha256:f70f646751b6aa9d05be1fb40372f006cc89d6aad54e9d79ae97bd1f5fce5203", size = 866631, upload-time = "2025-04-03T20:36:11.022Z" }, + { url = "https://files.pythonhosted.org/packages/13/4b/a326f57a4efed8f5505b25102797a58e37ee11d94afd9d9422cb7c76117e/rapidfuzz-3.13.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:4a1a6a906ba62f2556372282b1ef37b26bca67e3d2ea957277cfcefc6275cca7", size = 1989501, upload-time = "2025-04-03T20:36:13.43Z" }, + { url = "https://files.pythonhosted.org/packages/b7/53/1f7eb7ee83a06c400089ec7cb841cbd581c2edd7a4b21eb2f31030b88daa/rapidfuzz-3.13.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:2fd0975e015b05c79a97f38883a11236f5a24cca83aa992bd2558ceaa5652b26", size = 1445379, upload-time = "2025-04-03T20:36:16.439Z" }, + { url = "https://files.pythonhosted.org/packages/07/09/de8069a4599cc8e6d194e5fa1782c561151dea7d5e2741767137e2a8c1f0/rapidfuzz-3.13.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5d4e13593d298c50c4f94ce453f757b4b398af3fa0fd2fde693c3e51195b7f69", size = 1405986, upload-time = "2025-04-03T20:36:18.447Z" }, + { url = "https://files.pythonhosted.org/packages/5d/77/d9a90b39c16eca20d70fec4ca377fbe9ea4c0d358c6e4736ab0e0e78aaf6/rapidfuzz-3.13.0-cp312-cp312-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ed6f416bda1c9133000009d84d9409823eb2358df0950231cc936e4bf784eb97", size = 5310809, upload-time = "2025-04-03T20:36:20.324Z" }, + { url = "https://files.pythonhosted.org/packages/1e/7d/14da291b0d0f22262d19522afaf63bccf39fc027c981233fb2137a57b71f/rapidfuzz-3.13.0-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:1dc82b6ed01acb536b94a43996a94471a218f4d89f3fdd9185ab496de4b2a981", size = 1629394, upload-time = "2025-04-03T20:36:22.256Z" }, + { url = "https://files.pythonhosted.org/packages/b7/e4/79ed7e4fa58f37c0f8b7c0a62361f7089b221fe85738ae2dbcfb815e985a/rapidfuzz-3.13.0-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:e9d824de871daa6e443b39ff495a884931970d567eb0dfa213d234337343835f", size = 1600544, upload-time = "2025-04-03T20:36:24.207Z" }, + { url = "https://files.pythonhosted.org/packages/4e/20/e62b4d13ba851b0f36370060025de50a264d625f6b4c32899085ed51f980/rapidfuzz-3.13.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2d18228a2390375cf45726ce1af9d36ff3dc1f11dce9775eae1f1b13ac6ec50f", size = 3052796, upload-time = "2025-04-03T20:36:26.279Z" }, + { url = "https://files.pythonhosted.org/packages/cd/8d/55fdf4387dec10aa177fe3df8dbb0d5022224d95f48664a21d6b62a5299d/rapidfuzz-3.13.0-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:9f5fe634c9482ec5d4a6692afb8c45d370ae86755e5f57aa6c50bfe4ca2bdd87", size = 2464016, upload-time = "2025-04-03T20:36:28.525Z" }, + { url = "https://files.pythonhosted.org/packages/9b/be/0872f6a56c0f473165d3b47d4170fa75263dc5f46985755aa9bf2bbcdea1/rapidfuzz-3.13.0-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:694eb531889f71022b2be86f625a4209c4049e74be9ca836919b9e395d5e33b3", size = 7556725, upload-time = "2025-04-03T20:36:30.629Z" }, + { url = "https://files.pythonhosted.org/packages/5d/f3/6c0750e484d885a14840c7a150926f425d524982aca989cdda0bb3bdfa57/rapidfuzz-3.13.0-cp312-cp312-musllinux_1_2_ppc64le.whl", hash = "sha256:11b47b40650e06147dee5e51a9c9ad73bb7b86968b6f7d30e503b9f8dd1292db", size = 2859052, upload-time = "2025-04-03T20:36:32.836Z" }, + { url = "https://files.pythonhosted.org/packages/6f/98/5a3a14701b5eb330f444f7883c9840b43fb29c575e292e09c90a270a6e07/rapidfuzz-3.13.0-cp312-cp312-musllinux_1_2_s390x.whl", hash = "sha256:98b8107ff14f5af0243f27d236bcc6e1ef8e7e3b3c25df114e91e3a99572da73", size = 3390219, upload-time = "2025-04-03T20:36:35.062Z" }, + { url = "https://files.pythonhosted.org/packages/e9/7d/f4642eaaeb474b19974332f2a58471803448be843033e5740965775760a5/rapidfuzz-3.13.0-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:b836f486dba0aceb2551e838ff3f514a38ee72b015364f739e526d720fdb823a", size = 4377924, upload-time = "2025-04-03T20:36:37.363Z" }, + { url = "https://files.pythonhosted.org/packages/8e/83/fa33f61796731891c3e045d0cbca4436a5c436a170e7f04d42c2423652c3/rapidfuzz-3.13.0-cp312-cp312-win32.whl", hash = "sha256:4671ee300d1818d7bdfd8fa0608580d7778ba701817216f0c17fb29e6b972514", size = 1823915, upload-time = "2025-04-03T20:36:39.451Z" }, + { url = "https://files.pythonhosted.org/packages/03/25/5ee7ab6841ca668567d0897905eebc79c76f6297b73bf05957be887e9c74/rapidfuzz-3.13.0-cp312-cp312-win_amd64.whl", hash = "sha256:6e2065f68fb1d0bf65adc289c1bdc45ba7e464e406b319d67bb54441a1b9da9e", size = 1616985, upload-time = "2025-04-03T20:36:41.631Z" }, + { url = "https://files.pythonhosted.org/packages/76/5e/3f0fb88db396cb692aefd631e4805854e02120a2382723b90dcae720bcc6/rapidfuzz-3.13.0-cp312-cp312-win_arm64.whl", hash = "sha256:65cc97c2fc2c2fe23586599686f3b1ceeedeca8e598cfcc1b7e56dc8ca7e2aa7", size = 860116, upload-time = "2025-04-03T20:36:43.915Z" }, + { url = "https://files.pythonhosted.org/packages/0a/76/606e71e4227790750f1646f3c5c873e18d6cfeb6f9a77b2b8c4dec8f0f66/rapidfuzz-3.13.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:09e908064d3684c541d312bd4c7b05acb99a2c764f6231bd507d4b4b65226c23", size = 1982282, upload-time = "2025-04-03T20:36:46.149Z" }, + { url = "https://files.pythonhosted.org/packages/0a/f5/d0b48c6b902607a59fd5932a54e3518dae8223814db8349b0176e6e9444b/rapidfuzz-3.13.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:57c390336cb50d5d3bfb0cfe1467478a15733703af61f6dffb14b1cd312a6fae", size = 1439274, upload-time = "2025-04-03T20:36:48.323Z" }, + { url = "https://files.pythonhosted.org/packages/59/cf/c3ac8c80d8ced6c1f99b5d9674d397ce5d0e9d0939d788d67c010e19c65f/rapidfuzz-3.13.0-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0da54aa8547b3c2c188db3d1c7eb4d1bb6dd80baa8cdaeaec3d1da3346ec9caa", size = 1399854, upload-time = "2025-04-03T20:36:50.294Z" }, + { url = "https://files.pythonhosted.org/packages/09/5d/ca8698e452b349c8313faf07bfa84e7d1c2d2edf7ccc67bcfc49bee1259a/rapidfuzz-3.13.0-cp313-cp313-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:df8e8c21e67afb9d7fbe18f42c6111fe155e801ab103c81109a61312927cc611", size = 5308962, upload-time = "2025-04-03T20:36:52.421Z" }, + { url = "https://files.pythonhosted.org/packages/66/0a/bebada332854e78e68f3d6c05226b23faca79d71362509dbcf7b002e33b7/rapidfuzz-3.13.0-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:461fd13250a2adf8e90ca9a0e1e166515cbcaa5e9c3b1f37545cbbeff9e77f6b", size = 1625016, upload-time = "2025-04-03T20:36:54.639Z" }, + { url = "https://files.pythonhosted.org/packages/de/0c/9e58d4887b86d7121d1c519f7050d1be5eb189d8a8075f5417df6492b4f5/rapidfuzz-3.13.0-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:c2b3dd5d206a12deca16870acc0d6e5036abeb70e3cad6549c294eff15591527", size = 1600414, upload-time = "2025-04-03T20:36:56.669Z" }, + { url = "https://files.pythonhosted.org/packages/9b/df/6096bc669c1311568840bdcbb5a893edc972d1c8d2b4b4325c21d54da5b1/rapidfuzz-3.13.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:1343d745fbf4688e412d8f398c6e6d6f269db99a54456873f232ba2e7aeb4939", size = 3053179, upload-time = "2025-04-03T20:36:59.366Z" }, + { url = "https://files.pythonhosted.org/packages/f9/46/5179c583b75fce3e65a5cd79a3561bd19abd54518cb7c483a89b284bf2b9/rapidfuzz-3.13.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:b1b065f370d54551dcc785c6f9eeb5bd517ae14c983d2784c064b3aa525896df", size = 2456856, upload-time = "2025-04-03T20:37:01.708Z" }, + { url = "https://files.pythonhosted.org/packages/6b/64/e9804212e3286d027ac35bbb66603c9456c2bce23f823b67d2f5cabc05c1/rapidfuzz-3.13.0-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:11b125d8edd67e767b2295eac6eb9afe0b1cdc82ea3d4b9257da4b8e06077798", size = 7567107, upload-time = "2025-04-03T20:37:04.521Z" }, + { url = "https://files.pythonhosted.org/packages/8a/f2/7d69e7bf4daec62769b11757ffc31f69afb3ce248947aadbb109fefd9f65/rapidfuzz-3.13.0-cp313-cp313-musllinux_1_2_ppc64le.whl", hash = "sha256:c33f9c841630b2bb7e69a3fb5c84a854075bb812c47620978bddc591f764da3d", size = 2854192, upload-time = "2025-04-03T20:37:06.905Z" }, + { url = "https://files.pythonhosted.org/packages/05/21/ab4ad7d7d0f653e6fe2e4ccf11d0245092bef94cdff587a21e534e57bda8/rapidfuzz-3.13.0-cp313-cp313-musllinux_1_2_s390x.whl", hash = "sha256:ae4574cb66cf1e85d32bb7e9ec45af5409c5b3970b7ceb8dea90168024127566", size = 3398876, upload-time = "2025-04-03T20:37:09.692Z" }, + { url = "https://files.pythonhosted.org/packages/0f/a8/45bba94c2489cb1ee0130dcb46e1df4fa2c2b25269e21ffd15240a80322b/rapidfuzz-3.13.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:e05752418b24bbd411841b256344c26f57da1148c5509e34ea39c7eb5099ab72", size = 4377077, upload-time = "2025-04-03T20:37:11.929Z" }, + { url = "https://files.pythonhosted.org/packages/0c/f3/5e0c6ae452cbb74e5436d3445467447e8c32f3021f48f93f15934b8cffc2/rapidfuzz-3.13.0-cp313-cp313-win32.whl", hash = "sha256:0e1d08cb884805a543f2de1f6744069495ef527e279e05370dd7c83416af83f8", size = 1822066, upload-time = "2025-04-03T20:37:14.425Z" }, + { url = "https://files.pythonhosted.org/packages/96/e3/a98c25c4f74051df4dcf2f393176b8663bfd93c7afc6692c84e96de147a2/rapidfuzz-3.13.0-cp313-cp313-win_amd64.whl", hash = "sha256:9a7c6232be5f809cd39da30ee5d24e6cadd919831e6020ec6c2391f4c3bc9264", size = 1615100, upload-time = "2025-04-03T20:37:16.611Z" }, + { url = "https://files.pythonhosted.org/packages/60/b1/05cd5e697c00cd46d7791915f571b38c8531f714832eff2c5e34537c49ee/rapidfuzz-3.13.0-cp313-cp313-win_arm64.whl", hash = "sha256:3f32f15bacd1838c929b35c84b43618481e1b3d7a61b5ed2db0291b70ae88b53", size = 858976, upload-time = "2025-04-03T20:37:19.336Z" }, + { url = "https://files.pythonhosted.org/packages/d5/e1/f5d85ae3c53df6f817ca70dbdd37c83f31e64caced5bb867bec6b43d1fdf/rapidfuzz-3.13.0-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:fe5790a36d33a5d0a6a1f802aa42ecae282bf29ac6f7506d8e12510847b82a45", size = 1904437, upload-time = "2025-04-03T20:38:00.255Z" }, + { url = "https://files.pythonhosted.org/packages/db/d7/ded50603dddc5eb182b7ce547a523ab67b3bf42b89736f93a230a398a445/rapidfuzz-3.13.0-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:cdb33ee9f8a8e4742c6b268fa6bd739024f34651a06b26913381b1413ebe7590", size = 1383126, upload-time = "2025-04-03T20:38:02.676Z" }, + { url = "https://files.pythonhosted.org/packages/c4/48/6f795e793babb0120b63a165496d64f989b9438efbeed3357d9a226ce575/rapidfuzz-3.13.0-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8c99b76b93f7b495eee7dcb0d6a38fb3ce91e72e99d9f78faa5664a881cb2b7d", size = 1365565, upload-time = "2025-04-03T20:38:06.646Z" }, + { url = "https://files.pythonhosted.org/packages/f0/50/0062a959a2d72ed17815824e40e2eefdb26f6c51d627389514510a7875f3/rapidfuzz-3.13.0-pp310-pypy310_pp73-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:6af42f2ede8b596a6aaf6d49fdee3066ca578f4856b85ab5c1e2145de367a12d", size = 5251719, upload-time = "2025-04-03T20:38:09.191Z" }, + { url = "https://files.pythonhosted.org/packages/e7/02/bd8b70cd98b7a88e1621264778ac830c9daa7745cd63e838bd773b1aeebd/rapidfuzz-3.13.0-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6c0efa73afbc5b265aca0d8a467ae2a3f40d6854cbe1481cb442a62b7bf23c99", size = 2991095, upload-time = "2025-04-03T20:38:12.554Z" }, + { url = "https://files.pythonhosted.org/packages/9f/8d/632d895cdae8356826184864d74a5f487d40cb79f50a9137510524a1ba86/rapidfuzz-3.13.0-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:7ac21489de962a4e2fc1e8f0b0da4aa1adc6ab9512fd845563fecb4b4c52093a", size = 1553888, upload-time = "2025-04-03T20:38:15.357Z" }, + { url = "https://files.pythonhosted.org/packages/88/df/6060c5a9c879b302bd47a73fc012d0db37abf6544c57591bcbc3459673bd/rapidfuzz-3.13.0-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:1ba007f4d35a45ee68656b2eb83b8715e11d0f90e5b9f02d615a8a321ff00c27", size = 1905935, upload-time = "2025-04-03T20:38:18.07Z" }, + { url = "https://files.pythonhosted.org/packages/a2/6c/a0b819b829e20525ef1bd58fc776fb8d07a0c38d819e63ba2b7c311a2ed4/rapidfuzz-3.13.0-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:d7a217310429b43be95b3b8ad7f8fc41aba341109dc91e978cd7c703f928c58f", size = 1383714, upload-time = "2025-04-03T20:38:20.628Z" }, + { url = "https://files.pythonhosted.org/packages/6a/c1/3da3466cc8a9bfb9cd345ad221fac311143b6a9664b5af4adb95b5e6ce01/rapidfuzz-3.13.0-pp311-pypy311_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:558bf526bcd777de32b7885790a95a9548ffdcce68f704a81207be4a286c1095", size = 1367329, upload-time = "2025-04-03T20:38:23.01Z" }, + { url = "https://files.pythonhosted.org/packages/da/f0/9f2a9043bfc4e66da256b15d728c5fc2d865edf0028824337f5edac36783/rapidfuzz-3.13.0-pp311-pypy311_pp73-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:202a87760f5145140d56153b193a797ae9338f7939eb16652dd7ff96f8faf64c", size = 5251057, upload-time = "2025-04-03T20:38:25.52Z" }, + { url = "https://files.pythonhosted.org/packages/6a/ff/af2cb1d8acf9777d52487af5c6b34ce9d13381a753f991d95ecaca813407/rapidfuzz-3.13.0-pp311-pypy311_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:cfcccc08f671646ccb1e413c773bb92e7bba789e3a1796fd49d23c12539fe2e4", size = 2992401, upload-time = "2025-04-03T20:38:28.196Z" }, + { url = "https://files.pythonhosted.org/packages/c1/c5/c243b05a15a27b946180db0d1e4c999bef3f4221505dff9748f1f6c917be/rapidfuzz-3.13.0-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:1f219f1e3c3194d7a7de222f54450ce12bc907862ff9a8962d83061c1f923c86", size = 1553782, upload-time = "2025-04-03T20:38:30.778Z" }, +] + +[[package]] +name = "referencing" +version = "0.36.2" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "attrs" }, + { name = "rpds-py" }, + { name = "typing-extensions", marker = "python_full_version < '3.13'" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/2f/db/98b5c277be99dd18bfd91dd04e1b759cad18d1a338188c936e92f921c7e2/referencing-0.36.2.tar.gz", hash = "sha256:df2e89862cd09deabbdba16944cc3f10feb6b3e6f18e902f7cc25609a34775aa", size = 74744, upload-time = "2025-01-25T08:48:16.138Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/c1/b1/3baf80dc6d2b7bc27a95a67752d0208e410351e3feb4eb78de5f77454d8d/referencing-0.36.2-py3-none-any.whl", hash = "sha256:e8699adbbf8b5c7de96d8ffa0eb5c158b3beafce084968e2ea8bb08c6794dcd0", size = 26775, upload-time = "2025-01-25T08:48:14.241Z" }, +] + +[[package]] +name = "requests" +version = "2.32.5" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "certifi" }, + { name = "charset-normalizer" }, + { name = "idna" }, + { name = "urllib3" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/c9/74/b3ff8e6c8446842c3f5c837e9c3dfcfe2018ea6ecef224c710c85ef728f4/requests-2.32.5.tar.gz", hash = "sha256:dbba0bac56e100853db0ea71b82b4dfd5fe2bf6d3754a8893c3af500cec7d7cf", size = 134517, upload-time = "2025-08-18T20:46:02.573Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/1e/db/4254e3eabe8020b458f1a747140d32277ec7a271daf1d235b70dc0b4e6e3/requests-2.32.5-py3-none-any.whl", hash = "sha256:2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6", size = 64738, upload-time = "2025-08-18T20:46:00.542Z" }, +] + +[[package]] +name = "responses" +version = "0.25.8" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "pyyaml" }, + { name = "requests" }, + { name = "urllib3" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/0e/95/89c054ad70bfef6da605338b009b2e283485835351a9935c7bfbfaca7ffc/responses-0.25.8.tar.gz", hash = "sha256:9374d047a575c8f781b94454db5cab590b6029505f488d12899ddb10a4af1cf4", size = 79320, upload-time = "2025-08-08T19:01:46.709Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/1c/4c/cc276ce57e572c102d9542d383b2cfd551276581dc60004cb94fe8774c11/responses-0.25.8-py3-none-any.whl", hash = "sha256:0c710af92def29c8352ceadff0c3fe340ace27cf5af1bbe46fb71275bcd2831c", size = 34769, upload-time = "2025-08-08T19:01:45.018Z" }, +] + +[[package]] +name = "rpds-py" +version = "0.27.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/1e/d9/991a0dee12d9fc53ed027e26a26a64b151d77252ac477e22666b9688bc16/rpds_py-0.27.0.tar.gz", hash = "sha256:8b23cf252f180cda89220b378d917180f29d313cd6a07b2431c0d3b776aae86f", size = 27420, upload-time = "2025-08-07T08:26:39.624Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/75/2d/ad2e37dee3f45580f7fa0066c412a521f9bee53d2718b0e9436d308a1ecd/rpds_py-0.27.0-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:130c1ffa5039a333f5926b09e346ab335f0d4ec393b030a18549a7c7e7c2cea4", size = 371511, upload-time = "2025-08-07T08:23:06.205Z" }, + { url = "https://files.pythonhosted.org/packages/f5/67/57b4b2479193fde9dd6983a13c2550b5f9c3bcdf8912dffac2068945eb14/rpds_py-0.27.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:a4cf32a26fa744101b67bfd28c55d992cd19438aff611a46cac7f066afca8fd4", size = 354718, upload-time = "2025-08-07T08:23:08.222Z" }, + { url = "https://files.pythonhosted.org/packages/a3/be/c2b95ec4b813eb11f3a3c3d22f22bda8d3a48a074a0519cde968c4d102cf/rpds_py-0.27.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:64a0fe3f334a40b989812de70160de6b0ec7e3c9e4a04c0bbc48d97c5d3600ae", size = 381518, upload-time = "2025-08-07T08:23:09.696Z" }, + { url = "https://files.pythonhosted.org/packages/a5/d2/5a7279bc2b93b20bd50865a2269016238cee45f7dc3cc33402a7f41bd447/rpds_py-0.27.0-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:9a0ff7ee28583ab30a52f371b40f54e7138c52ca67f8ca17ccb7ccf0b383cb5f", size = 396694, upload-time = "2025-08-07T08:23:11.105Z" }, + { url = "https://files.pythonhosted.org/packages/65/e9/bac8b3714bd853c5bcb466e04acfb9a5da030d77e0ddf1dfad9afb791c31/rpds_py-0.27.0-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:15ea4d2e182345dd1b4286593601d766411b43f868924afe297570658c31a62b", size = 514813, upload-time = "2025-08-07T08:23:12.215Z" }, + { url = "https://files.pythonhosted.org/packages/1d/aa/293115e956d7d13b7d2a9e9a4121f74989a427aa125f00ce4426ca8b7b28/rpds_py-0.27.0-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:36184b44bf60a480863e51021c26aca3dfe8dd2f5eeabb33622b132b9d8b8b54", size = 402246, upload-time = "2025-08-07T08:23:13.699Z" }, + { url = "https://files.pythonhosted.org/packages/88/59/2d6789bb898fb3e2f0f7b82b7bcf27f579ebcb6cc36c24f4e208f7f58a5b/rpds_py-0.27.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9b78430703cfcf5f5e86eb74027a1ed03a93509273d7c705babb547f03e60016", size = 383661, upload-time = "2025-08-07T08:23:15.231Z" }, + { url = "https://files.pythonhosted.org/packages/0c/55/add13a593a7a81243a9eed56d618d3d427be5dc1214931676e3f695dfdc1/rpds_py-0.27.0-cp310-cp310-manylinux_2_31_riscv64.whl", hash = "sha256:dbd749cff1defbde270ca346b69b3baf5f1297213ef322254bf2a28537f0b046", size = 401691, upload-time = "2025-08-07T08:23:16.681Z" }, + { url = "https://files.pythonhosted.org/packages/04/09/3e8b2aad494ffaca571e4e19611a12cc18fcfd756d9274f3871a2d822445/rpds_py-0.27.0-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:6bde37765564cd22a676dd8101b657839a1854cfaa9c382c5abf6ff7accfd4ae", size = 416529, upload-time = "2025-08-07T08:23:17.863Z" }, + { url = "https://files.pythonhosted.org/packages/a4/6d/bd899234728f1d8f72c9610f50fdf1c140ecd0a141320e1f1d0f6b20595d/rpds_py-0.27.0-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:1d66f45b9399036e890fb9c04e9f70c33857fd8f58ac8db9f3278cfa835440c3", size = 558673, upload-time = "2025-08-07T08:23:18.99Z" }, + { url = "https://files.pythonhosted.org/packages/79/f4/f3e02def5193fb899d797c232f90d6f8f0f2b9eca2faef6f0d34cbc89b2e/rpds_py-0.27.0-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:d85d784c619370d9329bbd670f41ff5f2ae62ea4519761b679d0f57f0f0ee267", size = 588426, upload-time = "2025-08-07T08:23:20.541Z" }, + { url = "https://files.pythonhosted.org/packages/e3/0c/88e716cd8fd760e5308835fe298255830de4a1c905fd51760b9bb40aa965/rpds_py-0.27.0-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:5df559e9e7644d9042f626f2c3997b555f347d7a855a15f170b253f6c5bfe358", size = 554552, upload-time = "2025-08-07T08:23:21.714Z" }, + { url = "https://files.pythonhosted.org/packages/2b/a9/0a8243c182e7ac59b901083dff7e671feba6676a131bfff3f8d301cd2b36/rpds_py-0.27.0-cp310-cp310-win32.whl", hash = "sha256:b8a4131698b6992b2a56015f51646711ec5d893a0b314a4b985477868e240c87", size = 218081, upload-time = "2025-08-07T08:23:23.273Z" }, + { url = "https://files.pythonhosted.org/packages/0f/e7/202ff35852312760148be9e08fe2ba6900aa28e7a46940a313eae473c10c/rpds_py-0.27.0-cp310-cp310-win_amd64.whl", hash = "sha256:cbc619e84a5e3ab2d452de831c88bdcad824414e9c2d28cd101f94dbdf26329c", size = 230077, upload-time = "2025-08-07T08:23:24.308Z" }, + { url = "https://files.pythonhosted.org/packages/b4/c1/49d515434c1752e40f5e35b985260cf27af052593378580a2f139a5be6b8/rpds_py-0.27.0-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:dbc2ab5d10544eb485baa76c63c501303b716a5c405ff2469a1d8ceffaabf622", size = 371577, upload-time = "2025-08-07T08:23:25.379Z" }, + { url = "https://files.pythonhosted.org/packages/e1/6d/bf2715b2fee5087fa13b752b5fd573f1a93e4134c74d275f709e38e54fe7/rpds_py-0.27.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:7ec85994f96a58cf7ed288caa344b7fe31fd1d503bdf13d7331ead5f70ab60d5", size = 354959, upload-time = "2025-08-07T08:23:26.767Z" }, + { url = "https://files.pythonhosted.org/packages/a3/5c/e7762808c746dd19733a81373c10da43926f6a6adcf4920a21119697a60a/rpds_py-0.27.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:190d7285cd3bb6d31d37a0534d7359c1ee191eb194c511c301f32a4afa5a1dd4", size = 381485, upload-time = "2025-08-07T08:23:27.869Z" }, + { url = "https://files.pythonhosted.org/packages/40/51/0d308eb0b558309ca0598bcba4243f52c4cd20e15fe991b5bd75824f2e61/rpds_py-0.27.0-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:c10d92fb6d7fd827e44055fcd932ad93dac6a11e832d51534d77b97d1d85400f", size = 396816, upload-time = "2025-08-07T08:23:29.424Z" }, + { url = "https://files.pythonhosted.org/packages/5c/aa/2d585ec911d78f66458b2c91252134ca0c7c70f687a72c87283173dc0c96/rpds_py-0.27.0-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:dd2c1d27ebfe6a015cfa2005b7fe8c52d5019f7bbdd801bc6f7499aab9ae739e", size = 514950, upload-time = "2025-08-07T08:23:30.576Z" }, + { url = "https://files.pythonhosted.org/packages/0b/ef/aced551cc1148179557aed84343073adadf252c91265263ee6203458a186/rpds_py-0.27.0-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:4790c9d5dd565ddb3e9f656092f57268951398cef52e364c405ed3112dc7c7c1", size = 402132, upload-time = "2025-08-07T08:23:32.428Z" }, + { url = "https://files.pythonhosted.org/packages/4b/ac/cf644803d8d417653fe2b3604186861d62ea6afaef1b2284045741baef17/rpds_py-0.27.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4300e15e7d03660f04be84a125d1bdd0e6b2f674bc0723bc0fd0122f1a4585dc", size = 383660, upload-time = "2025-08-07T08:23:33.829Z" }, + { url = "https://files.pythonhosted.org/packages/c9/ec/caf47c55ce02b76cbaeeb2d3b36a73da9ca2e14324e3d75cf72b59dcdac5/rpds_py-0.27.0-cp311-cp311-manylinux_2_31_riscv64.whl", hash = "sha256:59195dc244fc183209cf8a93406889cadde47dfd2f0a6b137783aa9c56d67c85", size = 401730, upload-time = "2025-08-07T08:23:34.97Z" }, + { url = "https://files.pythonhosted.org/packages/0b/71/c1f355afdcd5b99ffc253422aa4bdcb04ccf1491dcd1bda3688a0c07fd61/rpds_py-0.27.0-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:fae4a01ef8c4cb2bbe92ef2063149596907dc4a881a8d26743b3f6b304713171", size = 416122, upload-time = "2025-08-07T08:23:36.062Z" }, + { url = "https://files.pythonhosted.org/packages/38/0f/f4b5b1eda724ed0e04d2b26d8911cdc131451a7ee4c4c020a1387e5c6ded/rpds_py-0.27.0-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:e3dc8d4ede2dbae6c0fc2b6c958bf51ce9fd7e9b40c0f5b8835c3fde44f5807d", size = 558771, upload-time = "2025-08-07T08:23:37.478Z" }, + { url = "https://files.pythonhosted.org/packages/93/c0/5f8b834db2289ab48d5cffbecbb75e35410103a77ac0b8da36bf9544ec1c/rpds_py-0.27.0-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:c3782fb753aa825b4ccabc04292e07897e2fd941448eabf666856c5530277626", size = 587876, upload-time = "2025-08-07T08:23:38.662Z" }, + { url = "https://files.pythonhosted.org/packages/d2/dd/1a1df02ab8eb970115cff2ae31a6f73916609b900dc86961dc382b8c2e5e/rpds_py-0.27.0-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:887ab1f12b0d227e9260558a4a2320024b20102207ada65c43e1ffc4546df72e", size = 554359, upload-time = "2025-08-07T08:23:39.897Z" }, + { url = "https://files.pythonhosted.org/packages/a1/e4/95a014ab0d51ab6e3bebbdb476a42d992d2bbf9c489d24cff9fda998e925/rpds_py-0.27.0-cp311-cp311-win32.whl", hash = "sha256:5d6790ff400254137b81b8053b34417e2c46921e302d655181d55ea46df58cf7", size = 218084, upload-time = "2025-08-07T08:23:41.086Z" }, + { url = "https://files.pythonhosted.org/packages/49/78/f8d5b71ec65a0376b0de31efcbb5528ce17a9b7fdd19c3763303ccfdedec/rpds_py-0.27.0-cp311-cp311-win_amd64.whl", hash = "sha256:e24d8031a2c62f34853756d9208eeafa6b940a1efcbfe36e8f57d99d52bb7261", size = 230085, upload-time = "2025-08-07T08:23:42.143Z" }, + { url = "https://files.pythonhosted.org/packages/e7/d3/84429745184091e06b4cc70f8597408e314c2d2f7f5e13249af9ffab9e3d/rpds_py-0.27.0-cp311-cp311-win_arm64.whl", hash = "sha256:08680820d23df1df0a0260f714d12966bc6c42d02e8055a91d61e03f0c47dda0", size = 222112, upload-time = "2025-08-07T08:23:43.233Z" }, + { url = "https://files.pythonhosted.org/packages/cd/17/e67309ca1ac993fa1888a0d9b2f5ccc1f67196ace32e76c9f8e1dbbbd50c/rpds_py-0.27.0-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:19c990fdf5acecbf0623e906ae2e09ce1c58947197f9bced6bbd7482662231c4", size = 362611, upload-time = "2025-08-07T08:23:44.773Z" }, + { url = "https://files.pythonhosted.org/packages/93/2e/28c2fb84aa7aa5d75933d1862d0f7de6198ea22dfd9a0cca06e8a4e7509e/rpds_py-0.27.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:6c27a7054b5224710fcfb1a626ec3ff4f28bcb89b899148c72873b18210e446b", size = 347680, upload-time = "2025-08-07T08:23:46.014Z" }, + { url = "https://files.pythonhosted.org/packages/44/3e/9834b4c8f4f5fe936b479e623832468aa4bd6beb8d014fecaee9eac6cdb1/rpds_py-0.27.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:09965b314091829b378b60607022048953e25f0b396c2b70e7c4c81bcecf932e", size = 384600, upload-time = "2025-08-07T08:23:48Z" }, + { url = "https://files.pythonhosted.org/packages/19/78/744123c7b38865a965cd9e6f691fde7ef989a00a256fa8bf15b75240d12f/rpds_py-0.27.0-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:14f028eb47f59e9169bfdf9f7ceafd29dd64902141840633683d0bad5b04ff34", size = 400697, upload-time = "2025-08-07T08:23:49.407Z" }, + { url = "https://files.pythonhosted.org/packages/32/97/3c3d32fe7daee0a1f1a678b6d4dfb8c4dcf88197fa2441f9da7cb54a8466/rpds_py-0.27.0-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:6168af0be75bba990a39f9431cdfae5f0ad501f4af32ae62e8856307200517b8", size = 517781, upload-time = "2025-08-07T08:23:50.557Z" }, + { url = "https://files.pythonhosted.org/packages/b2/be/28f0e3e733680aa13ecec1212fc0f585928a206292f14f89c0b8a684cad1/rpds_py-0.27.0-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:ab47fe727c13c09d0e6f508e3a49e545008e23bf762a245b020391b621f5b726", size = 406449, upload-time = "2025-08-07T08:23:51.732Z" }, + { url = "https://files.pythonhosted.org/packages/95/ae/5d15c83e337c082d0367053baeb40bfba683f42459f6ebff63a2fd7e5518/rpds_py-0.27.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5fa01b3d5e3b7d97efab65bd3d88f164e289ec323a8c033c5c38e53ee25c007e", size = 386150, upload-time = "2025-08-07T08:23:52.822Z" }, + { url = "https://files.pythonhosted.org/packages/bf/65/944e95f95d5931112829e040912b25a77b2e7ed913ea5fe5746aa5c1ce75/rpds_py-0.27.0-cp312-cp312-manylinux_2_31_riscv64.whl", hash = "sha256:6c135708e987f46053e0a1246a206f53717f9fadfba27174a9769ad4befba5c3", size = 406100, upload-time = "2025-08-07T08:23:54.339Z" }, + { url = "https://files.pythonhosted.org/packages/21/a4/1664b83fae02894533cd11dc0b9f91d673797c2185b7be0f7496107ed6c5/rpds_py-0.27.0-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:fc327f4497b7087d06204235199daf208fd01c82d80465dc5efa4ec9df1c5b4e", size = 421345, upload-time = "2025-08-07T08:23:55.832Z" }, + { url = "https://files.pythonhosted.org/packages/7c/26/b7303941c2b0823bfb34c71378249f8beedce57301f400acb04bb345d025/rpds_py-0.27.0-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:7e57906e38583a2cba67046a09c2637e23297618dc1f3caddbc493f2be97c93f", size = 561891, upload-time = "2025-08-07T08:23:56.951Z" }, + { url = "https://files.pythonhosted.org/packages/9b/c8/48623d64d4a5a028fa99576c768a6159db49ab907230edddc0b8468b998b/rpds_py-0.27.0-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:0f4f69d7a4300fbf91efb1fb4916421bd57804c01ab938ab50ac9c4aa2212f03", size = 591756, upload-time = "2025-08-07T08:23:58.146Z" }, + { url = "https://files.pythonhosted.org/packages/b3/51/18f62617e8e61cc66334c9fb44b1ad7baae3438662098efbc55fb3fda453/rpds_py-0.27.0-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:b4c4fbbcff474e1e5f38be1bf04511c03d492d42eec0babda5d03af3b5589374", size = 557088, upload-time = "2025-08-07T08:23:59.6Z" }, + { url = "https://files.pythonhosted.org/packages/bd/4c/e84c3a276e2496a93d245516be6b49e20499aa8ca1c94d59fada0d79addc/rpds_py-0.27.0-cp312-cp312-win32.whl", hash = "sha256:27bac29bbbf39601b2aab474daf99dbc8e7176ca3389237a23944b17f8913d97", size = 221926, upload-time = "2025-08-07T08:24:00.695Z" }, + { url = "https://files.pythonhosted.org/packages/83/89/9d0fbcef64340db0605eb0a0044f258076f3ae0a3b108983b2c614d96212/rpds_py-0.27.0-cp312-cp312-win_amd64.whl", hash = "sha256:8a06aa1197ec0281eb1d7daf6073e199eb832fe591ffa329b88bae28f25f5fe5", size = 233235, upload-time = "2025-08-07T08:24:01.846Z" }, + { url = "https://files.pythonhosted.org/packages/c9/b0/e177aa9f39cbab060f96de4a09df77d494f0279604dc2f509263e21b05f9/rpds_py-0.27.0-cp312-cp312-win_arm64.whl", hash = "sha256:e14aab02258cb776a108107bd15f5b5e4a1bbaa61ef33b36693dfab6f89d54f9", size = 223315, upload-time = "2025-08-07T08:24:03.337Z" }, + { url = "https://files.pythonhosted.org/packages/81/d2/dfdfd42565a923b9e5a29f93501664f5b984a802967d48d49200ad71be36/rpds_py-0.27.0-cp313-cp313-macosx_10_12_x86_64.whl", hash = "sha256:443d239d02d9ae55b74015234f2cd8eb09e59fbba30bf60baeb3123ad4c6d5ff", size = 362133, upload-time = "2025-08-07T08:24:04.508Z" }, + { url = "https://files.pythonhosted.org/packages/ac/4a/0a2e2460c4b66021d349ce9f6331df1d6c75d7eea90df9785d333a49df04/rpds_py-0.27.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:b8a7acf04fda1f30f1007f3cc96d29d8cf0a53e626e4e1655fdf4eabc082d367", size = 347128, upload-time = "2025-08-07T08:24:05.695Z" }, + { url = "https://files.pythonhosted.org/packages/35/8d/7d1e4390dfe09d4213b3175a3f5a817514355cb3524593380733204f20b9/rpds_py-0.27.0-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9d0f92b78cfc3b74a42239fdd8c1266f4715b573204c234d2f9fc3fc7a24f185", size = 384027, upload-time = "2025-08-07T08:24:06.841Z" }, + { url = "https://files.pythonhosted.org/packages/c1/65/78499d1a62172891c8cd45de737b2a4b84a414b6ad8315ab3ac4945a5b61/rpds_py-0.27.0-cp313-cp313-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:ce4ed8e0c7dbc5b19352b9c2c6131dd23b95fa8698b5cdd076307a33626b72dc", size = 399973, upload-time = "2025-08-07T08:24:08.143Z" }, + { url = "https://files.pythonhosted.org/packages/10/a1/1c67c1d8cc889107b19570bb01f75cf49852068e95e6aee80d22915406fc/rpds_py-0.27.0-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:fde355b02934cc6b07200cc3b27ab0c15870a757d1a72fd401aa92e2ea3c6bfe", size = 515295, upload-time = "2025-08-07T08:24:09.711Z" }, + { url = "https://files.pythonhosted.org/packages/df/27/700ec88e748436b6c7c4a2262d66e80f8c21ab585d5e98c45e02f13f21c0/rpds_py-0.27.0-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:13bbc4846ae4c993f07c93feb21a24d8ec637573d567a924b1001e81c8ae80f9", size = 406737, upload-time = "2025-08-07T08:24:11.182Z" }, + { url = "https://files.pythonhosted.org/packages/33/cc/6b0ee8f0ba3f2df2daac1beda17fde5cf10897a7d466f252bd184ef20162/rpds_py-0.27.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:be0744661afbc4099fef7f4e604e7f1ea1be1dd7284f357924af12a705cc7d5c", size = 385898, upload-time = "2025-08-07T08:24:12.798Z" }, + { url = "https://files.pythonhosted.org/packages/e8/7e/c927b37d7d33c0a0ebf249cc268dc2fcec52864c1b6309ecb960497f2285/rpds_py-0.27.0-cp313-cp313-manylinux_2_31_riscv64.whl", hash = "sha256:069e0384a54f427bd65d7fda83b68a90606a3835901aaff42185fcd94f5a9295", size = 405785, upload-time = "2025-08-07T08:24:14.906Z" }, + { url = "https://files.pythonhosted.org/packages/5b/d2/8ed50746d909dcf402af3fa58b83d5a590ed43e07251d6b08fad1a535ba6/rpds_py-0.27.0-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:4bc262ace5a1a7dc3e2eac2fa97b8257ae795389f688b5adf22c5db1e2431c43", size = 419760, upload-time = "2025-08-07T08:24:16.129Z" }, + { url = "https://files.pythonhosted.org/packages/d3/60/2b2071aee781cb3bd49f94d5d35686990b925e9b9f3e3d149235a6f5d5c1/rpds_py-0.27.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:2fe6e18e5c8581f0361b35ae575043c7029d0a92cb3429e6e596c2cdde251432", size = 561201, upload-time = "2025-08-07T08:24:17.645Z" }, + { url = "https://files.pythonhosted.org/packages/98/1f/27b67304272521aaea02be293fecedce13fa351a4e41cdb9290576fc6d81/rpds_py-0.27.0-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:d93ebdb82363d2e7bec64eecdc3632b59e84bd270d74fe5be1659f7787052f9b", size = 591021, upload-time = "2025-08-07T08:24:18.999Z" }, + { url = "https://files.pythonhosted.org/packages/db/9b/a2fadf823164dd085b1f894be6443b0762a54a7af6f36e98e8fcda69ee50/rpds_py-0.27.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:0954e3a92e1d62e83a54ea7b3fdc9efa5d61acef8488a8a3d31fdafbfb00460d", size = 556368, upload-time = "2025-08-07T08:24:20.54Z" }, + { url = "https://files.pythonhosted.org/packages/24/f3/6d135d46a129cda2e3e6d4c5e91e2cc26ea0428c6cf152763f3f10b6dd05/rpds_py-0.27.0-cp313-cp313-win32.whl", hash = "sha256:2cff9bdd6c7b906cc562a505c04a57d92e82d37200027e8d362518df427f96cd", size = 221236, upload-time = "2025-08-07T08:24:22.144Z" }, + { url = "https://files.pythonhosted.org/packages/c5/44/65d7494f5448ecc755b545d78b188440f81da98b50ea0447ab5ebfdf9bd6/rpds_py-0.27.0-cp313-cp313-win_amd64.whl", hash = "sha256:dc79d192fb76fc0c84f2c58672c17bbbc383fd26c3cdc29daae16ce3d927e8b2", size = 232634, upload-time = "2025-08-07T08:24:23.642Z" }, + { url = "https://files.pythonhosted.org/packages/70/d9/23852410fadab2abb611733933401de42a1964ce6600a3badae35fbd573e/rpds_py-0.27.0-cp313-cp313-win_arm64.whl", hash = "sha256:5b3a5c8089eed498a3af23ce87a80805ff98f6ef8f7bdb70bd1b7dae5105f6ac", size = 222783, upload-time = "2025-08-07T08:24:25.098Z" }, + { url = "https://files.pythonhosted.org/packages/15/75/03447917f78512b34463f4ef11066516067099a0c466545655503bed0c77/rpds_py-0.27.0-cp313-cp313t-macosx_10_12_x86_64.whl", hash = "sha256:90fb790138c1a89a2e58c9282fe1089638401f2f3b8dddd758499041bc6e0774", size = 359154, upload-time = "2025-08-07T08:24:26.249Z" }, + { url = "https://files.pythonhosted.org/packages/6b/fc/4dac4fa756451f2122ddaf136e2c6aeb758dc6fdbe9ccc4bc95c98451d50/rpds_py-0.27.0-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:010c4843a3b92b54373e3d2291a7447d6c3fc29f591772cc2ea0e9f5c1da434b", size = 343909, upload-time = "2025-08-07T08:24:27.405Z" }, + { url = "https://files.pythonhosted.org/packages/7b/81/723c1ed8e6f57ed9d8c0c07578747a2d3d554aaefc1ab89f4e42cfeefa07/rpds_py-0.27.0-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c9ce7a9e967afc0a2af7caa0d15a3e9c1054815f73d6a8cb9225b61921b419bd", size = 379340, upload-time = "2025-08-07T08:24:28.714Z" }, + { url = "https://files.pythonhosted.org/packages/98/16/7e3740413de71818ce1997df82ba5f94bae9fff90c0a578c0e24658e6201/rpds_py-0.27.0-cp313-cp313t-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:aa0bf113d15e8abdfee92aa4db86761b709a09954083afcb5bf0f952d6065fdb", size = 391655, upload-time = "2025-08-07T08:24:30.223Z" }, + { url = "https://files.pythonhosted.org/packages/e0/63/2a9f510e124d80660f60ecce07953f3f2d5f0b96192c1365443859b9c87f/rpds_py-0.27.0-cp313-cp313t-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:eb91d252b35004a84670dfeafadb042528b19842a0080d8b53e5ec1128e8f433", size = 513017, upload-time = "2025-08-07T08:24:31.446Z" }, + { url = "https://files.pythonhosted.org/packages/2c/4e/cf6ff311d09776c53ea1b4f2e6700b9d43bb4e99551006817ade4bbd6f78/rpds_py-0.27.0-cp313-cp313t-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:db8a6313dbac934193fc17fe7610f70cd8181c542a91382531bef5ed785e5615", size = 402058, upload-time = "2025-08-07T08:24:32.613Z" }, + { url = "https://files.pythonhosted.org/packages/88/11/5e36096d474cb10f2a2d68b22af60a3bc4164fd8db15078769a568d9d3ac/rpds_py-0.27.0-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ce96ab0bdfcef1b8c371ada2100767ace6804ea35aacce0aef3aeb4f3f499ca8", size = 383474, upload-time = "2025-08-07T08:24:33.767Z" }, + { url = "https://files.pythonhosted.org/packages/db/a2/3dff02805b06058760b5eaa6d8cb8db3eb3e46c9e452453ad5fc5b5ad9fe/rpds_py-0.27.0-cp313-cp313t-manylinux_2_31_riscv64.whl", hash = "sha256:7451ede3560086abe1aa27dcdcf55cd15c96b56f543fb12e5826eee6f721f858", size = 400067, upload-time = "2025-08-07T08:24:35.021Z" }, + { url = "https://files.pythonhosted.org/packages/67/87/eed7369b0b265518e21ea836456a4ed4a6744c8c12422ce05bce760bb3cf/rpds_py-0.27.0-cp313-cp313t-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:32196b5a99821476537b3f7732432d64d93a58d680a52c5e12a190ee0135d8b5", size = 412085, upload-time = "2025-08-07T08:24:36.267Z" }, + { url = "https://files.pythonhosted.org/packages/8b/48/f50b2ab2fbb422fbb389fe296e70b7a6b5ea31b263ada5c61377e710a924/rpds_py-0.27.0-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:a029be818059870664157194e46ce0e995082ac49926f1423c1f058534d2aaa9", size = 555928, upload-time = "2025-08-07T08:24:37.573Z" }, + { url = "https://files.pythonhosted.org/packages/98/41/b18eb51045d06887666c3560cd4bbb6819127b43d758f5adb82b5f56f7d1/rpds_py-0.27.0-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:3841f66c1ffdc6cebce8aed64e36db71466f1dc23c0d9a5592e2a782a3042c79", size = 585527, upload-time = "2025-08-07T08:24:39.391Z" }, + { url = "https://files.pythonhosted.org/packages/be/03/a3dd6470fc76499959b00ae56295b76b4bdf7c6ffc60d62006b1217567e1/rpds_py-0.27.0-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:42894616da0fc0dcb2ec08a77896c3f56e9cb2f4b66acd76fc8992c3557ceb1c", size = 554211, upload-time = "2025-08-07T08:24:40.6Z" }, + { url = "https://files.pythonhosted.org/packages/bf/d1/ee5fd1be395a07423ac4ca0bcc05280bf95db2b155d03adefeb47d5ebf7e/rpds_py-0.27.0-cp313-cp313t-win32.whl", hash = "sha256:b1fef1f13c842a39a03409e30ca0bf87b39a1e2a305a9924deadb75a43105d23", size = 216624, upload-time = "2025-08-07T08:24:42.204Z" }, + { url = "https://files.pythonhosted.org/packages/1c/94/4814c4c858833bf46706f87349c37ca45e154da7dbbec9ff09f1abeb08cc/rpds_py-0.27.0-cp313-cp313t-win_amd64.whl", hash = "sha256:183f5e221ba3e283cd36fdfbe311d95cd87699a083330b4f792543987167eff1", size = 230007, upload-time = "2025-08-07T08:24:43.329Z" }, + { url = "https://files.pythonhosted.org/packages/0e/a5/8fffe1c7dc7c055aa02df310f9fb71cfc693a4d5ccc5de2d3456ea5fb022/rpds_py-0.27.0-cp314-cp314-macosx_10_12_x86_64.whl", hash = "sha256:f3cd110e02c5bf17d8fb562f6c9df5c20e73029d587cf8602a2da6c5ef1e32cb", size = 362595, upload-time = "2025-08-07T08:24:44.478Z" }, + { url = "https://files.pythonhosted.org/packages/bc/c7/4e4253fd2d4bb0edbc0b0b10d9f280612ca4f0f990e3c04c599000fe7d71/rpds_py-0.27.0-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:8d0e09cf4863c74106b5265c2c310f36146e2b445ff7b3018a56799f28f39f6f", size = 347252, upload-time = "2025-08-07T08:24:45.678Z" }, + { url = "https://files.pythonhosted.org/packages/f3/c8/3d1a954d30f0174dd6baf18b57c215da03cf7846a9d6e0143304e784cddc/rpds_py-0.27.0-cp314-cp314-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:64f689ab822f9b5eb6dfc69893b4b9366db1d2420f7db1f6a2adf2a9ca15ad64", size = 384886, upload-time = "2025-08-07T08:24:46.86Z" }, + { url = "https://files.pythonhosted.org/packages/e0/52/3c5835f2df389832b28f9276dd5395b5a965cea34226e7c88c8fbec2093c/rpds_py-0.27.0-cp314-cp314-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:e36c80c49853b3ffda7aa1831bf175c13356b210c73128c861f3aa93c3cc4015", size = 399716, upload-time = "2025-08-07T08:24:48.174Z" }, + { url = "https://files.pythonhosted.org/packages/40/73/176e46992461a1749686a2a441e24df51ff86b99c2d34bf39f2a5273b987/rpds_py-0.27.0-cp314-cp314-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:6de6a7f622860af0146cb9ee148682ff4d0cea0b8fd3ad51ce4d40efb2f061d0", size = 517030, upload-time = "2025-08-07T08:24:49.52Z" }, + { url = "https://files.pythonhosted.org/packages/79/2a/7266c75840e8c6e70effeb0d38922a45720904f2cd695e68a0150e5407e2/rpds_py-0.27.0-cp314-cp314-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:4045e2fc4b37ec4b48e8907a5819bdd3380708c139d7cc358f03a3653abedb89", size = 408448, upload-time = "2025-08-07T08:24:50.727Z" }, + { url = "https://files.pythonhosted.org/packages/e6/5f/a7efc572b8e235093dc6cf39f4dbc8a7f08e65fdbcec7ff4daeb3585eef1/rpds_py-0.27.0-cp314-cp314-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9da162b718b12c4219eeeeb68a5b7552fbc7aadedf2efee440f88b9c0e54b45d", size = 387320, upload-time = "2025-08-07T08:24:52.004Z" }, + { url = "https://files.pythonhosted.org/packages/a2/eb/9ff6bc92efe57cf5a2cb74dee20453ba444b6fdc85275d8c99e0d27239d1/rpds_py-0.27.0-cp314-cp314-manylinux_2_31_riscv64.whl", hash = "sha256:0665be515767dc727ffa5f74bd2ef60b0ff85dad6bb8f50d91eaa6b5fb226f51", size = 407414, upload-time = "2025-08-07T08:24:53.664Z" }, + { url = "https://files.pythonhosted.org/packages/fb/bd/3b9b19b00d5c6e1bd0f418c229ab0f8d3b110ddf7ec5d9d689ef783d0268/rpds_py-0.27.0-cp314-cp314-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:203f581accef67300a942e49a37d74c12ceeef4514874c7cede21b012613ca2c", size = 420766, upload-time = "2025-08-07T08:24:55.917Z" }, + { url = "https://files.pythonhosted.org/packages/17/6b/521a7b1079ce16258c70805166e3ac6ec4ee2139d023fe07954dc9b2d568/rpds_py-0.27.0-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:7873b65686a6471c0037139aa000d23fe94628e0daaa27b6e40607c90e3f5ec4", size = 562409, upload-time = "2025-08-07T08:24:57.17Z" }, + { url = "https://files.pythonhosted.org/packages/8b/bf/65db5bfb14ccc55e39de8419a659d05a2a9cd232f0a699a516bb0991da7b/rpds_py-0.27.0-cp314-cp314-musllinux_1_2_i686.whl", hash = "sha256:249ab91ceaa6b41abc5f19513cb95b45c6f956f6b89f1fe3d99c81255a849f9e", size = 590793, upload-time = "2025-08-07T08:24:58.388Z" }, + { url = "https://files.pythonhosted.org/packages/db/b8/82d368b378325191ba7aae8f40f009b78057b598d4394d1f2cdabaf67b3f/rpds_py-0.27.0-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:d2f184336bc1d6abfaaa1262ed42739c3789b1e3a65a29916a615307d22ffd2e", size = 558178, upload-time = "2025-08-07T08:24:59.756Z" }, + { url = "https://files.pythonhosted.org/packages/f6/ff/f270bddbfbc3812500f8131b1ebbd97afd014cd554b604a3f73f03133a36/rpds_py-0.27.0-cp314-cp314-win32.whl", hash = "sha256:d3c622c39f04d5751408f5b801ecb527e6e0a471b367f420a877f7a660d583f6", size = 222355, upload-time = "2025-08-07T08:25:01.027Z" }, + { url = "https://files.pythonhosted.org/packages/bf/20/fdab055b1460c02ed356a0e0b0a78c1dd32dc64e82a544f7b31c9ac643dc/rpds_py-0.27.0-cp314-cp314-win_amd64.whl", hash = "sha256:cf824aceaeffff029ccfba0da637d432ca71ab21f13e7f6f5179cd88ebc77a8a", size = 234007, upload-time = "2025-08-07T08:25:02.268Z" }, + { url = "https://files.pythonhosted.org/packages/4d/a8/694c060005421797a3be4943dab8347c76c2b429a9bef68fb2c87c9e70c7/rpds_py-0.27.0-cp314-cp314-win_arm64.whl", hash = "sha256:86aca1616922b40d8ac1b3073a1ead4255a2f13405e5700c01f7c8d29a03972d", size = 223527, upload-time = "2025-08-07T08:25:03.45Z" }, + { url = "https://files.pythonhosted.org/packages/1e/f9/77f4c90f79d2c5ca8ce6ec6a76cb4734ee247de6b3a4f337e289e1f00372/rpds_py-0.27.0-cp314-cp314t-macosx_10_12_x86_64.whl", hash = "sha256:341d8acb6724c0c17bdf714319c393bb27f6d23d39bc74f94221b3e59fc31828", size = 359469, upload-time = "2025-08-07T08:25:04.648Z" }, + { url = "https://files.pythonhosted.org/packages/c0/22/b97878d2f1284286fef4172069e84b0b42b546ea7d053e5fb7adb9ac6494/rpds_py-0.27.0-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:6b96b0b784fe5fd03beffff2b1533dc0d85e92bab8d1b2c24ef3a5dc8fac5669", size = 343960, upload-time = "2025-08-07T08:25:05.863Z" }, + { url = "https://files.pythonhosted.org/packages/b1/b0/dfd55b5bb480eda0578ae94ef256d3061d20b19a0f5e18c482f03e65464f/rpds_py-0.27.0-cp314-cp314t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0c431bfb91478d7cbe368d0a699978050d3b112d7f1d440a41e90faa325557fd", size = 380201, upload-time = "2025-08-07T08:25:07.513Z" }, + { url = "https://files.pythonhosted.org/packages/28/22/e1fa64e50d58ad2b2053077e3ec81a979147c43428de9e6de68ddf6aff4e/rpds_py-0.27.0-cp314-cp314t-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:20e222a44ae9f507d0f2678ee3dd0c45ec1e930f6875d99b8459631c24058aec", size = 392111, upload-time = "2025-08-07T08:25:09.149Z" }, + { url = "https://files.pythonhosted.org/packages/49/f9/43ab7a43e97aedf6cea6af70fdcbe18abbbc41d4ae6cdec1bfc23bbad403/rpds_py-0.27.0-cp314-cp314t-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:184f0d7b342967f6cda94a07d0e1fae177d11d0b8f17d73e06e36ac02889f303", size = 515863, upload-time = "2025-08-07T08:25:10.431Z" }, + { url = "https://files.pythonhosted.org/packages/38/9b/9bd59dcc636cd04d86a2d20ad967770bf348f5eb5922a8f29b547c074243/rpds_py-0.27.0-cp314-cp314t-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a00c91104c173c9043bc46f7b30ee5e6d2f6b1149f11f545580f5d6fdff42c0b", size = 402398, upload-time = "2025-08-07T08:25:11.819Z" }, + { url = "https://files.pythonhosted.org/packages/71/bf/f099328c6c85667aba6b66fa5c35a8882db06dcd462ea214be72813a0dd2/rpds_py-0.27.0-cp314-cp314t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f7a37dd208f0d658e0487522078b1ed68cd6bce20ef4b5a915d2809b9094b410", size = 384665, upload-time = "2025-08-07T08:25:13.194Z" }, + { url = "https://files.pythonhosted.org/packages/a9/c5/9c1f03121ece6634818490bd3c8be2c82a70928a19de03467fb25a3ae2a8/rpds_py-0.27.0-cp314-cp314t-manylinux_2_31_riscv64.whl", hash = "sha256:92f3b3ec3e6008a1fe00b7c0946a170f161ac00645cde35e3c9a68c2475e8156", size = 400405, upload-time = "2025-08-07T08:25:14.417Z" }, + { url = "https://files.pythonhosted.org/packages/b5/b8/e25d54af3e63ac94f0c16d8fe143779fe71ff209445a0c00d0f6984b6b2c/rpds_py-0.27.0-cp314-cp314t-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:a1b3db5fae5cbce2131b7420a3f83553d4d89514c03d67804ced36161fe8b6b2", size = 413179, upload-time = "2025-08-07T08:25:15.664Z" }, + { url = "https://files.pythonhosted.org/packages/f9/d1/406b3316433fe49c3021546293a04bc33f1478e3ec7950215a7fce1a1208/rpds_py-0.27.0-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:5355527adaa713ab693cbce7c1e0ec71682f599f61b128cf19d07e5c13c9b1f1", size = 556895, upload-time = "2025-08-07T08:25:17.061Z" }, + { url = "https://files.pythonhosted.org/packages/5f/bc/3697c0c21fcb9a54d46ae3b735eb2365eea0c2be076b8f770f98e07998de/rpds_py-0.27.0-cp314-cp314t-musllinux_1_2_i686.whl", hash = "sha256:fcc01c57ce6e70b728af02b2401c5bc853a9e14eb07deda30624374f0aebfe42", size = 585464, upload-time = "2025-08-07T08:25:18.406Z" }, + { url = "https://files.pythonhosted.org/packages/63/09/ee1bb5536f99f42c839b177d552f6114aa3142d82f49cef49261ed28dbe0/rpds_py-0.27.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:3001013dae10f806380ba739d40dee11db1ecb91684febb8406a87c2ded23dae", size = 555090, upload-time = "2025-08-07T08:25:20.461Z" }, + { url = "https://files.pythonhosted.org/packages/7d/2c/363eada9e89f7059199d3724135a86c47082cbf72790d6ba2f336d146ddb/rpds_py-0.27.0-cp314-cp314t-win32.whl", hash = "sha256:0f401c369186a5743694dd9fc08cba66cf70908757552e1f714bfc5219c655b5", size = 218001, upload-time = "2025-08-07T08:25:21.761Z" }, + { url = "https://files.pythonhosted.org/packages/e2/3f/d6c216ed5199c9ef79e2a33955601f454ed1e7420a93b89670133bca5ace/rpds_py-0.27.0-cp314-cp314t-win_amd64.whl", hash = "sha256:8a1dca5507fa1337f75dcd5070218b20bc68cf8844271c923c1b79dfcbc20391", size = 230993, upload-time = "2025-08-07T08:25:23.34Z" }, + { url = "https://files.pythonhosted.org/packages/47/55/287068956f9ba1cb40896d291213f09fdd4527630709058b45a592bc09dc/rpds_py-0.27.0-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:46f48482c1a4748ab2773f75fffbdd1951eb59794e32788834b945da857c47a8", size = 371566, upload-time = "2025-08-07T08:25:43.95Z" }, + { url = "https://files.pythonhosted.org/packages/a2/fb/443af59cbe552e89680bb0f1d1ba47f6387b92083e28a45b8c8863b86c5a/rpds_py-0.27.0-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:419dd9c98bcc9fb0242be89e0c6e922df333b975d4268faa90d58499fd9c9ebe", size = 355781, upload-time = "2025-08-07T08:25:45.256Z" }, + { url = "https://files.pythonhosted.org/packages/ad/f0/35f48bb073b5ca42b1dcc55cb148f4a3bd4411a3e584f6a18d26f0ea8832/rpds_py-0.27.0-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:55d42a0ef2bdf6bc81e1cc2d49d12460f63c6ae1423c4f4851b828e454ccf6f1", size = 382575, upload-time = "2025-08-07T08:25:46.524Z" }, + { url = "https://files.pythonhosted.org/packages/51/e1/5f5296a21d1189f0f116a938af2e346d83172bf814d373695e54004a936f/rpds_py-0.27.0-pp310-pypy310_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:2e39169ac6aae06dd79c07c8a69d9da867cef6a6d7883a0186b46bb46ccfb0c3", size = 397435, upload-time = "2025-08-07T08:25:48.204Z" }, + { url = "https://files.pythonhosted.org/packages/97/79/3af99b7852b2b55cad8a08863725cbe9dc14781bcf7dc6ecead0c3e1dc54/rpds_py-0.27.0-pp310-pypy310_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:935afcdea4751b0ac918047a2df3f720212892347767aea28f5b3bf7be4f27c0", size = 514861, upload-time = "2025-08-07T08:25:49.814Z" }, + { url = "https://files.pythonhosted.org/packages/df/3e/11fd6033708ed3ae0e6947bb94f762f56bb46bf59a1b16eef6944e8a62ee/rpds_py-0.27.0-pp310-pypy310_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:8de567dec6d451649a781633d36f5c7501711adee329d76c095be2178855b042", size = 402776, upload-time = "2025-08-07T08:25:51.135Z" }, + { url = "https://files.pythonhosted.org/packages/b7/89/f9375ceaa996116de9cbc949874804c7874d42fb258c384c037a46d730b8/rpds_py-0.27.0-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:555ed147cbe8c8f76e72a4c6cd3b7b761cbf9987891b9448808148204aed74a5", size = 384665, upload-time = "2025-08-07T08:25:52.82Z" }, + { url = "https://files.pythonhosted.org/packages/48/bf/0061e55c6f1f573a63c0f82306b8984ed3b394adafc66854a936d5db3522/rpds_py-0.27.0-pp310-pypy310_pp73-manylinux_2_31_riscv64.whl", hash = "sha256:d2cc2b34f9e1d31ce255174da82902ad75bd7c0d88a33df54a77a22f2ef421ee", size = 402518, upload-time = "2025-08-07T08:25:54.073Z" }, + { url = "https://files.pythonhosted.org/packages/ae/dc/8d506676bfe87b3b683332ec8e6ab2b0be118a3d3595ed021e3274a63191/rpds_py-0.27.0-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:cb0702c12983be3b2fab98ead349ac63a98216d28dda6f518f52da5498a27a1b", size = 416247, upload-time = "2025-08-07T08:25:55.433Z" }, + { url = "https://files.pythonhosted.org/packages/2e/02/9a89eea1b75c69e81632de7963076e455b1e00e1cfb46dfdabb055fa03e3/rpds_py-0.27.0-pp310-pypy310_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:ba783541be46f27c8faea5a6645e193943c17ea2f0ffe593639d906a327a9bcc", size = 559456, upload-time = "2025-08-07T08:25:56.866Z" }, + { url = "https://files.pythonhosted.org/packages/38/4a/0f3ac4351957847c0d322be6ec72f916e43804a2c1d04e9672ea4a67c315/rpds_py-0.27.0-pp310-pypy310_pp73-musllinux_1_2_i686.whl", hash = "sha256:2406d034635d1497c596c40c85f86ecf2bf9611c1df73d14078af8444fe48031", size = 587778, upload-time = "2025-08-07T08:25:58.202Z" }, + { url = "https://files.pythonhosted.org/packages/c2/8e/39d0d7401095bed5a5ad5ef304fae96383f9bef40ca3f3a0807ff5b68d9d/rpds_py-0.27.0-pp310-pypy310_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:dea0808153f1fbbad772669d906cddd92100277533a03845de6893cadeffc8be", size = 555247, upload-time = "2025-08-07T08:25:59.707Z" }, + { url = "https://files.pythonhosted.org/packages/e0/04/6b8311e811e620b9eaca67cd80a118ff9159558a719201052a7b2abb88bf/rpds_py-0.27.0-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:d2a81bdcfde4245468f7030a75a37d50400ac2455c3a4819d9d550c937f90ab5", size = 230256, upload-time = "2025-08-07T08:26:01.07Z" }, + { url = "https://files.pythonhosted.org/packages/59/64/72ab5b911fdcc48058359b0e786e5363e3fde885156116026f1a2ba9a5b5/rpds_py-0.27.0-pp311-pypy311_pp73-macosx_10_12_x86_64.whl", hash = "sha256:e6491658dd2569f05860bad645569145c8626ac231877b0fb2d5f9bcb7054089", size = 371658, upload-time = "2025-08-07T08:26:02.369Z" }, + { url = "https://files.pythonhosted.org/packages/6c/4b/90ff04b4da055db53d8fea57640d8d5d55456343a1ec9a866c0ecfe10fd1/rpds_py-0.27.0-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:bec77545d188f8bdd29d42bccb9191682a46fb2e655e3d1fb446d47c55ac3b8d", size = 355529, upload-time = "2025-08-07T08:26:03.83Z" }, + { url = "https://files.pythonhosted.org/packages/a4/be/527491fb1afcd86fc5ce5812eb37bc70428ee017d77fee20de18155c3937/rpds_py-0.27.0-pp311-pypy311_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:25a4aebf8ca02bbb90a9b3e7a463bbf3bee02ab1c446840ca07b1695a68ce424", size = 382822, upload-time = "2025-08-07T08:26:05.52Z" }, + { url = "https://files.pythonhosted.org/packages/e0/a5/dcdb8725ce11e6d0913e6fcf782a13f4b8a517e8acc70946031830b98441/rpds_py-0.27.0-pp311-pypy311_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:44524b96481a4c9b8e6c46d6afe43fa1fb485c261e359fbe32b63ff60e3884d8", size = 397233, upload-time = "2025-08-07T08:26:07.179Z" }, + { url = "https://files.pythonhosted.org/packages/33/f9/0947920d1927e9f144660590cc38cadb0795d78fe0d9aae0ef71c1513b7c/rpds_py-0.27.0-pp311-pypy311_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:45d04a73c54b6a5fd2bab91a4b5bc8b426949586e61340e212a8484919183859", size = 514892, upload-time = "2025-08-07T08:26:08.622Z" }, + { url = "https://files.pythonhosted.org/packages/1d/ed/d1343398c1417c68f8daa1afce56ef6ce5cc587daaf98e29347b00a80ff2/rpds_py-0.27.0-pp311-pypy311_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:343cf24de9ed6c728abefc5d5c851d5de06497caa7ac37e5e65dd572921ed1b5", size = 402733, upload-time = "2025-08-07T08:26:10.433Z" }, + { url = "https://files.pythonhosted.org/packages/1d/0b/646f55442cd14014fb64d143428f25667a100f82092c90087b9ea7101c74/rpds_py-0.27.0-pp311-pypy311_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7aed8118ae20515974650d08eb724150dc2e20c2814bcc307089569995e88a14", size = 384447, upload-time = "2025-08-07T08:26:11.847Z" }, + { url = "https://files.pythonhosted.org/packages/4b/15/0596ef7529828e33a6c81ecf5013d1dd33a511a3e0be0561f83079cda227/rpds_py-0.27.0-pp311-pypy311_pp73-manylinux_2_31_riscv64.whl", hash = "sha256:af9d4fd79ee1cc8e7caf693ee02737daabfc0fcf2773ca0a4735b356c8ad6f7c", size = 402502, upload-time = "2025-08-07T08:26:13.537Z" }, + { url = "https://files.pythonhosted.org/packages/c3/8d/986af3c42f8454a6cafff8729d99fb178ae9b08a9816325ac7a8fa57c0c0/rpds_py-0.27.0-pp311-pypy311_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:f0396e894bd1e66c74ecbc08b4f6a03dc331140942c4b1d345dd131b68574a60", size = 416651, upload-time = "2025-08-07T08:26:14.923Z" }, + { url = "https://files.pythonhosted.org/packages/e9/9a/b4ec3629b7b447e896eec574469159b5b60b7781d3711c914748bf32de05/rpds_py-0.27.0-pp311-pypy311_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:59714ab0a5af25d723d8e9816638faf7f4254234decb7d212715c1aa71eee7be", size = 559460, upload-time = "2025-08-07T08:26:16.295Z" }, + { url = "https://files.pythonhosted.org/packages/61/63/d1e127b40c3e4733b3a6f26ae7a063cdf2bc1caa5272c89075425c7d397a/rpds_py-0.27.0-pp311-pypy311_pp73-musllinux_1_2_i686.whl", hash = "sha256:88051c3b7d5325409f433c5a40328fcb0685fc04e5db49ff936e910901d10114", size = 588072, upload-time = "2025-08-07T08:26:17.776Z" }, + { url = "https://files.pythonhosted.org/packages/04/7e/8ffc71a8f6833d9c9fb999f5b0ee736b8b159fd66968e05c7afc2dbcd57e/rpds_py-0.27.0-pp311-pypy311_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:181bc29e59e5e5e6e9d63b143ff4d5191224d355e246b5a48c88ce6b35c4e466", size = 555083, upload-time = "2025-08-07T08:26:19.301Z" }, +] + +[[package]] +name = "scikit-learn" +version = "1.6.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "joblib" }, + { name = "numpy", version = "2.2.6", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version < '3.11'" }, + { name = "numpy", version = "2.3.2", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version >= '3.11'" }, + { name = "scipy", version = "1.15.3", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version < '3.11'" }, + { name = "scipy", version = "1.16.1", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version >= '3.11'" }, + { name = "threadpoolctl" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/9e/a5/4ae3b3a0755f7b35a280ac90b28817d1f380318973cff14075ab41ef50d9/scikit_learn-1.6.1.tar.gz", hash = "sha256:b4fc2525eca2c69a59260f583c56a7557c6ccdf8deafdba6e060f94c1c59738e", size = 7068312, upload-time = "2025-01-10T08:07:55.348Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/2e/3a/f4597eb41049110b21ebcbb0bcb43e4035017545daa5eedcfeb45c08b9c5/scikit_learn-1.6.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:d056391530ccd1e501056160e3c9673b4da4805eb67eb2bdf4e983e1f9c9204e", size = 12067702, upload-time = "2025-01-10T08:05:56.515Z" }, + { url = "https://files.pythonhosted.org/packages/37/19/0423e5e1fd1c6ec5be2352ba05a537a473c1677f8188b9306097d684b327/scikit_learn-1.6.1-cp310-cp310-macosx_12_0_arm64.whl", hash = "sha256:0c8d036eb937dbb568c6242fa598d551d88fb4399c0344d95c001980ec1c7d36", size = 11112765, upload-time = "2025-01-10T08:06:00.272Z" }, + { url = "https://files.pythonhosted.org/packages/70/95/d5cb2297a835b0f5fc9a77042b0a2d029866379091ab8b3f52cc62277808/scikit_learn-1.6.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8634c4bd21a2a813e0a7e3900464e6d593162a29dd35d25bdf0103b3fce60ed5", size = 12643991, upload-time = "2025-01-10T08:06:04.813Z" }, + { url = "https://files.pythonhosted.org/packages/b7/91/ab3c697188f224d658969f678be86b0968ccc52774c8ab4a86a07be13c25/scikit_learn-1.6.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:775da975a471c4f6f467725dff0ced5c7ac7bda5e9316b260225b48475279a1b", size = 13497182, upload-time = "2025-01-10T08:06:08.42Z" }, + { url = "https://files.pythonhosted.org/packages/17/04/d5d556b6c88886c092cc989433b2bab62488e0f0dafe616a1d5c9cb0efb1/scikit_learn-1.6.1-cp310-cp310-win_amd64.whl", hash = "sha256:8a600c31592bd7dab31e1c61b9bbd6dea1b3433e67d264d17ce1017dbdce8002", size = 11125517, upload-time = "2025-01-10T08:06:12.783Z" }, + { url = "https://files.pythonhosted.org/packages/6c/2a/e291c29670795406a824567d1dfc91db7b699799a002fdaa452bceea8f6e/scikit_learn-1.6.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:72abc587c75234935e97d09aa4913a82f7b03ee0b74111dcc2881cba3c5a7b33", size = 12102620, upload-time = "2025-01-10T08:06:16.675Z" }, + { url = "https://files.pythonhosted.org/packages/25/92/ee1d7a00bb6b8c55755d4984fd82608603a3cc59959245068ce32e7fb808/scikit_learn-1.6.1-cp311-cp311-macosx_12_0_arm64.whl", hash = "sha256:b3b00cdc8f1317b5f33191df1386c0befd16625f49d979fe77a8d44cae82410d", size = 11116234, upload-time = "2025-01-10T08:06:21.83Z" }, + { url = "https://files.pythonhosted.org/packages/30/cd/ed4399485ef364bb25f388ab438e3724e60dc218c547a407b6e90ccccaef/scikit_learn-1.6.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:dc4765af3386811c3ca21638f63b9cf5ecf66261cc4815c1db3f1e7dc7b79db2", size = 12592155, upload-time = "2025-01-10T08:06:27.309Z" }, + { url = "https://files.pythonhosted.org/packages/a8/f3/62fc9a5a659bb58a03cdd7e258956a5824bdc9b4bb3c5d932f55880be569/scikit_learn-1.6.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:25fc636bdaf1cc2f4a124a116312d837148b5e10872147bdaf4887926b8c03d8", size = 13497069, upload-time = "2025-01-10T08:06:32.515Z" }, + { url = "https://files.pythonhosted.org/packages/a1/a6/c5b78606743a1f28eae8f11973de6613a5ee87366796583fb74c67d54939/scikit_learn-1.6.1-cp311-cp311-win_amd64.whl", hash = "sha256:fa909b1a36e000a03c382aade0bd2063fd5680ff8b8e501660c0f59f021a6415", size = 11139809, upload-time = "2025-01-10T08:06:35.514Z" }, + { url = "https://files.pythonhosted.org/packages/0a/18/c797c9b8c10380d05616db3bfb48e2a3358c767affd0857d56c2eb501caa/scikit_learn-1.6.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:926f207c804104677af4857b2c609940b743d04c4c35ce0ddc8ff4f053cddc1b", size = 12104516, upload-time = "2025-01-10T08:06:40.009Z" }, + { url = "https://files.pythonhosted.org/packages/c4/b7/2e35f8e289ab70108f8cbb2e7a2208f0575dc704749721286519dcf35f6f/scikit_learn-1.6.1-cp312-cp312-macosx_12_0_arm64.whl", hash = "sha256:2c2cae262064e6a9b77eee1c8e768fc46aa0b8338c6a8297b9b6759720ec0ff2", size = 11167837, upload-time = "2025-01-10T08:06:43.305Z" }, + { url = "https://files.pythonhosted.org/packages/a4/f6/ff7beaeb644bcad72bcfd5a03ff36d32ee4e53a8b29a639f11bcb65d06cd/scikit_learn-1.6.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1061b7c028a8663fb9a1a1baf9317b64a257fcb036dae5c8752b2abef31d136f", size = 12253728, upload-time = "2025-01-10T08:06:47.618Z" }, + { url = "https://files.pythonhosted.org/packages/29/7a/8bce8968883e9465de20be15542f4c7e221952441727c4dad24d534c6d99/scikit_learn-1.6.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2e69fab4ebfc9c9b580a7a80111b43d214ab06250f8a7ef590a4edf72464dd86", size = 13147700, upload-time = "2025-01-10T08:06:50.888Z" }, + { url = "https://files.pythonhosted.org/packages/62/27/585859e72e117fe861c2079bcba35591a84f801e21bc1ab85bce6ce60305/scikit_learn-1.6.1-cp312-cp312-win_amd64.whl", hash = "sha256:70b1d7e85b1c96383f872a519b3375f92f14731e279a7b4c6cfd650cf5dffc52", size = 11110613, upload-time = "2025-01-10T08:06:54.115Z" }, + { url = "https://files.pythonhosted.org/packages/2e/59/8eb1872ca87009bdcdb7f3cdc679ad557b992c12f4b61f9250659e592c63/scikit_learn-1.6.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:2ffa1e9e25b3d93990e74a4be2c2fc61ee5af85811562f1288d5d055880c4322", size = 12010001, upload-time = "2025-01-10T08:06:58.613Z" }, + { url = "https://files.pythonhosted.org/packages/9d/05/f2fc4effc5b32e525408524c982c468c29d22f828834f0625c5ef3d601be/scikit_learn-1.6.1-cp313-cp313-macosx_12_0_arm64.whl", hash = "sha256:dc5cf3d68c5a20ad6d571584c0750ec641cc46aeef1c1507be51300e6003a7e1", size = 11096360, upload-time = "2025-01-10T08:07:01.556Z" }, + { url = "https://files.pythonhosted.org/packages/c8/e4/4195d52cf4f113573fb8ebc44ed5a81bd511a92c0228889125fac2f4c3d1/scikit_learn-1.6.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c06beb2e839ecc641366000ca84f3cf6fa9faa1777e29cf0c04be6e4d096a348", size = 12209004, upload-time = "2025-01-10T08:07:06.931Z" }, + { url = "https://files.pythonhosted.org/packages/94/be/47e16cdd1e7fcf97d95b3cb08bde1abb13e627861af427a3651fcb80b517/scikit_learn-1.6.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e8ca8cb270fee8f1f76fa9bfd5c3507d60c6438bbee5687f81042e2bb98e5a97", size = 13171776, upload-time = "2025-01-10T08:07:11.715Z" }, + { url = "https://files.pythonhosted.org/packages/34/b0/ca92b90859070a1487827dbc672f998da95ce83edce1270fc23f96f1f61a/scikit_learn-1.6.1-cp313-cp313-win_amd64.whl", hash = "sha256:7a1c43c8ec9fde528d664d947dc4c0789be4077a3647f232869f41d9bf50e0fb", size = 11071865, upload-time = "2025-01-10T08:07:16.088Z" }, + { url = "https://files.pythonhosted.org/packages/12/ae/993b0fb24a356e71e9a894e42b8a9eec528d4c70217353a1cd7a48bc25d4/scikit_learn-1.6.1-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:a17c1dea1d56dcda2fac315712f3651a1fea86565b64b48fa1bc090249cbf236", size = 11955804, upload-time = "2025-01-10T08:07:20.385Z" }, + { url = "https://files.pythonhosted.org/packages/d6/54/32fa2ee591af44507eac86406fa6bba968d1eb22831494470d0a2e4a1eb1/scikit_learn-1.6.1-cp313-cp313t-macosx_12_0_arm64.whl", hash = "sha256:6a7aa5f9908f0f28f4edaa6963c0a6183f1911e63a69aa03782f0d924c830a35", size = 11100530, upload-time = "2025-01-10T08:07:23.675Z" }, + { url = "https://files.pythonhosted.org/packages/3f/58/55856da1adec655bdce77b502e94a267bf40a8c0b89f8622837f89503b5a/scikit_learn-1.6.1-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0650e730afb87402baa88afbf31c07b84c98272622aaba002559b614600ca691", size = 12433852, upload-time = "2025-01-10T08:07:26.817Z" }, + { url = "https://files.pythonhosted.org/packages/ff/4f/c83853af13901a574f8f13b645467285a48940f185b690936bb700a50863/scikit_learn-1.6.1-cp313-cp313t-win_amd64.whl", hash = "sha256:3f59fe08dc03ea158605170eb52b22a105f238a5d512c4470ddeca71feae8e5f", size = 11337256, upload-time = "2025-01-10T08:07:31.084Z" }, +] + +[[package]] +name = "scipy" +version = "1.15.3" +source = { registry = "https://pypi.org/simple" } +resolution-markers = [ + "python_full_version < '3.11'", +] +dependencies = [ + { name = "numpy", version = "2.2.6", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version < '3.11'" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/0f/37/6964b830433e654ec7485e45a00fc9a27cf868d622838f6b6d9c5ec0d532/scipy-1.15.3.tar.gz", hash = "sha256:eae3cf522bc7df64b42cad3925c876e1b0b6c35c1337c93e12c0f366f55b0eaf", size = 59419214, upload-time = "2025-05-08T16:13:05.955Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/78/2f/4966032c5f8cc7e6a60f1b2e0ad686293b9474b65246b0c642e3ef3badd0/scipy-1.15.3-cp310-cp310-macosx_10_13_x86_64.whl", hash = "sha256:a345928c86d535060c9c2b25e71e87c39ab2f22fc96e9636bd74d1dbf9de448c", size = 38702770, upload-time = "2025-05-08T16:04:20.849Z" }, + { url = "https://files.pythonhosted.org/packages/a0/6e/0c3bf90fae0e910c274db43304ebe25a6b391327f3f10b5dcc638c090795/scipy-1.15.3-cp310-cp310-macosx_12_0_arm64.whl", hash = "sha256:ad3432cb0f9ed87477a8d97f03b763fd1d57709f1bbde3c9369b1dff5503b253", size = 30094511, upload-time = "2025-05-08T16:04:27.103Z" }, + { url = "https://files.pythonhosted.org/packages/ea/b1/4deb37252311c1acff7f101f6453f0440794f51b6eacb1aad4459a134081/scipy-1.15.3-cp310-cp310-macosx_14_0_arm64.whl", hash = "sha256:aef683a9ae6eb00728a542b796f52a5477b78252edede72b8327a886ab63293f", size = 22368151, upload-time = "2025-05-08T16:04:31.731Z" }, + { url = "https://files.pythonhosted.org/packages/38/7d/f457626e3cd3c29b3a49ca115a304cebb8cc6f31b04678f03b216899d3c6/scipy-1.15.3-cp310-cp310-macosx_14_0_x86_64.whl", hash = "sha256:1c832e1bd78dea67d5c16f786681b28dd695a8cb1fb90af2e27580d3d0967e92", size = 25121732, upload-time = "2025-05-08T16:04:36.596Z" }, + { url = "https://files.pythonhosted.org/packages/db/0a/92b1de4a7adc7a15dcf5bddc6e191f6f29ee663b30511ce20467ef9b82e4/scipy-1.15.3-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:263961f658ce2165bbd7b99fa5135195c3a12d9bef045345016b8b50c315cb82", size = 35547617, upload-time = "2025-05-08T16:04:43.546Z" }, + { url = "https://files.pythonhosted.org/packages/8e/6d/41991e503e51fc1134502694c5fa7a1671501a17ffa12716a4a9151af3df/scipy-1.15.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9e2abc762b0811e09a0d3258abee2d98e0c703eee49464ce0069590846f31d40", size = 37662964, upload-time = "2025-05-08T16:04:49.431Z" }, + { url = "https://files.pythonhosted.org/packages/25/e1/3df8f83cb15f3500478c889be8fb18700813b95e9e087328230b98d547ff/scipy-1.15.3-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:ed7284b21a7a0c8f1b6e5977ac05396c0d008b89e05498c8b7e8f4a1423bba0e", size = 37238749, upload-time = "2025-05-08T16:04:55.215Z" }, + { url = "https://files.pythonhosted.org/packages/93/3e/b3257cf446f2a3533ed7809757039016b74cd6f38271de91682aa844cfc5/scipy-1.15.3-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:5380741e53df2c566f4d234b100a484b420af85deb39ea35a1cc1be84ff53a5c", size = 40022383, upload-time = "2025-05-08T16:05:01.914Z" }, + { url = "https://files.pythonhosted.org/packages/d1/84/55bc4881973d3f79b479a5a2e2df61c8c9a04fcb986a213ac9c02cfb659b/scipy-1.15.3-cp310-cp310-win_amd64.whl", hash = "sha256:9d61e97b186a57350f6d6fd72640f9e99d5a4a2b8fbf4b9ee9a841eab327dc13", size = 41259201, upload-time = "2025-05-08T16:05:08.166Z" }, + { url = "https://files.pythonhosted.org/packages/96/ab/5cc9f80f28f6a7dff646c5756e559823614a42b1939d86dd0ed550470210/scipy-1.15.3-cp311-cp311-macosx_10_13_x86_64.whl", hash = "sha256:993439ce220d25e3696d1b23b233dd010169b62f6456488567e830654ee37a6b", size = 38714255, upload-time = "2025-05-08T16:05:14.596Z" }, + { url = "https://files.pythonhosted.org/packages/4a/4a/66ba30abe5ad1a3ad15bfb0b59d22174012e8056ff448cb1644deccbfed2/scipy-1.15.3-cp311-cp311-macosx_12_0_arm64.whl", hash = "sha256:34716e281f181a02341ddeaad584205bd2fd3c242063bd3423d61ac259ca7eba", size = 30111035, upload-time = "2025-05-08T16:05:20.152Z" }, + { url = "https://files.pythonhosted.org/packages/4b/fa/a7e5b95afd80d24313307f03624acc65801846fa75599034f8ceb9e2cbf6/scipy-1.15.3-cp311-cp311-macosx_14_0_arm64.whl", hash = "sha256:3b0334816afb8b91dab859281b1b9786934392aa3d527cd847e41bb6f45bee65", size = 22384499, upload-time = "2025-05-08T16:05:24.494Z" }, + { url = "https://files.pythonhosted.org/packages/17/99/f3aaddccf3588bb4aea70ba35328c204cadd89517a1612ecfda5b2dd9d7a/scipy-1.15.3-cp311-cp311-macosx_14_0_x86_64.whl", hash = "sha256:6db907c7368e3092e24919b5e31c76998b0ce1684d51a90943cb0ed1b4ffd6c1", size = 25152602, upload-time = "2025-05-08T16:05:29.313Z" }, + { url = "https://files.pythonhosted.org/packages/56/c5/1032cdb565f146109212153339f9cb8b993701e9fe56b1c97699eee12586/scipy-1.15.3-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:721d6b4ef5dc82ca8968c25b111e307083d7ca9091bc38163fb89243e85e3889", size = 35503415, upload-time = "2025-05-08T16:05:34.699Z" }, + { url = "https://files.pythonhosted.org/packages/bd/37/89f19c8c05505d0601ed5650156e50eb881ae3918786c8fd7262b4ee66d3/scipy-1.15.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:39cb9c62e471b1bb3750066ecc3a3f3052b37751c7c3dfd0fd7e48900ed52982", size = 37652622, upload-time = "2025-05-08T16:05:40.762Z" }, + { url = "https://files.pythonhosted.org/packages/7e/31/be59513aa9695519b18e1851bb9e487de66f2d31f835201f1b42f5d4d475/scipy-1.15.3-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:795c46999bae845966368a3c013e0e00947932d68e235702b5c3f6ea799aa8c9", size = 37244796, upload-time = "2025-05-08T16:05:48.119Z" }, + { url = "https://files.pythonhosted.org/packages/10/c0/4f5f3eeccc235632aab79b27a74a9130c6c35df358129f7ac8b29f562ac7/scipy-1.15.3-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:18aaacb735ab38b38db42cb01f6b92a2d0d4b6aabefeb07f02849e47f8fb3594", size = 40047684, upload-time = "2025-05-08T16:05:54.22Z" }, + { url = "https://files.pythonhosted.org/packages/ab/a7/0ddaf514ce8a8714f6ed243a2b391b41dbb65251affe21ee3077ec45ea9a/scipy-1.15.3-cp311-cp311-win_amd64.whl", hash = "sha256:ae48a786a28412d744c62fd7816a4118ef97e5be0bee968ce8f0a2fba7acf3bb", size = 41246504, upload-time = "2025-05-08T16:06:00.437Z" }, + { url = "https://files.pythonhosted.org/packages/37/4b/683aa044c4162e10ed7a7ea30527f2cbd92e6999c10a8ed8edb253836e9c/scipy-1.15.3-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:6ac6310fdbfb7aa6612408bd2f07295bcbd3fda00d2d702178434751fe48e019", size = 38766735, upload-time = "2025-05-08T16:06:06.471Z" }, + { url = "https://files.pythonhosted.org/packages/7b/7e/f30be3d03de07f25dc0ec926d1681fed5c732d759ac8f51079708c79e680/scipy-1.15.3-cp312-cp312-macosx_12_0_arm64.whl", hash = "sha256:185cd3d6d05ca4b44a8f1595af87f9c372bb6acf9c808e99aa3e9aa03bd98cf6", size = 30173284, upload-time = "2025-05-08T16:06:11.686Z" }, + { url = "https://files.pythonhosted.org/packages/07/9c/0ddb0d0abdabe0d181c1793db51f02cd59e4901da6f9f7848e1f96759f0d/scipy-1.15.3-cp312-cp312-macosx_14_0_arm64.whl", hash = "sha256:05dc6abcd105e1a29f95eada46d4a3f251743cfd7d3ae8ddb4088047f24ea477", size = 22446958, upload-time = "2025-05-08T16:06:15.97Z" }, + { url = "https://files.pythonhosted.org/packages/af/43/0bce905a965f36c58ff80d8bea33f1f9351b05fad4beaad4eae34699b7a1/scipy-1.15.3-cp312-cp312-macosx_14_0_x86_64.whl", hash = "sha256:06efcba926324df1696931a57a176c80848ccd67ce6ad020c810736bfd58eb1c", size = 25242454, upload-time = "2025-05-08T16:06:20.394Z" }, + { url = "https://files.pythonhosted.org/packages/56/30/a6f08f84ee5b7b28b4c597aca4cbe545535c39fe911845a96414700b64ba/scipy-1.15.3-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c05045d8b9bfd807ee1b9f38761993297b10b245f012b11b13b91ba8945f7e45", size = 35210199, upload-time = "2025-05-08T16:06:26.159Z" }, + { url = "https://files.pythonhosted.org/packages/0b/1f/03f52c282437a168ee2c7c14a1a0d0781a9a4a8962d84ac05c06b4c5b555/scipy-1.15.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:271e3713e645149ea5ea3e97b57fdab61ce61333f97cfae392c28ba786f9bb49", size = 37309455, upload-time = "2025-05-08T16:06:32.778Z" }, + { url = "https://files.pythonhosted.org/packages/89/b1/fbb53137f42c4bf630b1ffdfc2151a62d1d1b903b249f030d2b1c0280af8/scipy-1.15.3-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:6cfd56fc1a8e53f6e89ba3a7a7251f7396412d655bca2aa5611c8ec9a6784a1e", size = 36885140, upload-time = "2025-05-08T16:06:39.249Z" }, + { url = "https://files.pythonhosted.org/packages/2e/2e/025e39e339f5090df1ff266d021892694dbb7e63568edcfe43f892fa381d/scipy-1.15.3-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:0ff17c0bb1cb32952c09217d8d1eed9b53d1463e5f1dd6052c7857f83127d539", size = 39710549, upload-time = "2025-05-08T16:06:45.729Z" }, + { url = "https://files.pythonhosted.org/packages/e6/eb/3bf6ea8ab7f1503dca3a10df2e4b9c3f6b3316df07f6c0ded94b281c7101/scipy-1.15.3-cp312-cp312-win_amd64.whl", hash = "sha256:52092bc0472cfd17df49ff17e70624345efece4e1a12b23783a1ac59a1b728ed", size = 40966184, upload-time = "2025-05-08T16:06:52.623Z" }, + { url = "https://files.pythonhosted.org/packages/73/18/ec27848c9baae6e0d6573eda6e01a602e5649ee72c27c3a8aad673ebecfd/scipy-1.15.3-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:2c620736bcc334782e24d173c0fdbb7590a0a436d2fdf39310a8902505008759", size = 38728256, upload-time = "2025-05-08T16:06:58.696Z" }, + { url = "https://files.pythonhosted.org/packages/74/cd/1aef2184948728b4b6e21267d53b3339762c285a46a274ebb7863c9e4742/scipy-1.15.3-cp313-cp313-macosx_12_0_arm64.whl", hash = "sha256:7e11270a000969409d37ed399585ee530b9ef6aa99d50c019de4cb01e8e54e62", size = 30109540, upload-time = "2025-05-08T16:07:04.209Z" }, + { url = "https://files.pythonhosted.org/packages/5b/d8/59e452c0a255ec352bd0a833537a3bc1bfb679944c4938ab375b0a6b3a3e/scipy-1.15.3-cp313-cp313-macosx_14_0_arm64.whl", hash = "sha256:8c9ed3ba2c8a2ce098163a9bdb26f891746d02136995df25227a20e71c396ebb", size = 22383115, upload-time = "2025-05-08T16:07:08.998Z" }, + { url = "https://files.pythonhosted.org/packages/08/f5/456f56bbbfccf696263b47095291040655e3cbaf05d063bdc7c7517f32ac/scipy-1.15.3-cp313-cp313-macosx_14_0_x86_64.whl", hash = "sha256:0bdd905264c0c9cfa74a4772cdb2070171790381a5c4d312c973382fc6eaf730", size = 25163884, upload-time = "2025-05-08T16:07:14.091Z" }, + { url = "https://files.pythonhosted.org/packages/a2/66/a9618b6a435a0f0c0b8a6d0a2efb32d4ec5a85f023c2b79d39512040355b/scipy-1.15.3-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:79167bba085c31f38603e11a267d862957cbb3ce018d8b38f79ac043bc92d825", size = 35174018, upload-time = "2025-05-08T16:07:19.427Z" }, + { url = "https://files.pythonhosted.org/packages/b5/09/c5b6734a50ad4882432b6bb7c02baf757f5b2f256041da5df242e2d7e6b6/scipy-1.15.3-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c9deabd6d547aee2c9a81dee6cc96c6d7e9a9b1953f74850c179f91fdc729cb7", size = 37269716, upload-time = "2025-05-08T16:07:25.712Z" }, + { url = "https://files.pythonhosted.org/packages/77/0a/eac00ff741f23bcabd352731ed9b8995a0a60ef57f5fd788d611d43d69a1/scipy-1.15.3-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:dde4fc32993071ac0c7dd2d82569e544f0bdaff66269cb475e0f369adad13f11", size = 36872342, upload-time = "2025-05-08T16:07:31.468Z" }, + { url = "https://files.pythonhosted.org/packages/fe/54/4379be86dd74b6ad81551689107360d9a3e18f24d20767a2d5b9253a3f0a/scipy-1.15.3-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:f77f853d584e72e874d87357ad70f44b437331507d1c311457bed8ed2b956126", size = 39670869, upload-time = "2025-05-08T16:07:38.002Z" }, + { url = "https://files.pythonhosted.org/packages/87/2e/892ad2862ba54f084ffe8cc4a22667eaf9c2bcec6d2bff1d15713c6c0703/scipy-1.15.3-cp313-cp313-win_amd64.whl", hash = "sha256:b90ab29d0c37ec9bf55424c064312930ca5f4bde15ee8619ee44e69319aab163", size = 40988851, upload-time = "2025-05-08T16:08:33.671Z" }, + { url = "https://files.pythonhosted.org/packages/1b/e9/7a879c137f7e55b30d75d90ce3eb468197646bc7b443ac036ae3fe109055/scipy-1.15.3-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:3ac07623267feb3ae308487c260ac684b32ea35fd81e12845039952f558047b8", size = 38863011, upload-time = "2025-05-08T16:07:44.039Z" }, + { url = "https://files.pythonhosted.org/packages/51/d1/226a806bbd69f62ce5ef5f3ffadc35286e9fbc802f606a07eb83bf2359de/scipy-1.15.3-cp313-cp313t-macosx_12_0_arm64.whl", hash = "sha256:6487aa99c2a3d509a5227d9a5e889ff05830a06b2ce08ec30df6d79db5fcd5c5", size = 30266407, upload-time = "2025-05-08T16:07:49.891Z" }, + { url = "https://files.pythonhosted.org/packages/e5/9b/f32d1d6093ab9eeabbd839b0f7619c62e46cc4b7b6dbf05b6e615bbd4400/scipy-1.15.3-cp313-cp313t-macosx_14_0_arm64.whl", hash = "sha256:50f9e62461c95d933d5c5ef4a1f2ebf9a2b4e83b0db374cb3f1de104d935922e", size = 22540030, upload-time = "2025-05-08T16:07:54.121Z" }, + { url = "https://files.pythonhosted.org/packages/e7/29/c278f699b095c1a884f29fda126340fcc201461ee8bfea5c8bdb1c7c958b/scipy-1.15.3-cp313-cp313t-macosx_14_0_x86_64.whl", hash = "sha256:14ed70039d182f411ffc74789a16df3835e05dc469b898233a245cdfd7f162cb", size = 25218709, upload-time = "2025-05-08T16:07:58.506Z" }, + { url = "https://files.pythonhosted.org/packages/24/18/9e5374b617aba742a990581373cd6b68a2945d65cc588482749ef2e64467/scipy-1.15.3-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0a769105537aa07a69468a0eefcd121be52006db61cdd8cac8a0e68980bbb723", size = 34809045, upload-time = "2025-05-08T16:08:03.929Z" }, + { url = "https://files.pythonhosted.org/packages/e1/fe/9c4361e7ba2927074360856db6135ef4904d505e9b3afbbcb073c4008328/scipy-1.15.3-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9db984639887e3dffb3928d118145ffe40eff2fa40cb241a306ec57c219ebbbb", size = 36703062, upload-time = "2025-05-08T16:08:09.558Z" }, + { url = "https://files.pythonhosted.org/packages/b7/8e/038ccfe29d272b30086b25a4960f757f97122cb2ec42e62b460d02fe98e9/scipy-1.15.3-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:40e54d5c7e7ebf1aa596c374c49fa3135f04648a0caabcb66c52884b943f02b4", size = 36393132, upload-time = "2025-05-08T16:08:15.34Z" }, + { url = "https://files.pythonhosted.org/packages/10/7e/5c12285452970be5bdbe8352c619250b97ebf7917d7a9a9e96b8a8140f17/scipy-1.15.3-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:5e721fed53187e71d0ccf382b6bf977644c533e506c4d33c3fb24de89f5c3ed5", size = 38979503, upload-time = "2025-05-08T16:08:21.513Z" }, + { url = "https://files.pythonhosted.org/packages/81/06/0a5e5349474e1cbc5757975b21bd4fad0e72ebf138c5592f191646154e06/scipy-1.15.3-cp313-cp313t-win_amd64.whl", hash = "sha256:76ad1fb5f8752eabf0fa02e4cc0336b4e8f021e2d5f061ed37d6d264db35e3ca", size = 40308097, upload-time = "2025-05-08T16:08:27.627Z" }, +] + +[[package]] +name = "scipy" +version = "1.16.1" +source = { registry = "https://pypi.org/simple" } +resolution-markers = [ + "python_full_version >= '3.12'", + "python_full_version == '3.11.*'", +] +dependencies = [ + { name = "numpy", version = "2.3.2", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version >= '3.11'" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/f5/4a/b927028464795439faec8eaf0b03b011005c487bb2d07409f28bf30879c4/scipy-1.16.1.tar.gz", hash = "sha256:44c76f9e8b6e8e488a586190ab38016e4ed2f8a038af7cd3defa903c0a2238b3", size = 30580861, upload-time = "2025-07-27T16:33:30.834Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/da/91/812adc6f74409b461e3a5fa97f4f74c769016919203138a3bf6fc24ba4c5/scipy-1.16.1-cp311-cp311-macosx_10_14_x86_64.whl", hash = "sha256:c033fa32bab91dc98ca59d0cf23bb876454e2bb02cbe592d5023138778f70030", size = 36552519, upload-time = "2025-07-27T16:26:29.658Z" }, + { url = "https://files.pythonhosted.org/packages/47/18/8e355edcf3b71418d9e9f9acd2708cc3a6c27e8f98fde0ac34b8a0b45407/scipy-1.16.1-cp311-cp311-macosx_12_0_arm64.whl", hash = "sha256:6e5c2f74e5df33479b5cd4e97a9104c511518fbd979aa9b8f6aec18b2e9ecae7", size = 28638010, upload-time = "2025-07-27T16:26:38.196Z" }, + { url = "https://files.pythonhosted.org/packages/d9/eb/e931853058607bdfbc11b86df19ae7a08686121c203483f62f1ecae5989c/scipy-1.16.1-cp311-cp311-macosx_14_0_arm64.whl", hash = "sha256:0a55ffe0ba0f59666e90951971a884d1ff6f4ec3275a48f472cfb64175570f77", size = 20909790, upload-time = "2025-07-27T16:26:43.93Z" }, + { url = "https://files.pythonhosted.org/packages/45/0c/be83a271d6e96750cd0be2e000f35ff18880a46f05ce8b5d3465dc0f7a2a/scipy-1.16.1-cp311-cp311-macosx_14_0_x86_64.whl", hash = "sha256:f8a5d6cd147acecc2603fbd382fed6c46f474cccfcf69ea32582e033fb54dcfe", size = 23513352, upload-time = "2025-07-27T16:26:50.017Z" }, + { url = "https://files.pythonhosted.org/packages/7c/bf/fe6eb47e74f762f933cca962db7f2c7183acfdc4483bd1c3813cfe83e538/scipy-1.16.1-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:cb18899127278058bcc09e7b9966d41a5a43740b5bb8dcba401bd983f82e885b", size = 33534643, upload-time = "2025-07-27T16:26:57.503Z" }, + { url = "https://files.pythonhosted.org/packages/bb/ba/63f402e74875486b87ec6506a4f93f6d8a0d94d10467280f3d9d7837ce3a/scipy-1.16.1-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:adccd93a2fa937a27aae826d33e3bfa5edf9aa672376a4852d23a7cd67a2e5b7", size = 35376776, upload-time = "2025-07-27T16:27:06.639Z" }, + { url = "https://files.pythonhosted.org/packages/c3/b4/04eb9d39ec26a1b939689102da23d505ea16cdae3dbb18ffc53d1f831044/scipy-1.16.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:18aca1646a29ee9a0625a1be5637fa798d4d81fdf426481f06d69af828f16958", size = 35698906, upload-time = "2025-07-27T16:27:14.943Z" }, + { url = "https://files.pythonhosted.org/packages/04/d6/bb5468da53321baeb001f6e4e0d9049eadd175a4a497709939128556e3ec/scipy-1.16.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:d85495cef541729a70cdddbbf3e6b903421bc1af3e8e3a9a72a06751f33b7c39", size = 38129275, upload-time = "2025-07-27T16:27:23.873Z" }, + { url = "https://files.pythonhosted.org/packages/c4/94/994369978509f227cba7dfb9e623254d0d5559506fe994aef4bea3ed469c/scipy-1.16.1-cp311-cp311-win_amd64.whl", hash = "sha256:226652fca853008119c03a8ce71ffe1b3f6d2844cc1686e8f9806edafae68596", size = 38644572, upload-time = "2025-07-27T16:27:32.637Z" }, + { url = "https://files.pythonhosted.org/packages/f8/d9/ec4864f5896232133f51382b54a08de91a9d1af7a76dfa372894026dfee2/scipy-1.16.1-cp312-cp312-macosx_10_14_x86_64.whl", hash = "sha256:81b433bbeaf35728dad619afc002db9b189e45eebe2cd676effe1fb93fef2b9c", size = 36575194, upload-time = "2025-07-27T16:27:41.321Z" }, + { url = "https://files.pythonhosted.org/packages/5c/6d/40e81ecfb688e9d25d34a847dca361982a6addf8e31f0957b1a54fbfa994/scipy-1.16.1-cp312-cp312-macosx_12_0_arm64.whl", hash = "sha256:886cc81fdb4c6903a3bb0464047c25a6d1016fef77bb97949817d0c0d79f9e04", size = 28594590, upload-time = "2025-07-27T16:27:49.204Z" }, + { url = "https://files.pythonhosted.org/packages/0e/37/9f65178edfcc629377ce9a64fc09baebea18c80a9e57ae09a52edf84880b/scipy-1.16.1-cp312-cp312-macosx_14_0_arm64.whl", hash = "sha256:15240c3aac087a522b4eaedb09f0ad061753c5eebf1ea430859e5bf8640d5919", size = 20866458, upload-time = "2025-07-27T16:27:54.98Z" }, + { url = "https://files.pythonhosted.org/packages/2c/7b/749a66766871ea4cb1d1ea10f27004db63023074c22abed51f22f09770e0/scipy-1.16.1-cp312-cp312-macosx_14_0_x86_64.whl", hash = "sha256:65f81a25805f3659b48126b5053d9e823d3215e4a63730b5e1671852a1705921", size = 23539318, upload-time = "2025-07-27T16:28:01.604Z" }, + { url = "https://files.pythonhosted.org/packages/c4/db/8d4afec60eb833a666434d4541a3151eedbf2494ea6d4d468cbe877f00cd/scipy-1.16.1-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:6c62eea7f607f122069b9bad3f99489ddca1a5173bef8a0c75555d7488b6f725", size = 33292899, upload-time = "2025-07-27T16:28:09.147Z" }, + { url = "https://files.pythonhosted.org/packages/51/1e/79023ca3bbb13a015d7d2757ecca3b81293c663694c35d6541b4dca53e98/scipy-1.16.1-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f965bbf3235b01c776115ab18f092a95aa74c271a52577bcb0563e85738fd618", size = 35162637, upload-time = "2025-07-27T16:28:17.535Z" }, + { url = "https://files.pythonhosted.org/packages/b6/49/0648665f9c29fdaca4c679182eb972935b3b4f5ace41d323c32352f29816/scipy-1.16.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:f006e323874ffd0b0b816d8c6a8e7f9a73d55ab3b8c3f72b752b226d0e3ac83d", size = 35490507, upload-time = "2025-07-27T16:28:25.705Z" }, + { url = "https://files.pythonhosted.org/packages/62/8f/66cbb9d6bbb18d8c658f774904f42a92078707a7c71e5347e8bf2f52bb89/scipy-1.16.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:e8fd15fc5085ab4cca74cb91fe0a4263b1f32e4420761ddae531ad60934c2119", size = 37923998, upload-time = "2025-07-27T16:28:34.339Z" }, + { url = "https://files.pythonhosted.org/packages/14/c3/61f273ae550fbf1667675701112e380881905e28448c080b23b5a181df7c/scipy-1.16.1-cp312-cp312-win_amd64.whl", hash = "sha256:f7b8013c6c066609577d910d1a2a077021727af07b6fab0ee22c2f901f22352a", size = 38508060, upload-time = "2025-07-27T16:28:43.242Z" }, + { url = "https://files.pythonhosted.org/packages/93/0b/b5c99382b839854a71ca9482c684e3472badc62620287cbbdab499b75ce6/scipy-1.16.1-cp313-cp313-macosx_10_14_x86_64.whl", hash = "sha256:5451606823a5e73dfa621a89948096c6528e2896e40b39248295d3a0138d594f", size = 36533717, upload-time = "2025-07-27T16:28:51.706Z" }, + { url = "https://files.pythonhosted.org/packages/eb/e5/69ab2771062c91e23e07c12e7d5033a6b9b80b0903ee709c3c36b3eb520c/scipy-1.16.1-cp313-cp313-macosx_12_0_arm64.whl", hash = "sha256:89728678c5ca5abd610aee148c199ac1afb16e19844401ca97d43dc548a354eb", size = 28570009, upload-time = "2025-07-27T16:28:57.017Z" }, + { url = "https://files.pythonhosted.org/packages/f4/69/bd75dbfdd3cf524f4d753484d723594aed62cfaac510123e91a6686d520b/scipy-1.16.1-cp313-cp313-macosx_14_0_arm64.whl", hash = "sha256:e756d688cb03fd07de0fffad475649b03cb89bee696c98ce508b17c11a03f95c", size = 20841942, upload-time = "2025-07-27T16:29:01.152Z" }, + { url = "https://files.pythonhosted.org/packages/ea/74/add181c87663f178ba7d6144b370243a87af8476664d5435e57d599e6874/scipy-1.16.1-cp313-cp313-macosx_14_0_x86_64.whl", hash = "sha256:5aa2687b9935da3ed89c5dbed5234576589dd28d0bf7cd237501ccfbdf1ad608", size = 23498507, upload-time = "2025-07-27T16:29:05.202Z" }, + { url = "https://files.pythonhosted.org/packages/1d/74/ece2e582a0d9550cee33e2e416cc96737dce423a994d12bbe59716f47ff1/scipy-1.16.1-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:0851f6a1e537fe9399f35986897e395a1aa61c574b178c0d456be5b1a0f5ca1f", size = 33286040, upload-time = "2025-07-27T16:29:10.201Z" }, + { url = "https://files.pythonhosted.org/packages/e4/82/08e4076df538fb56caa1d489588d880ec7c52d8273a606bb54d660528f7c/scipy-1.16.1-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:fedc2cbd1baed37474b1924c331b97bdff611d762c196fac1a9b71e67b813b1b", size = 35176096, upload-time = "2025-07-27T16:29:17.091Z" }, + { url = "https://files.pythonhosted.org/packages/fa/79/cd710aab8c921375711a8321c6be696e705a120e3011a643efbbcdeeabcc/scipy-1.16.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:2ef500e72f9623a6735769e4b93e9dcb158d40752cdbb077f305487e3e2d1f45", size = 35490328, upload-time = "2025-07-27T16:29:22.928Z" }, + { url = "https://files.pythonhosted.org/packages/71/73/e9cc3d35ee4526d784520d4494a3e1ca969b071fb5ae5910c036a375ceec/scipy-1.16.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:978d8311674b05a8f7ff2ea6c6bce5d8b45a0cb09d4c5793e0318f448613ea65", size = 37939921, upload-time = "2025-07-27T16:29:29.108Z" }, + { url = "https://files.pythonhosted.org/packages/21/12/c0efd2941f01940119b5305c375ae5c0fcb7ec193f806bd8f158b73a1782/scipy-1.16.1-cp313-cp313-win_amd64.whl", hash = "sha256:81929ed0fa7a5713fcdd8b2e6f73697d3b4c4816d090dd34ff937c20fa90e8ab", size = 38479462, upload-time = "2025-07-27T16:30:24.078Z" }, + { url = "https://files.pythonhosted.org/packages/7a/19/c3d08b675260046a991040e1ea5d65f91f40c7df1045fffff412dcfc6765/scipy-1.16.1-cp313-cp313t-macosx_10_14_x86_64.whl", hash = "sha256:bcc12db731858abda693cecdb3bdc9e6d4bd200213f49d224fe22df82687bdd6", size = 36938832, upload-time = "2025-07-27T16:29:35.057Z" }, + { url = "https://files.pythonhosted.org/packages/81/f2/ce53db652c033a414a5b34598dba6b95f3d38153a2417c5a3883da429029/scipy-1.16.1-cp313-cp313t-macosx_12_0_arm64.whl", hash = "sha256:744d977daa4becb9fc59135e75c069f8d301a87d64f88f1e602a9ecf51e77b27", size = 29093084, upload-time = "2025-07-27T16:29:40.201Z" }, + { url = "https://files.pythonhosted.org/packages/a9/ae/7a10ff04a7dc15f9057d05b33737ade244e4bd195caa3f7cc04d77b9e214/scipy-1.16.1-cp313-cp313t-macosx_14_0_arm64.whl", hash = "sha256:dc54f76ac18073bcecffb98d93f03ed6b81a92ef91b5d3b135dcc81d55a724c7", size = 21365098, upload-time = "2025-07-27T16:29:44.295Z" }, + { url = "https://files.pythonhosted.org/packages/36/ac/029ff710959932ad3c2a98721b20b405f05f752f07344622fd61a47c5197/scipy-1.16.1-cp313-cp313t-macosx_14_0_x86_64.whl", hash = "sha256:367d567ee9fc1e9e2047d31f39d9d6a7a04e0710c86e701e053f237d14a9b4f6", size = 23896858, upload-time = "2025-07-27T16:29:48.784Z" }, + { url = "https://files.pythonhosted.org/packages/71/13/d1ef77b6bd7898720e1f0b6b3743cb945f6c3cafa7718eaac8841035ab60/scipy-1.16.1-cp313-cp313t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:4cf5785e44e19dcd32a0e4807555e1e9a9b8d475c6afff3d21c3c543a6aa84f4", size = 33438311, upload-time = "2025-07-27T16:29:54.164Z" }, + { url = "https://files.pythonhosted.org/packages/2d/e0/e64a6821ffbb00b4c5b05169f1c1fddb4800e9307efe3db3788995a82a2c/scipy-1.16.1-cp313-cp313t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:3d0b80fb26d3e13a794c71d4b837e2a589d839fd574a6bbb4ee1288c213ad4a3", size = 35279542, upload-time = "2025-07-27T16:30:00.249Z" }, + { url = "https://files.pythonhosted.org/packages/57/59/0dc3c8b43e118f1e4ee2b798dcc96ac21bb20014e5f1f7a8e85cc0653bdb/scipy-1.16.1-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:8503517c44c18d1030d666cb70aaac1cc8913608816e06742498833b128488b7", size = 35667665, upload-time = "2025-07-27T16:30:05.916Z" }, + { url = "https://files.pythonhosted.org/packages/45/5f/844ee26e34e2f3f9f8febb9343748e72daeaec64fe0c70e9bf1ff84ec955/scipy-1.16.1-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:30cc4bb81c41831ecfd6dc450baf48ffd80ef5aed0f5cf3ea775740e80f16ecc", size = 38045210, upload-time = "2025-07-27T16:30:11.655Z" }, + { url = "https://files.pythonhosted.org/packages/8d/d7/210f2b45290f444f1de64bc7353aa598ece9f0e90c384b4a156f9b1a5063/scipy-1.16.1-cp313-cp313t-win_amd64.whl", hash = "sha256:c24fa02f7ed23ae514460a22c57eca8f530dbfa50b1cfdbf4f37c05b5309cc39", size = 38593661, upload-time = "2025-07-27T16:30:17.825Z" }, + { url = "https://files.pythonhosted.org/packages/81/ea/84d481a5237ed223bd3d32d6e82d7a6a96e34756492666c260cef16011d1/scipy-1.16.1-cp314-cp314-macosx_10_14_x86_64.whl", hash = "sha256:796a5a9ad36fa3a782375db8f4241ab02a091308eb079746bc0f874c9b998318", size = 36525921, upload-time = "2025-07-27T16:30:30.081Z" }, + { url = "https://files.pythonhosted.org/packages/4e/9f/d9edbdeff9f3a664807ae3aea383e10afaa247e8e6255e6d2aa4515e8863/scipy-1.16.1-cp314-cp314-macosx_12_0_arm64.whl", hash = "sha256:3ea0733a2ff73fd6fdc5fecca54ee9b459f4d74f00b99aced7d9a3adb43fb1cc", size = 28564152, upload-time = "2025-07-27T16:30:35.336Z" }, + { url = "https://files.pythonhosted.org/packages/3b/95/8125bcb1fe04bc267d103e76516243e8d5e11229e6b306bda1024a5423d1/scipy-1.16.1-cp314-cp314-macosx_14_0_arm64.whl", hash = "sha256:85764fb15a2ad994e708258bb4ed8290d1305c62a4e1ef07c414356a24fcfbf8", size = 20836028, upload-time = "2025-07-27T16:30:39.421Z" }, + { url = "https://files.pythonhosted.org/packages/77/9c/bf92e215701fc70bbcd3d14d86337cf56a9b912a804b9c776a269524a9e9/scipy-1.16.1-cp314-cp314-macosx_14_0_x86_64.whl", hash = "sha256:ca66d980469cb623b1759bdd6e9fd97d4e33a9fad5b33771ced24d0cb24df67e", size = 23489666, upload-time = "2025-07-27T16:30:43.663Z" }, + { url = "https://files.pythonhosted.org/packages/5e/00/5e941d397d9adac41b02839011594620d54d99488d1be5be755c00cde9ee/scipy-1.16.1-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:e7cc1ffcc230f568549fc56670bcf3df1884c30bd652c5da8138199c8c76dae0", size = 33358318, upload-time = "2025-07-27T16:30:48.982Z" }, + { url = "https://files.pythonhosted.org/packages/0e/87/8db3aa10dde6e3e8e7eb0133f24baa011377d543f5b19c71469cf2648026/scipy-1.16.1-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:3ddfb1e8d0b540cb4ee9c53fc3dea3186f97711248fb94b4142a1b27178d8b4b", size = 35185724, upload-time = "2025-07-27T16:30:54.26Z" }, + { url = "https://files.pythonhosted.org/packages/89/b4/6ab9ae443216807622bcff02690262d8184078ea467efee2f8c93288a3b1/scipy-1.16.1-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:4dc0e7be79e95d8ba3435d193e0d8ce372f47f774cffd882f88ea4e1e1ddc731", size = 35554335, upload-time = "2025-07-27T16:30:59.765Z" }, + { url = "https://files.pythonhosted.org/packages/9c/9a/d0e9dc03c5269a1afb60661118296a32ed5d2c24298af61b676c11e05e56/scipy-1.16.1-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:f23634f9e5adb51b2a77766dac217063e764337fbc816aa8ad9aaebcd4397fd3", size = 37960310, upload-time = "2025-07-27T16:31:06.151Z" }, + { url = "https://files.pythonhosted.org/packages/5e/00/c8f3130a50521a7977874817ca89e0599b1b4ee8e938bad8ae798a0e1f0d/scipy-1.16.1-cp314-cp314-win_amd64.whl", hash = "sha256:57d75524cb1c5a374958a2eae3d84e1929bb971204cc9d52213fb8589183fc19", size = 39319239, upload-time = "2025-07-27T16:31:59.942Z" }, + { url = "https://files.pythonhosted.org/packages/f2/f2/1ca3eda54c3a7e4c92f6acef7db7b3a057deb135540d23aa6343ef8ad333/scipy-1.16.1-cp314-cp314t-macosx_10_14_x86_64.whl", hash = "sha256:d8da7c3dd67bcd93f15618938f43ed0995982eb38973023d46d4646c4283ad65", size = 36939460, upload-time = "2025-07-27T16:31:11.865Z" }, + { url = "https://files.pythonhosted.org/packages/80/30/98c2840b293a132400c0940bb9e140171dcb8189588619048f42b2ce7b4f/scipy-1.16.1-cp314-cp314t-macosx_12_0_arm64.whl", hash = "sha256:cc1d2f2fd48ba1e0620554fe5bc44d3e8f5d4185c8c109c7fbdf5af2792cfad2", size = 29093322, upload-time = "2025-07-27T16:31:17.045Z" }, + { url = "https://files.pythonhosted.org/packages/c1/e6/1e6e006e850622cf2a039b62d1a6ddc4497d4851e58b68008526f04a9a00/scipy-1.16.1-cp314-cp314t-macosx_14_0_arm64.whl", hash = "sha256:21a611ced9275cb861bacadbada0b8c0623bc00b05b09eb97f23b370fc2ae56d", size = 21365329, upload-time = "2025-07-27T16:31:21.188Z" }, + { url = "https://files.pythonhosted.org/packages/8e/02/72a5aa5b820589dda9a25e329ca752842bfbbaf635e36bc7065a9b42216e/scipy-1.16.1-cp314-cp314t-macosx_14_0_x86_64.whl", hash = "sha256:8dfbb25dffc4c3dd9371d8ab456ca81beeaf6f9e1c2119f179392f0dc1ab7695", size = 23897544, upload-time = "2025-07-27T16:31:25.408Z" }, + { url = "https://files.pythonhosted.org/packages/2b/dc/7122d806a6f9eb8a33532982234bed91f90272e990f414f2830cfe656e0b/scipy-1.16.1-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:f0ebb7204f063fad87fc0a0e4ff4a2ff40b2a226e4ba1b7e34bf4b79bf97cd86", size = 33442112, upload-time = "2025-07-27T16:31:30.62Z" }, + { url = "https://files.pythonhosted.org/packages/24/39/e383af23564daa1021a5b3afbe0d8d6a68ec639b943661841f44ac92de85/scipy-1.16.1-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:f1b9e5962656f2734c2b285a8745358ecb4e4efbadd00208c80a389227ec61ff", size = 35286594, upload-time = "2025-07-27T16:31:36.112Z" }, + { url = "https://files.pythonhosted.org/packages/95/47/1a0b0aff40c3056d955f38b0df5d178350c3d74734ec54f9c68d23910be5/scipy-1.16.1-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:5e1a106f8c023d57a2a903e771228bf5c5b27b5d692088f457acacd3b54511e4", size = 35665080, upload-time = "2025-07-27T16:31:42.025Z" }, + { url = "https://files.pythonhosted.org/packages/64/df/ce88803e9ed6e27fe9b9abefa157cf2c80e4fa527cf17ee14be41f790ad4/scipy-1.16.1-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:709559a1db68a9abc3b2c8672c4badf1614f3b440b3ab326d86a5c0491eafae3", size = 38050306, upload-time = "2025-07-27T16:31:48.109Z" }, + { url = "https://files.pythonhosted.org/packages/6e/6c/a76329897a7cae4937d403e623aa6aaea616a0bb5b36588f0b9d1c9a3739/scipy-1.16.1-cp314-cp314t-win_amd64.whl", hash = "sha256:c0c804d60492a0aad7f5b2bb1862f4548b990049e27e828391ff2bf6f7199998", size = 39427705, upload-time = "2025-07-27T16:31:53.96Z" }, +] + +[[package]] +name = "semver" +version = "3.0.4" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/72/d1/d3159231aec234a59dd7d601e9dd9fe96f3afff15efd33c1070019b26132/semver-3.0.4.tar.gz", hash = "sha256:afc7d8c584a5ed0a11033af086e8af226a9c0b206f313e0301f8dd7b6b589602", size = 269730, upload-time = "2025-01-24T13:19:27.617Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/a6/24/4d91e05817e92e3a61c8a21e08fd0f390f5301f1c448b137c57c4bc6e543/semver-3.0.4-py3-none-any.whl", hash = "sha256:9c824d87ba7f7ab4a1890799cec8596f15c1241cb473404ea1cb0c55e4b04746", size = 17912, upload-time = "2025-01-24T13:19:24.949Z" }, +] + +[[package]] +name = "setuptools" +version = "80.9.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/18/5d/3bf57dcd21979b887f014ea83c24ae194cfcd12b9e0fda66b957c69d1fca/setuptools-80.9.0.tar.gz", hash = "sha256:f36b47402ecde768dbfafc46e8e4207b4360c654f1f3bb84475f0a28628fb19c", size = 1319958, upload-time = "2025-05-27T00:56:51.443Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/a3/dc/17031897dae0efacfea57dfd3a82fdd2a2aeb58e0ff71b77b87e44edc772/setuptools-80.9.0-py3-none-any.whl", hash = "sha256:062d34222ad13e0cc312a4c02d73f059e86a4acbfbdea8f8f76b28c99f306922", size = 1201486, upload-time = "2025-05-27T00:56:49.664Z" }, +] + +[[package]] +name = "six" +version = "1.17.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/94/e7/b2c673351809dca68a0e064b6af791aa332cf192da575fd474ed7d6f16a2/six-1.17.0.tar.gz", hash = "sha256:ff70335d468e7eb6ec65b95b99d3a2836546063f63acc5171de367e834932a81", size = 34031, upload-time = "2024-12-04T17:35:28.174Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/b7/ce/149a00dd41f10bc29e5921b496af8b574d8413afcd5e30dfa0ed46c2cc5e/six-1.17.0-py2.py3-none-any.whl", hash = "sha256:4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274", size = 11050, upload-time = "2024-12-04T17:35:26.475Z" }, +] + +[[package]] +name = "ssvc" +source = { editable = "." } +dependencies = [ + { name = "dataclasses-json" }, + { name = "jsonschema" }, + { name = "markdown-exec" }, + { name = "mkdocs" }, + { name = "mkdocs-bibtex" }, + { name = "mkdocs-include-markdown-plugin" }, + { name = "mkdocs-material" }, + { name = "mkdocs-material-extensions" }, + { name = "mkdocs-print-site-plugin" }, + { name = "mkdocs-table-reader-plugin" }, + { name = "mkdocstrings" }, + { name = "mkdocstrings-python" }, + { name = "networkx" }, + { name = "pandas" }, + { name = "pydantic" }, + { name = "scikit-learn" }, + { name = "scipy", version = "1.15.3", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version < '3.11'" }, + { name = "scipy", version = "1.16.1", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version >= '3.11'" }, + { name = "semver" }, + { name = "thefuzz" }, +] + +[package.metadata] +requires-dist = [ + { name = "dataclasses-json" }, + { name = "jsonschema", specifier = "==4.25.0" }, + { name = "markdown-exec", specifier = "==1.11.0" }, + { name = "mkdocs", specifier = "==1.6.1" }, + { name = "mkdocs-bibtex", specifier = "==4.4.0" }, + { name = "mkdocs-include-markdown-plugin", specifier = "==7.1.6" }, + { name = "mkdocs-material", specifier = "==9.6.16" }, + { name = "mkdocs-material-extensions", specifier = "==1.3.1" }, + { name = "mkdocs-print-site-plugin", specifier = "==2.8" }, + { name = "mkdocs-table-reader-plugin", specifier = "==3.1.0" }, + { name = "mkdocstrings", specifier = "==0.30.0" }, + { name = "mkdocstrings-python", specifier = "==1.16.12" }, + { name = "networkx", specifier = "==3.4.2" }, + { name = "pandas", specifier = "==2.3.1" }, + { name = "pydantic", specifier = "==2.11.7" }, + { name = "scikit-learn", specifier = "==1.6.1" }, + { name = "scipy" }, + { name = "semver", specifier = "==3.0.4" }, + { name = "thefuzz", specifier = "==0.22.1" }, +] + +[[package]] +name = "tabulate" +version = "0.9.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/ec/fe/802052aecb21e3797b8f7902564ab6ea0d60ff8ca23952079064155d1ae1/tabulate-0.9.0.tar.gz", hash = "sha256:0095b12bf5966de529c0feb1fa08671671b3368eec77d7ef7ab114be2c068b3c", size = 81090, upload-time = "2022-10-06T17:21:48.54Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/40/44/4a5f08c96eb108af5cb50b41f76142f0afa346dfa99d5296fe7202a11854/tabulate-0.9.0-py3-none-any.whl", hash = "sha256:024ca478df22e9340661486f85298cff5f6dcdba14f3813e8830015b9ed1948f", size = 35252, upload-time = "2022-10-06T17:21:44.262Z" }, +] + +[[package]] +name = "thefuzz" +version = "0.22.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "rapidfuzz" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/81/4b/d3eb25831590d6d7d38c2f2e3561d3ba41d490dc89cd91d9e65e7c812508/thefuzz-0.22.1.tar.gz", hash = "sha256:7138039a7ecf540da323792d8592ef9902b1d79eb78c147d4f20664de79f3680", size = 19993, upload-time = "2024-01-19T19:18:23.135Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/82/4f/1695e70ceb3604f19eda9908e289c687ea81c4fecef4d90a9d1d0f2f7ae9/thefuzz-0.22.1-py3-none-any.whl", hash = "sha256:59729b33556850b90e1093c4cf9e618af6f2e4c985df193fdf3c5b5cf02ca481", size = 8245, upload-time = "2024-01-19T19:18:20.362Z" }, +] + +[[package]] +name = "threadpoolctl" +version = "3.6.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/b7/4d/08c89e34946fce2aec4fbb45c9016efd5f4d7f24af8e5d93296e935631d8/threadpoolctl-3.6.0.tar.gz", hash = "sha256:8ab8b4aa3491d812b623328249fab5302a68d2d71745c8a4c719a2fcaba9f44e", size = 21274, upload-time = "2025-03-13T13:49:23.031Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/32/d5/f9a850d79b0851d1d4ef6456097579a9005b31fea68726a4ae5f2d82ddd9/threadpoolctl-3.6.0-py3-none-any.whl", hash = "sha256:43a0b8fd5a2928500110039e43a5eed8480b918967083ea48dc3ab9f13c4a7fb", size = 18638, upload-time = "2025-03-13T13:49:21.846Z" }, +] + +[[package]] +name = "typing-extensions" +version = "4.14.1" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/98/5a/da40306b885cc8c09109dc2e1abd358d5684b1425678151cdaed4731c822/typing_extensions-4.14.1.tar.gz", hash = "sha256:38b39f4aeeab64884ce9f74c94263ef78f3c22467c8724005483154c26648d36", size = 107673, upload-time = "2025-07-04T13:28:34.16Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/b5/00/d631e67a838026495268c2f6884f3711a15a9a2a96cd244fdaea53b823fb/typing_extensions-4.14.1-py3-none-any.whl", hash = "sha256:d1e1e3b58374dc93031d6eda2420a48ea44a36c2b4766a4fdeb3710755731d76", size = 43906, upload-time = "2025-07-04T13:28:32.743Z" }, +] + +[[package]] +name = "typing-inspect" +version = "0.9.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "mypy-extensions" }, + { name = "typing-extensions" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/dc/74/1789779d91f1961fa9438e9a8710cdae6bd138c80d7303996933d117264a/typing_inspect-0.9.0.tar.gz", hash = "sha256:b23fc42ff6f6ef6954e4852c1fb512cdd18dbea03134f91f856a95ccc9461f78", size = 13825, upload-time = "2023-05-24T20:25:47.612Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/65/f3/107a22063bf27bdccf2024833d3445f4eea42b2e598abfbd46f6a63b6cb0/typing_inspect-0.9.0-py3-none-any.whl", hash = "sha256:9ee6fc59062311ef8547596ab6b955e1b8aa46242d854bfc78f4f6b0eff35f9f", size = 8827, upload-time = "2023-05-24T20:25:45.287Z" }, +] + +[[package]] +name = "typing-inspection" +version = "0.4.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "typing-extensions" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/f8/b1/0c11f5058406b3af7609f121aaa6b609744687f1d158b3c3a5bf4cc94238/typing_inspection-0.4.1.tar.gz", hash = "sha256:6ae134cc0203c33377d43188d4064e9b357dba58cff3185f22924610e70a9d28", size = 75726, upload-time = "2025-05-21T18:55:23.885Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/17/69/cd203477f944c353c31bade965f880aa1061fd6bf05ded0726ca845b6ff7/typing_inspection-0.4.1-py3-none-any.whl", hash = "sha256:389055682238f53b04f7badcb49b989835495a96700ced5dab2d8feae4b26f51", size = 14552, upload-time = "2025-05-21T18:55:22.152Z" }, +] + +[[package]] +name = "tzdata" +version = "2025.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/95/32/1a225d6164441be760d75c2c42e2780dc0873fe382da3e98a2e1e48361e5/tzdata-2025.2.tar.gz", hash = "sha256:b60a638fcc0daffadf82fe0f57e53d06bdec2f36c4df66280ae79bce6bd6f2b9", size = 196380, upload-time = "2025-03-23T13:54:43.652Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/5c/23/c7abc0ca0a1526a0774eca151daeb8de62ec457e77262b66b359c3c7679e/tzdata-2025.2-py2.py3-none-any.whl", hash = "sha256:1a403fada01ff9221ca8044d701868fa132215d84beb92242d9acd2147f667a8", size = 347839, upload-time = "2025-03-23T13:54:41.845Z" }, +] + +[[package]] +name = "urllib3" +version = "2.5.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/15/22/9ee70a2574a4f4599c47dd506532914ce044817c7752a79b6a51286319bc/urllib3-2.5.0.tar.gz", hash = "sha256:3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760", size = 393185, upload-time = "2025-06-18T14:07:41.644Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/a7/c2/fe1e52489ae3122415c51f387e221dd0773709bad6c6cdaa599e8a2c5185/urllib3-2.5.0-py3-none-any.whl", hash = "sha256:e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc", size = 129795, upload-time = "2025-06-18T14:07:40.39Z" }, +] + +[[package]] +name = "validators" +version = "0.35.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/53/66/a435d9ae49850b2f071f7ebd8119dd4e84872b01630d6736761e6e7fd847/validators-0.35.0.tar.gz", hash = "sha256:992d6c48a4e77c81f1b4daba10d16c3a9bb0dbb79b3a19ea847ff0928e70497a", size = 73399, upload-time = "2025-05-01T05:42:06.7Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/fa/6e/3e955517e22cbdd565f2f8b2e73d52528b14b8bcfdb04f62466b071de847/validators-0.35.0-py3-none-any.whl", hash = "sha256:e8c947097eae7892cb3d26868d637f79f47b4a0554bc6b80065dfe5aac3705dd", size = 44712, upload-time = "2025-05-01T05:42:04.203Z" }, +] + +[[package]] +name = "watchdog" +version = "6.0.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/db/7d/7f3d619e951c88ed75c6037b246ddcf2d322812ee8ea189be89511721d54/watchdog-6.0.0.tar.gz", hash = "sha256:9ddf7c82fda3ae8e24decda1338ede66e1c99883db93711d8fb941eaa2d8c282", size = 131220, upload-time = "2024-11-01T14:07:13.037Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/0c/56/90994d789c61df619bfc5ce2ecdabd5eeff564e1eb47512bd01b5e019569/watchdog-6.0.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:d1cdb490583ebd691c012b3d6dae011000fe42edb7a82ece80965b42abd61f26", size = 96390, upload-time = "2024-11-01T14:06:24.793Z" }, + { url = "https://files.pythonhosted.org/packages/55/46/9a67ee697342ddf3c6daa97e3a587a56d6c4052f881ed926a849fcf7371c/watchdog-6.0.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:bc64ab3bdb6a04d69d4023b29422170b74681784ffb9463ed4870cf2f3e66112", size = 88389, upload-time = "2024-11-01T14:06:27.112Z" }, + { url = "https://files.pythonhosted.org/packages/44/65/91b0985747c52064d8701e1075eb96f8c40a79df889e59a399453adfb882/watchdog-6.0.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:c897ac1b55c5a1461e16dae288d22bb2e412ba9807df8397a635d88f671d36c3", size = 89020, upload-time = "2024-11-01T14:06:29.876Z" }, + { url = "https://files.pythonhosted.org/packages/e0/24/d9be5cd6642a6aa68352ded4b4b10fb0d7889cb7f45814fb92cecd35f101/watchdog-6.0.0-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:6eb11feb5a0d452ee41f824e271ca311a09e250441c262ca2fd7ebcf2461a06c", size = 96393, upload-time = "2024-11-01T14:06:31.756Z" }, + { url = "https://files.pythonhosted.org/packages/63/7a/6013b0d8dbc56adca7fdd4f0beed381c59f6752341b12fa0886fa7afc78b/watchdog-6.0.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:ef810fbf7b781a5a593894e4f439773830bdecb885e6880d957d5b9382a960d2", size = 88392, upload-time = "2024-11-01T14:06:32.99Z" }, + { url = "https://files.pythonhosted.org/packages/d1/40/b75381494851556de56281e053700e46bff5b37bf4c7267e858640af5a7f/watchdog-6.0.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:afd0fe1b2270917c5e23c2a65ce50c2a4abb63daafb0d419fde368e272a76b7c", size = 89019, upload-time = "2024-11-01T14:06:34.963Z" }, + { url = "https://files.pythonhosted.org/packages/39/ea/3930d07dafc9e286ed356a679aa02d777c06e9bfd1164fa7c19c288a5483/watchdog-6.0.0-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:bdd4e6f14b8b18c334febb9c4425a878a2ac20efd1e0b231978e7b150f92a948", size = 96471, upload-time = "2024-11-01T14:06:37.745Z" }, + { url = "https://files.pythonhosted.org/packages/12/87/48361531f70b1f87928b045df868a9fd4e253d9ae087fa4cf3f7113be363/watchdog-6.0.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:c7c15dda13c4eb00d6fb6fc508b3c0ed88b9d5d374056b239c4ad1611125c860", size = 88449, upload-time = "2024-11-01T14:06:39.748Z" }, + { url = "https://files.pythonhosted.org/packages/5b/7e/8f322f5e600812e6f9a31b75d242631068ca8f4ef0582dd3ae6e72daecc8/watchdog-6.0.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:6f10cb2d5902447c7d0da897e2c6768bca89174d0c6e1e30abec5421af97a5b0", size = 89054, upload-time = "2024-11-01T14:06:41.009Z" }, + { url = "https://files.pythonhosted.org/packages/68/98/b0345cabdce2041a01293ba483333582891a3bd5769b08eceb0d406056ef/watchdog-6.0.0-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:490ab2ef84f11129844c23fb14ecf30ef3d8a6abafd3754a6f75ca1e6654136c", size = 96480, upload-time = "2024-11-01T14:06:42.952Z" }, + { url = "https://files.pythonhosted.org/packages/85/83/cdf13902c626b28eedef7ec4f10745c52aad8a8fe7eb04ed7b1f111ca20e/watchdog-6.0.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:76aae96b00ae814b181bb25b1b98076d5fc84e8a53cd8885a318b42b6d3a5134", size = 88451, upload-time = "2024-11-01T14:06:45.084Z" }, + { url = "https://files.pythonhosted.org/packages/fe/c4/225c87bae08c8b9ec99030cd48ae9c4eca050a59bf5c2255853e18c87b50/watchdog-6.0.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:a175f755fc2279e0b7312c0035d52e27211a5bc39719dd529625b1930917345b", size = 89057, upload-time = "2024-11-01T14:06:47.324Z" }, + { url = "https://files.pythonhosted.org/packages/30/ad/d17b5d42e28a8b91f8ed01cb949da092827afb9995d4559fd448d0472763/watchdog-6.0.0-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:c7ac31a19f4545dd92fc25d200694098f42c9a8e391bc00bdd362c5736dbf881", size = 87902, upload-time = "2024-11-01T14:06:53.119Z" }, + { url = "https://files.pythonhosted.org/packages/5c/ca/c3649991d140ff6ab67bfc85ab42b165ead119c9e12211e08089d763ece5/watchdog-6.0.0-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:9513f27a1a582d9808cf21a07dae516f0fab1cf2d7683a742c498b93eedabb11", size = 88380, upload-time = "2024-11-01T14:06:55.19Z" }, + { url = "https://files.pythonhosted.org/packages/a9/c7/ca4bf3e518cb57a686b2feb4f55a1892fd9a3dd13f470fca14e00f80ea36/watchdog-6.0.0-py3-none-manylinux2014_aarch64.whl", hash = "sha256:7607498efa04a3542ae3e05e64da8202e58159aa1fa4acddf7678d34a35d4f13", size = 79079, upload-time = "2024-11-01T14:06:59.472Z" }, + { url = "https://files.pythonhosted.org/packages/5c/51/d46dc9332f9a647593c947b4b88e2381c8dfc0942d15b8edc0310fa4abb1/watchdog-6.0.0-py3-none-manylinux2014_armv7l.whl", hash = "sha256:9041567ee8953024c83343288ccc458fd0a2d811d6a0fd68c4c22609e3490379", size = 79078, upload-time = "2024-11-01T14:07:01.431Z" }, + { url = "https://files.pythonhosted.org/packages/d4/57/04edbf5e169cd318d5f07b4766fee38e825d64b6913ca157ca32d1a42267/watchdog-6.0.0-py3-none-manylinux2014_i686.whl", hash = "sha256:82dc3e3143c7e38ec49d61af98d6558288c415eac98486a5c581726e0737c00e", size = 79076, upload-time = "2024-11-01T14:07:02.568Z" }, + { url = "https://files.pythonhosted.org/packages/ab/cc/da8422b300e13cb187d2203f20b9253e91058aaf7db65b74142013478e66/watchdog-6.0.0-py3-none-manylinux2014_ppc64.whl", hash = "sha256:212ac9b8bf1161dc91bd09c048048a95ca3a4c4f5e5d4a7d1b1a7d5752a7f96f", size = 79077, upload-time = "2024-11-01T14:07:03.893Z" }, + { url = "https://files.pythonhosted.org/packages/2c/3b/b8964e04ae1a025c44ba8e4291f86e97fac443bca31de8bd98d3263d2fcf/watchdog-6.0.0-py3-none-manylinux2014_ppc64le.whl", hash = "sha256:e3df4cbb9a450c6d49318f6d14f4bbc80d763fa587ba46ec86f99f9e6876bb26", size = 79078, upload-time = "2024-11-01T14:07:05.189Z" }, + { url = "https://files.pythonhosted.org/packages/62/ae/a696eb424bedff7407801c257d4b1afda455fe40821a2be430e173660e81/watchdog-6.0.0-py3-none-manylinux2014_s390x.whl", hash = "sha256:2cce7cfc2008eb51feb6aab51251fd79b85d9894e98ba847408f662b3395ca3c", size = 79077, upload-time = "2024-11-01T14:07:06.376Z" }, + { url = "https://files.pythonhosted.org/packages/b5/e8/dbf020b4d98251a9860752a094d09a65e1b436ad181faf929983f697048f/watchdog-6.0.0-py3-none-manylinux2014_x86_64.whl", hash = "sha256:20ffe5b202af80ab4266dcd3e91aae72bf2da48c0d33bdb15c66658e685e94e2", size = 79078, upload-time = "2024-11-01T14:07:07.547Z" }, + { url = "https://files.pythonhosted.org/packages/07/f6/d0e5b343768e8bcb4cda79f0f2f55051bf26177ecd5651f84c07567461cf/watchdog-6.0.0-py3-none-win32.whl", hash = "sha256:07df1fdd701c5d4c8e55ef6cf55b8f0120fe1aef7ef39a1c6fc6bc2e606d517a", size = 79065, upload-time = "2024-11-01T14:07:09.525Z" }, + { url = "https://files.pythonhosted.org/packages/db/d9/c495884c6e548fce18a8f40568ff120bc3a4b7b99813081c8ac0c936fa64/watchdog-6.0.0-py3-none-win_amd64.whl", hash = "sha256:cbafb470cf848d93b5d013e2ecb245d4aa1c8fd0504e863ccefa32445359d680", size = 79070, upload-time = "2024-11-01T14:07:10.686Z" }, + { url = "https://files.pythonhosted.org/packages/33/e8/e40370e6d74ddba47f002a32919d91310d6074130fe4e17dabcafc15cbf1/watchdog-6.0.0-py3-none-win_ia64.whl", hash = "sha256:a1914259fa9e1454315171103c6a30961236f508b9b623eae470268bbcc6a22f", size = 79067, upload-time = "2024-11-01T14:07:11.845Z" }, +] + +[[package]] +name = "wcmatch" +version = "10.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "bracex" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/79/3e/c0bdc27cf06f4e47680bd5803a07cb3dfd17de84cde92dd217dcb9e05253/wcmatch-10.1.tar.gz", hash = "sha256:f11f94208c8c8484a16f4f48638a85d771d9513f4ab3f37595978801cb9465af", size = 117421, upload-time = "2025-06-22T19:14:02.49Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/eb/d8/0d1d2e9d3fabcf5d6840362adcf05f8cf3cd06a73358140c3a97189238ae/wcmatch-10.1-py3-none-any.whl", hash = "sha256:5848ace7dbb0476e5e55ab63c6bbd529745089343427caa5537f230cc01beb8a", size = 39854, upload-time = "2025-06-22T19:14:00.978Z" }, +] From 4707b60097037bf991d9c3ac5b44b8525038cc01 Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Tue, 19 Aug 2025 17:40:03 +0200 Subject: [PATCH 264/468] Namespace ABNF - addresses parts of CERTCC/SSVC#858 - update decision to match current ABNF - minor format updates and clarifications --- docs/adr/0012-ssvc-namespaces.md | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/docs/adr/0012-ssvc-namespaces.md b/docs/adr/0012-ssvc-namespaces.md index 4b386380..7175b794 100644 --- a/docs/adr/0012-ssvc-namespaces.md +++ b/docs/adr/0012-ssvc-namespaces.md @@ -48,17 +48,25 @@ based on other sources). main project. We use the `cvss` namespace to contain CVSS vector elements. **Unregistered namespaces** for objects that we do not create or maintain, but -that others may want for their own use. Unregistered namespaces must start with -an `x_` prefix followed by a reverse domain name, such as `x_org.example`. +that others may want for their own use. Unregistered namespaces must start with +an `x_` prefix followed by a reverse domain name and conclude with a fragment, +such as `x_example.test#test`. Unregistered namespaces are intended for experimental or private use. !!! example A government agency might create a set of decision points for internal use - using the `x_example.agency` namespace. This allows them to use SSVC objects - of their own design alongside existig SSVC objects without needing to + using the `x_example.agency#internal` namespace. This allows them to use SSVC + objects of their own design alongside existig SSVC objects without needing to register their namespace with the SSVC project. +!!! example + + A government agency might create a set of decision points for interagency use + using the `x_example.agency#interagency` namespace. This allows them to use, + organize and share SSVC objects based on their namespace value without the + need for maintaining an external list. + **Namespace extensions** for objects that are derived from other objects in an registered or unregistered namespace. Extensions are not intended to be used to introduce new objects, but rather to refine existing objects with additional data @@ -69,9 +77,10 @@ interpretation of a decision point in a specific context. !!! example - An ISAO (Information Sharing and Analyzing Organization) might want to refine the meaning of decision point values for their - constituency, and could use `ssvc//example.isao` as the namespace for their - collection of extensions. + An ISAO (Information Sharing and Analyzing Organization) might want to refine + the meaning of decision point values for their constituency, and could use + `ssvc//.example.isao#constituency-1` as the namespace for their collection + of extensions. ### Consequences From e8547df97d327ad3c68d5b67ba72cbedfb37ead4 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 19 Aug 2025 11:41:18 -0400 Subject: [PATCH 265/468] we don't use dataclasses-json anymore --- src/pyproject.toml | 1 - src/uv.lock | 49 ---------------------------------------------- 2 files changed, 50 deletions(-) diff --git a/src/pyproject.toml b/src/pyproject.toml index 66c01339..ea9058c4 100644 --- a/src/pyproject.toml +++ b/src/pyproject.toml @@ -39,7 +39,6 @@ dependencies = [ "mkdocs-include-markdown-plugin==7.1.6", "pandas==2.3.1", "scipy", - "dataclasses-json", "jsonschema==4.25.0", "mkdocs-bibtex==4.4.0", "mkdocs-table-reader-plugin==3.1.0", diff --git a/src/uv.lock b/src/uv.lock index 6eb176b1..42539081 100644 --- a/src/uv.lock +++ b/src/uv.lock @@ -151,19 +151,6 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/d1/d6/3965ed04c63042e047cb6a3e6ed1a63a35087b6a609aa3a15ed8ac56c221/colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6", size = 25335, upload-time = "2022-10-25T02:36:20.889Z" }, ] -[[package]] -name = "dataclasses-json" -version = "0.6.7" -source = { registry = "https://pypi.org/simple" } -dependencies = [ - { name = "marshmallow" }, - { name = "typing-inspect" }, -] -sdist = { url = "https://files.pythonhosted.org/packages/64/a4/f71d9cf3a5ac257c993b5ca3f93df5f7fb395c725e7f1e6479d2514173c3/dataclasses_json-0.6.7.tar.gz", hash = "sha256:b6b3e528266ea45b9535223bc53ca645f5208833c29229e847b3f26a1cc55fc0", size = 32227, upload-time = "2024-06-09T16:20:19.103Z" } -wheels = [ - { url = "https://files.pythonhosted.org/packages/c3/be/d0d44e092656fe7a06b55e6103cbce807cdbdee17884a5367c68c9860853/dataclasses_json-0.6.7-py3-none-any.whl", hash = "sha256:0dbf33f26c8d5305befd61b39d2b3414e8a407bedc2834dea9b8d642666fb40a", size = 28686, upload-time = "2024-06-09T16:20:16.715Z" }, -] - [[package]] name = "ghp-import" version = "2.1.0" @@ -333,18 +320,6 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/4f/65/6079a46068dfceaeabb5dcad6d674f5f5c61a6fa5673746f42a9f4c233b3/MarkupSafe-3.0.2-cp313-cp313t-win_amd64.whl", hash = "sha256:e444a31f8db13eb18ada366ab3cf45fd4b31e4db1236a4448f68778c1d1a5a2f", size = 15739, upload-time = "2024-10-18T15:21:42.784Z" }, ] -[[package]] -name = "marshmallow" -version = "3.26.1" -source = { registry = "https://pypi.org/simple" } -dependencies = [ - { name = "packaging" }, -] -sdist = { url = "https://files.pythonhosted.org/packages/ab/5e/5e53d26b42ab75491cda89b871dab9e97c840bf12c63ec58a1919710cd06/marshmallow-3.26.1.tar.gz", hash = "sha256:e6d8affb6cb61d39d26402096dc0aee12d5a26d490a121f118d2e81dc0719dc6", size = 221825, upload-time = "2025-02-03T15:32:25.093Z" } -wheels = [ - { url = "https://files.pythonhosted.org/packages/34/75/51952c7b2d3873b44a0028b1bd26a25078c18f92f256608e8d1dc61b39fd/marshmallow-3.26.1-py3-none-any.whl", hash = "sha256:3350409f20a70a7e4e11a27661187b77cdcaeb20abca41c1454fe33636bea09c", size = 50878, upload-time = "2025-02-03T15:32:22.295Z" }, -] - [[package]] name = "mergedeep" version = "1.3.4" @@ -527,15 +502,6 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/3b/dd/a24ee3de56954bfafb6ede7cd63c2413bb842cc48eb45e41c43a05a33074/mkdocstrings_python-1.16.12-py3-none-any.whl", hash = "sha256:22ded3a63b3d823d57457a70ff9860d5a4de9e8b1e482876fc9baabaf6f5f374", size = 124287, upload-time = "2025-06-03T12:52:47.819Z" }, ] -[[package]] -name = "mypy-extensions" -version = "1.1.0" -source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/a2/6e/371856a3fb9d31ca8dac321cda606860fa4548858c0cc45d9d1d4ca2628b/mypy_extensions-1.1.0.tar.gz", hash = "sha256:52e68efc3284861e772bbcd66823fde5ae21fd2fdb51c62a211403730b916558", size = 6343, upload-time = "2025-04-22T14:54:24.164Z" } -wheels = [ - { url = "https://files.pythonhosted.org/packages/79/7b/2c79738432f5c924bef5071f933bcc9efd0473bac3b4aa584a6f7c1c8df8/mypy_extensions-1.1.0-py3-none-any.whl", hash = "sha256:1be4cccdb0f2482337c4743e60421de3a356cd97508abadd57d47403e94f5505", size = 4963, upload-time = "2025-04-22T14:54:22.983Z" }, -] - [[package]] name = "networkx" version = "3.4.2" @@ -1460,7 +1426,6 @@ wheels = [ name = "ssvc" source = { editable = "." } dependencies = [ - { name = "dataclasses-json" }, { name = "jsonschema" }, { name = "markdown-exec" }, { name = "mkdocs" }, @@ -1484,7 +1449,6 @@ dependencies = [ [package.metadata] requires-dist = [ - { name = "dataclasses-json" }, { name = "jsonschema", specifier = "==4.25.0" }, { name = "markdown-exec", specifier = "==1.11.0" }, { name = "mkdocs", specifier = "==1.6.1" }, @@ -1544,19 +1508,6 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/b5/00/d631e67a838026495268c2f6884f3711a15a9a2a96cd244fdaea53b823fb/typing_extensions-4.14.1-py3-none-any.whl", hash = "sha256:d1e1e3b58374dc93031d6eda2420a48ea44a36c2b4766a4fdeb3710755731d76", size = 43906, upload-time = "2025-07-04T13:28:32.743Z" }, ] -[[package]] -name = "typing-inspect" -version = "0.9.0" -source = { registry = "https://pypi.org/simple" } -dependencies = [ - { name = "mypy-extensions" }, - { name = "typing-extensions" }, -] -sdist = { url = "https://files.pythonhosted.org/packages/dc/74/1789779d91f1961fa9438e9a8710cdae6bd138c80d7303996933d117264a/typing_inspect-0.9.0.tar.gz", hash = "sha256:b23fc42ff6f6ef6954e4852c1fb512cdd18dbea03134f91f856a95ccc9461f78", size = 13825, upload-time = "2023-05-24T20:25:47.612Z" } -wheels = [ - { url = "https://files.pythonhosted.org/packages/65/f3/107a22063bf27bdccf2024833d3445f4eea42b2e598abfbd46f6a63b6cb0/typing_inspect-0.9.0-py3-none-any.whl", hash = "sha256:9ee6fc59062311ef8547596ab6b955e1b8aa46242d854bfc78f4f6b0eff35f9f", size = 8827, upload-time = "2023-05-24T20:25:45.287Z" }, -] - [[package]] name = "typing-inspection" version = "0.4.1" From d67b3571232c276ee453b8ff166c43402886cfef Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 19 Aug 2025 12:35:33 -0400 Subject: [PATCH 266/468] update require ments.txt --- requirements.txt | 1094 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 1077 insertions(+), 17 deletions(-) diff --git a/requirements.txt b/requirements.txt index a664977e..34093b13 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,17 +1,1077 @@ -mkdocs==1.6.1 -mkdocs-bibtex==4.4.0 -mkdocs-include-markdown-plugin==7.1.6 -mkdocs-table-reader-plugin==3.1.0 -mkdocs-material==9.6.16 -mkdocs-material-extensions==1.3.1 -mkdocstrings==0.30.0 -mkdocstrings-python==1.16.12 -mkdocs-print-site-plugin==2.8 -markdown-exec==1.11.0 -thefuzz==0.22.1 -pandas==2.3.1 -scikit-learn==1.6.1 -jsonschema==4.25.0 -networkx==3.4.2 -pydantic==2.11.7 -semver==3.0.4 \ No newline at end of file +# This file was autogenerated by uv via the following command: +# uv export -o ../requirements.txt +-e . +annotated-types==0.7.0 \ + --hash=sha256:1f02e8b43a8fbbc3f3e0d4f0f4bfc8131bcb4eebe8849b8e5c773f3a1c582a53 \ + --hash=sha256:aff07c09a53a08bc8cfccb9c85b05f1aa9a2a6f23728d790723543408344ce89 + # via pydantic +attrs==25.3.0 \ + --hash=sha256:427318ce031701fea540783410126f03899a97ffc6f61596ad581ac2e40e3bc3 \ + --hash=sha256:75d7cefc7fb576747b2c81b4442d4d4a1ce0900973527c011d1030fd3bf4af1b + # via + # jsonschema + # referencing +babel==2.17.0 \ + --hash=sha256:0c54cffb19f690cdcc52a3b50bcbf71e07a808d1c80d549f2459b9d2cf0afb9d \ + --hash=sha256:4d0b53093fdfb4b21c92b5213dba5a1b23885afa8383709427046b21c366e5f2 + # via mkdocs-material +backrefs==5.9 \ + --hash=sha256:6907635edebbe9b2dc3de3a2befff44d74f30a4562adbb8b36f21252ea19c5cf \ + --hash=sha256:7fdf9771f63e6028d7fee7e0c497c81abda597ea45d6b8f89e8ad76994f5befa \ + --hash=sha256:808548cb708d66b82ee231f962cb36faaf4f2baab032f2fbb783e9c2fdddaa59 \ + --hash=sha256:cc37b19fa219e93ff825ed1fed8879e47b4d89aa7a1884860e2db64ccd7c676b \ + --hash=sha256:db8e8ba0e9de81fcd635f440deab5ae5f2591b54ac1ebe0550a2ca063488cd9f \ + --hash=sha256:df5e169836cc8acb5e440ebae9aad4bf9d15e226d3bad049cf3f6a5c20cc8dc9 \ + --hash=sha256:f48ee18f6252b8f5777a22a00a09a85de0ca931658f1dd96d4406a34f3748c60 + # via mkdocs-material +bracex==2.6 \ + --hash=sha256:0b0049264e7340b3ec782b5cb99beb325f36c3782a32e36e876452fd49a09952 \ + --hash=sha256:98f1347cd77e22ee8d967a30ad4e310b233f7754dbf31ff3fceb76145ba47dc7 + # via wcmatch +certifi==2025.8.3 \ + --hash=sha256:e564105f78ded564e3ae7c923924435e1daa7463faeab5bb932bc53ffae63407 \ + --hash=sha256:f6c12493cfb1b06ba2ff328595af9350c65d6644968e5d3a2ffd78699af217a5 + # via requests +charset-normalizer==3.4.3 \ + --hash=sha256:00237675befef519d9af72169d8604a067d92755e84fe76492fef5441db05b91 \ + --hash=sha256:02425242e96bcf29a49711b0ca9f37e451da7c70562bc10e8ed992a5a7a25cc0 \ + --hash=sha256:027b776c26d38b7f15b26a5da1044f376455fb3766df8fc38563b4efbc515154 \ + --hash=sha256:07a0eae9e2787b586e129fdcbe1af6997f8d0e5abaa0bc98c0e20e124d67e601 \ + --hash=sha256:0cacf8f7297b0c4fcb74227692ca46b4a5852f8f4f24b3c766dd94a1075c4884 \ + --hash=sha256:0e78314bdc32fa80696f72fa16dc61168fda4d6a0c014e0380f9d02f0e5d8a07 \ + --hash=sha256:13faeacfe61784e2559e690fc53fa4c5ae97c6fcedb8eb6fb8d0a15b475d2c64 \ + --hash=sha256:14c2a87c65b351109f6abfc424cab3927b3bdece6f706e4d12faaf3d52ee5efe \ + --hash=sha256:1606f4a55c0fd363d754049cdf400175ee96c992b1f8018b993941f221221c5f \ + --hash=sha256:18343b2d246dc6761a249ba1fb13f9ee9a2bcd95decc767319506056ea4ad4dc \ + --hash=sha256:18b97b8404387b96cdbd30ad660f6407799126d26a39ca65729162fd810a99aa \ + --hash=sha256:1bb60174149316da1c35fa5233681f7c0f9f514509b8e399ab70fea5f17e45c9 \ + --hash=sha256:1e8ac75d72fa3775e0b7cb7e4629cec13b7514d928d15ef8ea06bca03ef01cae \ + --hash=sha256:2001a39612b241dae17b4687898843f254f8748b796a2e16f1051a17078d991d \ + --hash=sha256:30a96e1e1f865f78b030d65241c1ee850cdf422d869e9028e2fc1d5e4db73b92 \ + --hash=sha256:30d006f98569de3459c2fc1f2acde170b7b2bd265dc1943e87e1a4efe1b67c31 \ + --hash=sha256:31a9a6f775f9bcd865d88ee350f0ffb0e25936a7f930ca98995c05abf1faf21c \ + --hash=sha256:320e8e66157cc4e247d9ddca8e21f427efc7a04bbd0ac8a9faf56583fa543f9f \ + --hash=sha256:3cd35b7e8aedeb9e34c41385fda4f73ba609e561faedfae0a9e75e44ac558a15 \ + --hash=sha256:3cfb2aad70f2c6debfbcb717f23b7eb55febc0bb23dcffc0f076009da10c6392 \ + --hash=sha256:416175faf02e4b0810f1f38bcb54682878a4af94059a1cd63b8747244420801f \ + --hash=sha256:41d1fc408ff5fdfb910200ec0e74abc40387bccb3252f3f27c0676731df2b2c8 \ + --hash=sha256:42e5088973e56e31e4fa58eb6bd709e42fc03799c11c42929592889a2e54c491 \ + --hash=sha256:4ca4c094de7771a98d7fbd67d9e5dbf1eb73efa4f744a730437d8a3a5cf994f0 \ + --hash=sha256:53cd68b185d98dde4ad8990e56a58dea83a4162161b1ea9272e5c9182ce415e0 \ + --hash=sha256:585f3b2a80fbd26b048a0be90c5aae8f06605d3c92615911c3a2b03a8a3b796f \ + --hash=sha256:6aab0f181c486f973bc7262a97f5aca3ee7e1437011ef0c2ec04b5a11d16c927 \ + --hash=sha256:6cf8fd4c04756b6b60146d98cd8a77d0cdae0e1ca20329da2ac85eed779b6849 \ + --hash=sha256:6fb70de56f1859a3f71261cbe41005f56a7842cc348d3aeb26237560bfa5e0ce \ + --hash=sha256:6fce4b8500244f6fcb71465d4a4930d132ba9ab8e71a7859e6a5d59851068d14 \ + --hash=sha256:73dc19b562516fc9bcf6e5d6e596df0b4eb98d87e4f79f3ae71840e6ed21361c \ + --hash=sha256:74d77e25adda8581ffc1c720f1c81ca082921329452eba58b16233ab1842141c \ + --hash=sha256:78deba4d8f9590fe4dae384aeff04082510a709957e968753ff3c48399f6f92a \ + --hash=sha256:86df271bf921c2ee3818f0522e9a5b8092ca2ad8b065ece5d7d9d0e9f4849bcc \ + --hash=sha256:8dcfc373f888e4fb39a7bc57e93e3b845e7f462dacc008d9749568b1c4ece096 \ + --hash=sha256:939578d9d8fd4299220161fdd76e86c6a251987476f5243e8864a7844476ba14 \ + --hash=sha256:96b2b3d1a83ad55310de8c7b4a2d04d9277d5591f40761274856635acc5fcb30 \ + --hash=sha256:b256ee2e749283ef3ddcff51a675ff43798d92d746d1a6e4631bf8c707d22d0b \ + --hash=sha256:b89bc04de1d83006373429975f8ef9e7932534b8cc9ca582e4db7d20d91816db \ + --hash=sha256:bd28b817ea8c70215401f657edef3a8aa83c29d447fb0b622c35403780ba11d5 \ + --hash=sha256:c6dbd0ccdda3a2ba7c2ecd9d77b37f3b5831687d8dc1b6ca5f56a4880cc7b7ce \ + --hash=sha256:c6e490913a46fa054e03699c70019ab869e990270597018cef1d8562132c2669 \ + --hash=sha256:c6f162aabe9a91a309510d74eeb6507fab5fff92337a15acbe77753d88d9dcf0 \ + --hash=sha256:c6fd51128a41297f5409deab284fecbe5305ebd7e5a1f959bee1c054622b7018 \ + --hash=sha256:cc34f233c9e71701040d772aa7490318673aa7164a0efe3172b2981218c26d93 \ + --hash=sha256:cc9370a2da1ac13f0153780040f465839e6cccb4a1e44810124b4e22483c93fe \ + --hash=sha256:ccf600859c183d70eb47e05a44cd80a4ce77394d1ac0f79dbd2dd90a69a3a049 \ + --hash=sha256:ce571ab16d890d23b5c278547ba694193a45011ff86a9162a71307ed9f86759a \ + --hash=sha256:cf1ebb7d78e1ad8ec2a8c4732c7be2e736f6e5123a4146c5b89c9d1f585f8cef \ + --hash=sha256:d0e909868420b7049dafd3a31d45125b31143eec59235311fc4c57ea26a4acd2 \ + --hash=sha256:d716a916938e03231e86e43782ca7878fb602a125a91e7acb8b5112e2e96ac16 \ + --hash=sha256:d79c198e27580c8e958906f803e63cddb77653731be08851c7df0b1a14a8fc0f \ + --hash=sha256:e28e334d3ff134e88989d90ba04b47d84382a828c061d0d1027b1b12a62b39b1 \ + --hash=sha256:fb6fecfd65564f208cbf0fba07f107fb661bcd1a7c389edbced3f7a493f70e37 \ + --hash=sha256:fb7f67a1bfa6e40b438170ebdc8158b78dc465a5a67b6dde178a46987b244a72 \ + --hash=sha256:fd10de089bcdcd1be95a2f73dbe6254798ec1bda9f450d5828c96f93e2536b9c \ + --hash=sha256:fdabf8315679312cfa71302f9bd509ded4f2f263fb5b765cf1433b39106c3cc9 + # via requests +click==8.2.1 \ + --hash=sha256:27c491cc05d968d271d5a1db13e3b5a184636d9d930f148c50b038f0d0646202 \ + --hash=sha256:61a3265b914e850b85317d0b3109c7f8cd35a670f963866005d6ef1d5175a12b + # via mkdocs +colorama==0.4.6 \ + --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \ + --hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6 + # via + # click + # griffe + # mkdocs + # mkdocs-material +ghp-import==2.1.0 \ + --hash=sha256:8337dd7b50877f163d4c0289bc1f1c7f127550241988d568c1db512c4324a619 \ + --hash=sha256:9c535c4c61193c2df8871222567d7fd7e5014d835f97dc7b7439069e2413d343 + # via mkdocs +griffe==1.12.1 \ + --hash=sha256:29f5a6114c0aeda7d9c86a570f736883f8a2c5b38b57323d56b3d1c000565567 \ + --hash=sha256:2d7c12334de00089c31905424a00abcfd931b45b8b516967f224133903d302cc + # via mkdocstrings-python +idna==3.10 \ + --hash=sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9 \ + --hash=sha256:946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3 + # via requests +jinja2==3.1.6 \ + --hash=sha256:0137fb05990d35f1275a587e9aee6d56da821fc83491a0fb838183be43f66d6d \ + --hash=sha256:85ece4451f492d0c13c5dd7c13a64681a86afae63a5f347908daf103ce6d2f67 + # via + # mkdocs + # mkdocs-material + # mkdocstrings +joblib==1.5.1 \ + --hash=sha256:4719a31f054c7d766948dcd83e9613686b27114f190f717cec7eaa2084f8a74a \ + --hash=sha256:f4f86e351f39fe3d0d32a9f2c3d8af1ee4cec285aafcb27003dda5205576b444 + # via scikit-learn +jsonschema==4.25.0 \ + --hash=sha256:24c2e8da302de79c8b9382fee3e76b355e44d2a4364bb207159ce10b517bd716 \ + --hash=sha256:e63acf5c11762c0e6672ffb61482bdf57f0876684d8d249c0fe2d730d48bc55f + # via ssvc +jsonschema-specifications==2025.4.1 \ + --hash=sha256:4653bffbd6584f7de83a67e0d620ef16900b390ddc7939d56684d6c81e33f1af \ + --hash=sha256:630159c9f4dbea161a6a2205c3011cc4f18ff381b189fff48bb39b9bf26ae608 + # via jsonschema +latexcodec==3.0.1 \ + --hash=sha256:a9eb8200bff693f0437a69581f7579eb6bca25c4193515c09900ce76451e452e \ + --hash=sha256:e78a6911cd72f9dec35031c6ec23584de6842bfbc4610a9678868d14cdfb0357 + # via pybtex +markdown==3.8.2 \ + --hash=sha256:247b9a70dd12e27f67431ce62523e675b866d254f900c4fe75ce3dda62237c45 \ + --hash=sha256:5c83764dbd4e00bdd94d85a19b8d55ccca20fe35b2e678a1422b380324dd5f24 + # via + # mkdocs + # mkdocs-autorefs + # mkdocs-material + # mkdocstrings + # pymdown-extensions +markdown-exec==1.11.0 \ + --hash=sha256:0526957984980f55c02b425d32e8ac8bb21090c109c7012ff905d3ddcc468ceb \ + --hash=sha256:e0313a0dff715869a311d24853b3a7ecbbaa12e74eb0f3cf7d91401a7d8f0082 + # via ssvc +markupsafe==3.0.2 \ + --hash=sha256:0bff5e0ae4ef2e1ae4fdf2dfd5b76c75e5c2fa4132d05fc1b0dabcd20c7e28c4 \ + --hash=sha256:0f4ca02bea9a23221c0182836703cbf8930c5e9454bacce27e767509fa286a30 \ + --hash=sha256:131a3c7689c85f5ad20f9f6fb1b866f402c445b220c19fe4308c0b147ccd2ad9 \ + --hash=sha256:15ab75ef81add55874e7ab7055e9c397312385bd9ced94920f2802310c930396 \ + --hash=sha256:1c99d261bd2d5f6b59325c92c73df481e05e57f19837bdca8413b9eac4bd8028 \ + --hash=sha256:1e084f686b92e5b83186b07e8a17fc09e38fff551f3602b249881fec658d3eca \ + --hash=sha256:2181e67807fc2fa785d0592dc2d6206c019b9502410671cc905d132a92866557 \ + --hash=sha256:2cb8438c3cbb25e220c2ab33bb226559e7afb3baec11c4f218ffa7308603c832 \ + --hash=sha256:3809ede931876f5b2ec92eef964286840ed3540dadf803dd570c3b7e13141a3b \ + --hash=sha256:38a9ef736c01fccdd6600705b09dc574584b89bea478200c5fbf112a6b0d5579 \ + --hash=sha256:3d79d162e7be8f996986c064d1c7c817f6df3a77fe3d6859f6f9e7be4b8c213a \ + --hash=sha256:444dcda765c8a838eaae23112db52f1efaf750daddb2d9ca300bcae1039adc5c \ + --hash=sha256:4aa4e5faecf353ed117801a068ebab7b7e09ffb6e1d5e412dc852e0da018126c \ + --hash=sha256:52305740fe773d09cffb16f8ed0427942901f00adedac82ec8b67752f58a1b22 \ + --hash=sha256:569511d3b58c8791ab4c2e1285575265991e6d8f8700c7be0e88f86cb0672094 \ + --hash=sha256:57cb5a3cf367aeb1d316576250f65edec5bb3be939e9247ae594b4bcbc317dfb \ + --hash=sha256:5b02fb34468b6aaa40dfc198d813a641e3a63b98c2b05a16b9f80b7ec314185e \ + --hash=sha256:6381026f158fdb7c72a168278597a5e3a5222e83ea18f543112b2662a9b699c5 \ + --hash=sha256:6af100e168aa82a50e186c82875a5893c5597a0c1ccdb0d8b40240b1f28b969a \ + --hash=sha256:6c89876f41da747c8d3677a2b540fb32ef5715f97b66eeb0c6b66f5e3ef6f59d \ + --hash=sha256:70a87b411535ccad5ef2f1df5136506a10775d267e197e4cf531ced10537bd6b \ + --hash=sha256:7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8 \ + --hash=sha256:846ade7b71e3536c4e56b386c2a47adf5741d2d8b94ec9dc3e92e5e1ee1e2225 \ + --hash=sha256:88416bd1e65dcea10bc7569faacb2c20ce071dd1f87539ca2ab364bf6231393c \ + --hash=sha256:8e06879fc22a25ca47312fbe7c8264eb0b662f6db27cb2d3bbbc74b1df4b9b87 \ + --hash=sha256:9025b4018f3a1314059769c7bf15441064b2207cb3f065e6ea1e7359cb46db9d \ + --hash=sha256:93335ca3812df2f366e80509ae119189886b0f3c2b81325d39efdb84a1e2ae93 \ + --hash=sha256:9778bd8ab0a994ebf6f84c2b949e65736d5575320a17ae8984a77fab08db94cf \ + --hash=sha256:9e2d922824181480953426608b81967de705c3cef4d1af983af849d7bd619158 \ + --hash=sha256:a123e330ef0853c6e822384873bef7507557d8e4a082961e1defa947aa59ba84 \ + --hash=sha256:a904af0a6162c73e3edcb969eeeb53a63ceeb5d8cf642fade7d39e7963a22ddb \ + --hash=sha256:ad10d3ded218f1039f11a75f8091880239651b52e9bb592ca27de44eed242a48 \ + --hash=sha256:b424c77b206d63d500bcb69fa55ed8d0e6a3774056bdc4839fc9298a7edca171 \ + --hash=sha256:b5a6b3ada725cea8a5e634536b1b01c30bcdcd7f9c6fff4151548d5bf6b3a36c \ + --hash=sha256:ba8062ed2cf21c07a9e295d5b8a2a5ce678b913b45fdf68c32d95d6c1291e0b6 \ + --hash=sha256:ba9527cdd4c926ed0760bc301f6728ef34d841f405abf9d4f959c478421e4efd \ + --hash=sha256:bbcb445fa71794da8f178f0f6d66789a28d7319071af7a496d4d507ed566270d \ + --hash=sha256:bcf3e58998965654fdaff38e58584d8937aa3096ab5354d493c77d1fdd66d7a1 \ + --hash=sha256:c0ef13eaeee5b615fb07c9a7dadb38eac06a0608b41570d8ade51c56539e509d \ + --hash=sha256:cabc348d87e913db6ab4aa100f01b08f481097838bdddf7c7a84b7575b7309ca \ + --hash=sha256:cdb82a876c47801bb54a690c5ae105a46b392ac6099881cdfb9f6e95e4014c6a \ + --hash=sha256:d16a81a06776313e817c951135cf7340a3e91e8c1ff2fac444cfd75fffa04afe \ + --hash=sha256:d8213e09c917a951de9d09ecee036d5c7d36cb6cb7dbaece4c71a60d79fb9798 \ + --hash=sha256:e07c3764494e3776c602c1e78e298937c3315ccc9043ead7e685b7f2b8d47b3c \ + --hash=sha256:e17c96c14e19278594aa4841ec148115f9c7615a47382ecb6b82bd8fea3ab0c8 \ + --hash=sha256:e444a31f8db13eb18ada366ab3cf45fd4b31e4db1236a4448f68778c1d1a5a2f \ + --hash=sha256:e6a2a455bd412959b57a172ce6328d2dd1f01cb2135efda2e4576e8a23fa3b0f \ + --hash=sha256:ee55d3edf80167e48ea11a923c7386f4669df67d7994554387f84e7d8b0a2bf0 \ + --hash=sha256:f3818cb119498c0678015754eba762e0d61e5b52d34c8b13d770f0719f7b1d79 \ + --hash=sha256:f8b3d067f2e40fe93e1ccdd6b2e1d16c43140e76f02fb1319a05cf2b79d99430 \ + --hash=sha256:fcabf5ff6eea076f859677f5f0b6b5c1a51e70a376b0579e0eadef8db48c6b50 + # via + # jinja2 + # mkdocs + # mkdocs-autorefs + # mkdocstrings +mergedeep==1.3.4 \ + --hash=sha256:0096d52e9dad9939c3d975a774666af186eda617e6ca84df4c94dec30004f2a8 \ + --hash=sha256:70775750742b25c0d8f36c55aed03d24c3384d17c951b3175d898bd778ef0307 + # via + # mkdocs + # mkdocs-get-deps +mkdocs==1.6.1 \ + --hash=sha256:7b432f01d928c084353ab39c57282f29f92136665bdd6abf7c1ec8d822ef86f2 \ + --hash=sha256:db91759624d1647f3f34aa0c3f327dd2601beae39a366d6e064c03468d35c20e + # via + # mkdocs-autorefs + # mkdocs-bibtex + # mkdocs-include-markdown-plugin + # mkdocs-material + # mkdocs-table-reader-plugin + # mkdocstrings + # ssvc +mkdocs-autorefs==1.4.2 \ + --hash=sha256:83d6d777b66ec3c372a1aad4ae0cf77c243ba5bcda5bf0c6b8a2c5e7a3d89f13 \ + --hash=sha256:e2ebe1abd2b67d597ed19378c0fff84d73d1dbce411fce7a7cc6f161888b6749 + # via + # mkdocstrings + # mkdocstrings-python +mkdocs-bibtex==4.4.0 \ + --hash=sha256:32a1e0624ab0e0edc3539a90a5ffe0a2cb965f03ad5df8746a9fc9e049b6778b \ + --hash=sha256:fc0ce0f9641b63f900585a48cc09f5817345bbaba1435abf361e21fafe279723 + # via ssvc +mkdocs-get-deps==0.2.0 \ + --hash=sha256:162b3d129c7fad9b19abfdcb9c1458a651628e4b1dea628ac68790fb3061c60c \ + --hash=sha256:2bf11d0b133e77a0dd036abeeb06dec8775e46efa526dc70667d8863eefc6134 + # via mkdocs +mkdocs-include-markdown-plugin==7.1.6 \ + --hash=sha256:7975a593514887c18ecb68e11e35c074c5499cfa3e51b18cd16323862e1f7345 \ + --hash=sha256:a0753cb82704c10a287f1e789fc9848f82b6beb8749814b24b03dd9f67816677 + # via ssvc +mkdocs-material==9.6.16 \ + --hash=sha256:8d1a1282b892fe1fdf77bfeb08c485ba3909dd743c9ba69a19a40f637c6ec18c \ + --hash=sha256:d07011df4a5c02ee0877496d9f1bfc986cfb93d964799b032dd99fe34c0e9d19 + # via + # mkdocs-print-site-plugin + # ssvc +mkdocs-material-extensions==1.3.1 \ + --hash=sha256:10c9511cea88f568257f960358a467d12b970e1f7b2c0e5fb2bb48cab1928443 \ + --hash=sha256:adff8b62700b25cb77b53358dad940f3ef973dd6db797907c49e3c2ef3ab4e31 + # via + # mkdocs-material + # ssvc +mkdocs-print-site-plugin==2.8 \ + --hash=sha256:838bd0a9b7141c11c0f1fdaa51ffe70c35740bec1f07c0806f8018e92f93f9da \ + --hash=sha256:ab1c89cdb468352975e3bb3bb0ef25dcc2bb88931b03f173206dc95ab02f843f + # via ssvc +mkdocs-table-reader-plugin==3.1.0 \ + --hash=sha256:50a1302661c14d96b90ba0434ae96110441e0c653ce23559e3c6911fe79e7bd2 \ + --hash=sha256:eb15688ee8c0cd1a842f506f18973b87be22bd7baa5e2e551089de6b7f9ec25b + # via ssvc +mkdocstrings==0.30.0 \ + --hash=sha256:5d8019b9c31ddacd780b6784ffcdd6f21c408f34c0bd1103b5351d609d5b4444 \ + --hash=sha256:ae9e4a0d8c1789697ac776f2e034e2ddd71054ae1cf2c2bb1433ccfd07c226f2 + # via + # mkdocstrings-python + # ssvc +mkdocstrings-python==1.16.12 \ + --hash=sha256:22ded3a63b3d823d57457a70ff9860d5a4de9e8b1e482876fc9baabaf6f5f374 \ + --hash=sha256:9b9eaa066e0024342d433e332a41095c4e429937024945fea511afe58f63175d + # via ssvc +networkx==3.4.2 \ + --hash=sha256:307c3669428c5362aab27c8a1260aa8f47c4e91d3891f48be0141738d8d053e1 \ + --hash=sha256:df5d4365b724cf81b8c6a7312509d0c22386097011ad1abe274afd5e9d3bbc5f + # via ssvc +numpy==2.2.6 ; python_full_version < '3.11' \ + --hash=sha256:038613e9fb8c72b0a41f025a7e4c3f0b7a1b5d768ece4796b674c8f3fe13efff \ + --hash=sha256:0678000bb9ac1475cd454c6b8c799206af8107e310843532b04d49649c717a47 \ + --hash=sha256:0811bb762109d9708cca4d0b13c4f67146e3c3b7cf8d34018c722adb2d957c84 \ + --hash=sha256:0b605b275d7bd0c640cad4e5d30fa701a8d59302e127e5f79138ad62762c3e3d \ + --hash=sha256:0bca768cd85ae743b2affdc762d617eddf3bcf8724435498a1e80132d04879e6 \ + --hash=sha256:1bc23a79bfabc5d056d106f9befb8d50c31ced2fbc70eedb8155aec74a45798f \ + --hash=sha256:287cc3162b6f01463ccd86be154f284d0893d2b3ed7292439ea97eafa8170e0b \ + --hash=sha256:37c0ca431f82cd5fa716eca9506aefcabc247fb27ba69c5062a6d3ade8cf8f49 \ + --hash=sha256:37e990a01ae6ec7fe7fa1c26c55ecb672dd98b19c3d0e1d1f326fa13cb38d163 \ + --hash=sha256:389d771b1623ec92636b0786bc4ae56abafad4a4c513d36a55dce14bd9ce8571 \ + --hash=sha256:3d70692235e759f260c3d837193090014aebdf026dfd167834bcba43e30c2a42 \ + --hash=sha256:41c5a21f4a04fa86436124d388f6ed60a9343a6f767fced1a8a71c3fbca038ff \ + --hash=sha256:481b49095335f8eed42e39e8041327c05b0f6f4780488f61286ed3c01368d491 \ + --hash=sha256:4eeaae00d789f66c7a25ac5f34b71a7035bb474e679f410e5e1a94deb24cf2d4 \ + --hash=sha256:55a4d33fa519660d69614a9fad433be87e5252f4b03850642f88993f7b2ca566 \ + --hash=sha256:5a6429d4be8ca66d889b7cf70f536a397dc45ba6faeb5f8c5427935d9592e9cf \ + --hash=sha256:5bd4fc3ac8926b3819797a7c0e2631eb889b4118a9898c84f585a54d475b7e40 \ + --hash=sha256:5beb72339d9d4fa36522fc63802f469b13cdbe4fdab4a288f0c441b74272ebfd \ + --hash=sha256:6031dd6dfecc0cf9f668681a37648373bddd6421fff6c66ec1624eed0180ee06 \ + --hash=sha256:71594f7c51a18e728451bb50cc60a3ce4e6538822731b2933209a1f3614e9282 \ + --hash=sha256:74d4531beb257d2c3f4b261bfb0fc09e0f9ebb8842d82a7b4209415896adc680 \ + --hash=sha256:7befc596a7dc9da8a337f79802ee8adb30a552a94f792b9c9d18c840055907db \ + --hash=sha256:894b3a42502226a1cac872f840030665f33326fc3dac8e57c607905773cdcde3 \ + --hash=sha256:8e41fd67c52b86603a91c1a505ebaef50b3314de0213461c7a6e99c9a3beff90 \ + --hash=sha256:8e9ace4a37db23421249ed236fdcdd457d671e25146786dfc96835cd951aa7c1 \ + --hash=sha256:8fc377d995680230e83241d8a96def29f204b5782f371c532579b4f20607a289 \ + --hash=sha256:9551a499bf125c1d4f9e250377c1ee2eddd02e01eac6644c080162c0c51778ab \ + --hash=sha256:b0544343a702fa80c95ad5d3d608ea3599dd54d4632df855e4c8d24eb6ecfa1c \ + --hash=sha256:b093dd74e50a8cba3e873868d9e93a85b78e0daf2e98c6797566ad8044e8363d \ + --hash=sha256:b412caa66f72040e6d268491a59f2c43bf03eb6c96dd8f0307829feb7fa2b6fb \ + --hash=sha256:b4f13750ce79751586ae2eb824ba7e1e8dba64784086c98cdbbcc6a42112ce0d \ + --hash=sha256:b64d8d4d17135e00c8e346e0a738deb17e754230d7e0810ac5012750bbd85a5a \ + --hash=sha256:ba10f8411898fc418a521833e014a77d3ca01c15b0c6cdcce6a0d2897e6dbbdf \ + --hash=sha256:bd48227a919f1bafbdda0583705e547892342c26fb127219d60a5c36882609d1 \ + --hash=sha256:c1f9540be57940698ed329904db803cf7a402f3fc200bfe599334c9bd84a40b2 \ + --hash=sha256:c820a93b0255bc360f53eca31a0e676fd1101f673dda8da93454a12e23fc5f7a \ + --hash=sha256:ce47521a4754c8f4593837384bd3424880629f718d87c5d44f8ed763edd63543 \ + --hash=sha256:d042d24c90c41b54fd506da306759e06e568864df8ec17ccc17e9e884634fd00 \ + --hash=sha256:de749064336d37e340f640b05f24e9e3dd678c57318c7289d222a8a2f543e90c \ + --hash=sha256:e1dda9c7e08dc141e0247a5b8f49cf05984955246a327d4c48bda16821947b2f \ + --hash=sha256:e29554e2bef54a90aa5cc07da6ce955accb83f21ab5de01a62c8478897b264fd \ + --hash=sha256:e3143e4451880bed956e706a3220b4e5cf6172ef05fcc397f6f36a550b1dd868 \ + --hash=sha256:e8213002e427c69c45a52bbd94163084025f533a55a59d6f9c5b820774ef3303 \ + --hash=sha256:efd28d4e9cd7d7a8d39074a4d44c63eda73401580c5c76acda2ce969e0a38e83 \ + --hash=sha256:f0fd6321b839904e15c46e0d257fdd101dd7f530fe03fd6359c1ea63738703f3 \ + --hash=sha256:f1372f041402e37e5e633e586f62aa53de2eac8d98cbfb822806ce4bbefcb74d \ + --hash=sha256:f2618db89be1b4e05f7a1a847a9c1c0abd63e63a1607d892dd54668dd92faf87 \ + --hash=sha256:f447e6acb680fd307f40d3da4852208af94afdfab89cf850986c3ca00562f4fa \ + --hash=sha256:f92729c95468a2f4f15e9bb94c432a9229d0d50de67304399627a943201baa2f \ + --hash=sha256:f9f1adb22318e121c5c69a09142811a201ef17ab257a1e66ca3025065b7f53ae \ + --hash=sha256:fc0c5673685c508a142ca65209b4e79ed6740a4ed6b2267dbba90f34b0b3cfda \ + --hash=sha256:fc7b73d02efb0e18c000e9ad8b83480dfcd5dfd11065997ed4c6747470ae8915 \ + --hash=sha256:fd83c01228a688733f1ded5201c678f0c53ecc1006ffbc404db9f7a899ac6249 \ + --hash=sha256:fe27749d33bb772c80dcd84ae7e8df2adc920ae8297400dabec45f0dedb3f6de \ + --hash=sha256:fee4236c876c4e8369388054d02d0e9bb84821feb1a64dd59e137e6511a551f8 + # via + # pandas + # scikit-learn + # scipy +numpy==2.3.2 ; python_full_version >= '3.11' \ + --hash=sha256:07b62978075b67eee4065b166d000d457c82a1efe726cce608b9db9dd66a73a5 \ + --hash=sha256:087ffc25890d89a43536f75c5fe8770922008758e8eeeef61733957041ed2f9b \ + --hash=sha256:092aeb3449833ea9c0bf0089d70c29ae480685dd2377ec9cdbbb620257f84631 \ + --hash=sha256:095737ed986e00393ec18ec0b21b47c22889ae4b0cd2d5e88342e08b01141f58 \ + --hash=sha256:0a4f2021a6da53a0d580d6ef5db29947025ae8b35b3250141805ea9a32bbe86b \ + --hash=sha256:103ea7063fa624af04a791c39f97070bf93b96d7af7eb23530cd087dc8dbe9dc \ + --hash=sha256:11e58218c0c46c80509186e460d79fbdc9ca1eb8d8aee39d8f2dc768eb781089 \ + --hash=sha256:122bf5ed9a0221b3419672493878ba4967121514b1d7d4656a7580cd11dddcbf \ + --hash=sha256:14a91ebac98813a49bc6aa1a0dfc09513dcec1d97eaf31ca21a87221a1cdcb15 \ + --hash=sha256:1f91e5c028504660d606340a084db4b216567ded1056ea2b4be4f9d10b67197f \ + --hash=sha256:20b8200721840f5621b7bd03f8dcd78de33ec522fc40dc2641aa09537df010c3 \ + --hash=sha256:240259d6564f1c65424bcd10f435145a7644a65a6811cfc3201c4a429ba79170 \ + --hash=sha256:2738534837c6a1d0c39340a190177d7d66fdf432894f469728da901f8f6dc910 \ + --hash=sha256:27c9f90e7481275c7800dc9c24b7cc40ace3fdb970ae4d21eaff983a32f70c91 \ + --hash=sha256:293b2192c6bcce487dbc6326de5853787f870aeb6c43f8f9c6496db5b1781e45 \ + --hash=sha256:2c3271cc4097beb5a60f010bcc1cc204b300bb3eafb4399376418a83a1c6373c \ + --hash=sha256:2f4f0215edb189048a3c03bd5b19345bdfa7b45a7a6f72ae5945d2a28272727f \ + --hash=sha256:3dcf02866b977a38ba3ec10215220609ab9667378a9e2150615673f3ffd6c73b \ + --hash=sha256:4209f874d45f921bde2cff1ffcd8a3695f545ad2ffbef6d3d3c6768162efab89 \ + --hash=sha256:448a66d052d0cf14ce9865d159bfc403282c9bc7bb2a31b03cc18b651eca8b1a \ + --hash=sha256:4ae6863868aaee2f57503c7a5052b3a2807cf7a3914475e637a0ecd366ced220 \ + --hash=sha256:4d002ecf7c9b53240be3bb69d80f86ddbd34078bae04d87be81c1f58466f264e \ + --hash=sha256:4e6ecfeddfa83b02318f4d84acf15fbdbf9ded18e46989a15a8b6995dfbf85ab \ + --hash=sha256:508b0eada3eded10a3b55725b40806a4b855961040180028f52580c4729916a2 \ + --hash=sha256:546aaf78e81b4081b2eba1d105c3b34064783027a06b3ab20b6eba21fb64132b \ + --hash=sha256:572d5512df5470f50ada8d1972c5f1082d9a0b7aa5944db8084077570cf98370 \ + --hash=sha256:5ad4ebcb683a1f99f4f392cc522ee20a18b2bb12a2c1c42c3d48d5a1adc9d3d2 \ + --hash=sha256:66459dccc65d8ec98cc7df61307b64bf9e08101f9598755d42d8ae65d9a7a6ee \ + --hash=sha256:6936aff90dda378c09bea075af0d9c675fe3a977a9d2402f95a87f440f59f619 \ + --hash=sha256:69779198d9caee6e547adb933941ed7520f896fd9656834c300bdf4dd8642712 \ + --hash=sha256:6f1ae3dcb840edccc45af496f312528c15b1f79ac318169d094e85e4bb35fdf1 \ + --hash=sha256:71669b5daae692189540cffc4c439468d35a3f84f0c88b078ecd94337f6cb0ec \ + --hash=sha256:72c6df2267e926a6d5286b0a6d556ebe49eae261062059317837fda12ddf0c1a \ + --hash=sha256:72dbebb2dcc8305c431b2836bcc66af967df91be793d63a24e3d9b741374c450 \ + --hash=sha256:754d6755d9a7588bdc6ac47dc4ee97867271b17cee39cb87aef079574366db0a \ + --hash=sha256:76c3e9501ceb50b2ff3824c3589d5d1ab4ac857b0ee3f8f49629d0de55ecf7c2 \ + --hash=sha256:7a0e27186e781a69959d0230dd9909b5e26024f8da10683bd6344baea1885168 \ + --hash=sha256:7d6e390423cc1f76e1b8108c9b6889d20a7a1f59d9a60cac4a050fa734d6c1e2 \ + --hash=sha256:8145dd6d10df13c559d1e4314df29695613575183fa2e2d11fac4c208c8a1f73 \ + --hash=sha256:8446acd11fe3dc1830568c941d44449fd5cb83068e5c70bd5a470d323d448296 \ + --hash=sha256:852ae5bed3478b92f093e30f785c98e0cb62fa0a939ed057c31716e18a7a22b9 \ + --hash=sha256:87c930d52f45df092f7578889711a0768094debf73cfcde105e2d66954358125 \ + --hash=sha256:8b1224a734cd509f70816455c3cffe13a4f599b1bf7130f913ba0e2c0b2006c0 \ + --hash=sha256:8dc082ea901a62edb8f59713c6a7e28a85daddcb67454c839de57656478f5b19 \ + --hash=sha256:906a30249315f9c8e17b085cc5f87d3f369b35fedd0051d4a84686967bdbbd0b \ + --hash=sha256:938065908d1d869c7d75d8ec45f735a034771c6ea07088867f713d1cd3bbbe4f \ + --hash=sha256:9c144440db4bf3bb6372d2c3e49834cc0ff7bb4c24975ab33e01199e645416f2 \ + --hash=sha256:9e196ade2400c0c737d93465327d1ae7c06c7cb8a1756121ebf54b06ca183c7f \ + --hash=sha256:a3ef07ec8cbc8fc9e369c8dcd52019510c12da4de81367d8b20bc692aa07573a \ + --hash=sha256:a7af9ed2aa9ec5950daf05bb11abc4076a108bd3c7db9aa7251d5f107079b6a6 \ + --hash=sha256:a9f66e7d2b2d7712410d3bc5684149040ef5f19856f20277cd17ea83e5006286 \ + --hash=sha256:aa098a5ab53fa407fded5870865c6275a5cd4101cfdef8d6fafc48286a96e981 \ + --hash=sha256:af58de8745f7fa9ca1c0c7c943616c6fe28e75d0c81f5c295810e3c83b5be92f \ + --hash=sha256:b05a89f2fb84d21235f93de47129dd4f11c16f64c87c33f5e284e6a3a54e43f2 \ + --hash=sha256:b5e40e80299607f597e1a8a247ff8d71d79c5b52baa11cc1cce30aa92d2da6e0 \ + --hash=sha256:b9d0878b21e3918d76d2209c924ebb272340da1fb51abc00f986c258cd5e957b \ + --hash=sha256:bc3186bea41fae9d8e90c2b4fb5f0a1f5a690682da79b92574d63f56b529080b \ + --hash=sha256:c63d95dc9d67b676e9108fe0d2182987ccb0f11933c1e8959f42fa0da8d4fa56 \ + --hash=sha256:c771cfac34a4f2c0de8e8c97312d07d64fd8f8ed45bc9f5726a7e947270152b5 \ + --hash=sha256:c8d9727f5316a256425892b043736d63e89ed15bbfe6556c5ff4d9d4448ff3b3 \ + --hash=sha256:cbc95b3813920145032412f7e33d12080f11dc776262df1712e1638207dde9e8 \ + --hash=sha256:cefc2219baa48e468e3db7e706305fcd0c095534a192a08f31e98d83a7d45fb0 \ + --hash=sha256:d95f59afe7f808c103be692175008bab926b59309ade3e6d25009e9a171f7036 \ + --hash=sha256:dd937f088a2df683cbb79dda9a772b62a3e5a8a7e76690612c2737f38c6ef1b6 \ + --hash=sha256:de6ea4e5a65d5a90c7d286ddff2b87f3f4ad61faa3db8dabe936b34c2275b6f8 \ + --hash=sha256:e0486a11ec30cdecb53f184d496d1c6a20786c81e55e41640270130056f8ee48 \ + --hash=sha256:ee807923782faaf60d0d7331f5e86da7d5e3079e28b291973c545476c2b00d07 \ + --hash=sha256:efc81393f25f14d11c9d161e46e6ee348637c0a1e8a54bf9dedc472a3fae993b \ + --hash=sha256:f0a1a8476ad77a228e41619af2fa9505cf69df928e9aaa165746584ea17fed2b \ + --hash=sha256:f75018be4980a7324edc5930fe39aa391d5734531b1926968605416ff58c332d \ + --hash=sha256:f92d6c2a8535dc4fe4419562294ff957f83a16ebdec66df0805e473ffaad8bd0 \ + --hash=sha256:fb1752a3bb9a3ad2d6b090b88a9a0ae1cd6f004ef95f75825e2f382c183b2097 \ + --hash=sha256:fc927d7f289d14f5e037be917539620603294454130b6de200091e23d27dc9be \ + --hash=sha256:fed5527c4cf10f16c6d0b6bee1f89958bccb0ad2522c8cadc2efd318bcd545f5 + # via + # pandas + # scikit-learn + # scipy +packaging==25.0 \ + --hash=sha256:29572ef2b1f17581046b3a2227d5c611fb25ec70ca1ba8554b24b0e69331a484 \ + --hash=sha256:d443872c98d677bf60f6a1f2f8c1cb748e8fe762d2bf9d3148b5599295b0fc4f + # via mkdocs +paginate==0.5.7 \ + --hash=sha256:22bd083ab41e1a8b4f3690544afb2c60c25e5c9a63a30fa2f483f6c60c8e5945 \ + --hash=sha256:b885e2af73abcf01d9559fd5216b57ef722f8c42affbb63942377668e35c7591 + # via mkdocs-material +pandas==2.3.1 \ + --hash=sha256:025e92411c16cbe5bb2a4abc99732a6b132f439b8aab23a59fa593eb00704232 \ + --hash=sha256:0a95b9ac964fe83ce317827f80304d37388ea77616b1425f0ae41c9d2d0d7bb2 \ + --hash=sha256:0f951fbb702dacd390561e0ea45cdd8ecfa7fb56935eb3dd78e306c19104b9b0 \ + --hash=sha256:1b916a627919a247d865aed068eb65eb91a344b13f5b57ab9f610b7716c92de1 \ + --hash=sha256:1c78cf43c8fde236342a1cb2c34bcff89564a7bfed7e474ed2fffa6aed03a956 \ + --hash=sha256:22c2e866f7209ebc3a8f08d75766566aae02bcc91d196935a1d9e59c7b990ac9 \ + --hash=sha256:2b0540963d83431f5ce8870ea02a7430adca100cec8a050f0811f8e31035541b \ + --hash=sha256:2ba6aff74075311fc88504b1db890187a3cd0f887a5b10f5525f8e2ef55bfdb9 \ + --hash=sha256:2eb789ae0274672acbd3c575b0598d213345660120a257b47b5dafdc618aec83 \ + --hash=sha256:2f4d6feeba91744872a600e6edbbd5b033005b431d5ae8379abee5bcfa479fab \ + --hash=sha256:3462c3735fe19f2638f2c3a40bd94ec2dc5ba13abbb032dd2fa1f540a075509d \ + --hash=sha256:3583d348546201aff730c8c47e49bc159833f971c2899d6097bce68b9112a4f1 \ + --hash=sha256:4d544806b485ddf29e52d75b1f559142514e60ef58a832f74fb38e48d757b299 \ + --hash=sha256:56a342b231e8862c96bdb6ab97170e203ce511f4d0429589c8ede1ee8ece48b8 \ + --hash=sha256:5db9637dbc24b631ff3707269ae4559bce4b7fd75c1c4d7e13f40edc42df4444 \ + --hash=sha256:689968e841136f9e542020698ee1c4fbe9caa2ed2213ae2388dc7b81721510d3 \ + --hash=sha256:6de8547d4fdb12421e2d047a2c446c623ff4c11f47fddb6b9169eb98ffba485a \ + --hash=sha256:6f3bf5ec947526106399a9e1d26d40ee2b259c66422efdf4de63c848492d91bb \ + --hash=sha256:782647ddc63c83133b2506912cc6b108140a38a37292102aaa19c81c83db2928 \ + --hash=sha256:7dcb79bf373a47d2a40cf7232928eb7540155abbc460925c2c96d2d30b006eb4 \ + --hash=sha256:8dfc17328e8da77be3cf9f47509e5637ba8f137148ed0e9b5241e1baf526e20a \ + --hash=sha256:9026bd4a80108fac2239294a15ef9003c4ee191a0f64b90f170b40cfb7cf2d22 \ + --hash=sha256:911580460fc4884d9b05254b38a6bfadddfcc6aaef856fb5859e7ca202e45275 \ + --hash=sha256:98bcc8b5bf7afed22cc753a28bc4d9e26e078e777066bc53fac7904ddef9a678 \ + --hash=sha256:9b7ff55f31c4fcb3e316e8f7fa194566b286d6ac430afec0d461163312c5841e \ + --hash=sha256:ac942bfd0aca577bef61f2bc8da8147c4ef6879965ef883d8e8d5d2dc3e744b8 \ + --hash=sha256:b3cd4273d3cb3707b6fffd217204c52ed92859533e31dc03b7c5008aa933aaab \ + --hash=sha256:ca7ed14832bce68baef331f4d7f294411bed8efd032f8109d690df45e00c4679 \ + --hash=sha256:cd05b72ec02ebfb993569b4931b2e16fbb4d6ad6ce80224a3ee838387d83a191 \ + --hash=sha256:e5635178b387bd2ba4ac040f82bc2ef6e6b500483975c4ebacd34bec945fda12 \ + --hash=sha256:e6723a27ad7b244c0c79d8e7007092d7c8f0f11305770e2f4cd778b3ad5f9f85 \ + --hash=sha256:ec6c851509364c59a5344458ab935e6451b31b818be467eb24b0fe89bd05b6b9 \ + --hash=sha256:fe37e757f462d31a9cd7580236a82f353f5713a80e059a29753cf938c6775d96 \ + --hash=sha256:fe67dc676818c186d5a3d5425250e40f179c2a89145df477dd82945eaea89e97 \ + --hash=sha256:fe7317f578c6a153912bd2292f02e40c1d8f253e93c599e82620c7f69755c74f + # via + # mkdocs-table-reader-plugin + # ssvc +pathspec==0.12.1 \ + --hash=sha256:a0d503e138a4c123b27490a4f7beda6a01c6f288df0e4a8b79c7eb0dc7b4cc08 \ + --hash=sha256:a482d51503a1ab33b1c67a6c3813a26953dbdc71c31dacaef9a838c4e29f5712 + # via mkdocs +platformdirs==4.3.8 \ + --hash=sha256:3d512d96e16bcb959a814c9f348431070822a6496326a4be0911c40b5a74c2bc \ + --hash=sha256:ff7059bb7eb1179e2685604f4aaf157cfd9535242bd23742eadc3c13542139b4 + # via mkdocs-get-deps +pybtex==0.25.1 \ + --hash=sha256:9053b0d619409a0a83f38abad5d9921de5f7b3ede00742beafcd9f10ad0d8c5c \ + --hash=sha256:9eaf90267c7e83e225af89fea65c370afbf65f458220d3946a9e3049e1eca491 + # via mkdocs-bibtex +pydantic==2.11.7 \ + --hash=sha256:d989c3c6cb79469287b1569f7447a17848c998458d49ebe294e975b9baf0f0db \ + --hash=sha256:dde5df002701f6de26248661f6835bbe296a47bf73990135c7d07ce741b9623b + # via ssvc +pydantic-core==2.33.2 \ + --hash=sha256:0069c9acc3f3981b9ff4cdfaf088e98d83440a4c7ea1bc07460af3d4dc22e72d \ + --hash=sha256:031c57d67ca86902726e0fae2214ce6770bbe2f710dc33063187a68744a5ecac \ + --hash=sha256:0405262705a123b7ce9f0b92f123334d67b70fd1f20a9372b907ce1080c7ba02 \ + --hash=sha256:04a1a413977ab517154eebb2d326da71638271477d6ad87a769102f7c2488c56 \ + --hash=sha256:0a39979dcbb70998b0e505fb1556a1d550a0781463ce84ebf915ba293ccb7e22 \ + --hash=sha256:0a9f2c9dd19656823cb8250b0724ee9c60a82f3cdf68a080979d13092a3b0fef \ + --hash=sha256:0e03262ab796d986f978f79c943fc5f620381be7287148b8010b4097f79a39ec \ + --hash=sha256:0e5b2671f05ba48b94cb90ce55d8bdcaaedb8ba00cc5359f6810fc918713983d \ + --hash=sha256:0fb2d542b4d66f9470e8065c5469ec676978d625a8b7a363f07d9a501a9cb36a \ + --hash=sha256:1082dd3e2d7109ad8b7da48e1d4710c8d06c253cbc4a27c1cff4fbcaa97a9e3f \ + --hash=sha256:1a8695a8d00c73e50bff9dfda4d540b7dee29ff9b8053e38380426a85ef10052 \ + --hash=sha256:1e063337ef9e9820c77acc768546325ebe04ee38b08703244c1309cccc4f1bab \ + --hash=sha256:1ea40a64d23faa25e62a70ad163571c0b342b8bf66d5fa612ac0dec4f069d916 \ + --hash=sha256:2058a32994f1fde4ca0480ab9d1e75a0e8c87c22b53a3ae66554f9af78f2fe8c \ + --hash=sha256:235f45e5dbcccf6bd99f9f472858849f73d11120d76ea8707115415f8e5ebebf \ + --hash=sha256:2b0a451c263b01acebe51895bfb0e1cc842a5c666efe06cdf13846c7418caa9a \ + --hash=sha256:2b3d326aaef0c0399d9afffeb6367d5e26ddc24d351dbc9c636840ac355dc5d8 \ + --hash=sha256:2bfb5112df54209d820d7bf9317c7a6c9025ea52e49f46b6a2060104bba37de7 \ + --hash=sha256:2f82865531efd18d6e07a04a17331af02cb7a651583c418df8266f17a63c6612 \ + --hash=sha256:329467cecfb529c925cf2bbd4d60d2c509bc2fb52a20c1045bf09bb70971a9c1 \ + --hash=sha256:3c6db6e52c6d70aa0d00d45cdb9b40f0433b96380071ea80b09277dba021ddf7 \ + --hash=sha256:3dc625f4aa79713512d1976fe9f0bc99f706a9dee21dfd1810b4bbbf228d0e8a \ + --hash=sha256:4b25d91e288e2c4e0662b8038a28c6a07eaac3e196cfc4ff69de4ea3db992a1b \ + --hash=sha256:4c5b0a576fb381edd6d27f0a85915c6daf2f8138dc5c267a57c08a62900758c7 \ + --hash=sha256:4e61206137cbc65e6d5256e1166f88331d3b6238e082d9f74613b9b765fb9025 \ + --hash=sha256:52fb90784e0a242bb96ec53f42196a17278855b0f31ac7c3cc6f5c1ec4811849 \ + --hash=sha256:572c7e6c8bb4774d2ac88929e3d1f12bc45714ae5ee6d9a788a9fb35e60bb04b \ + --hash=sha256:5c4aa4e82353f65e548c476b37e64189783aa5384903bfea4f41580f255fddfa \ + --hash=sha256:5c92edd15cd58b3c2d34873597a1e20f13094f59cf88068adb18947df5455b4e \ + --hash=sha256:5f483cfb75ff703095c59e365360cb73e00185e01aaea067cd19acffd2ab20ea \ + --hash=sha256:61c18fba8e5e9db3ab908620af374db0ac1baa69f0f32df4f61ae23f15e586ac \ + --hash=sha256:6368900c2d3ef09b69cb0b913f9f8263b03786e5b2a387706c5afb66800efd51 \ + --hash=sha256:64632ff9d614e5eecfb495796ad51b0ed98c453e447a76bcbeeb69615079fc7e \ + --hash=sha256:65132b7b4a1c0beded5e057324b7e16e10910c106d43675d9bd87d4f38dde162 \ + --hash=sha256:6b99022f1d19bc32a4c2a0d544fc9a76e3be90f0b3f4af413f87d38749300e65 \ + --hash=sha256:6bdfe4b3789761f3bcb4b1ddf33355a71079858958e3a552f16d5af19768fef2 \ + --hash=sha256:73662edf539e72a9440129f231ed3757faab89630d291b784ca99237fb94db2b \ + --hash=sha256:73cf6373c21bc80b2e0dc88444f41ae60b2f070ed02095754eb5a01df12256de \ + --hash=sha256:7cb8bc3605c29176e1b105350d2e6474142d7c1bd1d9327c4a9bdb46bf827acc \ + --hash=sha256:82f68293f055f51b51ea42fafc74b6aad03e70e191799430b90c13d643059ebb \ + --hash=sha256:87b31b6846e361ef83fedb187bb5b4372d0da3f7e28d85415efa92d6125d6e6d \ + --hash=sha256:881b21b5549499972441da4758d662aeea93f1923f953e9cbaff14b8b9565aef \ + --hash=sha256:8f57a69461af2a5fa6e6bbd7a5f60d3b7e6cebb687f55106933188e79ad155c1 \ + --hash=sha256:95237e53bb015f67b63c91af7518a62a8660376a6a0db19b89acc77a4d6199f5 \ + --hash=sha256:96081f1605125ba0855dfda83f6f3df5ec90c61195421ba72223de35ccfb2f88 \ + --hash=sha256:9cb1da0f5a471435a7bc7e439b8a728e8b61e59784b2af70d7c169f8dd8ae290 \ + --hash=sha256:9fdac5d6ffa1b5a83bca06ffe7583f5576555e6c8b3a91fbd25ea7780f825f7d \ + --hash=sha256:a11c8d26a50bfab49002947d3d237abe4d9e4b5bdc8846a63537b6488e197808 \ + --hash=sha256:a144d4f717285c6d9234a66778059f33a89096dfb9b39117663fd8413d582dcc \ + --hash=sha256:a7ec89dc587667f22b6a0b6579c249fca9026ce7c333fc142ba42411fa243cdc \ + --hash=sha256:aa9d91b338f2df0508606f7009fde642391425189bba6d8c653afd80fd6bb64e \ + --hash=sha256:b0379a2b24882fef529ec3b4987cb5d003b9cda32256024e6fe1586ac45fc640 \ + --hash=sha256:bc7aee6f634a6f4a95676fcb5d6559a2c2a390330098dba5e5a5f28a2e4ada30 \ + --hash=sha256:bdc25f3681f7b78572699569514036afe3c243bc3059d3942624e936ec93450e \ + --hash=sha256:c083a3bdd5a93dfe480f1125926afcdbf2917ae714bdb80b36d34318b2bec5d9 \ + --hash=sha256:c2fc0a768ef76c15ab9238afa6da7f69895bb5d1ee83aeea2e3509af4472d0b9 \ + --hash=sha256:c52b02ad8b4e2cf14ca7b3d918f3eb0ee91e63b3167c32591e57c4317e134f8f \ + --hash=sha256:c8e7af2f4e0194c22b5b37205bfb293d166a7344a5b0d0eaccebc376546d77d5 \ + --hash=sha256:cca3868ddfaccfbc4bfb1d608e2ccaaebe0ae628e1416aeb9c4d88c001bb45ab \ + --hash=sha256:d53b22f2032c42eaaf025f7c40c2e3b94568ae077a606f006d206a463bc69572 \ + --hash=sha256:d87c561733f66531dced0da6e864f44ebf89a8fba55f31407b00c2f7f9449593 \ + --hash=sha256:d946c8bf0d5c24bf4fe333af284c59a19358aa3ec18cb3dc4370080da1e8ad29 \ + --hash=sha256:db4b41f9bd95fbe5acd76d89920336ba96f03e149097365afe1cb092fceb89a1 \ + --hash=sha256:dc46a01bf8d62f227d5ecee74178ffc448ff4e5197c756331f71efcc66dc980f \ + --hash=sha256:dd14041875d09cc0f9308e37a6f8b65f5585cf2598a53aa0123df8b129d481f8 \ + --hash=sha256:de4b83bb311557e439b9e186f733f6c645b9417c84e2eb8203f3f820a4b988bf \ + --hash=sha256:e799c050df38a639db758c617ec771fd8fb7a5f8eaaa4b27b101f266b216a246 \ + --hash=sha256:e80b087132752f6b3d714f041ccf74403799d3b23a72722ea2e6ba2e892555b9 \ + --hash=sha256:eb8c529b2819c37140eb51b914153063d27ed88e3bdc31b71198a198e921e011 \ + --hash=sha256:efec8db3266b76ef9607c2c4c419bdb06bf335ae433b80816089ea7585816f6a \ + --hash=sha256:f517ca031dfc037a9c07e748cefd8d96235088b83b4f4ba8939105d20fa1dcd6 \ + --hash=sha256:f889f7a40498cc077332c7ab6b4608d296d852182211787d4f3ee377aaae66e8 \ + --hash=sha256:f8de619080e944347f5f20de29a975c2d815d9ddd8be9b9b7268e2e3ef68605a \ + --hash=sha256:f941635f2a3d96b2973e867144fde513665c87f13fe0e193c158ac51bfaaa7b2 \ + --hash=sha256:fa754d1850735a0b0e03bcffd9d4b4343eb417e47196e4485d9cca326073a42c \ + --hash=sha256:fa854f5cf7e33842a892e5c73f45327760bc7bc516339fda888c75ae60edaeb6 \ + --hash=sha256:fe5b32187cbc0c862ee201ad66c30cf218e5ed468ec8dc1cf49dec66e160cc4d + # via pydantic +pygments==2.19.2 \ + --hash=sha256:636cb2477cec7f8952536970bc533bc43743542f70392ae026374600add5b887 \ + --hash=sha256:86540386c03d588bb81d44bc3928634ff26449851e99741617ecb9037ee5ec0b + # via mkdocs-material +pymdown-extensions==10.16.1 \ + --hash=sha256:aace82bcccba3efc03e25d584e6a22d27a8e17caa3f4dd9f207e49b787aa9a91 \ + --hash=sha256:d6ba157a6c03146a7fb122b2b9a121300056384eafeec9c9f9e584adfdb2a32d + # via + # markdown-exec + # mkdocs-material + # mkdocstrings +pypandoc==1.15 \ + --hash=sha256:4ededcc76c8770f27aaca6dff47724578428eca84212a31479403a9731fc2b16 \ + --hash=sha256:ea25beebe712ae41d63f7410c08741a3cab0e420f6703f95bc9b3a749192ce13 + # via mkdocs-bibtex +python-dateutil==2.9.0.post0 \ + --hash=sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3 \ + --hash=sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427 + # via + # ghp-import + # pandas +pytz==2025.2 \ + --hash=sha256:360b9e3dbb49a209c21ad61809c7fb453643e048b38924c765813546746e81c3 \ + --hash=sha256:5ddf76296dd8c44c26eb8f4b6f35488f3ccbf6fbbd7adee0b7262d43f0ec2f00 + # via pandas +pyyaml==6.0.2 \ + --hash=sha256:0833f8694549e586547b576dcfaba4a6b55b9e96098b36cdc7ebefe667dfed48 \ + --hash=sha256:0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086 \ + --hash=sha256:0ffe8360bab4910ef1b9e87fb812d8bc0a308b0d0eef8c8f44e0254ab3b07133 \ + --hash=sha256:11d8f3dd2b9c1207dcaf2ee0bbbfd5991f571186ec9cc78427ba5bd32afae4b5 \ + --hash=sha256:17e311b6c678207928d649faa7cb0d7b4c26a0ba73d41e99c4fff6b6c3276484 \ + --hash=sha256:1e2120ef853f59c7419231f3bf4e7021f1b936f6ebd222406c3b60212205d2ee \ + --hash=sha256:1f71ea527786de97d1a0cc0eacd1defc0985dcf6b3f17bb77dcfc8c34bec4dc5 \ + --hash=sha256:23502f431948090f597378482b4812b0caae32c22213aecf3b55325e049a6c68 \ + --hash=sha256:29717114e51c84ddfba879543fb232a6ed60086602313ca38cce623c1d62cfbf \ + --hash=sha256:2e99c6826ffa974fe6e27cdb5ed0021786b03fc98e5ee3c5bfe1fd5015f42b99 \ + --hash=sha256:3ad2a3decf9aaba3d29c8f537ac4b243e36bef957511b4766cb0057d32b0be85 \ + --hash=sha256:41e4e3953a79407c794916fa277a82531dd93aad34e29c2a514c2c0c5fe971cc \ + --hash=sha256:50187695423ffe49e2deacb8cd10510bc361faac997de9efef88badc3bb9e2d1 \ + --hash=sha256:5ac9328ec4831237bec75defaf839f7d4564be1e6b25ac710bd1a96321cc8317 \ + --hash=sha256:5d225db5a45f21e78dd9358e58a98702a0302f2659a3c6cd320564b75b86f47c \ + --hash=sha256:68ccc6023a3400877818152ad9a1033e3db8625d899c72eacb5a668902e4d652 \ + --hash=sha256:70b189594dbe54f75ab3a1acec5f1e3faa7e8cf2f1e08d9b561cb41b845f69d5 \ + --hash=sha256:797b4f722ffa07cc8d62053e4cff1486fa6dc094105d13fea7b1de7d8bf71c9e \ + --hash=sha256:7c36280e6fb8385e520936c3cb3b8042851904eba0e58d277dca80a5cfed590b \ + --hash=sha256:7e7401d0de89a9a855c839bc697c079a4af81cf878373abd7dc625847d25cbd8 \ + --hash=sha256:80bab7bfc629882493af4aa31a4cfa43a4c57c83813253626916b8c7ada83476 \ + --hash=sha256:8388ee1976c416731879ac16da0aff3f63b286ffdd57cdeb95f3f2e085687563 \ + --hash=sha256:8824b5a04a04a047e72eea5cec3bc266db09e35de6bdfe34c9436ac5ee27d237 \ + --hash=sha256:8b9c7197f7cb2738065c481a0461e50ad02f18c78cd75775628afb4d7137fb3b \ + --hash=sha256:936d68689298c36b53b29f23c6dbb74de12b4ac12ca6cfe0e047bedceea56180 \ + --hash=sha256:9b22676e8097e9e22e36d6b7bda33190d0d400f345f23d4065d48f4ca7ae0425 \ + --hash=sha256:a4d3091415f010369ae4ed1fc6b79def9416358877534caf6a0fdd2146c87a3e \ + --hash=sha256:bc2fa7c6b47d6bc618dd7fb02ef6fdedb1090ec036abab80d4681424b84c1183 \ + --hash=sha256:c70c95198c015b85feafc136515252a261a84561b7b1d51e3384e0655ddf25ab \ + --hash=sha256:cc1c1159b3d456576af7a3e4d1ba7e6924cb39de8f67111c735f6fc832082774 \ + --hash=sha256:ce826d6ef20b1bc864f0a68340c8b3287705cae2f8b4b1d932177dcc76721725 \ + --hash=sha256:d584d9ec91ad65861cc08d42e834324ef890a082e591037abe114850ff7bbc3e \ + --hash=sha256:e10ce637b18caea04431ce14fabcf5c64a1c61ec9c56b071a4b7ca131ca52d44 \ + --hash=sha256:ec031d5d2feb36d1d1a24380e4db6d43695f3748343d99434e6f5f9156aaa2ed \ + --hash=sha256:ef6107725bd54b262d6dedcc2af448a266975032bc85ef0172c5f059da6325b4 \ + --hash=sha256:efdca5630322a10774e8e98e1af481aad470dd62c3170801852d752aa7a783ba \ + --hash=sha256:ff3824dc5261f50c9b0dfb3be22b4567a6f938ccce4587b38952d85fd9e9afe4 + # via + # mkdocs + # mkdocs-get-deps + # mkdocs-table-reader-plugin + # pybtex + # pymdown-extensions + # pyyaml-env-tag + # responses +pyyaml-env-tag==1.1 \ + --hash=sha256:17109e1a528561e32f026364712fee1264bc2ea6715120891174ed1b980d2e04 \ + --hash=sha256:2eb38b75a2d21ee0475d6d97ec19c63287a7e140231e4214969d0eac923cd7ff + # via mkdocs +rapidfuzz==3.13.0 \ + --hash=sha256:09e908064d3684c541d312bd4c7b05acb99a2c764f6231bd507d4b4b65226c23 \ + --hash=sha256:0da54aa8547b3c2c188db3d1c7eb4d1bb6dd80baa8cdaeaec3d1da3346ec9caa \ + --hash=sha256:0e1d08cb884805a543f2de1f6744069495ef527e279e05370dd7c83416af83f8 \ + --hash=sha256:11b125d8edd67e767b2295eac6eb9afe0b1cdc82ea3d4b9257da4b8e06077798 \ + --hash=sha256:11b47b40650e06147dee5e51a9c9ad73bb7b86968b6f7d30e503b9f8dd1292db \ + --hash=sha256:1343d745fbf4688e412d8f398c6e6d6f269db99a54456873f232ba2e7aeb4939 \ + --hash=sha256:1ba007f4d35a45ee68656b2eb83b8715e11d0f90e5b9f02d615a8a321ff00c27 \ + --hash=sha256:1dc82b6ed01acb536b94a43996a94471a218f4d89f3fdd9185ab496de4b2a981 \ + --hash=sha256:1f219f1e3c3194d7a7de222f54450ce12bc907862ff9a8962d83061c1f923c86 \ + --hash=sha256:202a87760f5145140d56153b193a797ae9338f7939eb16652dd7ff96f8faf64c \ + --hash=sha256:25343ccc589a4579fbde832e6a1e27258bfdd7f2eb0f28cb836d6694ab8591fc \ + --hash=sha256:2d18228a2390375cf45726ce1af9d36ff3dc1f11dce9775eae1f1b13ac6ec50f \ + --hash=sha256:2fd0975e015b05c79a97f38883a11236f5a24cca83aa992bd2558ceaa5652b26 \ + --hash=sha256:3abe6a4e8eb4cfc4cda04dd650a2dc6d2934cbdeda5def7e6fd1c20f6e7d2a0b \ + --hash=sha256:3b6f913ee4618ddb6d6f3e387b76e8ec2fc5efee313a128809fbd44e65c2bbb2 \ + --hash=sha256:3f32f15bacd1838c929b35c84b43618481e1b3d7a61b5ed2db0291b70ae88b53 \ + --hash=sha256:461fd13250a2adf8e90ca9a0e1e166515cbcaa5e9c3b1f37545cbbeff9e77f6b \ + --hash=sha256:4671ee300d1818d7bdfd8fa0608580d7778ba701817216f0c17fb29e6b972514 \ + --hash=sha256:4a1a6a906ba62f2556372282b1ef37b26bca67e3d2ea957277cfcefc6275cca7 \ + --hash=sha256:5158da7f2ec02a930be13bac53bb5903527c073c90ee37804090614cab83c29e \ + --hash=sha256:5280be8fd7e2bee5822e254fe0a5763aa0ad57054b85a32a3d9970e9b09bbcbf \ + --hash=sha256:5435fcac94c9ecf0504bf88a8a60c55482c32e18e108d6079a0089c47f3f8cf6 \ + --hash=sha256:558bf526bcd777de32b7885790a95a9548ffdcce68f704a81207be4a286c1095 \ + --hash=sha256:57c390336cb50d5d3bfb0cfe1467478a15733703af61f6dffb14b1cd312a6fae \ + --hash=sha256:5d4e13593d298c50c4f94ce453f757b4b398af3fa0fd2fde693c3e51195b7f69 \ + --hash=sha256:5dc71ef23845bb6b62d194c39a97bb30ff171389c9812d83030c1199f319098c \ + --hash=sha256:65cc97c2fc2c2fe23586599686f3b1ceeedeca8e598cfcc1b7e56dc8ca7e2aa7 \ + --hash=sha256:694eb531889f71022b2be86f625a4209c4049e74be9ca836919b9e395d5e33b3 \ + --hash=sha256:6af42f2ede8b596a6aaf6d49fdee3066ca578f4856b85ab5c1e2145de367a12d \ + --hash=sha256:6c0efa73afbc5b265aca0d8a467ae2a3f40d6854cbe1481cb442a62b7bf23c99 \ + --hash=sha256:6e2065f68fb1d0bf65adc289c1bdc45ba7e464e406b319d67bb54441a1b9da9e \ + --hash=sha256:7ac21489de962a4e2fc1e8f0b0da4aa1adc6ab9512fd845563fecb4b4c52093a \ + --hash=sha256:7d7cec4242d30dd521ef91c0df872e14449d1dffc2a6990ede33943b0dae56c3 \ + --hash=sha256:85c9a131a44a95f9cac2eb6e65531db014e09d89c4f18c7b1fa54979cb9ff1f3 \ + --hash=sha256:8c99b76b93f7b495eee7dcb0d6a38fb3ce91e72e99d9f78faa5664a881cb2b7d \ + --hash=sha256:9093cdeb926deb32a4887ebe6910f57fbcdbc9fbfa52252c10b56ef2efb0289f \ + --hash=sha256:9256218ac8f1a957806ec2fb9a6ddfc6c32ea937c0429e88cf16362a20ed8602 \ + --hash=sha256:93a755266856599be4ab6346273f192acde3102d7aa0735e2f48b456397a041f \ + --hash=sha256:98b8107ff14f5af0243f27d236bcc6e1ef8e7e3b3c25df114e91e3a99572da73 \ + --hash=sha256:98e0bfa602e1942d542de077baf15d658bd9d5dcfe9b762aff791724c1c38b70 \ + --hash=sha256:9a7c6232be5f809cd39da30ee5d24e6cadd919831e6020ec6c2391f4c3bc9264 \ + --hash=sha256:9f5fe634c9482ec5d4a6692afb8c45d370ae86755e5f57aa6c50bfe4ca2bdd87 \ + --hash=sha256:a9ad1f37894e3ffb76bbab76256e8a8b789657183870be11aa64e306bb5228fd \ + --hash=sha256:aafc42a1dc5e1beeba52cd83baa41372228d6d8266f6d803c16dbabbcc156255 \ + --hash=sha256:ae4574cb66cf1e85d32bb7e9ec45af5409c5b3970b7ceb8dea90168024127566 \ + --hash=sha256:b1b065f370d54551dcc785c6f9eeb5bd517ae14c983d2784c064b3aa525896df \ + --hash=sha256:b5104b62711565e0ff6deab2a8f5dbf1fbe333c5155abe26d2cfd6f1849b6c87 \ + --hash=sha256:b7b3eda607a019169f7187328a8d1648fb9a90265087f6903d7ee3a8eee01805 \ + --hash=sha256:b7f4c65facdb94f44be759bbd9b6dda1fa54d0d6169cdf1a209a5ab97d311a75 \ + --hash=sha256:b836f486dba0aceb2551e838ff3f514a38ee72b015364f739e526d720fdb823a \ + --hash=sha256:bef86df6d59667d9655905b02770a0c776d2853971c0773767d5ef8077acd624 \ + --hash=sha256:c2b3dd5d206a12deca16870acc0d6e5036abeb70e3cad6549c294eff15591527 \ + --hash=sha256:c33f9c841630b2bb7e69a3fb5c84a854075bb812c47620978bddc591f764da3d \ + --hash=sha256:c523620d14ebd03a8d473c89e05fa1ae152821920c3ff78b839218ff69e19ca3 \ + --hash=sha256:cdb33ee9f8a8e4742c6b268fa6bd739024f34651a06b26913381b1413ebe7590 \ + --hash=sha256:cfcccc08f671646ccb1e413c773bb92e7bba789e3a1796fd49d23c12539fe2e4 \ + --hash=sha256:d25fdbce6459ccbbbf23b4b044f56fbd1158b97ac50994eaae2a1c0baae78301 \ + --hash=sha256:d2eaf3839e52cbcc0accbe9817a67b4b0fcf70aaeb229cfddc1c28061f9ce5d8 \ + --hash=sha256:d395a5cad0c09c7f096433e5fd4224d83b53298d53499945a9b0e5a971a84f3a \ + --hash=sha256:d7a217310429b43be95b3b8ad7f8fc41aba341109dc91e978cd7c703f928c58f \ + --hash=sha256:d8cf5f7cd6e4d5eb272baf6a54e182b2c237548d048e2882258336533f3f02b7 \ + --hash=sha256:df8e8c21e67afb9d7fbe18f42c6111fe155e801ab103c81109a61312927cc611 \ + --hash=sha256:e05752418b24bbd411841b256344c26f57da1148c5509e34ea39c7eb5099ab72 \ + --hash=sha256:e1bdd2e6d0c5f9706ef7595773a81ca2b40f3b33fd7f9840b726fb00c6c4eb2e \ + --hash=sha256:e297c09972698c95649e89121e3550cee761ca3640cd005e24aaa2619175464e \ + --hash=sha256:e8ddb58961401da7d6f55f185512c0d6bd24f529a637078d41dd8ffa5a49c107 \ + --hash=sha256:e9d824de871daa6e443b39ff495a884931970d567eb0dfa213d234337343835f \ + --hash=sha256:ed6f416bda1c9133000009d84d9409823eb2358df0950231cc936e4bf784eb97 \ + --hash=sha256:ef0f5f03f61b0e5a57b1df7beafd83df993fd5811a09871bad6038d08e526d0d \ + --hash=sha256:f70f646751b6aa9d05be1fb40372f006cc89d6aad54e9d79ae97bd1f5fce5203 \ + --hash=sha256:fd742c03885db1fce798a1cd87a20f47f144ccf26d75d52feb6f2bae3d57af05 \ + --hash=sha256:fe5790a36d33a5d0a6a1f802aa42ecae282bf29ac6f7506d8e12510847b82a45 \ + --hash=sha256:fedd316c165beed6307bf754dee54d3faca2c47e1f3bcbd67595001dfa11e969 + # via thefuzz +referencing==0.36.2 \ + --hash=sha256:df2e89862cd09deabbdba16944cc3f10feb6b3e6f18e902f7cc25609a34775aa \ + --hash=sha256:e8699adbbf8b5c7de96d8ffa0eb5c158b3beafce084968e2ea8bb08c6794dcd0 + # via + # jsonschema + # jsonschema-specifications +requests==2.32.5 \ + --hash=sha256:2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6 \ + --hash=sha256:dbba0bac56e100853db0ea71b82b4dfd5fe2bf6d3754a8893c3af500cec7d7cf + # via + # mkdocs-bibtex + # mkdocs-material + # responses +responses==0.25.8 \ + --hash=sha256:0c710af92def29c8352ceadff0c3fe340ace27cf5af1bbe46fb71275bcd2831c \ + --hash=sha256:9374d047a575c8f781b94454db5cab590b6029505f488d12899ddb10a4af1cf4 + # via mkdocs-bibtex +rpds-py==0.27.0 \ + --hash=sha256:010c4843a3b92b54373e3d2291a7447d6c3fc29f591772cc2ea0e9f5c1da434b \ + --hash=sha256:0665be515767dc727ffa5f74bd2ef60b0ff85dad6bb8f50d91eaa6b5fb226f51 \ + --hash=sha256:069e0384a54f427bd65d7fda83b68a90606a3835901aaff42185fcd94f5a9295 \ + --hash=sha256:08680820d23df1df0a0260f714d12966bc6c42d02e8055a91d61e03f0c47dda0 \ + --hash=sha256:0954e3a92e1d62e83a54ea7b3fdc9efa5d61acef8488a8a3d31fdafbfb00460d \ + --hash=sha256:09965b314091829b378b60607022048953e25f0b396c2b70e7c4c81bcecf932e \ + --hash=sha256:0c431bfb91478d7cbe368d0a699978050d3b112d7f1d440a41e90faa325557fd \ + --hash=sha256:0f401c369186a5743694dd9fc08cba66cf70908757552e1f714bfc5219c655b5 \ + --hash=sha256:0f4f69d7a4300fbf91efb1fb4916421bd57804c01ab938ab50ac9c4aa2212f03 \ + --hash=sha256:130c1ffa5039a333f5926b09e346ab335f0d4ec393b030a18549a7c7e7c2cea4 \ + --hash=sha256:13bbc4846ae4c993f07c93feb21a24d8ec637573d567a924b1001e81c8ae80f9 \ + --hash=sha256:14f028eb47f59e9169bfdf9f7ceafd29dd64902141840633683d0bad5b04ff34 \ + --hash=sha256:15ea4d2e182345dd1b4286593601d766411b43f868924afe297570658c31a62b \ + --hash=sha256:181bc29e59e5e5e6e9d63b143ff4d5191224d355e246b5a48c88ce6b35c4e466 \ + --hash=sha256:183f5e221ba3e283cd36fdfbe311d95cd87699a083330b4f792543987167eff1 \ + --hash=sha256:184f0d7b342967f6cda94a07d0e1fae177d11d0b8f17d73e06e36ac02889f303 \ + --hash=sha256:190d7285cd3bb6d31d37a0534d7359c1ee191eb194c511c301f32a4afa5a1dd4 \ + --hash=sha256:19c990fdf5acecbf0623e906ae2e09ce1c58947197f9bced6bbd7482662231c4 \ + --hash=sha256:1d66f45b9399036e890fb9c04e9f70c33857fd8f58ac8db9f3278cfa835440c3 \ + --hash=sha256:203f581accef67300a942e49a37d74c12ceeef4514874c7cede21b012613ca2c \ + --hash=sha256:20e222a44ae9f507d0f2678ee3dd0c45ec1e930f6875d99b8459631c24058aec \ + --hash=sha256:2406d034635d1497c596c40c85f86ecf2bf9611c1df73d14078af8444fe48031 \ + --hash=sha256:249ab91ceaa6b41abc5f19513cb95b45c6f956f6b89f1fe3d99c81255a849f9e \ + --hash=sha256:25a4aebf8ca02bbb90a9b3e7a463bbf3bee02ab1c446840ca07b1695a68ce424 \ + --hash=sha256:27bac29bbbf39601b2aab474daf99dbc8e7176ca3389237a23944b17f8913d97 \ + --hash=sha256:2cff9bdd6c7b906cc562a505c04a57d92e82d37200027e8d362518df427f96cd \ + --hash=sha256:2e39169ac6aae06dd79c07c8a69d9da867cef6a6d7883a0186b46bb46ccfb0c3 \ + --hash=sha256:2fe6e18e5c8581f0361b35ae575043c7029d0a92cb3429e6e596c2cdde251432 \ + --hash=sha256:3001013dae10f806380ba739d40dee11db1ecb91684febb8406a87c2ded23dae \ + --hash=sha256:32196b5a99821476537b3f7732432d64d93a58d680a52c5e12a190ee0135d8b5 \ + --hash=sha256:341d8acb6724c0c17bdf714319c393bb27f6d23d39bc74f94221b3e59fc31828 \ + --hash=sha256:343cf24de9ed6c728abefc5d5c851d5de06497caa7ac37e5e65dd572921ed1b5 \ + --hash=sha256:36184b44bf60a480863e51021c26aca3dfe8dd2f5eeabb33622b132b9d8b8b54 \ + --hash=sha256:3841f66c1ffdc6cebce8aed64e36db71466f1dc23c0d9a5592e2a782a3042c79 \ + --hash=sha256:4045e2fc4b37ec4b48e8907a5819bdd3380708c139d7cc358f03a3653abedb89 \ + --hash=sha256:419dd9c98bcc9fb0242be89e0c6e922df333b975d4268faa90d58499fd9c9ebe \ + --hash=sha256:42894616da0fc0dcb2ec08a77896c3f56e9cb2f4b66acd76fc8992c3557ceb1c \ + --hash=sha256:4300e15e7d03660f04be84a125d1bdd0e6b2f674bc0723bc0fd0122f1a4585dc \ + --hash=sha256:443d239d02d9ae55b74015234f2cd8eb09e59fbba30bf60baeb3123ad4c6d5ff \ + --hash=sha256:44524b96481a4c9b8e6c46d6afe43fa1fb485c261e359fbe32b63ff60e3884d8 \ + --hash=sha256:45d04a73c54b6a5fd2bab91a4b5bc8b426949586e61340e212a8484919183859 \ + --hash=sha256:46f48482c1a4748ab2773f75fffbdd1951eb59794e32788834b945da857c47a8 \ + --hash=sha256:4790c9d5dd565ddb3e9f656092f57268951398cef52e364c405ed3112dc7c7c1 \ + --hash=sha256:4bc262ace5a1a7dc3e2eac2fa97b8257ae795389f688b5adf22c5db1e2431c43 \ + --hash=sha256:5355527adaa713ab693cbce7c1e0ec71682f599f61b128cf19d07e5c13c9b1f1 \ + --hash=sha256:555ed147cbe8c8f76e72a4c6cd3b7b761cbf9987891b9448808148204aed74a5 \ + --hash=sha256:55d42a0ef2bdf6bc81e1cc2d49d12460f63c6ae1423c4f4851b828e454ccf6f1 \ + --hash=sha256:59195dc244fc183209cf8a93406889cadde47dfd2f0a6b137783aa9c56d67c85 \ + --hash=sha256:59714ab0a5af25d723d8e9816638faf7f4254234decb7d212715c1aa71eee7be \ + --hash=sha256:5b3a5c8089eed498a3af23ce87a80805ff98f6ef8f7bdb70bd1b7dae5105f6ac \ + --hash=sha256:5d6790ff400254137b81b8053b34417e2c46921e302d655181d55ea46df58cf7 \ + --hash=sha256:5df559e9e7644d9042f626f2c3997b555f347d7a855a15f170b253f6c5bfe358 \ + --hash=sha256:5fa01b3d5e3b7d97efab65bd3d88f164e289ec323a8c033c5c38e53ee25c007e \ + --hash=sha256:6168af0be75bba990a39f9431cdfae5f0ad501f4af32ae62e8856307200517b8 \ + --hash=sha256:64a0fe3f334a40b989812de70160de6b0ec7e3c9e4a04c0bbc48d97c5d3600ae \ + --hash=sha256:64f689ab822f9b5eb6dfc69893b4b9366db1d2420f7db1f6a2adf2a9ca15ad64 \ + --hash=sha256:6b96b0b784fe5fd03beffff2b1533dc0d85e92bab8d1b2c24ef3a5dc8fac5669 \ + --hash=sha256:6bde37765564cd22a676dd8101b657839a1854cfaa9c382c5abf6ff7accfd4ae \ + --hash=sha256:6c135708e987f46053e0a1246a206f53717f9fadfba27174a9769ad4befba5c3 \ + --hash=sha256:6c27a7054b5224710fcfb1a626ec3ff4f28bcb89b899148c72873b18210e446b \ + --hash=sha256:6de6a7f622860af0146cb9ee148682ff4d0cea0b8fd3ad51ce4d40efb2f061d0 \ + --hash=sha256:7451ede3560086abe1aa27dcdcf55cd15c96b56f543fb12e5826eee6f721f858 \ + --hash=sha256:7873b65686a6471c0037139aa000d23fe94628e0daaa27b6e40607c90e3f5ec4 \ + --hash=sha256:7aed8118ae20515974650d08eb724150dc2e20c2814bcc307089569995e88a14 \ + --hash=sha256:7e57906e38583a2cba67046a09c2637e23297618dc1f3caddbc493f2be97c93f \ + --hash=sha256:7ec85994f96a58cf7ed288caa344b7fe31fd1d503bdf13d7331ead5f70ab60d5 \ + --hash=sha256:86aca1616922b40d8ac1b3073a1ead4255a2f13405e5700c01f7c8d29a03972d \ + --hash=sha256:88051c3b7d5325409f433c5a40328fcb0685fc04e5db49ff936e910901d10114 \ + --hash=sha256:887ab1f12b0d227e9260558a4a2320024b20102207ada65c43e1ffc4546df72e \ + --hash=sha256:8a06aa1197ec0281eb1d7daf6073e199eb832fe591ffa329b88bae28f25f5fe5 \ + --hash=sha256:8a1dca5507fa1337f75dcd5070218b20bc68cf8844271c923c1b79dfcbc20391 \ + --hash=sha256:8b23cf252f180cda89220b378d917180f29d313cd6a07b2431c0d3b776aae86f \ + --hash=sha256:8d0e09cf4863c74106b5265c2c310f36146e2b445ff7b3018a56799f28f39f6f \ + --hash=sha256:8de567dec6d451649a781633d36f5c7501711adee329d76c095be2178855b042 \ + --hash=sha256:90fb790138c1a89a2e58c9282fe1089638401f2f3b8dddd758499041bc6e0774 \ + --hash=sha256:92f3b3ec3e6008a1fe00b7c0946a170f161ac00645cde35e3c9a68c2475e8156 \ + --hash=sha256:935afcdea4751b0ac918047a2df3f720212892347767aea28f5b3bf7be4f27c0 \ + --hash=sha256:9a0ff7ee28583ab30a52f371b40f54e7138c52ca67f8ca17ccb7ccf0b383cb5f \ + --hash=sha256:9b78430703cfcf5f5e86eb74027a1ed03a93509273d7c705babb547f03e60016 \ + --hash=sha256:9d0f92b78cfc3b74a42239fdd8c1266f4715b573204c234d2f9fc3fc7a24f185 \ + --hash=sha256:9da162b718b12c4219eeeeb68a5b7552fbc7aadedf2efee440f88b9c0e54b45d \ + --hash=sha256:a00c91104c173c9043bc46f7b30ee5e6d2f6b1149f11f545580f5d6fdff42c0b \ + --hash=sha256:a029be818059870664157194e46ce0e995082ac49926f1423c1f058534d2aaa9 \ + --hash=sha256:a1b3db5fae5cbce2131b7420a3f83553d4d89514c03d67804ced36161fe8b6b2 \ + --hash=sha256:a4cf32a26fa744101b67bfd28c55d992cd19438aff611a46cac7f066afca8fd4 \ + --hash=sha256:aa0bf113d15e8abdfee92aa4db86761b709a09954083afcb5bf0f952d6065fdb \ + --hash=sha256:ab47fe727c13c09d0e6f508e3a49e545008e23bf762a245b020391b621f5b726 \ + --hash=sha256:af9d4fd79ee1cc8e7caf693ee02737daabfc0fcf2773ca0a4735b356c8ad6f7c \ + --hash=sha256:b1fef1f13c842a39a03409e30ca0bf87b39a1e2a305a9924deadb75a43105d23 \ + --hash=sha256:b4c4fbbcff474e1e5f38be1bf04511c03d492d42eec0babda5d03af3b5589374 \ + --hash=sha256:b8a4131698b6992b2a56015f51646711ec5d893a0b314a4b985477868e240c87 \ + --hash=sha256:b8a7acf04fda1f30f1007f3cc96d29d8cf0a53e626e4e1655fdf4eabc082d367 \ + --hash=sha256:ba783541be46f27c8faea5a6645e193943c17ea2f0ffe593639d906a327a9bcc \ + --hash=sha256:be0744661afbc4099fef7f4e604e7f1ea1be1dd7284f357924af12a705cc7d5c \ + --hash=sha256:bec77545d188f8bdd29d42bccb9191682a46fb2e655e3d1fb446d47c55ac3b8d \ + --hash=sha256:c10d92fb6d7fd827e44055fcd932ad93dac6a11e832d51534d77b97d1d85400f \ + --hash=sha256:c3782fb753aa825b4ccabc04292e07897e2fd941448eabf666856c5530277626 \ + --hash=sha256:c9ce7a9e967afc0a2af7caa0d15a3e9c1054815f73d6a8cb9225b61921b419bd \ + --hash=sha256:cb0702c12983be3b2fab98ead349ac63a98216d28dda6f518f52da5498a27a1b \ + --hash=sha256:cbc619e84a5e3ab2d452de831c88bdcad824414e9c2d28cd101f94dbdf26329c \ + --hash=sha256:ce4ed8e0c7dbc5b19352b9c2c6131dd23b95fa8698b5cdd076307a33626b72dc \ + --hash=sha256:ce96ab0bdfcef1b8c371ada2100767ace6804ea35aacce0aef3aeb4f3f499ca8 \ + --hash=sha256:cf824aceaeffff029ccfba0da637d432ca71ab21f13e7f6f5179cd88ebc77a8a \ + --hash=sha256:d2a81bdcfde4245468f7030a75a37d50400ac2455c3a4819d9d550c937f90ab5 \ + --hash=sha256:d2cc2b34f9e1d31ce255174da82902ad75bd7c0d88a33df54a77a22f2ef421ee \ + --hash=sha256:d2f184336bc1d6abfaaa1262ed42739c3789b1e3a65a29916a615307d22ffd2e \ + --hash=sha256:d3c622c39f04d5751408f5b801ecb527e6e0a471b367f420a877f7a660d583f6 \ + --hash=sha256:d85d784c619370d9329bbd670f41ff5f2ae62ea4519761b679d0f57f0f0ee267 \ + --hash=sha256:d93ebdb82363d2e7bec64eecdc3632b59e84bd270d74fe5be1659f7787052f9b \ + --hash=sha256:db8a6313dbac934193fc17fe7610f70cd8181c542a91382531bef5ed785e5615 \ + --hash=sha256:dbc2ab5d10544eb485baa76c63c501303b716a5c405ff2469a1d8ceffaabf622 \ + --hash=sha256:dbd749cff1defbde270ca346b69b3baf5f1297213ef322254bf2a28537f0b046 \ + --hash=sha256:dc79d192fb76fc0c84f2c58672c17bbbc383fd26c3cdc29daae16ce3d927e8b2 \ + --hash=sha256:dd2c1d27ebfe6a015cfa2005b7fe8c52d5019f7bbdd801bc6f7499aab9ae739e \ + --hash=sha256:dea0808153f1fbbad772669d906cddd92100277533a03845de6893cadeffc8be \ + --hash=sha256:e14aab02258cb776a108107bd15f5b5e4a1bbaa61ef33b36693dfab6f89d54f9 \ + --hash=sha256:e24d8031a2c62f34853756d9208eeafa6b940a1efcbfe36e8f57d99d52bb7261 \ + --hash=sha256:e36c80c49853b3ffda7aa1831bf175c13356b210c73128c861f3aa93c3cc4015 \ + --hash=sha256:e3dc8d4ede2dbae6c0fc2b6c958bf51ce9fd7e9b40c0f5b8835c3fde44f5807d \ + --hash=sha256:e6491658dd2569f05860bad645569145c8626ac231877b0fb2d5f9bcb7054089 \ + --hash=sha256:eb91d252b35004a84670dfeafadb042528b19842a0080d8b53e5ec1128e8f433 \ + --hash=sha256:f0396e894bd1e66c74ecbc08b4f6a03dc331140942c4b1d345dd131b68574a60 \ + --hash=sha256:f3cd110e02c5bf17d8fb562f6c9df5c20e73029d587cf8602a2da6c5ef1e32cb \ + --hash=sha256:f7a37dd208f0d658e0487522078b1ed68cd6bce20ef4b5a915d2809b9094b410 \ + --hash=sha256:fae4a01ef8c4cb2bbe92ef2063149596907dc4a881a8d26743b3f6b304713171 \ + --hash=sha256:fc327f4497b7087d06204235199daf208fd01c82d80465dc5efa4ec9df1c5b4e \ + --hash=sha256:fcc01c57ce6e70b728af02b2401c5bc853a9e14eb07deda30624374f0aebfe42 \ + --hash=sha256:fde355b02934cc6b07200cc3b27ab0c15870a757d1a72fd401aa92e2ea3c6bfe + # via + # jsonschema + # referencing +scikit-learn==1.6.1 \ + --hash=sha256:0650e730afb87402baa88afbf31c07b84c98272622aaba002559b614600ca691 \ + --hash=sha256:0c8d036eb937dbb568c6242fa598d551d88fb4399c0344d95c001980ec1c7d36 \ + --hash=sha256:1061b7c028a8663fb9a1a1baf9317b64a257fcb036dae5c8752b2abef31d136f \ + --hash=sha256:25fc636bdaf1cc2f4a124a116312d837148b5e10872147bdaf4887926b8c03d8 \ + --hash=sha256:2c2cae262064e6a9b77eee1c8e768fc46aa0b8338c6a8297b9b6759720ec0ff2 \ + --hash=sha256:2e69fab4ebfc9c9b580a7a80111b43d214ab06250f8a7ef590a4edf72464dd86 \ + --hash=sha256:2ffa1e9e25b3d93990e74a4be2c2fc61ee5af85811562f1288d5d055880c4322 \ + --hash=sha256:3f59fe08dc03ea158605170eb52b22a105f238a5d512c4470ddeca71feae8e5f \ + --hash=sha256:6a7aa5f9908f0f28f4edaa6963c0a6183f1911e63a69aa03782f0d924c830a35 \ + --hash=sha256:70b1d7e85b1c96383f872a519b3375f92f14731e279a7b4c6cfd650cf5dffc52 \ + --hash=sha256:72abc587c75234935e97d09aa4913a82f7b03ee0b74111dcc2881cba3c5a7b33 \ + --hash=sha256:775da975a471c4f6f467725dff0ced5c7ac7bda5e9316b260225b48475279a1b \ + --hash=sha256:7a1c43c8ec9fde528d664d947dc4c0789be4077a3647f232869f41d9bf50e0fb \ + --hash=sha256:8634c4bd21a2a813e0a7e3900464e6d593162a29dd35d25bdf0103b3fce60ed5 \ + --hash=sha256:8a600c31592bd7dab31e1c61b9bbd6dea1b3433e67d264d17ce1017dbdce8002 \ + --hash=sha256:926f207c804104677af4857b2c609940b743d04c4c35ce0ddc8ff4f053cddc1b \ + --hash=sha256:a17c1dea1d56dcda2fac315712f3651a1fea86565b64b48fa1bc090249cbf236 \ + --hash=sha256:b3b00cdc8f1317b5f33191df1386c0befd16625f49d979fe77a8d44cae82410d \ + --hash=sha256:b4fc2525eca2c69a59260f583c56a7557c6ccdf8deafdba6e060f94c1c59738e \ + --hash=sha256:c06beb2e839ecc641366000ca84f3cf6fa9faa1777e29cf0c04be6e4d096a348 \ + --hash=sha256:d056391530ccd1e501056160e3c9673b4da4805eb67eb2bdf4e983e1f9c9204e \ + --hash=sha256:dc4765af3386811c3ca21638f63b9cf5ecf66261cc4815c1db3f1e7dc7b79db2 \ + --hash=sha256:dc5cf3d68c5a20ad6d571584c0750ec641cc46aeef1c1507be51300e6003a7e1 \ + --hash=sha256:e8ca8cb270fee8f1f76fa9bfd5c3507d60c6438bbee5687f81042e2bb98e5a97 \ + --hash=sha256:fa909b1a36e000a03c382aade0bd2063fd5680ff8b8e501660c0f59f021a6415 + # via ssvc +scipy==1.15.3 ; python_full_version < '3.11' \ + --hash=sha256:05dc6abcd105e1a29f95eada46d4a3f251743cfd7d3ae8ddb4088047f24ea477 \ + --hash=sha256:06efcba926324df1696931a57a176c80848ccd67ce6ad020c810736bfd58eb1c \ + --hash=sha256:0a769105537aa07a69468a0eefcd121be52006db61cdd8cac8a0e68980bbb723 \ + --hash=sha256:0bdd905264c0c9cfa74a4772cdb2070171790381a5c4d312c973382fc6eaf730 \ + --hash=sha256:0ff17c0bb1cb32952c09217d8d1eed9b53d1463e5f1dd6052c7857f83127d539 \ + --hash=sha256:14ed70039d182f411ffc74789a16df3835e05dc469b898233a245cdfd7f162cb \ + --hash=sha256:185cd3d6d05ca4b44a8f1595af87f9c372bb6acf9c808e99aa3e9aa03bd98cf6 \ + --hash=sha256:18aaacb735ab38b38db42cb01f6b92a2d0d4b6aabefeb07f02849e47f8fb3594 \ + --hash=sha256:1c832e1bd78dea67d5c16f786681b28dd695a8cb1fb90af2e27580d3d0967e92 \ + --hash=sha256:263961f658ce2165bbd7b99fa5135195c3a12d9bef045345016b8b50c315cb82 \ + --hash=sha256:271e3713e645149ea5ea3e97b57fdab61ce61333f97cfae392c28ba786f9bb49 \ + --hash=sha256:2c620736bcc334782e24d173c0fdbb7590a0a436d2fdf39310a8902505008759 \ + --hash=sha256:34716e281f181a02341ddeaad584205bd2fd3c242063bd3423d61ac259ca7eba \ + --hash=sha256:39cb9c62e471b1bb3750066ecc3a3f3052b37751c7c3dfd0fd7e48900ed52982 \ + --hash=sha256:3ac07623267feb3ae308487c260ac684b32ea35fd81e12845039952f558047b8 \ + --hash=sha256:3b0334816afb8b91dab859281b1b9786934392aa3d527cd847e41bb6f45bee65 \ + --hash=sha256:40e54d5c7e7ebf1aa596c374c49fa3135f04648a0caabcb66c52884b943f02b4 \ + --hash=sha256:50f9e62461c95d933d5c5ef4a1f2ebf9a2b4e83b0db374cb3f1de104d935922e \ + --hash=sha256:52092bc0472cfd17df49ff17e70624345efece4e1a12b23783a1ac59a1b728ed \ + --hash=sha256:5380741e53df2c566f4d234b100a484b420af85deb39ea35a1cc1be84ff53a5c \ + --hash=sha256:5e721fed53187e71d0ccf382b6bf977644c533e506c4d33c3fb24de89f5c3ed5 \ + --hash=sha256:6487aa99c2a3d509a5227d9a5e889ff05830a06b2ce08ec30df6d79db5fcd5c5 \ + --hash=sha256:6ac6310fdbfb7aa6612408bd2f07295bcbd3fda00d2d702178434751fe48e019 \ + --hash=sha256:6cfd56fc1a8e53f6e89ba3a7a7251f7396412d655bca2aa5611c8ec9a6784a1e \ + --hash=sha256:6db907c7368e3092e24919b5e31c76998b0ce1684d51a90943cb0ed1b4ffd6c1 \ + --hash=sha256:721d6b4ef5dc82ca8968c25b111e307083d7ca9091bc38163fb89243e85e3889 \ + --hash=sha256:76ad1fb5f8752eabf0fa02e4cc0336b4e8f021e2d5f061ed37d6d264db35e3ca \ + --hash=sha256:79167bba085c31f38603e11a267d862957cbb3ce018d8b38f79ac043bc92d825 \ + --hash=sha256:795c46999bae845966368a3c013e0e00947932d68e235702b5c3f6ea799aa8c9 \ + --hash=sha256:7e11270a000969409d37ed399585ee530b9ef6aa99d50c019de4cb01e8e54e62 \ + --hash=sha256:8c9ed3ba2c8a2ce098163a9bdb26f891746d02136995df25227a20e71c396ebb \ + --hash=sha256:993439ce220d25e3696d1b23b233dd010169b62f6456488567e830654ee37a6b \ + --hash=sha256:9d61e97b186a57350f6d6fd72640f9e99d5a4a2b8fbf4b9ee9a841eab327dc13 \ + --hash=sha256:9db984639887e3dffb3928d118145ffe40eff2fa40cb241a306ec57c219ebbbb \ + --hash=sha256:9e2abc762b0811e09a0d3258abee2d98e0c703eee49464ce0069590846f31d40 \ + --hash=sha256:a345928c86d535060c9c2b25e71e87c39ab2f22fc96e9636bd74d1dbf9de448c \ + --hash=sha256:ad3432cb0f9ed87477a8d97f03b763fd1d57709f1bbde3c9369b1dff5503b253 \ + --hash=sha256:ae48a786a28412d744c62fd7816a4118ef97e5be0bee968ce8f0a2fba7acf3bb \ + --hash=sha256:aef683a9ae6eb00728a542b796f52a5477b78252edede72b8327a886ab63293f \ + --hash=sha256:b90ab29d0c37ec9bf55424c064312930ca5f4bde15ee8619ee44e69319aab163 \ + --hash=sha256:c05045d8b9bfd807ee1b9f38761993297b10b245f012b11b13b91ba8945f7e45 \ + --hash=sha256:c9deabd6d547aee2c9a81dee6cc96c6d7e9a9b1953f74850c179f91fdc729cb7 \ + --hash=sha256:dde4fc32993071ac0c7dd2d82569e544f0bdaff66269cb475e0f369adad13f11 \ + --hash=sha256:eae3cf522bc7df64b42cad3925c876e1b0b6c35c1337c93e12c0f366f55b0eaf \ + --hash=sha256:ed7284b21a7a0c8f1b6e5977ac05396c0d008b89e05498c8b7e8f4a1423bba0e \ + --hash=sha256:f77f853d584e72e874d87357ad70f44b437331507d1c311457bed8ed2b956126 + # via + # scikit-learn + # ssvc +scipy==1.16.1 ; python_full_version >= '3.11' \ + --hash=sha256:0851f6a1e537fe9399f35986897e395a1aa61c574b178c0d456be5b1a0f5ca1f \ + --hash=sha256:0a55ffe0ba0f59666e90951971a884d1ff6f4ec3275a48f472cfb64175570f77 \ + --hash=sha256:15240c3aac087a522b4eaedb09f0ad061753c5eebf1ea430859e5bf8640d5919 \ + --hash=sha256:18aca1646a29ee9a0625a1be5637fa798d4d81fdf426481f06d69af828f16958 \ + --hash=sha256:21a611ced9275cb861bacadbada0b8c0623bc00b05b09eb97f23b370fc2ae56d \ + --hash=sha256:226652fca853008119c03a8ce71ffe1b3f6d2844cc1686e8f9806edafae68596 \ + --hash=sha256:2ef500e72f9623a6735769e4b93e9dcb158d40752cdbb077f305487e3e2d1f45 \ + --hash=sha256:30cc4bb81c41831ecfd6dc450baf48ffd80ef5aed0f5cf3ea775740e80f16ecc \ + --hash=sha256:367d567ee9fc1e9e2047d31f39d9d6a7a04e0710c86e701e053f237d14a9b4f6 \ + --hash=sha256:3d0b80fb26d3e13a794c71d4b837e2a589d839fd574a6bbb4ee1288c213ad4a3 \ + --hash=sha256:3ddfb1e8d0b540cb4ee9c53fc3dea3186f97711248fb94b4142a1b27178d8b4b \ + --hash=sha256:3ea0733a2ff73fd6fdc5fecca54ee9b459f4d74f00b99aced7d9a3adb43fb1cc \ + --hash=sha256:44c76f9e8b6e8e488a586190ab38016e4ed2f8a038af7cd3defa903c0a2238b3 \ + --hash=sha256:4cf5785e44e19dcd32a0e4807555e1e9a9b8d475c6afff3d21c3c543a6aa84f4 \ + --hash=sha256:4dc0e7be79e95d8ba3435d193e0d8ce372f47f774cffd882f88ea4e1e1ddc731 \ + --hash=sha256:5451606823a5e73dfa621a89948096c6528e2896e40b39248295d3a0138d594f \ + --hash=sha256:57d75524cb1c5a374958a2eae3d84e1929bb971204cc9d52213fb8589183fc19 \ + --hash=sha256:5aa2687b9935da3ed89c5dbed5234576589dd28d0bf7cd237501ccfbdf1ad608 \ + --hash=sha256:5e1a106f8c023d57a2a903e771228bf5c5b27b5d692088f457acacd3b54511e4 \ + --hash=sha256:65f81a25805f3659b48126b5053d9e823d3215e4a63730b5e1671852a1705921 \ + --hash=sha256:6c62eea7f607f122069b9bad3f99489ddca1a5173bef8a0c75555d7488b6f725 \ + --hash=sha256:6e5c2f74e5df33479b5cd4e97a9104c511518fbd979aa9b8f6aec18b2e9ecae7 \ + --hash=sha256:709559a1db68a9abc3b2c8672c4badf1614f3b440b3ab326d86a5c0491eafae3 \ + --hash=sha256:744d977daa4becb9fc59135e75c069f8d301a87d64f88f1e602a9ecf51e77b27 \ + --hash=sha256:796a5a9ad36fa3a782375db8f4241ab02a091308eb079746bc0f874c9b998318 \ + --hash=sha256:81929ed0fa7a5713fcdd8b2e6f73697d3b4c4816d090dd34ff937c20fa90e8ab \ + --hash=sha256:81b433bbeaf35728dad619afc002db9b189e45eebe2cd676effe1fb93fef2b9c \ + --hash=sha256:8503517c44c18d1030d666cb70aaac1cc8913608816e06742498833b128488b7 \ + --hash=sha256:85764fb15a2ad994e708258bb4ed8290d1305c62a4e1ef07c414356a24fcfbf8 \ + --hash=sha256:886cc81fdb4c6903a3bb0464047c25a6d1016fef77bb97949817d0c0d79f9e04 \ + --hash=sha256:89728678c5ca5abd610aee148c199ac1afb16e19844401ca97d43dc548a354eb \ + --hash=sha256:8dfbb25dffc4c3dd9371d8ab456ca81beeaf6f9e1c2119f179392f0dc1ab7695 \ + --hash=sha256:978d8311674b05a8f7ff2ea6c6bce5d8b45a0cb09d4c5793e0318f448613ea65 \ + --hash=sha256:adccd93a2fa937a27aae826d33e3bfa5edf9aa672376a4852d23a7cd67a2e5b7 \ + --hash=sha256:bcc12db731858abda693cecdb3bdc9e6d4bd200213f49d224fe22df82687bdd6 \ + --hash=sha256:c033fa32bab91dc98ca59d0cf23bb876454e2bb02cbe592d5023138778f70030 \ + --hash=sha256:c0c804d60492a0aad7f5b2bb1862f4548b990049e27e828391ff2bf6f7199998 \ + --hash=sha256:c24fa02f7ed23ae514460a22c57eca8f530dbfa50b1cfdbf4f37c05b5309cc39 \ + --hash=sha256:ca66d980469cb623b1759bdd6e9fd97d4e33a9fad5b33771ced24d0cb24df67e \ + --hash=sha256:cb18899127278058bcc09e7b9966d41a5a43740b5bb8dcba401bd983f82e885b \ + --hash=sha256:cc1d2f2fd48ba1e0620554fe5bc44d3e8f5d4185c8c109c7fbdf5af2792cfad2 \ + --hash=sha256:d85495cef541729a70cdddbbf3e6b903421bc1af3e8e3a9a72a06751f33b7c39 \ + --hash=sha256:d8da7c3dd67bcd93f15618938f43ed0995982eb38973023d46d4646c4283ad65 \ + --hash=sha256:dc54f76ac18073bcecffb98d93f03ed6b81a92ef91b5d3b135dcc81d55a724c7 \ + --hash=sha256:e756d688cb03fd07de0fffad475649b03cb89bee696c98ce508b17c11a03f95c \ + --hash=sha256:e7cc1ffcc230f568549fc56670bcf3df1884c30bd652c5da8138199c8c76dae0 \ + --hash=sha256:e8fd15fc5085ab4cca74cb91fe0a4263b1f32e4420761ddae531ad60934c2119 \ + --hash=sha256:f006e323874ffd0b0b816d8c6a8e7f9a73d55ab3b8c3f72b752b226d0e3ac83d \ + --hash=sha256:f0ebb7204f063fad87fc0a0e4ff4a2ff40b2a226e4ba1b7e34bf4b79bf97cd86 \ + --hash=sha256:f1b9e5962656f2734c2b285a8745358ecb4e4efbadd00208c80a389227ec61ff \ + --hash=sha256:f23634f9e5adb51b2a77766dac217063e764337fbc816aa8ad9aaebcd4397fd3 \ + --hash=sha256:f7b8013c6c066609577d910d1a2a077021727af07b6fab0ee22c2f901f22352a \ + --hash=sha256:f8a5d6cd147acecc2603fbd382fed6c46f474cccfcf69ea32582e033fb54dcfe \ + --hash=sha256:f965bbf3235b01c776115ab18f092a95aa74c271a52577bcb0563e85738fd618 \ + --hash=sha256:fedc2cbd1baed37474b1924c331b97bdff611d762c196fac1a9b71e67b813b1b + # via + # scikit-learn + # ssvc +semver==3.0.4 \ + --hash=sha256:9c824d87ba7f7ab4a1890799cec8596f15c1241cb473404ea1cb0c55e4b04746 \ + --hash=sha256:afc7d8c584a5ed0a11033af086e8af226a9c0b206f313e0301f8dd7b6b589602 + # via ssvc +setuptools==80.9.0 \ + --hash=sha256:062d34222ad13e0cc312a4c02d73f059e86a4acbfbdea8f8f76b28c99f306922 \ + --hash=sha256:f36b47402ecde768dbfafc46e8e4207b4360c654f1f3bb84475f0a28628fb19c + # via mkdocs-bibtex +six==1.17.0 \ + --hash=sha256:4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274 \ + --hash=sha256:ff70335d468e7eb6ec65b95b99d3a2836546063f63acc5171de367e834932a81 + # via python-dateutil +tabulate==0.9.0 \ + --hash=sha256:0095b12bf5966de529c0feb1fa08671671b3368eec77d7ef7ab114be2c068b3c \ + --hash=sha256:024ca478df22e9340661486f85298cff5f6dcdba14f3813e8830015b9ed1948f + # via mkdocs-table-reader-plugin +thefuzz==0.22.1 \ + --hash=sha256:59729b33556850b90e1093c4cf9e618af6f2e4c985df193fdf3c5b5cf02ca481 \ + --hash=sha256:7138039a7ecf540da323792d8592ef9902b1d79eb78c147d4f20664de79f3680 + # via ssvc +threadpoolctl==3.6.0 \ + --hash=sha256:43a0b8fd5a2928500110039e43a5eed8480b918967083ea48dc3ab9f13c4a7fb \ + --hash=sha256:8ab8b4aa3491d812b623328249fab5302a68d2d71745c8a4c719a2fcaba9f44e + # via scikit-learn +typing-extensions==4.14.1 \ + --hash=sha256:38b39f4aeeab64884ce9f74c94263ef78f3c22467c8724005483154c26648d36 \ + --hash=sha256:d1e1e3b58374dc93031d6eda2420a48ea44a36c2b4766a4fdeb3710755731d76 + # via + # mkdocstrings-python + # pydantic + # pydantic-core + # referencing + # typing-inspection +typing-inspection==0.4.1 \ + --hash=sha256:389055682238f53b04f7badcb49b989835495a96700ced5dab2d8feae4b26f51 \ + --hash=sha256:6ae134cc0203c33377d43188d4064e9b357dba58cff3185f22924610e70a9d28 + # via pydantic +tzdata==2025.2 \ + --hash=sha256:1a403fada01ff9221ca8044d701868fa132215d84beb92242d9acd2147f667a8 \ + --hash=sha256:b60a638fcc0daffadf82fe0f57e53d06bdec2f36c4df66280ae79bce6bd6f2b9 + # via pandas +urllib3==2.5.0 \ + --hash=sha256:3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760 \ + --hash=sha256:e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc + # via + # requests + # responses +validators==0.35.0 \ + --hash=sha256:992d6c48a4e77c81f1b4daba10d16c3a9bb0dbb79b3a19ea847ff0928e70497a \ + --hash=sha256:e8c947097eae7892cb3d26868d637f79f47b4a0554bc6b80065dfe5aac3705dd + # via mkdocs-bibtex +watchdog==6.0.0 \ + --hash=sha256:07df1fdd701c5d4c8e55ef6cf55b8f0120fe1aef7ef39a1c6fc6bc2e606d517a \ + --hash=sha256:20ffe5b202af80ab4266dcd3e91aae72bf2da48c0d33bdb15c66658e685e94e2 \ + --hash=sha256:212ac9b8bf1161dc91bd09c048048a95ca3a4c4f5e5d4a7d1b1a7d5752a7f96f \ + --hash=sha256:2cce7cfc2008eb51feb6aab51251fd79b85d9894e98ba847408f662b3395ca3c \ + --hash=sha256:490ab2ef84f11129844c23fb14ecf30ef3d8a6abafd3754a6f75ca1e6654136c \ + --hash=sha256:6eb11feb5a0d452ee41f824e271ca311a09e250441c262ca2fd7ebcf2461a06c \ + --hash=sha256:6f10cb2d5902447c7d0da897e2c6768bca89174d0c6e1e30abec5421af97a5b0 \ + --hash=sha256:7607498efa04a3542ae3e05e64da8202e58159aa1fa4acddf7678d34a35d4f13 \ + --hash=sha256:76aae96b00ae814b181bb25b1b98076d5fc84e8a53cd8885a318b42b6d3a5134 \ + --hash=sha256:82dc3e3143c7e38ec49d61af98d6558288c415eac98486a5c581726e0737c00e \ + --hash=sha256:9041567ee8953024c83343288ccc458fd0a2d811d6a0fd68c4c22609e3490379 \ + --hash=sha256:9513f27a1a582d9808cf21a07dae516f0fab1cf2d7683a742c498b93eedabb11 \ + --hash=sha256:9ddf7c82fda3ae8e24decda1338ede66e1c99883db93711d8fb941eaa2d8c282 \ + --hash=sha256:a175f755fc2279e0b7312c0035d52e27211a5bc39719dd529625b1930917345b \ + --hash=sha256:a1914259fa9e1454315171103c6a30961236f508b9b623eae470268bbcc6a22f \ + --hash=sha256:afd0fe1b2270917c5e23c2a65ce50c2a4abb63daafb0d419fde368e272a76b7c \ + --hash=sha256:bc64ab3bdb6a04d69d4023b29422170b74681784ffb9463ed4870cf2f3e66112 \ + --hash=sha256:bdd4e6f14b8b18c334febb9c4425a878a2ac20efd1e0b231978e7b150f92a948 \ + --hash=sha256:c7ac31a19f4545dd92fc25d200694098f42c9a8e391bc00bdd362c5736dbf881 \ + --hash=sha256:c7c15dda13c4eb00d6fb6fc508b3c0ed88b9d5d374056b239c4ad1611125c860 \ + --hash=sha256:c897ac1b55c5a1461e16dae288d22bb2e412ba9807df8397a635d88f671d36c3 \ + --hash=sha256:cbafb470cf848d93b5d013e2ecb245d4aa1c8fd0504e863ccefa32445359d680 \ + --hash=sha256:d1cdb490583ebd691c012b3d6dae011000fe42edb7a82ece80965b42abd61f26 \ + --hash=sha256:e3df4cbb9a450c6d49318f6d14f4bbc80d763fa587ba46ec86f99f9e6876bb26 \ + --hash=sha256:ef810fbf7b781a5a593894e4f439773830bdecb885e6880d957d5b9382a960d2 + # via mkdocs +wcmatch==10.1 \ + --hash=sha256:5848ace7dbb0476e5e55ab63c6bbd529745089343427caa5537f230cc01beb8a \ + --hash=sha256:f11f94208c8c8484a16f4f48638a85d771d9513f4ab3f37595978801cb9465af + # via mkdocs-include-markdown-plugin From 7de36b0474dd2f6dc526dfc989875cc9db6f0d66 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 19 Aug 2025 12:40:46 -0400 Subject: [PATCH 267/468] bump python version to 3.11 --- requirements.txt | 254 +++--------------------------------- src/pyproject.toml | 9 +- src/uv.lock | 313 ++++++++------------------------------------- 3 files changed, 78 insertions(+), 498 deletions(-) diff --git a/requirements.txt b/requirements.txt index 34093b13..049e2647 100644 --- a/requirements.txt +++ b/requirements.txt @@ -34,9 +34,7 @@ certifi==2025.8.3 \ # via requests charset-normalizer==3.4.3 \ --hash=sha256:00237675befef519d9af72169d8604a067d92755e84fe76492fef5441db05b91 \ - --hash=sha256:02425242e96bcf29a49711b0ca9f37e451da7c70562bc10e8ed992a5a7a25cc0 \ --hash=sha256:027b776c26d38b7f15b26a5da1044f376455fb3766df8fc38563b4efbc515154 \ - --hash=sha256:07a0eae9e2787b586e129fdcbe1af6997f8d0e5abaa0bc98c0e20e124d67e601 \ --hash=sha256:0cacf8f7297b0c4fcb74227692ca46b4a5852f8f4f24b3c766dd94a1075c4884 \ --hash=sha256:0e78314bdc32fa80696f72fa16dc61168fda4d6a0c014e0380f9d02f0e5d8a07 \ --hash=sha256:13faeacfe61784e2559e690fc53fa4c5ae97c6fcedb8eb6fb8d0a15b475d2c64 \ @@ -56,7 +54,6 @@ charset-normalizer==3.4.3 \ --hash=sha256:416175faf02e4b0810f1f38bcb54682878a4af94059a1cd63b8747244420801f \ --hash=sha256:41d1fc408ff5fdfb910200ec0e74abc40387bccb3252f3f27c0676731df2b2c8 \ --hash=sha256:42e5088973e56e31e4fa58eb6bd709e42fc03799c11c42929592889a2e54c491 \ - --hash=sha256:4ca4c094de7771a98d7fbd67d9e5dbf1eb73efa4f744a730437d8a3a5cf994f0 \ --hash=sha256:53cd68b185d98dde4ad8990e56a58dea83a4162161b1ea9272e5c9182ce415e0 \ --hash=sha256:585f3b2a80fbd26b048a0be90c5aae8f06605d3c92615911c3a2b03a8a3b796f \ --hash=sha256:6aab0f181c486f973bc7262a97f5aca3ee7e1437011ef0c2ec04b5a11d16c927 \ @@ -64,8 +61,6 @@ charset-normalizer==3.4.3 \ --hash=sha256:6fb70de56f1859a3f71261cbe41005f56a7842cc348d3aeb26237560bfa5e0ce \ --hash=sha256:6fce4b8500244f6fcb71465d4a4930d132ba9ab8e71a7859e6a5d59851068d14 \ --hash=sha256:73dc19b562516fc9bcf6e5d6e596df0b4eb98d87e4f79f3ae71840e6ed21361c \ - --hash=sha256:74d77e25adda8581ffc1c720f1c81ca082921329452eba58b16233ab1842141c \ - --hash=sha256:78deba4d8f9590fe4dae384aeff04082510a709957e968753ff3c48399f6f92a \ --hash=sha256:86df271bf921c2ee3818f0522e9a5b8092ca2ad8b065ece5d7d9d0e9f4849bcc \ --hash=sha256:8dcfc373f888e4fb39a7bc57e93e3b845e7f462dacc008d9749568b1c4ece096 \ --hash=sha256:939578d9d8fd4299220161fdd76e86c6a251987476f5243e8864a7844476ba14 \ @@ -74,20 +69,14 @@ charset-normalizer==3.4.3 \ --hash=sha256:b89bc04de1d83006373429975f8ef9e7932534b8cc9ca582e4db7d20d91816db \ --hash=sha256:bd28b817ea8c70215401f657edef3a8aa83c29d447fb0b622c35403780ba11d5 \ --hash=sha256:c6dbd0ccdda3a2ba7c2ecd9d77b37f3b5831687d8dc1b6ca5f56a4880cc7b7ce \ - --hash=sha256:c6e490913a46fa054e03699c70019ab869e990270597018cef1d8562132c2669 \ - --hash=sha256:c6f162aabe9a91a309510d74eeb6507fab5fff92337a15acbe77753d88d9dcf0 \ --hash=sha256:c6fd51128a41297f5409deab284fecbe5305ebd7e5a1f959bee1c054622b7018 \ --hash=sha256:cc34f233c9e71701040d772aa7490318673aa7164a0efe3172b2981218c26d93 \ - --hash=sha256:cc9370a2da1ac13f0153780040f465839e6cccb4a1e44810124b4e22483c93fe \ --hash=sha256:ccf600859c183d70eb47e05a44cd80a4ce77394d1ac0f79dbd2dd90a69a3a049 \ --hash=sha256:ce571ab16d890d23b5c278547ba694193a45011ff86a9162a71307ed9f86759a \ --hash=sha256:cf1ebb7d78e1ad8ec2a8c4732c7be2e736f6e5123a4146c5b89c9d1f585f8cef \ - --hash=sha256:d0e909868420b7049dafd3a31d45125b31143eec59235311fc4c57ea26a4acd2 \ --hash=sha256:d716a916938e03231e86e43782ca7878fb602a125a91e7acb8b5112e2e96ac16 \ - --hash=sha256:d79c198e27580c8e958906f803e63cddb77653731be08851c7df0b1a14a8fc0f \ --hash=sha256:e28e334d3ff134e88989d90ba04b47d84382a828c061d0d1027b1b12a62b39b1 \ --hash=sha256:fb6fecfd65564f208cbf0fba07f107fb661bcd1a7c389edbced3f7a493f70e37 \ - --hash=sha256:fb7f67a1bfa6e40b438170ebdc8158b78dc465a5a67b6dde178a46987b244a72 \ --hash=sha256:fd10de089bcdcd1be95a2f73dbe6254798ec1bda9f450d5828c96f93e2536b9c \ --hash=sha256:fdabf8315679312cfa71302f9bd509ded4f2f263fb5b765cf1433b39106c3cc9 # via requests @@ -103,6 +92,7 @@ colorama==0.4.6 \ # griffe # mkdocs # mkdocs-material + # pytest ghp-import==2.1.0 \ --hash=sha256:8337dd7b50877f163d4c0289bc1f1c7f127550241988d568c1db512c4324a619 \ --hash=sha256:9c535c4c61193c2df8871222567d7fd7e5014d835f97dc7b7439069e2413d343 @@ -115,6 +105,10 @@ idna==3.10 \ --hash=sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9 \ --hash=sha256:946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3 # via requests +iniconfig==2.1.0 \ + --hash=sha256:3abbd2e30b36733fee78f9c7f7308f2d0050e88f0087fd25c2645f63c773e1c7 \ + --hash=sha256:9deba5723312380e77435581c6bf4935c94cbfab9b1ed33ef8d238ea168eb760 + # via pytest jinja2==3.1.6 \ --hash=sha256:0137fb05990d35f1275a587e9aee6d56da821fc83491a0fb838183be43f66d6d \ --hash=sha256:85ece4451f492d0c13c5dd7c13a64681a86afae63a5f347908daf103ce6d2f67 @@ -160,49 +154,39 @@ markupsafe==3.0.2 \ --hash=sha256:1e084f686b92e5b83186b07e8a17fc09e38fff551f3602b249881fec658d3eca \ --hash=sha256:2181e67807fc2fa785d0592dc2d6206c019b9502410671cc905d132a92866557 \ --hash=sha256:2cb8438c3cbb25e220c2ab33bb226559e7afb3baec11c4f218ffa7308603c832 \ - --hash=sha256:3809ede931876f5b2ec92eef964286840ed3540dadf803dd570c3b7e13141a3b \ - --hash=sha256:38a9ef736c01fccdd6600705b09dc574584b89bea478200c5fbf112a6b0d5579 \ --hash=sha256:3d79d162e7be8f996986c064d1c7c817f6df3a77fe3d6859f6f9e7be4b8c213a \ --hash=sha256:444dcda765c8a838eaae23112db52f1efaf750daddb2d9ca300bcae1039adc5c \ --hash=sha256:4aa4e5faecf353ed117801a068ebab7b7e09ffb6e1d5e412dc852e0da018126c \ --hash=sha256:52305740fe773d09cffb16f8ed0427942901f00adedac82ec8b67752f58a1b22 \ --hash=sha256:569511d3b58c8791ab4c2e1285575265991e6d8f8700c7be0e88f86cb0672094 \ - --hash=sha256:57cb5a3cf367aeb1d316576250f65edec5bb3be939e9247ae594b4bcbc317dfb \ --hash=sha256:5b02fb34468b6aaa40dfc198d813a641e3a63b98c2b05a16b9f80b7ec314185e \ --hash=sha256:6381026f158fdb7c72a168278597a5e3a5222e83ea18f543112b2662a9b699c5 \ - --hash=sha256:6af100e168aa82a50e186c82875a5893c5597a0c1ccdb0d8b40240b1f28b969a \ --hash=sha256:6c89876f41da747c8d3677a2b540fb32ef5715f97b66eeb0c6b66f5e3ef6f59d \ --hash=sha256:70a87b411535ccad5ef2f1df5136506a10775d267e197e4cf531ced10537bd6b \ - --hash=sha256:7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8 \ --hash=sha256:846ade7b71e3536c4e56b386c2a47adf5741d2d8b94ec9dc3e92e5e1ee1e2225 \ --hash=sha256:88416bd1e65dcea10bc7569faacb2c20ce071dd1f87539ca2ab364bf6231393c \ --hash=sha256:8e06879fc22a25ca47312fbe7c8264eb0b662f6db27cb2d3bbbc74b1df4b9b87 \ --hash=sha256:9025b4018f3a1314059769c7bf15441064b2207cb3f065e6ea1e7359cb46db9d \ --hash=sha256:93335ca3812df2f366e80509ae119189886b0f3c2b81325d39efdb84a1e2ae93 \ --hash=sha256:9778bd8ab0a994ebf6f84c2b949e65736d5575320a17ae8984a77fab08db94cf \ - --hash=sha256:9e2d922824181480953426608b81967de705c3cef4d1af983af849d7bd619158 \ --hash=sha256:a123e330ef0853c6e822384873bef7507557d8e4a082961e1defa947aa59ba84 \ --hash=sha256:a904af0a6162c73e3edcb969eeeb53a63ceeb5d8cf642fade7d39e7963a22ddb \ --hash=sha256:ad10d3ded218f1039f11a75f8091880239651b52e9bb592ca27de44eed242a48 \ - --hash=sha256:b424c77b206d63d500bcb69fa55ed8d0e6a3774056bdc4839fc9298a7edca171 \ --hash=sha256:b5a6b3ada725cea8a5e634536b1b01c30bcdcd7f9c6fff4151548d5bf6b3a36c \ --hash=sha256:ba8062ed2cf21c07a9e295d5b8a2a5ce678b913b45fdf68c32d95d6c1291e0b6 \ --hash=sha256:ba9527cdd4c926ed0760bc301f6728ef34d841f405abf9d4f959c478421e4efd \ - --hash=sha256:bbcb445fa71794da8f178f0f6d66789a28d7319071af7a496d4d507ed566270d \ --hash=sha256:bcf3e58998965654fdaff38e58584d8937aa3096ab5354d493c77d1fdd66d7a1 \ --hash=sha256:c0ef13eaeee5b615fb07c9a7dadb38eac06a0608b41570d8ade51c56539e509d \ --hash=sha256:cabc348d87e913db6ab4aa100f01b08f481097838bdddf7c7a84b7575b7309ca \ --hash=sha256:cdb82a876c47801bb54a690c5ae105a46b392ac6099881cdfb9f6e95e4014c6a \ --hash=sha256:d16a81a06776313e817c951135cf7340a3e91e8c1ff2fac444cfd75fffa04afe \ --hash=sha256:d8213e09c917a951de9d09ecee036d5c7d36cb6cb7dbaece4c71a60d79fb9798 \ - --hash=sha256:e07c3764494e3776c602c1e78e298937c3315ccc9043ead7e685b7f2b8d47b3c \ --hash=sha256:e17c96c14e19278594aa4841ec148115f9c7615a47382ecb6b82bd8fea3ab0c8 \ --hash=sha256:e444a31f8db13eb18ada366ab3cf45fd4b31e4db1236a4448f68778c1d1a5a2f \ --hash=sha256:e6a2a455bd412959b57a172ce6328d2dd1f01cb2135efda2e4576e8a23fa3b0f \ --hash=sha256:ee55d3edf80167e48ea11a923c7386f4669df67d7994554387f84e7d8b0a2bf0 \ --hash=sha256:f3818cb119498c0678015754eba762e0d61e5b52d34c8b13d770f0719f7b1d79 \ - --hash=sha256:f8b3d067f2e40fe93e1ccdd6b2e1d16c43140e76f02fb1319a05cf2b79d99430 \ - --hash=sha256:fcabf5ff6eea076f859677f5f0b6b5c1a51e70a376b0579e0eadef8db48c6b50 + --hash=sha256:f8b3d067f2e40fe93e1ccdd6b2e1d16c43140e76f02fb1319a05cf2b79d99430 # via # jinja2 # mkdocs @@ -277,67 +261,7 @@ networkx==3.4.2 \ --hash=sha256:307c3669428c5362aab27c8a1260aa8f47c4e91d3891f48be0141738d8d053e1 \ --hash=sha256:df5d4365b724cf81b8c6a7312509d0c22386097011ad1abe274afd5e9d3bbc5f # via ssvc -numpy==2.2.6 ; python_full_version < '3.11' \ - --hash=sha256:038613e9fb8c72b0a41f025a7e4c3f0b7a1b5d768ece4796b674c8f3fe13efff \ - --hash=sha256:0678000bb9ac1475cd454c6b8c799206af8107e310843532b04d49649c717a47 \ - --hash=sha256:0811bb762109d9708cca4d0b13c4f67146e3c3b7cf8d34018c722adb2d957c84 \ - --hash=sha256:0b605b275d7bd0c640cad4e5d30fa701a8d59302e127e5f79138ad62762c3e3d \ - --hash=sha256:0bca768cd85ae743b2affdc762d617eddf3bcf8724435498a1e80132d04879e6 \ - --hash=sha256:1bc23a79bfabc5d056d106f9befb8d50c31ced2fbc70eedb8155aec74a45798f \ - --hash=sha256:287cc3162b6f01463ccd86be154f284d0893d2b3ed7292439ea97eafa8170e0b \ - --hash=sha256:37c0ca431f82cd5fa716eca9506aefcabc247fb27ba69c5062a6d3ade8cf8f49 \ - --hash=sha256:37e990a01ae6ec7fe7fa1c26c55ecb672dd98b19c3d0e1d1f326fa13cb38d163 \ - --hash=sha256:389d771b1623ec92636b0786bc4ae56abafad4a4c513d36a55dce14bd9ce8571 \ - --hash=sha256:3d70692235e759f260c3d837193090014aebdf026dfd167834bcba43e30c2a42 \ - --hash=sha256:41c5a21f4a04fa86436124d388f6ed60a9343a6f767fced1a8a71c3fbca038ff \ - --hash=sha256:481b49095335f8eed42e39e8041327c05b0f6f4780488f61286ed3c01368d491 \ - --hash=sha256:4eeaae00d789f66c7a25ac5f34b71a7035bb474e679f410e5e1a94deb24cf2d4 \ - --hash=sha256:55a4d33fa519660d69614a9fad433be87e5252f4b03850642f88993f7b2ca566 \ - --hash=sha256:5a6429d4be8ca66d889b7cf70f536a397dc45ba6faeb5f8c5427935d9592e9cf \ - --hash=sha256:5bd4fc3ac8926b3819797a7c0e2631eb889b4118a9898c84f585a54d475b7e40 \ - --hash=sha256:5beb72339d9d4fa36522fc63802f469b13cdbe4fdab4a288f0c441b74272ebfd \ - --hash=sha256:6031dd6dfecc0cf9f668681a37648373bddd6421fff6c66ec1624eed0180ee06 \ - --hash=sha256:71594f7c51a18e728451bb50cc60a3ce4e6538822731b2933209a1f3614e9282 \ - --hash=sha256:74d4531beb257d2c3f4b261bfb0fc09e0f9ebb8842d82a7b4209415896adc680 \ - --hash=sha256:7befc596a7dc9da8a337f79802ee8adb30a552a94f792b9c9d18c840055907db \ - --hash=sha256:894b3a42502226a1cac872f840030665f33326fc3dac8e57c607905773cdcde3 \ - --hash=sha256:8e41fd67c52b86603a91c1a505ebaef50b3314de0213461c7a6e99c9a3beff90 \ - --hash=sha256:8e9ace4a37db23421249ed236fdcdd457d671e25146786dfc96835cd951aa7c1 \ - --hash=sha256:8fc377d995680230e83241d8a96def29f204b5782f371c532579b4f20607a289 \ - --hash=sha256:9551a499bf125c1d4f9e250377c1ee2eddd02e01eac6644c080162c0c51778ab \ - --hash=sha256:b0544343a702fa80c95ad5d3d608ea3599dd54d4632df855e4c8d24eb6ecfa1c \ - --hash=sha256:b093dd74e50a8cba3e873868d9e93a85b78e0daf2e98c6797566ad8044e8363d \ - --hash=sha256:b412caa66f72040e6d268491a59f2c43bf03eb6c96dd8f0307829feb7fa2b6fb \ - --hash=sha256:b4f13750ce79751586ae2eb824ba7e1e8dba64784086c98cdbbcc6a42112ce0d \ - --hash=sha256:b64d8d4d17135e00c8e346e0a738deb17e754230d7e0810ac5012750bbd85a5a \ - --hash=sha256:ba10f8411898fc418a521833e014a77d3ca01c15b0c6cdcce6a0d2897e6dbbdf \ - --hash=sha256:bd48227a919f1bafbdda0583705e547892342c26fb127219d60a5c36882609d1 \ - --hash=sha256:c1f9540be57940698ed329904db803cf7a402f3fc200bfe599334c9bd84a40b2 \ - --hash=sha256:c820a93b0255bc360f53eca31a0e676fd1101f673dda8da93454a12e23fc5f7a \ - --hash=sha256:ce47521a4754c8f4593837384bd3424880629f718d87c5d44f8ed763edd63543 \ - --hash=sha256:d042d24c90c41b54fd506da306759e06e568864df8ec17ccc17e9e884634fd00 \ - --hash=sha256:de749064336d37e340f640b05f24e9e3dd678c57318c7289d222a8a2f543e90c \ - --hash=sha256:e1dda9c7e08dc141e0247a5b8f49cf05984955246a327d4c48bda16821947b2f \ - --hash=sha256:e29554e2bef54a90aa5cc07da6ce955accb83f21ab5de01a62c8478897b264fd \ - --hash=sha256:e3143e4451880bed956e706a3220b4e5cf6172ef05fcc397f6f36a550b1dd868 \ - --hash=sha256:e8213002e427c69c45a52bbd94163084025f533a55a59d6f9c5b820774ef3303 \ - --hash=sha256:efd28d4e9cd7d7a8d39074a4d44c63eda73401580c5c76acda2ce969e0a38e83 \ - --hash=sha256:f0fd6321b839904e15c46e0d257fdd101dd7f530fe03fd6359c1ea63738703f3 \ - --hash=sha256:f1372f041402e37e5e633e586f62aa53de2eac8d98cbfb822806ce4bbefcb74d \ - --hash=sha256:f2618db89be1b4e05f7a1a847a9c1c0abd63e63a1607d892dd54668dd92faf87 \ - --hash=sha256:f447e6acb680fd307f40d3da4852208af94afdfab89cf850986c3ca00562f4fa \ - --hash=sha256:f92729c95468a2f4f15e9bb94c432a9229d0d50de67304399627a943201baa2f \ - --hash=sha256:f9f1adb22318e121c5c69a09142811a201ef17ab257a1e66ca3025065b7f53ae \ - --hash=sha256:fc0c5673685c508a142ca65209b4e79ed6740a4ed6b2267dbba90f34b0b3cfda \ - --hash=sha256:fc7b73d02efb0e18c000e9ad8b83480dfcd5dfd11065997ed4c6747470ae8915 \ - --hash=sha256:fd83c01228a688733f1ded5201c678f0c53ecc1006ffbc404db9f7a899ac6249 \ - --hash=sha256:fe27749d33bb772c80dcd84ae7e8df2adc920ae8297400dabec45f0dedb3f6de \ - --hash=sha256:fee4236c876c4e8369388054d02d0e9bb84821feb1a64dd59e137e6511a551f8 - # via - # pandas - # scikit-learn - # scipy -numpy==2.3.2 ; python_full_version >= '3.11' \ +numpy==2.3.2 \ --hash=sha256:07b62978075b67eee4065b166d000d457c82a1efe726cce608b9db9dd66a73a5 \ --hash=sha256:087ffc25890d89a43536f75c5fe8770922008758e8eeeef61733957041ed2f9b \ --hash=sha256:092aeb3449833ea9c0bf0089d70c29ae480685dd2377ec9cdbbb620257f84631 \ @@ -419,7 +343,9 @@ numpy==2.3.2 ; python_full_version >= '3.11' \ packaging==25.0 \ --hash=sha256:29572ef2b1f17581046b3a2227d5c611fb25ec70ca1ba8554b24b0e69331a484 \ --hash=sha256:d443872c98d677bf60f6a1f2f8c1cb748e8fe762d2bf9d3148b5599295b0fc4f - # via mkdocs + # via + # mkdocs + # pytest paginate==0.5.7 \ --hash=sha256:22bd083ab41e1a8b4f3690544afb2c60c25e5c9a63a30fa2f483f6c60c8e5945 \ --hash=sha256:b885e2af73abcf01d9559fd5216b57ef722f8c42affbb63942377668e35c7591 @@ -427,16 +353,11 @@ paginate==0.5.7 \ pandas==2.3.1 \ --hash=sha256:025e92411c16cbe5bb2a4abc99732a6b132f439b8aab23a59fa593eb00704232 \ --hash=sha256:0a95b9ac964fe83ce317827f80304d37388ea77616b1425f0ae41c9d2d0d7bb2 \ - --hash=sha256:0f951fbb702dacd390561e0ea45cdd8ecfa7fb56935eb3dd78e306c19104b9b0 \ - --hash=sha256:1b916a627919a247d865aed068eb65eb91a344b13f5b57ab9f610b7716c92de1 \ --hash=sha256:1c78cf43c8fde236342a1cb2c34bcff89564a7bfed7e474ed2fffa6aed03a956 \ - --hash=sha256:22c2e866f7209ebc3a8f08d75766566aae02bcc91d196935a1d9e59c7b990ac9 \ --hash=sha256:2b0540963d83431f5ce8870ea02a7430adca100cec8a050f0811f8e31035541b \ --hash=sha256:2ba6aff74075311fc88504b1db890187a3cd0f887a5b10f5525f8e2ef55bfdb9 \ - --hash=sha256:2eb789ae0274672acbd3c575b0598d213345660120a257b47b5dafdc618aec83 \ --hash=sha256:2f4d6feeba91744872a600e6edbbd5b033005b431d5ae8379abee5bcfa479fab \ --hash=sha256:3462c3735fe19f2638f2c3a40bd94ec2dc5ba13abbb032dd2fa1f540a075509d \ - --hash=sha256:3583d348546201aff730c8c47e49bc159833f971c2899d6097bce68b9112a4f1 \ --hash=sha256:4d544806b485ddf29e52d75b1f559142514e60ef58a832f74fb38e48d757b299 \ --hash=sha256:56a342b231e8862c96bdb6ab97170e203ce511f4d0429589c8ede1ee8ece48b8 \ --hash=sha256:5db9637dbc24b631ff3707269ae4559bce4b7fd75c1c4d7e13f40edc42df4444 \ @@ -453,12 +374,10 @@ pandas==2.3.1 \ --hash=sha256:ac942bfd0aca577bef61f2bc8da8147c4ef6879965ef883d8e8d5d2dc3e744b8 \ --hash=sha256:b3cd4273d3cb3707b6fffd217204c52ed92859533e31dc03b7c5008aa933aaab \ --hash=sha256:ca7ed14832bce68baef331f4d7f294411bed8efd032f8109d690df45e00c4679 \ - --hash=sha256:cd05b72ec02ebfb993569b4931b2e16fbb4d6ad6ce80224a3ee838387d83a191 \ --hash=sha256:e5635178b387bd2ba4ac040f82bc2ef6e6b500483975c4ebacd34bec945fda12 \ --hash=sha256:e6723a27ad7b244c0c79d8e7007092d7c8f0f11305770e2f4cd778b3ad5f9f85 \ --hash=sha256:ec6c851509364c59a5344458ab935e6451b31b818be467eb24b0fe89bd05b6b9 \ --hash=sha256:fe37e757f462d31a9cd7580236a82f353f5713a80e059a29753cf938c6775d96 \ - --hash=sha256:fe67dc676818c186d5a3d5425250e40f179c2a89145df477dd82945eaea89e97 \ --hash=sha256:fe7317f578c6a153912bd2292f02e40c1d8f253e93c599e82620c7f69755c74f # via # mkdocs-table-reader-plugin @@ -471,6 +390,10 @@ platformdirs==4.3.8 \ --hash=sha256:3d512d96e16bcb959a814c9f348431070822a6496326a4be0911c40b5a74c2bc \ --hash=sha256:ff7059bb7eb1179e2685604f4aaf157cfd9535242bd23742eadc3c13542139b4 # via mkdocs-get-deps +pluggy==1.6.0 \ + --hash=sha256:7dcc130b76258d33b90f61b658791dede3486c3e6bfb003ee5c9bfb396dd22f3 \ + --hash=sha256:e920276dd6813095e9377c0bc5566d94c932c33b27a3e3945d8389c374dd4746 + # via pytest pybtex==0.25.1 \ --hash=sha256:9053b0d619409a0a83f38abad5d9921de5f7b3ede00742beafcd9f10ad0d8c5c \ --hash=sha256:9eaf90267c7e83e225af89fea65c370afbf65f458220d3946a9e3049e1eca491 @@ -480,34 +403,23 @@ pydantic==2.11.7 \ --hash=sha256:dde5df002701f6de26248661f6835bbe296a47bf73990135c7d07ce741b9623b # via ssvc pydantic-core==2.33.2 \ - --hash=sha256:0069c9acc3f3981b9ff4cdfaf088e98d83440a4c7ea1bc07460af3d4dc22e72d \ - --hash=sha256:031c57d67ca86902726e0fae2214ce6770bbe2f710dc33063187a68744a5ecac \ - --hash=sha256:0405262705a123b7ce9f0b92f123334d67b70fd1f20a9372b907ce1080c7ba02 \ --hash=sha256:04a1a413977ab517154eebb2d326da71638271477d6ad87a769102f7c2488c56 \ - --hash=sha256:0a39979dcbb70998b0e505fb1556a1d550a0781463ce84ebf915ba293ccb7e22 \ --hash=sha256:0a9f2c9dd19656823cb8250b0724ee9c60a82f3cdf68a080979d13092a3b0fef \ - --hash=sha256:0e03262ab796d986f978f79c943fc5f620381be7287148b8010b4097f79a39ec \ - --hash=sha256:0e5b2671f05ba48b94cb90ce55d8bdcaaedb8ba00cc5359f6810fc918713983d \ --hash=sha256:0fb2d542b4d66f9470e8065c5469ec676978d625a8b7a363f07d9a501a9cb36a \ --hash=sha256:1082dd3e2d7109ad8b7da48e1d4710c8d06c253cbc4a27c1cff4fbcaa97a9e3f \ - --hash=sha256:1a8695a8d00c73e50bff9dfda4d540b7dee29ff9b8053e38380426a85ef10052 \ --hash=sha256:1e063337ef9e9820c77acc768546325ebe04ee38b08703244c1309cccc4f1bab \ --hash=sha256:1ea40a64d23faa25e62a70ad163571c0b342b8bf66d5fa612ac0dec4f069d916 \ - --hash=sha256:2058a32994f1fde4ca0480ab9d1e75a0e8c87c22b53a3ae66554f9af78f2fe8c \ --hash=sha256:235f45e5dbcccf6bd99f9f472858849f73d11120d76ea8707115415f8e5ebebf \ --hash=sha256:2b0a451c263b01acebe51895bfb0e1cc842a5c666efe06cdf13846c7418caa9a \ - --hash=sha256:2b3d326aaef0c0399d9afffeb6367d5e26ddc24d351dbc9c636840ac355dc5d8 \ --hash=sha256:2bfb5112df54209d820d7bf9317c7a6c9025ea52e49f46b6a2060104bba37de7 \ --hash=sha256:2f82865531efd18d6e07a04a17331af02cb7a651583c418df8266f17a63c6612 \ --hash=sha256:329467cecfb529c925cf2bbd4d60d2c509bc2fb52a20c1045bf09bb70971a9c1 \ --hash=sha256:3c6db6e52c6d70aa0d00d45cdb9b40f0433b96380071ea80b09277dba021ddf7 \ --hash=sha256:3dc625f4aa79713512d1976fe9f0bc99f706a9dee21dfd1810b4bbbf228d0e8a \ - --hash=sha256:4b25d91e288e2c4e0662b8038a28c6a07eaac3e196cfc4ff69de4ea3db992a1b \ --hash=sha256:4c5b0a576fb381edd6d27f0a85915c6daf2f8138dc5c267a57c08a62900758c7 \ --hash=sha256:4e61206137cbc65e6d5256e1166f88331d3b6238e082d9f74613b9b765fb9025 \ --hash=sha256:52fb90784e0a242bb96ec53f42196a17278855b0f31ac7c3cc6f5c1ec4811849 \ --hash=sha256:572c7e6c8bb4774d2ac88929e3d1f12bc45714ae5ee6d9a788a9fb35e60bb04b \ - --hash=sha256:5c4aa4e82353f65e548c476b37e64189783aa5384903bfea4f41580f255fddfa \ --hash=sha256:5c92edd15cd58b3c2d34873597a1e20f13094f59cf88068adb18947df5455b4e \ --hash=sha256:5f483cfb75ff703095c59e365360cb73e00185e01aaea067cd19acffd2ab20ea \ --hash=sha256:61c18fba8e5e9db3ab908620af374db0ac1baa69f0f32df4f61ae23f15e586ac \ @@ -515,23 +427,17 @@ pydantic-core==2.33.2 \ --hash=sha256:64632ff9d614e5eecfb495796ad51b0ed98c453e447a76bcbeeb69615079fc7e \ --hash=sha256:65132b7b4a1c0beded5e057324b7e16e10910c106d43675d9bd87d4f38dde162 \ --hash=sha256:6b99022f1d19bc32a4c2a0d544fc9a76e3be90f0b3f4af413f87d38749300e65 \ - --hash=sha256:6bdfe4b3789761f3bcb4b1ddf33355a71079858958e3a552f16d5af19768fef2 \ - --hash=sha256:73662edf539e72a9440129f231ed3757faab89630d291b784ca99237fb94db2b \ --hash=sha256:73cf6373c21bc80b2e0dc88444f41ae60b2f070ed02095754eb5a01df12256de \ --hash=sha256:7cb8bc3605c29176e1b105350d2e6474142d7c1bd1d9327c4a9bdb46bf827acc \ --hash=sha256:82f68293f055f51b51ea42fafc74b6aad03e70e191799430b90c13d643059ebb \ - --hash=sha256:87b31b6846e361ef83fedb187bb5b4372d0da3f7e28d85415efa92d6125d6e6d \ --hash=sha256:881b21b5549499972441da4758d662aeea93f1923f953e9cbaff14b8b9565aef \ --hash=sha256:8f57a69461af2a5fa6e6bbd7a5f60d3b7e6cebb687f55106933188e79ad155c1 \ --hash=sha256:95237e53bb015f67b63c91af7518a62a8660376a6a0db19b89acc77a4d6199f5 \ --hash=sha256:96081f1605125ba0855dfda83f6f3df5ec90c61195421ba72223de35ccfb2f88 \ --hash=sha256:9cb1da0f5a471435a7bc7e439b8a728e8b61e59784b2af70d7c169f8dd8ae290 \ --hash=sha256:9fdac5d6ffa1b5a83bca06ffe7583f5576555e6c8b3a91fbd25ea7780f825f7d \ - --hash=sha256:a11c8d26a50bfab49002947d3d237abe4d9e4b5bdc8846a63537b6488e197808 \ --hash=sha256:a144d4f717285c6d9234a66778059f33a89096dfb9b39117663fd8413d582dcc \ --hash=sha256:a7ec89dc587667f22b6a0b6579c249fca9026ce7c333fc142ba42411fa243cdc \ - --hash=sha256:aa9d91b338f2df0508606f7009fde642391425189bba6d8c653afd80fd6bb64e \ - --hash=sha256:b0379a2b24882fef529ec3b4987cb5d003b9cda32256024e6fe1586ac45fc640 \ --hash=sha256:bc7aee6f634a6f4a95676fcb5d6559a2c2a390330098dba5e5a5f28a2e4ada30 \ --hash=sha256:bdc25f3681f7b78572699569514036afe3c243bc3059d3942624e936ec93450e \ --hash=sha256:c083a3bdd5a93dfe480f1125926afcdbf2917ae714bdb80b36d34318b2bec5d9 \ @@ -539,9 +445,7 @@ pydantic-core==2.33.2 \ --hash=sha256:c52b02ad8b4e2cf14ca7b3d918f3eb0ee91e63b3167c32591e57c4317e134f8f \ --hash=sha256:c8e7af2f4e0194c22b5b37205bfb293d166a7344a5b0d0eaccebc376546d77d5 \ --hash=sha256:cca3868ddfaccfbc4bfb1d608e2ccaaebe0ae628e1416aeb9c4d88c001bb45ab \ - --hash=sha256:d53b22f2032c42eaaf025f7c40c2e3b94568ae077a606f006d206a463bc69572 \ --hash=sha256:d87c561733f66531dced0da6e864f44ebf89a8fba55f31407b00c2f7f9449593 \ - --hash=sha256:d946c8bf0d5c24bf4fe333af284c59a19358aa3ec18cb3dc4370080da1e8ad29 \ --hash=sha256:db4b41f9bd95fbe5acd76d89920336ba96f03e149097365afe1cb092fceb89a1 \ --hash=sha256:dc46a01bf8d62f227d5ecee74178ffc448ff4e5197c756331f71efcc66dc980f \ --hash=sha256:dd14041875d09cc0f9308e37a6f8b65f5585cf2598a53aa0123df8b129d481f8 \ @@ -549,19 +453,18 @@ pydantic-core==2.33.2 \ --hash=sha256:e799c050df38a639db758c617ec771fd8fb7a5f8eaaa4b27b101f266b216a246 \ --hash=sha256:e80b087132752f6b3d714f041ccf74403799d3b23a72722ea2e6ba2e892555b9 \ --hash=sha256:eb8c529b2819c37140eb51b914153063d27ed88e3bdc31b71198a198e921e011 \ - --hash=sha256:efec8db3266b76ef9607c2c4c419bdb06bf335ae433b80816089ea7585816f6a \ --hash=sha256:f517ca031dfc037a9c07e748cefd8d96235088b83b4f4ba8939105d20fa1dcd6 \ --hash=sha256:f889f7a40498cc077332c7ab6b4608d296d852182211787d4f3ee377aaae66e8 \ - --hash=sha256:f8de619080e944347f5f20de29a975c2d815d9ddd8be9b9b7268e2e3ef68605a \ --hash=sha256:f941635f2a3d96b2973e867144fde513665c87f13fe0e193c158ac51bfaaa7b2 \ - --hash=sha256:fa754d1850735a0b0e03bcffd9d4b4343eb417e47196e4485d9cca326073a42c \ --hash=sha256:fa854f5cf7e33842a892e5c73f45327760bc7bc516339fda888c75ae60edaeb6 \ --hash=sha256:fe5b32187cbc0c862ee201ad66c30cf218e5ed468ec8dc1cf49dec66e160cc4d # via pydantic pygments==2.19.2 \ --hash=sha256:636cb2477cec7f8952536970bc533bc43743542f70392ae026374600add5b887 \ --hash=sha256:86540386c03d588bb81d44bc3928634ff26449851e99741617ecb9037ee5ec0b - # via mkdocs-material + # via + # mkdocs-material + # pytest pymdown-extensions==10.16.1 \ --hash=sha256:aace82bcccba3efc03e25d584e6a22d27a8e17caa3f4dd9f207e49b787aa9a91 \ --hash=sha256:d6ba157a6c03146a7fb122b2b9a121300056384eafeec9c9f9e584adfdb2a32d @@ -573,6 +476,9 @@ pypandoc==1.15 \ --hash=sha256:4ededcc76c8770f27aaca6dff47724578428eca84212a31479403a9731fc2b16 \ --hash=sha256:ea25beebe712ae41d63f7410c08741a3cab0e420f6703f95bc9b3a749192ce13 # via mkdocs-bibtex +pytest==8.4.1 \ + --hash=sha256:539c70ba6fcead8e78eebbf1115e8b589e7565830d7d006a8723f19ac8a0afb7 \ + --hash=sha256:7c67fd69174877359ed9371ec3af8a3d2b04741818c51e5e99cc1742251fa93c python-dateutil==2.9.0.post0 \ --hash=sha256:37dd54208da7e1cd875388217d5e00ebd4179249f90fb72437e91a35459a0ad3 \ --hash=sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427 @@ -585,15 +491,11 @@ pytz==2025.2 \ # via pandas pyyaml==6.0.2 \ --hash=sha256:0833f8694549e586547b576dcfaba4a6b55b9e96098b36cdc7ebefe667dfed48 \ - --hash=sha256:0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086 \ --hash=sha256:0ffe8360bab4910ef1b9e87fb812d8bc0a308b0d0eef8c8f44e0254ab3b07133 \ --hash=sha256:11d8f3dd2b9c1207dcaf2ee0bbbfd5991f571186ec9cc78427ba5bd32afae4b5 \ --hash=sha256:17e311b6c678207928d649faa7cb0d7b4c26a0ba73d41e99c4fff6b6c3276484 \ --hash=sha256:1e2120ef853f59c7419231f3bf4e7021f1b936f6ebd222406c3b60212205d2ee \ --hash=sha256:1f71ea527786de97d1a0cc0eacd1defc0985dcf6b3f17bb77dcfc8c34bec4dc5 \ - --hash=sha256:23502f431948090f597378482b4812b0caae32c22213aecf3b55325e049a6c68 \ - --hash=sha256:29717114e51c84ddfba879543fb232a6ed60086602313ca38cce623c1d62cfbf \ - --hash=sha256:2e99c6826ffa974fe6e27cdb5ed0021786b03fc98e5ee3c5bfe1fd5015f42b99 \ --hash=sha256:3ad2a3decf9aaba3d29c8f537ac4b243e36bef957511b4766cb0057d32b0be85 \ --hash=sha256:41e4e3953a79407c794916fa277a82531dd93aad34e29c2a514c2c0c5fe971cc \ --hash=sha256:50187695423ffe49e2deacb8cd10510bc361faac997de9efef88badc3bb9e2d1 \ @@ -602,22 +504,17 @@ pyyaml==6.0.2 \ --hash=sha256:68ccc6023a3400877818152ad9a1033e3db8625d899c72eacb5a668902e4d652 \ --hash=sha256:70b189594dbe54f75ab3a1acec5f1e3faa7e8cf2f1e08d9b561cb41b845f69d5 \ --hash=sha256:797b4f722ffa07cc8d62053e4cff1486fa6dc094105d13fea7b1de7d8bf71c9e \ - --hash=sha256:7c36280e6fb8385e520936c3cb3b8042851904eba0e58d277dca80a5cfed590b \ --hash=sha256:7e7401d0de89a9a855c839bc697c079a4af81cf878373abd7dc625847d25cbd8 \ --hash=sha256:80bab7bfc629882493af4aa31a4cfa43a4c57c83813253626916b8c7ada83476 \ --hash=sha256:8388ee1976c416731879ac16da0aff3f63b286ffdd57cdeb95f3f2e085687563 \ - --hash=sha256:8824b5a04a04a047e72eea5cec3bc266db09e35de6bdfe34c9436ac5ee27d237 \ --hash=sha256:8b9c7197f7cb2738065c481a0461e50ad02f18c78cd75775628afb4d7137fb3b \ - --hash=sha256:936d68689298c36b53b29f23c6dbb74de12b4ac12ca6cfe0e047bedceea56180 \ --hash=sha256:9b22676e8097e9e22e36d6b7bda33190d0d400f345f23d4065d48f4ca7ae0425 \ - --hash=sha256:a4d3091415f010369ae4ed1fc6b79def9416358877534caf6a0fdd2146c87a3e \ --hash=sha256:bc2fa7c6b47d6bc618dd7fb02ef6fdedb1090ec036abab80d4681424b84c1183 \ --hash=sha256:c70c95198c015b85feafc136515252a261a84561b7b1d51e3384e0655ddf25ab \ --hash=sha256:cc1c1159b3d456576af7a3e4d1ba7e6924cb39de8f67111c735f6fc832082774 \ --hash=sha256:ce826d6ef20b1bc864f0a68340c8b3287705cae2f8b4b1d932177dcc76721725 \ --hash=sha256:d584d9ec91ad65861cc08d42e834324ef890a082e591037abe114850ff7bbc3e \ --hash=sha256:e10ce637b18caea04431ce14fabcf5c64a1c61ec9c56b071a4b7ca131ca52d44 \ - --hash=sha256:ec031d5d2feb36d1d1a24380e4db6d43695f3748343d99434e6f5f9156aaa2ed \ --hash=sha256:ef6107725bd54b262d6dedcc2af448a266975032bc85ef0172c5f059da6325b4 \ --hash=sha256:efdca5630322a10774e8e98e1af481aad470dd62c3170801852d752aa7a783ba \ --hash=sha256:ff3824dc5261f50c9b0dfb3be22b4567a6f938ccce4587b38952d85fd9e9afe4 @@ -647,37 +544,25 @@ rapidfuzz==3.13.0 \ --hash=sha256:25343ccc589a4579fbde832e6a1e27258bfdd7f2eb0f28cb836d6694ab8591fc \ --hash=sha256:2d18228a2390375cf45726ce1af9d36ff3dc1f11dce9775eae1f1b13ac6ec50f \ --hash=sha256:2fd0975e015b05c79a97f38883a11236f5a24cca83aa992bd2558ceaa5652b26 \ - --hash=sha256:3abe6a4e8eb4cfc4cda04dd650a2dc6d2934cbdeda5def7e6fd1c20f6e7d2a0b \ --hash=sha256:3b6f913ee4618ddb6d6f3e387b76e8ec2fc5efee313a128809fbd44e65c2bbb2 \ --hash=sha256:3f32f15bacd1838c929b35c84b43618481e1b3d7a61b5ed2db0291b70ae88b53 \ --hash=sha256:461fd13250a2adf8e90ca9a0e1e166515cbcaa5e9c3b1f37545cbbeff9e77f6b \ --hash=sha256:4671ee300d1818d7bdfd8fa0608580d7778ba701817216f0c17fb29e6b972514 \ --hash=sha256:4a1a6a906ba62f2556372282b1ef37b26bca67e3d2ea957277cfcefc6275cca7 \ --hash=sha256:5158da7f2ec02a930be13bac53bb5903527c073c90ee37804090614cab83c29e \ - --hash=sha256:5280be8fd7e2bee5822e254fe0a5763aa0ad57054b85a32a3d9970e9b09bbcbf \ - --hash=sha256:5435fcac94c9ecf0504bf88a8a60c55482c32e18e108d6079a0089c47f3f8cf6 \ --hash=sha256:558bf526bcd777de32b7885790a95a9548ffdcce68f704a81207be4a286c1095 \ --hash=sha256:57c390336cb50d5d3bfb0cfe1467478a15733703af61f6dffb14b1cd312a6fae \ --hash=sha256:5d4e13593d298c50c4f94ce453f757b4b398af3fa0fd2fde693c3e51195b7f69 \ --hash=sha256:5dc71ef23845bb6b62d194c39a97bb30ff171389c9812d83030c1199f319098c \ --hash=sha256:65cc97c2fc2c2fe23586599686f3b1ceeedeca8e598cfcc1b7e56dc8ca7e2aa7 \ --hash=sha256:694eb531889f71022b2be86f625a4209c4049e74be9ca836919b9e395d5e33b3 \ - --hash=sha256:6af42f2ede8b596a6aaf6d49fdee3066ca578f4856b85ab5c1e2145de367a12d \ - --hash=sha256:6c0efa73afbc5b265aca0d8a467ae2a3f40d6854cbe1481cb442a62b7bf23c99 \ --hash=sha256:6e2065f68fb1d0bf65adc289c1bdc45ba7e464e406b319d67bb54441a1b9da9e \ - --hash=sha256:7ac21489de962a4e2fc1e8f0b0da4aa1adc6ab9512fd845563fecb4b4c52093a \ - --hash=sha256:7d7cec4242d30dd521ef91c0df872e14449d1dffc2a6990ede33943b0dae56c3 \ - --hash=sha256:85c9a131a44a95f9cac2eb6e65531db014e09d89c4f18c7b1fa54979cb9ff1f3 \ - --hash=sha256:8c99b76b93f7b495eee7dcb0d6a38fb3ce91e72e99d9f78faa5664a881cb2b7d \ --hash=sha256:9093cdeb926deb32a4887ebe6910f57fbcdbc9fbfa52252c10b56ef2efb0289f \ - --hash=sha256:9256218ac8f1a957806ec2fb9a6ddfc6c32ea937c0429e88cf16362a20ed8602 \ - --hash=sha256:93a755266856599be4ab6346273f192acde3102d7aa0735e2f48b456397a041f \ --hash=sha256:98b8107ff14f5af0243f27d236bcc6e1ef8e7e3b3c25df114e91e3a99572da73 \ --hash=sha256:98e0bfa602e1942d542de077baf15d658bd9d5dcfe9b762aff791724c1c38b70 \ --hash=sha256:9a7c6232be5f809cd39da30ee5d24e6cadd919831e6020ec6c2391f4c3bc9264 \ --hash=sha256:9f5fe634c9482ec5d4a6692afb8c45d370ae86755e5f57aa6c50bfe4ca2bdd87 \ --hash=sha256:a9ad1f37894e3ffb76bbab76256e8a8b789657183870be11aa64e306bb5228fd \ - --hash=sha256:aafc42a1dc5e1beeba52cd83baa41372228d6d8266f6d803c16dbabbcc156255 \ --hash=sha256:ae4574cb66cf1e85d32bb7e9ec45af5409c5b3970b7ceb8dea90168024127566 \ --hash=sha256:b1b065f370d54551dcc785c6f9eeb5bd517ae14c983d2784c064b3aa525896df \ --hash=sha256:b5104b62711565e0ff6deab2a8f5dbf1fbe333c5155abe26d2cfd6f1849b6c87 \ @@ -687,25 +572,16 @@ rapidfuzz==3.13.0 \ --hash=sha256:bef86df6d59667d9655905b02770a0c776d2853971c0773767d5ef8077acd624 \ --hash=sha256:c2b3dd5d206a12deca16870acc0d6e5036abeb70e3cad6549c294eff15591527 \ --hash=sha256:c33f9c841630b2bb7e69a3fb5c84a854075bb812c47620978bddc591f764da3d \ - --hash=sha256:c523620d14ebd03a8d473c89e05fa1ae152821920c3ff78b839218ff69e19ca3 \ - --hash=sha256:cdb33ee9f8a8e4742c6b268fa6bd739024f34651a06b26913381b1413ebe7590 \ --hash=sha256:cfcccc08f671646ccb1e413c773bb92e7bba789e3a1796fd49d23c12539fe2e4 \ --hash=sha256:d25fdbce6459ccbbbf23b4b044f56fbd1158b97ac50994eaae2a1c0baae78301 \ --hash=sha256:d2eaf3839e52cbcc0accbe9817a67b4b0fcf70aaeb229cfddc1c28061f9ce5d8 \ --hash=sha256:d395a5cad0c09c7f096433e5fd4224d83b53298d53499945a9b0e5a971a84f3a \ --hash=sha256:d7a217310429b43be95b3b8ad7f8fc41aba341109dc91e978cd7c703f928c58f \ - --hash=sha256:d8cf5f7cd6e4d5eb272baf6a54e182b2c237548d048e2882258336533f3f02b7 \ --hash=sha256:df8e8c21e67afb9d7fbe18f42c6111fe155e801ab103c81109a61312927cc611 \ --hash=sha256:e05752418b24bbd411841b256344c26f57da1148c5509e34ea39c7eb5099ab72 \ - --hash=sha256:e1bdd2e6d0c5f9706ef7595773a81ca2b40f3b33fd7f9840b726fb00c6c4eb2e \ - --hash=sha256:e297c09972698c95649e89121e3550cee761ca3640cd005e24aaa2619175464e \ - --hash=sha256:e8ddb58961401da7d6f55f185512c0d6bd24f529a637078d41dd8ffa5a49c107 \ --hash=sha256:e9d824de871daa6e443b39ff495a884931970d567eb0dfa213d234337343835f \ --hash=sha256:ed6f416bda1c9133000009d84d9409823eb2358df0950231cc936e4bf784eb97 \ - --hash=sha256:ef0f5f03f61b0e5a57b1df7beafd83df993fd5811a09871bad6038d08e526d0d \ --hash=sha256:f70f646751b6aa9d05be1fb40372f006cc89d6aad54e9d79ae97bd1f5fce5203 \ - --hash=sha256:fd742c03885db1fce798a1cd87a20f47f144ccf26d75d52feb6f2bae3d57af05 \ - --hash=sha256:fe5790a36d33a5d0a6a1f802aa42ecae282bf29ac6f7506d8e12510847b82a45 \ --hash=sha256:fedd316c165beed6307bf754dee54d3faca2c47e1f3bcbd67595001dfa11e969 # via thefuzz referencing==0.36.2 \ @@ -735,55 +611,42 @@ rpds-py==0.27.0 \ --hash=sha256:0c431bfb91478d7cbe368d0a699978050d3b112d7f1d440a41e90faa325557fd \ --hash=sha256:0f401c369186a5743694dd9fc08cba66cf70908757552e1f714bfc5219c655b5 \ --hash=sha256:0f4f69d7a4300fbf91efb1fb4916421bd57804c01ab938ab50ac9c4aa2212f03 \ - --hash=sha256:130c1ffa5039a333f5926b09e346ab335f0d4ec393b030a18549a7c7e7c2cea4 \ --hash=sha256:13bbc4846ae4c993f07c93feb21a24d8ec637573d567a924b1001e81c8ae80f9 \ --hash=sha256:14f028eb47f59e9169bfdf9f7ceafd29dd64902141840633683d0bad5b04ff34 \ - --hash=sha256:15ea4d2e182345dd1b4286593601d766411b43f868924afe297570658c31a62b \ --hash=sha256:181bc29e59e5e5e6e9d63b143ff4d5191224d355e246b5a48c88ce6b35c4e466 \ --hash=sha256:183f5e221ba3e283cd36fdfbe311d95cd87699a083330b4f792543987167eff1 \ --hash=sha256:184f0d7b342967f6cda94a07d0e1fae177d11d0b8f17d73e06e36ac02889f303 \ --hash=sha256:190d7285cd3bb6d31d37a0534d7359c1ee191eb194c511c301f32a4afa5a1dd4 \ --hash=sha256:19c990fdf5acecbf0623e906ae2e09ce1c58947197f9bced6bbd7482662231c4 \ - --hash=sha256:1d66f45b9399036e890fb9c04e9f70c33857fd8f58ac8db9f3278cfa835440c3 \ --hash=sha256:203f581accef67300a942e49a37d74c12ceeef4514874c7cede21b012613ca2c \ --hash=sha256:20e222a44ae9f507d0f2678ee3dd0c45ec1e930f6875d99b8459631c24058aec \ - --hash=sha256:2406d034635d1497c596c40c85f86ecf2bf9611c1df73d14078af8444fe48031 \ --hash=sha256:249ab91ceaa6b41abc5f19513cb95b45c6f956f6b89f1fe3d99c81255a849f9e \ --hash=sha256:25a4aebf8ca02bbb90a9b3e7a463bbf3bee02ab1c446840ca07b1695a68ce424 \ --hash=sha256:27bac29bbbf39601b2aab474daf99dbc8e7176ca3389237a23944b17f8913d97 \ --hash=sha256:2cff9bdd6c7b906cc562a505c04a57d92e82d37200027e8d362518df427f96cd \ - --hash=sha256:2e39169ac6aae06dd79c07c8a69d9da867cef6a6d7883a0186b46bb46ccfb0c3 \ --hash=sha256:2fe6e18e5c8581f0361b35ae575043c7029d0a92cb3429e6e596c2cdde251432 \ --hash=sha256:3001013dae10f806380ba739d40dee11db1ecb91684febb8406a87c2ded23dae \ --hash=sha256:32196b5a99821476537b3f7732432d64d93a58d680a52c5e12a190ee0135d8b5 \ --hash=sha256:341d8acb6724c0c17bdf714319c393bb27f6d23d39bc74f94221b3e59fc31828 \ --hash=sha256:343cf24de9ed6c728abefc5d5c851d5de06497caa7ac37e5e65dd572921ed1b5 \ - --hash=sha256:36184b44bf60a480863e51021c26aca3dfe8dd2f5eeabb33622b132b9d8b8b54 \ --hash=sha256:3841f66c1ffdc6cebce8aed64e36db71466f1dc23c0d9a5592e2a782a3042c79 \ --hash=sha256:4045e2fc4b37ec4b48e8907a5819bdd3380708c139d7cc358f03a3653abedb89 \ - --hash=sha256:419dd9c98bcc9fb0242be89e0c6e922df333b975d4268faa90d58499fd9c9ebe \ --hash=sha256:42894616da0fc0dcb2ec08a77896c3f56e9cb2f4b66acd76fc8992c3557ceb1c \ --hash=sha256:4300e15e7d03660f04be84a125d1bdd0e6b2f674bc0723bc0fd0122f1a4585dc \ --hash=sha256:443d239d02d9ae55b74015234f2cd8eb09e59fbba30bf60baeb3123ad4c6d5ff \ --hash=sha256:44524b96481a4c9b8e6c46d6afe43fa1fb485c261e359fbe32b63ff60e3884d8 \ --hash=sha256:45d04a73c54b6a5fd2bab91a4b5bc8b426949586e61340e212a8484919183859 \ - --hash=sha256:46f48482c1a4748ab2773f75fffbdd1951eb59794e32788834b945da857c47a8 \ --hash=sha256:4790c9d5dd565ddb3e9f656092f57268951398cef52e364c405ed3112dc7c7c1 \ --hash=sha256:4bc262ace5a1a7dc3e2eac2fa97b8257ae795389f688b5adf22c5db1e2431c43 \ --hash=sha256:5355527adaa713ab693cbce7c1e0ec71682f599f61b128cf19d07e5c13c9b1f1 \ - --hash=sha256:555ed147cbe8c8f76e72a4c6cd3b7b761cbf9987891b9448808148204aed74a5 \ - --hash=sha256:55d42a0ef2bdf6bc81e1cc2d49d12460f63c6ae1423c4f4851b828e454ccf6f1 \ --hash=sha256:59195dc244fc183209cf8a93406889cadde47dfd2f0a6b137783aa9c56d67c85 \ --hash=sha256:59714ab0a5af25d723d8e9816638faf7f4254234decb7d212715c1aa71eee7be \ --hash=sha256:5b3a5c8089eed498a3af23ce87a80805ff98f6ef8f7bdb70bd1b7dae5105f6ac \ --hash=sha256:5d6790ff400254137b81b8053b34417e2c46921e302d655181d55ea46df58cf7 \ - --hash=sha256:5df559e9e7644d9042f626f2c3997b555f347d7a855a15f170b253f6c5bfe358 \ --hash=sha256:5fa01b3d5e3b7d97efab65bd3d88f164e289ec323a8c033c5c38e53ee25c007e \ --hash=sha256:6168af0be75bba990a39f9431cdfae5f0ad501f4af32ae62e8856307200517b8 \ - --hash=sha256:64a0fe3f334a40b989812de70160de6b0ec7e3c9e4a04c0bbc48d97c5d3600ae \ --hash=sha256:64f689ab822f9b5eb6dfc69893b4b9366db1d2420f7db1f6a2adf2a9ca15ad64 \ --hash=sha256:6b96b0b784fe5fd03beffff2b1533dc0d85e92bab8d1b2c24ef3a5dc8fac5669 \ - --hash=sha256:6bde37765564cd22a676dd8101b657839a1854cfaa9c382c5abf6ff7accfd4ae \ --hash=sha256:6c135708e987f46053e0a1246a206f53717f9fadfba27174a9769ad4befba5c3 \ --hash=sha256:6c27a7054b5224710fcfb1a626ec3ff4f28bcb89b899148c72873b18210e446b \ --hash=sha256:6de6a7f622860af0146cb9ee148682ff4d0cea0b8fd3ad51ce4d40efb2f061d0 \ @@ -799,48 +662,34 @@ rpds-py==0.27.0 \ --hash=sha256:8a1dca5507fa1337f75dcd5070218b20bc68cf8844271c923c1b79dfcbc20391 \ --hash=sha256:8b23cf252f180cda89220b378d917180f29d313cd6a07b2431c0d3b776aae86f \ --hash=sha256:8d0e09cf4863c74106b5265c2c310f36146e2b445ff7b3018a56799f28f39f6f \ - --hash=sha256:8de567dec6d451649a781633d36f5c7501711adee329d76c095be2178855b042 \ --hash=sha256:90fb790138c1a89a2e58c9282fe1089638401f2f3b8dddd758499041bc6e0774 \ --hash=sha256:92f3b3ec3e6008a1fe00b7c0946a170f161ac00645cde35e3c9a68c2475e8156 \ - --hash=sha256:935afcdea4751b0ac918047a2df3f720212892347767aea28f5b3bf7be4f27c0 \ - --hash=sha256:9a0ff7ee28583ab30a52f371b40f54e7138c52ca67f8ca17ccb7ccf0b383cb5f \ - --hash=sha256:9b78430703cfcf5f5e86eb74027a1ed03a93509273d7c705babb547f03e60016 \ --hash=sha256:9d0f92b78cfc3b74a42239fdd8c1266f4715b573204c234d2f9fc3fc7a24f185 \ --hash=sha256:9da162b718b12c4219eeeeb68a5b7552fbc7aadedf2efee440f88b9c0e54b45d \ --hash=sha256:a00c91104c173c9043bc46f7b30ee5e6d2f6b1149f11f545580f5d6fdff42c0b \ --hash=sha256:a029be818059870664157194e46ce0e995082ac49926f1423c1f058534d2aaa9 \ --hash=sha256:a1b3db5fae5cbce2131b7420a3f83553d4d89514c03d67804ced36161fe8b6b2 \ - --hash=sha256:a4cf32a26fa744101b67bfd28c55d992cd19438aff611a46cac7f066afca8fd4 \ --hash=sha256:aa0bf113d15e8abdfee92aa4db86761b709a09954083afcb5bf0f952d6065fdb \ --hash=sha256:ab47fe727c13c09d0e6f508e3a49e545008e23bf762a245b020391b621f5b726 \ --hash=sha256:af9d4fd79ee1cc8e7caf693ee02737daabfc0fcf2773ca0a4735b356c8ad6f7c \ --hash=sha256:b1fef1f13c842a39a03409e30ca0bf87b39a1e2a305a9924deadb75a43105d23 \ --hash=sha256:b4c4fbbcff474e1e5f38be1bf04511c03d492d42eec0babda5d03af3b5589374 \ - --hash=sha256:b8a4131698b6992b2a56015f51646711ec5d893a0b314a4b985477868e240c87 \ --hash=sha256:b8a7acf04fda1f30f1007f3cc96d29d8cf0a53e626e4e1655fdf4eabc082d367 \ - --hash=sha256:ba783541be46f27c8faea5a6645e193943c17ea2f0ffe593639d906a327a9bcc \ --hash=sha256:be0744661afbc4099fef7f4e604e7f1ea1be1dd7284f357924af12a705cc7d5c \ --hash=sha256:bec77545d188f8bdd29d42bccb9191682a46fb2e655e3d1fb446d47c55ac3b8d \ --hash=sha256:c10d92fb6d7fd827e44055fcd932ad93dac6a11e832d51534d77b97d1d85400f \ --hash=sha256:c3782fb753aa825b4ccabc04292e07897e2fd941448eabf666856c5530277626 \ --hash=sha256:c9ce7a9e967afc0a2af7caa0d15a3e9c1054815f73d6a8cb9225b61921b419bd \ - --hash=sha256:cb0702c12983be3b2fab98ead349ac63a98216d28dda6f518f52da5498a27a1b \ - --hash=sha256:cbc619e84a5e3ab2d452de831c88bdcad824414e9c2d28cd101f94dbdf26329c \ --hash=sha256:ce4ed8e0c7dbc5b19352b9c2c6131dd23b95fa8698b5cdd076307a33626b72dc \ --hash=sha256:ce96ab0bdfcef1b8c371ada2100767ace6804ea35aacce0aef3aeb4f3f499ca8 \ --hash=sha256:cf824aceaeffff029ccfba0da637d432ca71ab21f13e7f6f5179cd88ebc77a8a \ - --hash=sha256:d2a81bdcfde4245468f7030a75a37d50400ac2455c3a4819d9d550c937f90ab5 \ - --hash=sha256:d2cc2b34f9e1d31ce255174da82902ad75bd7c0d88a33df54a77a22f2ef421ee \ --hash=sha256:d2f184336bc1d6abfaaa1262ed42739c3789b1e3a65a29916a615307d22ffd2e \ --hash=sha256:d3c622c39f04d5751408f5b801ecb527e6e0a471b367f420a877f7a660d583f6 \ - --hash=sha256:d85d784c619370d9329bbd670f41ff5f2ae62ea4519761b679d0f57f0f0ee267 \ --hash=sha256:d93ebdb82363d2e7bec64eecdc3632b59e84bd270d74fe5be1659f7787052f9b \ --hash=sha256:db8a6313dbac934193fc17fe7610f70cd8181c542a91382531bef5ed785e5615 \ --hash=sha256:dbc2ab5d10544eb485baa76c63c501303b716a5c405ff2469a1d8ceffaabf622 \ - --hash=sha256:dbd749cff1defbde270ca346b69b3baf5f1297213ef322254bf2a28537f0b046 \ --hash=sha256:dc79d192fb76fc0c84f2c58672c17bbbc383fd26c3cdc29daae16ce3d927e8b2 \ --hash=sha256:dd2c1d27ebfe6a015cfa2005b7fe8c52d5019f7bbdd801bc6f7499aab9ae739e \ - --hash=sha256:dea0808153f1fbbad772669d906cddd92100277533a03845de6893cadeffc8be \ --hash=sha256:e14aab02258cb776a108107bd15f5b5e4a1bbaa61ef33b36693dfab6f89d54f9 \ --hash=sha256:e24d8031a2c62f34853756d9208eeafa6b940a1efcbfe36e8f57d99d52bb7261 \ --hash=sha256:e36c80c49853b3ffda7aa1831bf175c13356b210c73128c861f3aa93c3cc4015 \ @@ -859,7 +708,6 @@ rpds-py==0.27.0 \ # referencing scikit-learn==1.6.1 \ --hash=sha256:0650e730afb87402baa88afbf31c07b84c98272622aaba002559b614600ca691 \ - --hash=sha256:0c8d036eb937dbb568c6242fa598d551d88fb4399c0344d95c001980ec1c7d36 \ --hash=sha256:1061b7c028a8663fb9a1a1baf9317b64a257fcb036dae5c8752b2abef31d136f \ --hash=sha256:25fc636bdaf1cc2f4a124a116312d837148b5e10872147bdaf4887926b8c03d8 \ --hash=sha256:2c2cae262064e6a9b77eee1c8e768fc46aa0b8338c6a8297b9b6759720ec0ff2 \ @@ -869,72 +717,18 @@ scikit-learn==1.6.1 \ --hash=sha256:6a7aa5f9908f0f28f4edaa6963c0a6183f1911e63a69aa03782f0d924c830a35 \ --hash=sha256:70b1d7e85b1c96383f872a519b3375f92f14731e279a7b4c6cfd650cf5dffc52 \ --hash=sha256:72abc587c75234935e97d09aa4913a82f7b03ee0b74111dcc2881cba3c5a7b33 \ - --hash=sha256:775da975a471c4f6f467725dff0ced5c7ac7bda5e9316b260225b48475279a1b \ --hash=sha256:7a1c43c8ec9fde528d664d947dc4c0789be4077a3647f232869f41d9bf50e0fb \ - --hash=sha256:8634c4bd21a2a813e0a7e3900464e6d593162a29dd35d25bdf0103b3fce60ed5 \ - --hash=sha256:8a600c31592bd7dab31e1c61b9bbd6dea1b3433e67d264d17ce1017dbdce8002 \ --hash=sha256:926f207c804104677af4857b2c609940b743d04c4c35ce0ddc8ff4f053cddc1b \ --hash=sha256:a17c1dea1d56dcda2fac315712f3651a1fea86565b64b48fa1bc090249cbf236 \ --hash=sha256:b3b00cdc8f1317b5f33191df1386c0befd16625f49d979fe77a8d44cae82410d \ --hash=sha256:b4fc2525eca2c69a59260f583c56a7557c6ccdf8deafdba6e060f94c1c59738e \ --hash=sha256:c06beb2e839ecc641366000ca84f3cf6fa9faa1777e29cf0c04be6e4d096a348 \ - --hash=sha256:d056391530ccd1e501056160e3c9673b4da4805eb67eb2bdf4e983e1f9c9204e \ --hash=sha256:dc4765af3386811c3ca21638f63b9cf5ecf66261cc4815c1db3f1e7dc7b79db2 \ --hash=sha256:dc5cf3d68c5a20ad6d571584c0750ec641cc46aeef1c1507be51300e6003a7e1 \ --hash=sha256:e8ca8cb270fee8f1f76fa9bfd5c3507d60c6438bbee5687f81042e2bb98e5a97 \ --hash=sha256:fa909b1a36e000a03c382aade0bd2063fd5680ff8b8e501660c0f59f021a6415 # via ssvc -scipy==1.15.3 ; python_full_version < '3.11' \ - --hash=sha256:05dc6abcd105e1a29f95eada46d4a3f251743cfd7d3ae8ddb4088047f24ea477 \ - --hash=sha256:06efcba926324df1696931a57a176c80848ccd67ce6ad020c810736bfd58eb1c \ - --hash=sha256:0a769105537aa07a69468a0eefcd121be52006db61cdd8cac8a0e68980bbb723 \ - --hash=sha256:0bdd905264c0c9cfa74a4772cdb2070171790381a5c4d312c973382fc6eaf730 \ - --hash=sha256:0ff17c0bb1cb32952c09217d8d1eed9b53d1463e5f1dd6052c7857f83127d539 \ - --hash=sha256:14ed70039d182f411ffc74789a16df3835e05dc469b898233a245cdfd7f162cb \ - --hash=sha256:185cd3d6d05ca4b44a8f1595af87f9c372bb6acf9c808e99aa3e9aa03bd98cf6 \ - --hash=sha256:18aaacb735ab38b38db42cb01f6b92a2d0d4b6aabefeb07f02849e47f8fb3594 \ - --hash=sha256:1c832e1bd78dea67d5c16f786681b28dd695a8cb1fb90af2e27580d3d0967e92 \ - --hash=sha256:263961f658ce2165bbd7b99fa5135195c3a12d9bef045345016b8b50c315cb82 \ - --hash=sha256:271e3713e645149ea5ea3e97b57fdab61ce61333f97cfae392c28ba786f9bb49 \ - --hash=sha256:2c620736bcc334782e24d173c0fdbb7590a0a436d2fdf39310a8902505008759 \ - --hash=sha256:34716e281f181a02341ddeaad584205bd2fd3c242063bd3423d61ac259ca7eba \ - --hash=sha256:39cb9c62e471b1bb3750066ecc3a3f3052b37751c7c3dfd0fd7e48900ed52982 \ - --hash=sha256:3ac07623267feb3ae308487c260ac684b32ea35fd81e12845039952f558047b8 \ - --hash=sha256:3b0334816afb8b91dab859281b1b9786934392aa3d527cd847e41bb6f45bee65 \ - --hash=sha256:40e54d5c7e7ebf1aa596c374c49fa3135f04648a0caabcb66c52884b943f02b4 \ - --hash=sha256:50f9e62461c95d933d5c5ef4a1f2ebf9a2b4e83b0db374cb3f1de104d935922e \ - --hash=sha256:52092bc0472cfd17df49ff17e70624345efece4e1a12b23783a1ac59a1b728ed \ - --hash=sha256:5380741e53df2c566f4d234b100a484b420af85deb39ea35a1cc1be84ff53a5c \ - --hash=sha256:5e721fed53187e71d0ccf382b6bf977644c533e506c4d33c3fb24de89f5c3ed5 \ - --hash=sha256:6487aa99c2a3d509a5227d9a5e889ff05830a06b2ce08ec30df6d79db5fcd5c5 \ - --hash=sha256:6ac6310fdbfb7aa6612408bd2f07295bcbd3fda00d2d702178434751fe48e019 \ - --hash=sha256:6cfd56fc1a8e53f6e89ba3a7a7251f7396412d655bca2aa5611c8ec9a6784a1e \ - --hash=sha256:6db907c7368e3092e24919b5e31c76998b0ce1684d51a90943cb0ed1b4ffd6c1 \ - --hash=sha256:721d6b4ef5dc82ca8968c25b111e307083d7ca9091bc38163fb89243e85e3889 \ - --hash=sha256:76ad1fb5f8752eabf0fa02e4cc0336b4e8f021e2d5f061ed37d6d264db35e3ca \ - --hash=sha256:79167bba085c31f38603e11a267d862957cbb3ce018d8b38f79ac043bc92d825 \ - --hash=sha256:795c46999bae845966368a3c013e0e00947932d68e235702b5c3f6ea799aa8c9 \ - --hash=sha256:7e11270a000969409d37ed399585ee530b9ef6aa99d50c019de4cb01e8e54e62 \ - --hash=sha256:8c9ed3ba2c8a2ce098163a9bdb26f891746d02136995df25227a20e71c396ebb \ - --hash=sha256:993439ce220d25e3696d1b23b233dd010169b62f6456488567e830654ee37a6b \ - --hash=sha256:9d61e97b186a57350f6d6fd72640f9e99d5a4a2b8fbf4b9ee9a841eab327dc13 \ - --hash=sha256:9db984639887e3dffb3928d118145ffe40eff2fa40cb241a306ec57c219ebbbb \ - --hash=sha256:9e2abc762b0811e09a0d3258abee2d98e0c703eee49464ce0069590846f31d40 \ - --hash=sha256:a345928c86d535060c9c2b25e71e87c39ab2f22fc96e9636bd74d1dbf9de448c \ - --hash=sha256:ad3432cb0f9ed87477a8d97f03b763fd1d57709f1bbde3c9369b1dff5503b253 \ - --hash=sha256:ae48a786a28412d744c62fd7816a4118ef97e5be0bee968ce8f0a2fba7acf3bb \ - --hash=sha256:aef683a9ae6eb00728a542b796f52a5477b78252edede72b8327a886ab63293f \ - --hash=sha256:b90ab29d0c37ec9bf55424c064312930ca5f4bde15ee8619ee44e69319aab163 \ - --hash=sha256:c05045d8b9bfd807ee1b9f38761993297b10b245f012b11b13b91ba8945f7e45 \ - --hash=sha256:c9deabd6d547aee2c9a81dee6cc96c6d7e9a9b1953f74850c179f91fdc729cb7 \ - --hash=sha256:dde4fc32993071ac0c7dd2d82569e544f0bdaff66269cb475e0f369adad13f11 \ - --hash=sha256:eae3cf522bc7df64b42cad3925c876e1b0b6c35c1337c93e12c0f366f55b0eaf \ - --hash=sha256:ed7284b21a7a0c8f1b6e5977ac05396c0d008b89e05498c8b7e8f4a1423bba0e \ - --hash=sha256:f77f853d584e72e874d87357ad70f44b437331507d1c311457bed8ed2b956126 - # via - # scikit-learn - # ssvc -scipy==1.16.1 ; python_full_version >= '3.11' \ +scipy==1.16.1 \ --hash=sha256:0851f6a1e537fe9399f35986897e395a1aa61c574b178c0d456be5b1a0f5ca1f \ --hash=sha256:0a55ffe0ba0f59666e90951971a884d1ff6f4ec3275a48f472cfb64175570f77 \ --hash=sha256:15240c3aac087a522b4eaedb09f0ad061753c5eebf1ea430859e5bf8640d5919 \ @@ -1021,7 +815,6 @@ typing-extensions==4.14.1 \ --hash=sha256:38b39f4aeeab64884ce9f74c94263ef78f3c22467c8724005483154c26648d36 \ --hash=sha256:d1e1e3b58374dc93031d6eda2420a48ea44a36c2b4766a4fdeb3710755731d76 # via - # mkdocstrings-python # pydantic # pydantic-core # referencing @@ -1056,18 +849,13 @@ watchdog==6.0.0 \ --hash=sha256:76aae96b00ae814b181bb25b1b98076d5fc84e8a53cd8885a318b42b6d3a5134 \ --hash=sha256:82dc3e3143c7e38ec49d61af98d6558288c415eac98486a5c581726e0737c00e \ --hash=sha256:9041567ee8953024c83343288ccc458fd0a2d811d6a0fd68c4c22609e3490379 \ - --hash=sha256:9513f27a1a582d9808cf21a07dae516f0fab1cf2d7683a742c498b93eedabb11 \ --hash=sha256:9ddf7c82fda3ae8e24decda1338ede66e1c99883db93711d8fb941eaa2d8c282 \ --hash=sha256:a175f755fc2279e0b7312c0035d52e27211a5bc39719dd529625b1930917345b \ --hash=sha256:a1914259fa9e1454315171103c6a30961236f508b9b623eae470268bbcc6a22f \ --hash=sha256:afd0fe1b2270917c5e23c2a65ce50c2a4abb63daafb0d419fde368e272a76b7c \ - --hash=sha256:bc64ab3bdb6a04d69d4023b29422170b74681784ffb9463ed4870cf2f3e66112 \ --hash=sha256:bdd4e6f14b8b18c334febb9c4425a878a2ac20efd1e0b231978e7b150f92a948 \ - --hash=sha256:c7ac31a19f4545dd92fc25d200694098f42c9a8e391bc00bdd362c5736dbf881 \ --hash=sha256:c7c15dda13c4eb00d6fb6fc508b3c0ed88b9d5d374056b239c4ad1611125c860 \ - --hash=sha256:c897ac1b55c5a1461e16dae288d22bb2e412ba9807df8397a635d88f671d36c3 \ --hash=sha256:cbafb470cf848d93b5d013e2ecb245d4aa1c8fd0504e863ccefa32445359d680 \ - --hash=sha256:d1cdb490583ebd691c012b3d6dae011000fe42edb7a82ece80965b42abd61f26 \ --hash=sha256:e3df4cbb9a450c6d49318f6d14f4bbc80d763fa587ba46ec86f99f9e6876bb26 \ --hash=sha256:ef810fbf7b781a5a593894e4f439773830bdecb885e6880d957d5b9382a960d2 # via mkdocs diff --git a/src/pyproject.toml b/src/pyproject.toml index ea9058c4..ca44c224 100644 --- a/src/pyproject.toml +++ b/src/pyproject.toml @@ -20,7 +20,7 @@ authors = [ ] description = "Tools for working with a Stakeholder Specific Vulnerability Categorization (SSVC)" readme = {file="README.md", content-type="text/markdown"} -requires-python = ">=3.10" +requires-python = ">=3.11" keywords =["ssvc","vulnerability management","vulnerability management"] license = {file="LICENSE.md"} classifiers = [ @@ -38,7 +38,7 @@ dependencies = [ "mkdocstrings-python==1.16.12", "mkdocs-include-markdown-plugin==7.1.6", "pandas==2.3.1", - "scipy", + "scipy==1.16.1", "jsonschema==4.25.0", "mkdocs-bibtex==4.4.0", "mkdocs-table-reader-plugin==3.1.0", @@ -84,3 +84,8 @@ addopts = "-ra -q" testpaths = [ "test", ] + +[dependency-groups] +dev = [ + "pytest>=8.4.1", +] diff --git a/src/uv.lock b/src/uv.lock index 42539081..7e15c9a4 100644 --- a/src/uv.lock +++ b/src/uv.lock @@ -1,10 +1,9 @@ version = 1 revision = 3 -requires-python = ">=3.10" +requires-python = ">=3.11" resolution-markers = [ "python_full_version >= '3.12'", - "python_full_version == '3.11.*'", - "python_full_version < '3.11'", + "python_full_version < '3.12'", ] [[package]] @@ -72,17 +71,6 @@ version = "3.4.3" source = { registry = "https://pypi.org/simple" } sdist = { url = "https://files.pythonhosted.org/packages/83/2d/5fd176ceb9b2fc619e63405525573493ca23441330fcdaee6bef9460e924/charset_normalizer-3.4.3.tar.gz", hash = "sha256:6fce4b8500244f6fcb71465d4a4930d132ba9ab8e71a7859e6a5d59851068d14", size = 122371, upload-time = "2025-08-09T07:57:28.46Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/d6/98/f3b8013223728a99b908c9344da3aa04ee6e3fa235f19409033eda92fb78/charset_normalizer-3.4.3-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:fb7f67a1bfa6e40b438170ebdc8158b78dc465a5a67b6dde178a46987b244a72", size = 207695, upload-time = "2025-08-09T07:55:36.452Z" }, - { url = "https://files.pythonhosted.org/packages/21/40/5188be1e3118c82dcb7c2a5ba101b783822cfb413a0268ed3be0468532de/charset_normalizer-3.4.3-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:cc9370a2da1ac13f0153780040f465839e6cccb4a1e44810124b4e22483c93fe", size = 147153, upload-time = "2025-08-09T07:55:38.467Z" }, - { url = "https://files.pythonhosted.org/packages/37/60/5d0d74bc1e1380f0b72c327948d9c2aca14b46a9efd87604e724260f384c/charset_normalizer-3.4.3-cp310-cp310-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:07a0eae9e2787b586e129fdcbe1af6997f8d0e5abaa0bc98c0e20e124d67e601", size = 160428, upload-time = "2025-08-09T07:55:40.072Z" }, - { url = "https://files.pythonhosted.org/packages/85/9a/d891f63722d9158688de58d050c59dc3da560ea7f04f4c53e769de5140f5/charset_normalizer-3.4.3-cp310-cp310-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:74d77e25adda8581ffc1c720f1c81ca082921329452eba58b16233ab1842141c", size = 157627, upload-time = "2025-08-09T07:55:41.706Z" }, - { url = "https://files.pythonhosted.org/packages/65/1a/7425c952944a6521a9cfa7e675343f83fd82085b8af2b1373a2409c683dc/charset_normalizer-3.4.3-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:d0e909868420b7049dafd3a31d45125b31143eec59235311fc4c57ea26a4acd2", size = 152388, upload-time = "2025-08-09T07:55:43.262Z" }, - { url = "https://files.pythonhosted.org/packages/f0/c9/a2c9c2a355a8594ce2446085e2ec97fd44d323c684ff32042e2a6b718e1d/charset_normalizer-3.4.3-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:c6f162aabe9a91a309510d74eeb6507fab5fff92337a15acbe77753d88d9dcf0", size = 150077, upload-time = "2025-08-09T07:55:44.903Z" }, - { url = "https://files.pythonhosted.org/packages/3b/38/20a1f44e4851aa1c9105d6e7110c9d020e093dfa5836d712a5f074a12bf7/charset_normalizer-3.4.3-cp310-cp310-musllinux_1_2_ppc64le.whl", hash = "sha256:4ca4c094de7771a98d7fbd67d9e5dbf1eb73efa4f744a730437d8a3a5cf994f0", size = 161631, upload-time = "2025-08-09T07:55:46.346Z" }, - { url = "https://files.pythonhosted.org/packages/a4/fa/384d2c0f57edad03d7bec3ebefb462090d8905b4ff5a2d2525f3bb711fac/charset_normalizer-3.4.3-cp310-cp310-musllinux_1_2_s390x.whl", hash = "sha256:02425242e96bcf29a49711b0ca9f37e451da7c70562bc10e8ed992a5a7a25cc0", size = 159210, upload-time = "2025-08-09T07:55:47.539Z" }, - { url = "https://files.pythonhosted.org/packages/33/9e/eca49d35867ca2db336b6ca27617deed4653b97ebf45dfc21311ce473c37/charset_normalizer-3.4.3-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:78deba4d8f9590fe4dae384aeff04082510a709957e968753ff3c48399f6f92a", size = 153739, upload-time = "2025-08-09T07:55:48.744Z" }, - { url = "https://files.pythonhosted.org/packages/2a/91/26c3036e62dfe8de8061182d33be5025e2424002125c9500faff74a6735e/charset_normalizer-3.4.3-cp310-cp310-win32.whl", hash = "sha256:d79c198e27580c8e958906f803e63cddb77653731be08851c7df0b1a14a8fc0f", size = 99825, upload-time = "2025-08-09T07:55:50.305Z" }, - { url = "https://files.pythonhosted.org/packages/e2/c6/f05db471f81af1fa01839d44ae2a8bfeec8d2a8b4590f16c4e7393afd323/charset_normalizer-3.4.3-cp310-cp310-win_amd64.whl", hash = "sha256:c6e490913a46fa054e03699c70019ab869e990270597018cef1d8562132c2669", size = 107452, upload-time = "2025-08-09T07:55:51.461Z" }, { url = "https://files.pythonhosted.org/packages/7f/b5/991245018615474a60965a7c9cd2b4efbaabd16d582a5547c47ee1c7730b/charset_normalizer-3.4.3-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:b256ee2e749283ef3ddcff51a675ff43798d92d746d1a6e4631bf8c707d22d0b", size = 204483, upload-time = "2025-08-09T07:55:53.12Z" }, { url = "https://files.pythonhosted.org/packages/c7/2a/ae245c41c06299ec18262825c1569c5d3298fc920e4ddf56ab011b417efd/charset_normalizer-3.4.3-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:13faeacfe61784e2559e690fc53fa4c5ae97c6fcedb8eb6fb8d0a15b475d2c64", size = 145520, upload-time = "2025-08-09T07:55:54.712Z" }, { url = "https://files.pythonhosted.org/packages/3a/a4/b3b6c76e7a635748c4421d2b92c7b8f90a432f98bda5082049af37ffc8e3/charset_normalizer-3.4.3-cp311-cp311-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:00237675befef519d9af72169d8604a067d92755e84fe76492fef5441db05b91", size = 158876, upload-time = "2025-08-09T07:55:56.024Z" }, @@ -184,6 +172,15 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/76/c6/c88e154df9c4e1a2a66ccf0005a88dfb2650c1dffb6f5ce603dfbd452ce3/idna-3.10-py3-none-any.whl", hash = "sha256:946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3", size = 70442, upload-time = "2024-09-15T18:07:37.964Z" }, ] +[[package]] +name = "iniconfig" +version = "2.1.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/f2/97/ebf4da567aa6827c909642694d71c9fcf53e5b504f2d96afea02718862f3/iniconfig-2.1.0.tar.gz", hash = "sha256:3abbd2e30b36733fee78f9c7f7308f2d0050e88f0087fd25c2645f63c773e1c7", size = 4793, upload-time = "2025-03-19T20:09:59.721Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/2c/e1/e6716421ea10d38022b952c159d5161ca1193197fb744506875fbb87ea7b/iniconfig-2.1.0-py3-none-any.whl", hash = "sha256:9deba5723312380e77435581c6bf4935c94cbfab9b1ed33ef8d238ea168eb760", size = 6050, upload-time = "2025-03-19T20:10:01.071Z" }, +] + [[package]] name = "jinja2" version = "3.1.6" @@ -268,16 +265,6 @@ version = "3.0.2" source = { registry = "https://pypi.org/simple" } sdist = { url = "https://files.pythonhosted.org/packages/b2/97/5d42485e71dfc078108a86d6de8fa46db44a1a9295e89c5d6d4a06e23a62/markupsafe-3.0.2.tar.gz", hash = "sha256:ee55d3edf80167e48ea11a923c7386f4669df67d7994554387f84e7d8b0a2bf0", size = 20537, upload-time = "2024-10-18T15:21:54.129Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/04/90/d08277ce111dd22f77149fd1a5d4653eeb3b3eaacbdfcbae5afb2600eebd/MarkupSafe-3.0.2-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:7e94c425039cde14257288fd61dcfb01963e658efbc0ff54f5306b06054700f8", size = 14357, upload-time = "2024-10-18T15:20:51.44Z" }, - { url = "https://files.pythonhosted.org/packages/04/e1/6e2194baeae0bca1fae6629dc0cbbb968d4d941469cbab11a3872edff374/MarkupSafe-3.0.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:9e2d922824181480953426608b81967de705c3cef4d1af983af849d7bd619158", size = 12393, upload-time = "2024-10-18T15:20:52.426Z" }, - { url = "https://files.pythonhosted.org/packages/1d/69/35fa85a8ece0a437493dc61ce0bb6d459dcba482c34197e3efc829aa357f/MarkupSafe-3.0.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:38a9ef736c01fccdd6600705b09dc574584b89bea478200c5fbf112a6b0d5579", size = 21732, upload-time = "2024-10-18T15:20:53.578Z" }, - { url = "https://files.pythonhosted.org/packages/22/35/137da042dfb4720b638d2937c38a9c2df83fe32d20e8c8f3185dbfef05f7/MarkupSafe-3.0.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bbcb445fa71794da8f178f0f6d66789a28d7319071af7a496d4d507ed566270d", size = 20866, upload-time = "2024-10-18T15:20:55.06Z" }, - { url = "https://files.pythonhosted.org/packages/29/28/6d029a903727a1b62edb51863232152fd335d602def598dade38996887f0/MarkupSafe-3.0.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:57cb5a3cf367aeb1d316576250f65edec5bb3be939e9247ae594b4bcbc317dfb", size = 20964, upload-time = "2024-10-18T15:20:55.906Z" }, - { url = "https://files.pythonhosted.org/packages/cc/cd/07438f95f83e8bc028279909d9c9bd39e24149b0d60053a97b2bc4f8aa51/MarkupSafe-3.0.2-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:3809ede931876f5b2ec92eef964286840ed3540dadf803dd570c3b7e13141a3b", size = 21977, upload-time = "2024-10-18T15:20:57.189Z" }, - { url = "https://files.pythonhosted.org/packages/29/01/84b57395b4cc062f9c4c55ce0df7d3108ca32397299d9df00fedd9117d3d/MarkupSafe-3.0.2-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:e07c3764494e3776c602c1e78e298937c3315ccc9043ead7e685b7f2b8d47b3c", size = 21366, upload-time = "2024-10-18T15:20:58.235Z" }, - { url = "https://files.pythonhosted.org/packages/bd/6e/61ebf08d8940553afff20d1fb1ba7294b6f8d279df9fd0c0db911b4bbcfd/MarkupSafe-3.0.2-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:b424c77b206d63d500bcb69fa55ed8d0e6a3774056bdc4839fc9298a7edca171", size = 21091, upload-time = "2024-10-18T15:20:59.235Z" }, - { url = "https://files.pythonhosted.org/packages/11/23/ffbf53694e8c94ebd1e7e491de185124277964344733c45481f32ede2499/MarkupSafe-3.0.2-cp310-cp310-win32.whl", hash = "sha256:fcabf5ff6eea076f859677f5f0b6b5c1a51e70a376b0579e0eadef8db48c6b50", size = 15065, upload-time = "2024-10-18T15:21:00.307Z" }, - { url = "https://files.pythonhosted.org/packages/44/06/e7175d06dd6e9172d4a69a72592cb3f7a996a9c396eee29082826449bbc3/MarkupSafe-3.0.2-cp310-cp310-win_amd64.whl", hash = "sha256:6af100e168aa82a50e186c82875a5893c5597a0c1ccdb0d8b40240b1f28b969a", size = 15514, upload-time = "2024-10-18T15:21:01.122Z" }, { url = "https://files.pythonhosted.org/packages/6b/28/bbf83e3f76936960b850435576dd5e67034e200469571be53f69174a2dfd/MarkupSafe-3.0.2-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:9025b4018f3a1314059769c7bf15441064b2207cb3f065e6ea1e7359cb46db9d", size = 14353, upload-time = "2024-10-18T15:21:02.187Z" }, { url = "https://files.pythonhosted.org/packages/6c/30/316d194b093cde57d448a4c3209f22e3046c5bb2fb0820b118292b334be7/MarkupSafe-3.0.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:93335ca3812df2f366e80509ae119189886b0f3c2b81325d39efdb84a1e2ae93", size = 12392, upload-time = "2024-10-18T15:21:02.941Z" }, { url = "https://files.pythonhosted.org/packages/f2/96/9cdafba8445d3a53cae530aaf83c38ec64c4d5427d975c974084af5bc5d2/MarkupSafe-3.0.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2cb8438c3cbb25e220c2ab33bb226559e7afb3baec11c4f218ffa7308603c832", size = 23984, upload-time = "2024-10-18T15:21:03.953Z" }, @@ -495,7 +482,6 @@ dependencies = [ { name = "griffe" }, { name = "mkdocs-autorefs" }, { name = "mkdocstrings" }, - { name = "typing-extensions", marker = "python_full_version < '3.11'" }, ] sdist = { url = "https://files.pythonhosted.org/packages/bf/ed/b886f8c714fd7cccc39b79646b627dbea84cd95c46be43459ef46852caf0/mkdocstrings_python-1.16.12.tar.gz", hash = "sha256:9b9eaa066e0024342d433e332a41095c4e429937024945fea511afe58f63175d", size = 206065, upload-time = "2025-06-03T12:52:49.276Z" } wheels = [ @@ -511,79 +497,10 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/b9/54/dd730b32ea14ea797530a4479b2ed46a6fb250f682a9cfb997e968bf0261/networkx-3.4.2-py3-none-any.whl", hash = "sha256:df5d4365b724cf81b8c6a7312509d0c22386097011ad1abe274afd5e9d3bbc5f", size = 1723263, upload-time = "2024-10-21T12:39:36.247Z" }, ] -[[package]] -name = "numpy" -version = "2.2.6" -source = { registry = "https://pypi.org/simple" } -resolution-markers = [ - "python_full_version < '3.11'", -] -sdist = { url = "https://files.pythonhosted.org/packages/76/21/7d2a95e4bba9dc13d043ee156a356c0a8f0c6309dff6b21b4d71a073b8a8/numpy-2.2.6.tar.gz", hash = "sha256:e29554e2bef54a90aa5cc07da6ce955accb83f21ab5de01a62c8478897b264fd", size = 20276440, upload-time = "2025-05-17T22:38:04.611Z" } -wheels = [ - { url = "https://files.pythonhosted.org/packages/9a/3e/ed6db5be21ce87955c0cbd3009f2803f59fa08df21b5df06862e2d8e2bdd/numpy-2.2.6-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:b412caa66f72040e6d268491a59f2c43bf03eb6c96dd8f0307829feb7fa2b6fb", size = 21165245, upload-time = "2025-05-17T21:27:58.555Z" }, - { url = "https://files.pythonhosted.org/packages/22/c2/4b9221495b2a132cc9d2eb862e21d42a009f5a60e45fc44b00118c174bff/numpy-2.2.6-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:8e41fd67c52b86603a91c1a505ebaef50b3314de0213461c7a6e99c9a3beff90", size = 14360048, upload-time = "2025-05-17T21:28:21.406Z" }, - { url = "https://files.pythonhosted.org/packages/fd/77/dc2fcfc66943c6410e2bf598062f5959372735ffda175b39906d54f02349/numpy-2.2.6-cp310-cp310-macosx_14_0_arm64.whl", hash = "sha256:37e990a01ae6ec7fe7fa1c26c55ecb672dd98b19c3d0e1d1f326fa13cb38d163", size = 5340542, upload-time = "2025-05-17T21:28:30.931Z" }, - { url = "https://files.pythonhosted.org/packages/7a/4f/1cb5fdc353a5f5cc7feb692db9b8ec2c3d6405453f982435efc52561df58/numpy-2.2.6-cp310-cp310-macosx_14_0_x86_64.whl", hash = "sha256:5a6429d4be8ca66d889b7cf70f536a397dc45ba6faeb5f8c5427935d9592e9cf", size = 6878301, upload-time = "2025-05-17T21:28:41.613Z" }, - { url = "https://files.pythonhosted.org/packages/eb/17/96a3acd228cec142fcb8723bd3cc39c2a474f7dcf0a5d16731980bcafa95/numpy-2.2.6-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:efd28d4e9cd7d7a8d39074a4d44c63eda73401580c5c76acda2ce969e0a38e83", size = 14297320, upload-time = "2025-05-17T21:29:02.78Z" }, - { url = "https://files.pythonhosted.org/packages/b4/63/3de6a34ad7ad6646ac7d2f55ebc6ad439dbbf9c4370017c50cf403fb19b5/numpy-2.2.6-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:fc7b73d02efb0e18c000e9ad8b83480dfcd5dfd11065997ed4c6747470ae8915", size = 16801050, upload-time = "2025-05-17T21:29:27.675Z" }, - { url = "https://files.pythonhosted.org/packages/07/b6/89d837eddef52b3d0cec5c6ba0456c1bf1b9ef6a6672fc2b7873c3ec4e2e/numpy-2.2.6-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:74d4531beb257d2c3f4b261bfb0fc09e0f9ebb8842d82a7b4209415896adc680", size = 15807034, upload-time = "2025-05-17T21:29:51.102Z" }, - { url = "https://files.pythonhosted.org/packages/01/c8/dc6ae86e3c61cfec1f178e5c9f7858584049b6093f843bca541f94120920/numpy-2.2.6-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:8fc377d995680230e83241d8a96def29f204b5782f371c532579b4f20607a289", size = 18614185, upload-time = "2025-05-17T21:30:18.703Z" }, - { url = "https://files.pythonhosted.org/packages/5b/c5/0064b1b7e7c89137b471ccec1fd2282fceaae0ab3a9550f2568782d80357/numpy-2.2.6-cp310-cp310-win32.whl", hash = "sha256:b093dd74e50a8cba3e873868d9e93a85b78e0daf2e98c6797566ad8044e8363d", size = 6527149, upload-time = "2025-05-17T21:30:29.788Z" }, - { url = "https://files.pythonhosted.org/packages/a3/dd/4b822569d6b96c39d1215dbae0582fd99954dcbcf0c1a13c61783feaca3f/numpy-2.2.6-cp310-cp310-win_amd64.whl", hash = "sha256:f0fd6321b839904e15c46e0d257fdd101dd7f530fe03fd6359c1ea63738703f3", size = 12904620, upload-time = "2025-05-17T21:30:48.994Z" }, - { url = "https://files.pythonhosted.org/packages/da/a8/4f83e2aa666a9fbf56d6118faaaf5f1974d456b1823fda0a176eff722839/numpy-2.2.6-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:f9f1adb22318e121c5c69a09142811a201ef17ab257a1e66ca3025065b7f53ae", size = 21176963, upload-time = "2025-05-17T21:31:19.36Z" }, - { url = "https://files.pythonhosted.org/packages/b3/2b/64e1affc7972decb74c9e29e5649fac940514910960ba25cd9af4488b66c/numpy-2.2.6-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:c820a93b0255bc360f53eca31a0e676fd1101f673dda8da93454a12e23fc5f7a", size = 14406743, upload-time = "2025-05-17T21:31:41.087Z" }, - { url = "https://files.pythonhosted.org/packages/4a/9f/0121e375000b5e50ffdd8b25bf78d8e1a5aa4cca3f185d41265198c7b834/numpy-2.2.6-cp311-cp311-macosx_14_0_arm64.whl", hash = "sha256:3d70692235e759f260c3d837193090014aebdf026dfd167834bcba43e30c2a42", size = 5352616, upload-time = "2025-05-17T21:31:50.072Z" }, - { url = "https://files.pythonhosted.org/packages/31/0d/b48c405c91693635fbe2dcd7bc84a33a602add5f63286e024d3b6741411c/numpy-2.2.6-cp311-cp311-macosx_14_0_x86_64.whl", hash = "sha256:481b49095335f8eed42e39e8041327c05b0f6f4780488f61286ed3c01368d491", size = 6889579, upload-time = "2025-05-17T21:32:01.712Z" }, - { url = "https://files.pythonhosted.org/packages/52/b8/7f0554d49b565d0171eab6e99001846882000883998e7b7d9f0d98b1f934/numpy-2.2.6-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b64d8d4d17135e00c8e346e0a738deb17e754230d7e0810ac5012750bbd85a5a", size = 14312005, upload-time = "2025-05-17T21:32:23.332Z" }, - { url = "https://files.pythonhosted.org/packages/b3/dd/2238b898e51bd6d389b7389ffb20d7f4c10066d80351187ec8e303a5a475/numpy-2.2.6-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ba10f8411898fc418a521833e014a77d3ca01c15b0c6cdcce6a0d2897e6dbbdf", size = 16821570, upload-time = "2025-05-17T21:32:47.991Z" }, - { url = "https://files.pythonhosted.org/packages/83/6c/44d0325722cf644f191042bf47eedad61c1e6df2432ed65cbe28509d404e/numpy-2.2.6-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:bd48227a919f1bafbdda0583705e547892342c26fb127219d60a5c36882609d1", size = 15818548, upload-time = "2025-05-17T21:33:11.728Z" }, - { url = "https://files.pythonhosted.org/packages/ae/9d/81e8216030ce66be25279098789b665d49ff19eef08bfa8cb96d4957f422/numpy-2.2.6-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:9551a499bf125c1d4f9e250377c1ee2eddd02e01eac6644c080162c0c51778ab", size = 18620521, upload-time = "2025-05-17T21:33:39.139Z" }, - { url = "https://files.pythonhosted.org/packages/6a/fd/e19617b9530b031db51b0926eed5345ce8ddc669bb3bc0044b23e275ebe8/numpy-2.2.6-cp311-cp311-win32.whl", hash = "sha256:0678000bb9ac1475cd454c6b8c799206af8107e310843532b04d49649c717a47", size = 6525866, upload-time = "2025-05-17T21:33:50.273Z" }, - { url = "https://files.pythonhosted.org/packages/31/0a/f354fb7176b81747d870f7991dc763e157a934c717b67b58456bc63da3df/numpy-2.2.6-cp311-cp311-win_amd64.whl", hash = "sha256:e8213002e427c69c45a52bbd94163084025f533a55a59d6f9c5b820774ef3303", size = 12907455, upload-time = "2025-05-17T21:34:09.135Z" }, - { url = "https://files.pythonhosted.org/packages/82/5d/c00588b6cf18e1da539b45d3598d3557084990dcc4331960c15ee776ee41/numpy-2.2.6-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:41c5a21f4a04fa86436124d388f6ed60a9343a6f767fced1a8a71c3fbca038ff", size = 20875348, upload-time = "2025-05-17T21:34:39.648Z" }, - { url = "https://files.pythonhosted.org/packages/66/ee/560deadcdde6c2f90200450d5938f63a34b37e27ebff162810f716f6a230/numpy-2.2.6-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:de749064336d37e340f640b05f24e9e3dd678c57318c7289d222a8a2f543e90c", size = 14119362, upload-time = "2025-05-17T21:35:01.241Z" }, - { url = "https://files.pythonhosted.org/packages/3c/65/4baa99f1c53b30adf0acd9a5519078871ddde8d2339dc5a7fde80d9d87da/numpy-2.2.6-cp312-cp312-macosx_14_0_arm64.whl", hash = "sha256:894b3a42502226a1cac872f840030665f33326fc3dac8e57c607905773cdcde3", size = 5084103, upload-time = "2025-05-17T21:35:10.622Z" }, - { url = "https://files.pythonhosted.org/packages/cc/89/e5a34c071a0570cc40c9a54eb472d113eea6d002e9ae12bb3a8407fb912e/numpy-2.2.6-cp312-cp312-macosx_14_0_x86_64.whl", hash = "sha256:71594f7c51a18e728451bb50cc60a3ce4e6538822731b2933209a1f3614e9282", size = 6625382, upload-time = "2025-05-17T21:35:21.414Z" }, - { url = "https://files.pythonhosted.org/packages/f8/35/8c80729f1ff76b3921d5c9487c7ac3de9b2a103b1cd05e905b3090513510/numpy-2.2.6-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f2618db89be1b4e05f7a1a847a9c1c0abd63e63a1607d892dd54668dd92faf87", size = 14018462, upload-time = "2025-05-17T21:35:42.174Z" }, - { url = "https://files.pythonhosted.org/packages/8c/3d/1e1db36cfd41f895d266b103df00ca5b3cbe965184df824dec5c08c6b803/numpy-2.2.6-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:fd83c01228a688733f1ded5201c678f0c53ecc1006ffbc404db9f7a899ac6249", size = 16527618, upload-time = "2025-05-17T21:36:06.711Z" }, - { url = "https://files.pythonhosted.org/packages/61/c6/03ed30992602c85aa3cd95b9070a514f8b3c33e31124694438d88809ae36/numpy-2.2.6-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:37c0ca431f82cd5fa716eca9506aefcabc247fb27ba69c5062a6d3ade8cf8f49", size = 15505511, upload-time = "2025-05-17T21:36:29.965Z" }, - { url = "https://files.pythonhosted.org/packages/b7/25/5761d832a81df431e260719ec45de696414266613c9ee268394dd5ad8236/numpy-2.2.6-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:fe27749d33bb772c80dcd84ae7e8df2adc920ae8297400dabec45f0dedb3f6de", size = 18313783, upload-time = "2025-05-17T21:36:56.883Z" }, - { url = "https://files.pythonhosted.org/packages/57/0a/72d5a3527c5ebffcd47bde9162c39fae1f90138c961e5296491ce778e682/numpy-2.2.6-cp312-cp312-win32.whl", hash = "sha256:4eeaae00d789f66c7a25ac5f34b71a7035bb474e679f410e5e1a94deb24cf2d4", size = 6246506, upload-time = "2025-05-17T21:37:07.368Z" }, - { url = "https://files.pythonhosted.org/packages/36/fa/8c9210162ca1b88529ab76b41ba02d433fd54fecaf6feb70ef9f124683f1/numpy-2.2.6-cp312-cp312-win_amd64.whl", hash = "sha256:c1f9540be57940698ed329904db803cf7a402f3fc200bfe599334c9bd84a40b2", size = 12614190, upload-time = "2025-05-17T21:37:26.213Z" }, - { url = "https://files.pythonhosted.org/packages/f9/5c/6657823f4f594f72b5471f1db1ab12e26e890bb2e41897522d134d2a3e81/numpy-2.2.6-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:0811bb762109d9708cca4d0b13c4f67146e3c3b7cf8d34018c722adb2d957c84", size = 20867828, upload-time = "2025-05-17T21:37:56.699Z" }, - { url = "https://files.pythonhosted.org/packages/dc/9e/14520dc3dadf3c803473bd07e9b2bd1b69bc583cb2497b47000fed2fa92f/numpy-2.2.6-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:287cc3162b6f01463ccd86be154f284d0893d2b3ed7292439ea97eafa8170e0b", size = 14143006, upload-time = "2025-05-17T21:38:18.291Z" }, - { url = "https://files.pythonhosted.org/packages/4f/06/7e96c57d90bebdce9918412087fc22ca9851cceaf5567a45c1f404480e9e/numpy-2.2.6-cp313-cp313-macosx_14_0_arm64.whl", hash = "sha256:f1372f041402e37e5e633e586f62aa53de2eac8d98cbfb822806ce4bbefcb74d", size = 5076765, upload-time = "2025-05-17T21:38:27.319Z" }, - { url = "https://files.pythonhosted.org/packages/73/ed/63d920c23b4289fdac96ddbdd6132e9427790977d5457cd132f18e76eae0/numpy-2.2.6-cp313-cp313-macosx_14_0_x86_64.whl", hash = "sha256:55a4d33fa519660d69614a9fad433be87e5252f4b03850642f88993f7b2ca566", size = 6617736, upload-time = "2025-05-17T21:38:38.141Z" }, - { url = "https://files.pythonhosted.org/packages/85/c5/e19c8f99d83fd377ec8c7e0cf627a8049746da54afc24ef0a0cb73d5dfb5/numpy-2.2.6-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f92729c95468a2f4f15e9bb94c432a9229d0d50de67304399627a943201baa2f", size = 14010719, upload-time = "2025-05-17T21:38:58.433Z" }, - { url = "https://files.pythonhosted.org/packages/19/49/4df9123aafa7b539317bf6d342cb6d227e49f7a35b99c287a6109b13dd93/numpy-2.2.6-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:1bc23a79bfabc5d056d106f9befb8d50c31ced2fbc70eedb8155aec74a45798f", size = 16526072, upload-time = "2025-05-17T21:39:22.638Z" }, - { url = "https://files.pythonhosted.org/packages/b2/6c/04b5f47f4f32f7c2b0e7260442a8cbcf8168b0e1a41ff1495da42f42a14f/numpy-2.2.6-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:e3143e4451880bed956e706a3220b4e5cf6172ef05fcc397f6f36a550b1dd868", size = 15503213, upload-time = "2025-05-17T21:39:45.865Z" }, - { url = "https://files.pythonhosted.org/packages/17/0a/5cd92e352c1307640d5b6fec1b2ffb06cd0dabe7d7b8227f97933d378422/numpy-2.2.6-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:b4f13750ce79751586ae2eb824ba7e1e8dba64784086c98cdbbcc6a42112ce0d", size = 18316632, upload-time = "2025-05-17T21:40:13.331Z" }, - { url = "https://files.pythonhosted.org/packages/f0/3b/5cba2b1d88760ef86596ad0f3d484b1cbff7c115ae2429678465057c5155/numpy-2.2.6-cp313-cp313-win32.whl", hash = "sha256:5beb72339d9d4fa36522fc63802f469b13cdbe4fdab4a288f0c441b74272ebfd", size = 6244532, upload-time = "2025-05-17T21:43:46.099Z" }, - { url = "https://files.pythonhosted.org/packages/cb/3b/d58c12eafcb298d4e6d0d40216866ab15f59e55d148a5658bb3132311fcf/numpy-2.2.6-cp313-cp313-win_amd64.whl", hash = "sha256:b0544343a702fa80c95ad5d3d608ea3599dd54d4632df855e4c8d24eb6ecfa1c", size = 12610885, upload-time = "2025-05-17T21:44:05.145Z" }, - { url = "https://files.pythonhosted.org/packages/6b/9e/4bf918b818e516322db999ac25d00c75788ddfd2d2ade4fa66f1f38097e1/numpy-2.2.6-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:0bca768cd85ae743b2affdc762d617eddf3bcf8724435498a1e80132d04879e6", size = 20963467, upload-time = "2025-05-17T21:40:44Z" }, - { url = "https://files.pythonhosted.org/packages/61/66/d2de6b291507517ff2e438e13ff7b1e2cdbdb7cb40b3ed475377aece69f9/numpy-2.2.6-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:fc0c5673685c508a142ca65209b4e79ed6740a4ed6b2267dbba90f34b0b3cfda", size = 14225144, upload-time = "2025-05-17T21:41:05.695Z" }, - { url = "https://files.pythonhosted.org/packages/e4/25/480387655407ead912e28ba3a820bc69af9adf13bcbe40b299d454ec011f/numpy-2.2.6-cp313-cp313t-macosx_14_0_arm64.whl", hash = "sha256:5bd4fc3ac8926b3819797a7c0e2631eb889b4118a9898c84f585a54d475b7e40", size = 5200217, upload-time = "2025-05-17T21:41:15.903Z" }, - { url = "https://files.pythonhosted.org/packages/aa/4a/6e313b5108f53dcbf3aca0c0f3e9c92f4c10ce57a0a721851f9785872895/numpy-2.2.6-cp313-cp313t-macosx_14_0_x86_64.whl", hash = "sha256:fee4236c876c4e8369388054d02d0e9bb84821feb1a64dd59e137e6511a551f8", size = 6712014, upload-time = "2025-05-17T21:41:27.321Z" }, - { url = "https://files.pythonhosted.org/packages/b7/30/172c2d5c4be71fdf476e9de553443cf8e25feddbe185e0bd88b096915bcc/numpy-2.2.6-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e1dda9c7e08dc141e0247a5b8f49cf05984955246a327d4c48bda16821947b2f", size = 14077935, upload-time = "2025-05-17T21:41:49.738Z" }, - { url = "https://files.pythonhosted.org/packages/12/fb/9e743f8d4e4d3c710902cf87af3512082ae3d43b945d5d16563f26ec251d/numpy-2.2.6-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f447e6acb680fd307f40d3da4852208af94afdfab89cf850986c3ca00562f4fa", size = 16600122, upload-time = "2025-05-17T21:42:14.046Z" }, - { url = "https://files.pythonhosted.org/packages/12/75/ee20da0e58d3a66f204f38916757e01e33a9737d0b22373b3eb5a27358f9/numpy-2.2.6-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:389d771b1623ec92636b0786bc4ae56abafad4a4c513d36a55dce14bd9ce8571", size = 15586143, upload-time = "2025-05-17T21:42:37.464Z" }, - { url = "https://files.pythonhosted.org/packages/76/95/bef5b37f29fc5e739947e9ce5179ad402875633308504a52d188302319c8/numpy-2.2.6-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:8e9ace4a37db23421249ed236fdcdd457d671e25146786dfc96835cd951aa7c1", size = 18385260, upload-time = "2025-05-17T21:43:05.189Z" }, - { url = "https://files.pythonhosted.org/packages/09/04/f2f83279d287407cf36a7a8053a5abe7be3622a4363337338f2585e4afda/numpy-2.2.6-cp313-cp313t-win32.whl", hash = "sha256:038613e9fb8c72b0a41f025a7e4c3f0b7a1b5d768ece4796b674c8f3fe13efff", size = 6377225, upload-time = "2025-05-17T21:43:16.254Z" }, - { url = "https://files.pythonhosted.org/packages/67/0e/35082d13c09c02c011cf21570543d202ad929d961c02a147493cb0c2bdf5/numpy-2.2.6-cp313-cp313t-win_amd64.whl", hash = "sha256:6031dd6dfecc0cf9f668681a37648373bddd6421fff6c66ec1624eed0180ee06", size = 12771374, upload-time = "2025-05-17T21:43:35.479Z" }, - { url = "https://files.pythonhosted.org/packages/9e/3b/d94a75f4dbf1ef5d321523ecac21ef23a3cd2ac8b78ae2aac40873590229/numpy-2.2.6-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:0b605b275d7bd0c640cad4e5d30fa701a8d59302e127e5f79138ad62762c3e3d", size = 21040391, upload-time = "2025-05-17T21:44:35.948Z" }, - { url = "https://files.pythonhosted.org/packages/17/f4/09b2fa1b58f0fb4f7c7963a1649c64c4d315752240377ed74d9cd878f7b5/numpy-2.2.6-pp310-pypy310_pp73-macosx_14_0_x86_64.whl", hash = "sha256:7befc596a7dc9da8a337f79802ee8adb30a552a94f792b9c9d18c840055907db", size = 6786754, upload-time = "2025-05-17T21:44:47.446Z" }, - { url = "https://files.pythonhosted.org/packages/af/30/feba75f143bdc868a1cc3f44ccfa6c4b9ec522b36458e738cd00f67b573f/numpy-2.2.6-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ce47521a4754c8f4593837384bd3424880629f718d87c5d44f8ed763edd63543", size = 16643476, upload-time = "2025-05-17T21:45:11.871Z" }, - { url = "https://files.pythonhosted.org/packages/37/48/ac2a9584402fb6c0cd5b5d1a91dcf176b15760130dd386bbafdbfe3640bf/numpy-2.2.6-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:d042d24c90c41b54fd506da306759e06e568864df8ec17ccc17e9e884634fd00", size = 12812666, upload-time = "2025-05-17T21:45:31.426Z" }, -] - [[package]] name = "numpy" version = "2.3.2" source = { registry = "https://pypi.org/simple" } -resolution-markers = [ - "python_full_version >= '3.12'", - "python_full_version == '3.11.*'", -] sdist = { url = "https://files.pythonhosted.org/packages/37/7d/3fec4199c5ffb892bed55cff901e4f39a58c81df9c44c280499e92cad264/numpy-2.3.2.tar.gz", hash = "sha256:e0486a11ec30cdecb53f184d496d1c6a20786c81e55e41640270130056f8ee48", size = 20489306, upload-time = "2025-07-24T21:32:07.553Z" } wheels = [ { url = "https://files.pythonhosted.org/packages/96/26/1320083986108998bd487e2931eed2aeedf914b6e8905431487543ec911d/numpy-2.3.2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:852ae5bed3478b92f093e30f785c98e0cb62fa0a939ed057c31716e18a7a22b9", size = 21259016, upload-time = "2025-07-24T20:24:35.214Z" }, @@ -684,21 +601,13 @@ name = "pandas" version = "2.3.1" source = { registry = "https://pypi.org/simple" } dependencies = [ - { name = "numpy", version = "2.2.6", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version < '3.11'" }, - { name = "numpy", version = "2.3.2", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version >= '3.11'" }, + { name = "numpy" }, { name = "python-dateutil" }, { name = "pytz" }, { name = "tzdata" }, ] sdist = { url = "https://files.pythonhosted.org/packages/d1/6f/75aa71f8a14267117adeeed5d21b204770189c0a0025acbdc03c337b28fc/pandas-2.3.1.tar.gz", hash = "sha256:0a95b9ac964fe83ce317827f80304d37388ea77616b1425f0ae41c9d2d0d7bb2", size = 4487493, upload-time = "2025-07-07T19:20:04.079Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/c4/ca/aa97b47287221fa37a49634532e520300088e290b20d690b21ce3e448143/pandas-2.3.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:22c2e866f7209ebc3a8f08d75766566aae02bcc91d196935a1d9e59c7b990ac9", size = 11542731, upload-time = "2025-07-07T19:18:12.619Z" }, - { url = "https://files.pythonhosted.org/packages/80/bf/7938dddc5f01e18e573dcfb0f1b8c9357d9b5fa6ffdee6e605b92efbdff2/pandas-2.3.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:3583d348546201aff730c8c47e49bc159833f971c2899d6097bce68b9112a4f1", size = 10790031, upload-time = "2025-07-07T19:18:16.611Z" }, - { url = "https://files.pythonhosted.org/packages/ee/2f/9af748366763b2a494fed477f88051dbf06f56053d5c00eba652697e3f94/pandas-2.3.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0f951fbb702dacd390561e0ea45cdd8ecfa7fb56935eb3dd78e306c19104b9b0", size = 11724083, upload-time = "2025-07-07T19:18:20.512Z" }, - { url = "https://files.pythonhosted.org/packages/2c/95/79ab37aa4c25d1e7df953dde407bb9c3e4ae47d154bc0dd1692f3a6dcf8c/pandas-2.3.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:cd05b72ec02ebfb993569b4931b2e16fbb4d6ad6ce80224a3ee838387d83a191", size = 12342360, upload-time = "2025-07-07T19:18:23.194Z" }, - { url = "https://files.pythonhosted.org/packages/75/a7/d65e5d8665c12c3c6ff5edd9709d5836ec9b6f80071b7f4a718c6106e86e/pandas-2.3.1-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:1b916a627919a247d865aed068eb65eb91a344b13f5b57ab9f610b7716c92de1", size = 13202098, upload-time = "2025-07-07T19:18:25.558Z" }, - { url = "https://files.pythonhosted.org/packages/65/f3/4c1dbd754dbaa79dbf8b537800cb2fa1a6e534764fef50ab1f7533226c5c/pandas-2.3.1-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:fe67dc676818c186d5a3d5425250e40f179c2a89145df477dd82945eaea89e97", size = 13837228, upload-time = "2025-07-07T19:18:28.344Z" }, - { url = "https://files.pythonhosted.org/packages/3f/d6/d7f5777162aa9b48ec3910bca5a58c9b5927cfd9cfde3aa64322f5ba4b9f/pandas-2.3.1-cp310-cp310-win_amd64.whl", hash = "sha256:2eb789ae0274672acbd3c575b0598d213345660120a257b47b5dafdc618aec83", size = 11336561, upload-time = "2025-07-07T19:18:31.211Z" }, { url = "https://files.pythonhosted.org/packages/76/1c/ccf70029e927e473a4476c00e0d5b32e623bff27f0402d0a92b7fc29bb9f/pandas-2.3.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:2b0540963d83431f5ce8870ea02a7430adca100cec8a050f0811f8e31035541b", size = 11566608, upload-time = "2025-07-07T19:18:33.86Z" }, { url = "https://files.pythonhosted.org/packages/ec/d3/3c37cb724d76a841f14b8f5fe57e5e3645207cc67370e4f84717e8bb7657/pandas-2.3.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:fe7317f578c6a153912bd2292f02e40c1d8f253e93c599e82620c7f69755c74f", size = 10823181, upload-time = "2025-07-07T19:18:36.151Z" }, { url = "https://files.pythonhosted.org/packages/8a/4c/367c98854a1251940edf54a4df0826dcacfb987f9068abf3e3064081a382/pandas-2.3.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e6723a27ad7b244c0c79d8e7007092d7c8f0f11305770e2f4cd778b3ad5f9f85", size = 11793570, upload-time = "2025-07-07T19:18:38.385Z" }, @@ -746,6 +655,15 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/fe/39/979e8e21520d4e47a0bbe349e2713c0aac6f3d853d0e5b34d76206c439aa/platformdirs-4.3.8-py3-none-any.whl", hash = "sha256:ff7059bb7eb1179e2685604f4aaf157cfd9535242bd23742eadc3c13542139b4", size = 18567, upload-time = "2025-05-07T22:47:40.376Z" }, ] +[[package]] +name = "pluggy" +version = "1.6.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/f9/e2/3e91f31a7d2b083fe6ef3fa267035b518369d9511ffab804f839851d2779/pluggy-1.6.0.tar.gz", hash = "sha256:7dcc130b76258d33b90f61b658791dede3486c3e6bfb003ee5c9bfb396dd22f3", size = 69412, upload-time = "2025-05-15T12:30:07.975Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/54/20/4d324d65cc6d9205fabedc306948156824eb9f0ee1633355a8f7ec5c66bf/pluggy-1.6.0-py3-none-any.whl", hash = "sha256:e920276dd6813095e9377c0bc5566d94c932c33b27a3e3945d8389c374dd4746", size = 20538, upload-time = "2025-05-15T12:30:06.134Z" }, +] + [[package]] name = "pybtex" version = "0.25.1" @@ -783,19 +701,6 @@ dependencies = [ ] sdist = { url = "https://files.pythonhosted.org/packages/ad/88/5f2260bdfae97aabf98f1778d43f69574390ad787afb646292a638c923d4/pydantic_core-2.33.2.tar.gz", hash = "sha256:7cb8bc3605c29176e1b105350d2e6474142d7c1bd1d9327c4a9bdb46bf827acc", size = 435195, upload-time = "2025-04-23T18:33:52.104Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/e5/92/b31726561b5dae176c2d2c2dc43a9c5bfba5d32f96f8b4c0a600dd492447/pydantic_core-2.33.2-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:2b3d326aaef0c0399d9afffeb6367d5e26ddc24d351dbc9c636840ac355dc5d8", size = 2028817, upload-time = "2025-04-23T18:30:43.919Z" }, - { url = "https://files.pythonhosted.org/packages/a3/44/3f0b95fafdaca04a483c4e685fe437c6891001bf3ce8b2fded82b9ea3aa1/pydantic_core-2.33.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:0e5b2671f05ba48b94cb90ce55d8bdcaaedb8ba00cc5359f6810fc918713983d", size = 1861357, upload-time = "2025-04-23T18:30:46.372Z" }, - { url = "https://files.pythonhosted.org/packages/30/97/e8f13b55766234caae05372826e8e4b3b96e7b248be3157f53237682e43c/pydantic_core-2.33.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0069c9acc3f3981b9ff4cdfaf088e98d83440a4c7ea1bc07460af3d4dc22e72d", size = 1898011, upload-time = "2025-04-23T18:30:47.591Z" }, - { url = "https://files.pythonhosted.org/packages/9b/a3/99c48cf7bafc991cc3ee66fd544c0aae8dc907b752f1dad2d79b1b5a471f/pydantic_core-2.33.2-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:d53b22f2032c42eaaf025f7c40c2e3b94568ae077a606f006d206a463bc69572", size = 1982730, upload-time = "2025-04-23T18:30:49.328Z" }, - { url = "https://files.pythonhosted.org/packages/de/8e/a5b882ec4307010a840fb8b58bd9bf65d1840c92eae7534c7441709bf54b/pydantic_core-2.33.2-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:0405262705a123b7ce9f0b92f123334d67b70fd1f20a9372b907ce1080c7ba02", size = 2136178, upload-time = "2025-04-23T18:30:50.907Z" }, - { url = "https://files.pythonhosted.org/packages/e4/bb/71e35fc3ed05af6834e890edb75968e2802fe98778971ab5cba20a162315/pydantic_core-2.33.2-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:4b25d91e288e2c4e0662b8038a28c6a07eaac3e196cfc4ff69de4ea3db992a1b", size = 2736462, upload-time = "2025-04-23T18:30:52.083Z" }, - { url = "https://files.pythonhosted.org/packages/31/0d/c8f7593e6bc7066289bbc366f2235701dcbebcd1ff0ef8e64f6f239fb47d/pydantic_core-2.33.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6bdfe4b3789761f3bcb4b1ddf33355a71079858958e3a552f16d5af19768fef2", size = 2005652, upload-time = "2025-04-23T18:30:53.389Z" }, - { url = "https://files.pythonhosted.org/packages/d2/7a/996d8bd75f3eda405e3dd219ff5ff0a283cd8e34add39d8ef9157e722867/pydantic_core-2.33.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:efec8db3266b76ef9607c2c4c419bdb06bf335ae433b80816089ea7585816f6a", size = 2113306, upload-time = "2025-04-23T18:30:54.661Z" }, - { url = "https://files.pythonhosted.org/packages/ff/84/daf2a6fb2db40ffda6578a7e8c5a6e9c8affb251a05c233ae37098118788/pydantic_core-2.33.2-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:031c57d67ca86902726e0fae2214ce6770bbe2f710dc33063187a68744a5ecac", size = 2073720, upload-time = "2025-04-23T18:30:56.11Z" }, - { url = "https://files.pythonhosted.org/packages/77/fb/2258da019f4825128445ae79456a5499c032b55849dbd5bed78c95ccf163/pydantic_core-2.33.2-cp310-cp310-musllinux_1_1_armv7l.whl", hash = "sha256:f8de619080e944347f5f20de29a975c2d815d9ddd8be9b9b7268e2e3ef68605a", size = 2244915, upload-time = "2025-04-23T18:30:57.501Z" }, - { url = "https://files.pythonhosted.org/packages/d8/7a/925ff73756031289468326e355b6fa8316960d0d65f8b5d6b3a3e7866de7/pydantic_core-2.33.2-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:73662edf539e72a9440129f231ed3757faab89630d291b784ca99237fb94db2b", size = 2241884, upload-time = "2025-04-23T18:30:58.867Z" }, - { url = "https://files.pythonhosted.org/packages/0b/b0/249ee6d2646f1cdadcb813805fe76265745c4010cf20a8eba7b0e639d9b2/pydantic_core-2.33.2-cp310-cp310-win32.whl", hash = "sha256:0a39979dcbb70998b0e505fb1556a1d550a0781463ce84ebf915ba293ccb7e22", size = 1910496, upload-time = "2025-04-23T18:31:00.078Z" }, - { url = "https://files.pythonhosted.org/packages/66/ff/172ba8f12a42d4b552917aa65d1f2328990d3ccfc01d5b7c943ec084299f/pydantic_core-2.33.2-cp310-cp310-win_amd64.whl", hash = "sha256:b0379a2b24882fef529ec3b4987cb5d003b9cda32256024e6fe1586ac45fc640", size = 1955019, upload-time = "2025-04-23T18:31:01.335Z" }, { url = "https://files.pythonhosted.org/packages/3f/8d/71db63483d518cbbf290261a1fc2839d17ff89fce7089e08cad07ccfce67/pydantic_core-2.33.2-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:4c5b0a576fb381edd6d27f0a85915c6daf2f8138dc5c267a57c08a62900758c7", size = 2028584, upload-time = "2025-04-23T18:31:03.106Z" }, { url = "https://files.pythonhosted.org/packages/24/2f/3cfa7244ae292dd850989f328722d2aef313f74ffc471184dc509e1e4e5a/pydantic_core-2.33.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:e799c050df38a639db758c617ec771fd8fb7a5f8eaaa4b27b101f266b216a246", size = 1855071, upload-time = "2025-04-23T18:31:04.621Z" }, { url = "https://files.pythonhosted.org/packages/b3/d3/4ae42d33f5e3f50dd467761304be2fa0a9417fbf09735bc2cce003480f2a/pydantic_core-2.33.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:dc46a01bf8d62f227d5ecee74178ffc448ff4e5197c756331f71efcc66dc980f", size = 1897823, upload-time = "2025-04-23T18:31:06.377Z" }, @@ -841,15 +746,6 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/a4/7d/e09391c2eebeab681df2b74bfe6c43422fffede8dc74187b2b0bf6fd7571/pydantic_core-2.33.2-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:61c18fba8e5e9db3ab908620af374db0ac1baa69f0f32df4f61ae23f15e586ac", size = 1806162, upload-time = "2025-04-23T18:32:20.188Z" }, { url = "https://files.pythonhosted.org/packages/f1/3d/847b6b1fed9f8ed3bb95a9ad04fbd0b212e832d4f0f50ff4d9ee5a9f15cf/pydantic_core-2.33.2-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:95237e53bb015f67b63c91af7518a62a8660376a6a0db19b89acc77a4d6199f5", size = 1981560, upload-time = "2025-04-23T18:32:22.354Z" }, { url = "https://files.pythonhosted.org/packages/6f/9a/e73262f6c6656262b5fdd723ad90f518f579b7bc8622e43a942eec53c938/pydantic_core-2.33.2-cp313-cp313t-win_amd64.whl", hash = "sha256:c2fc0a768ef76c15ab9238afa6da7f69895bb5d1ee83aeea2e3509af4472d0b9", size = 1935777, upload-time = "2025-04-23T18:32:25.088Z" }, - { url = "https://files.pythonhosted.org/packages/30/68/373d55e58b7e83ce371691f6eaa7175e3a24b956c44628eb25d7da007917/pydantic_core-2.33.2-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:5c4aa4e82353f65e548c476b37e64189783aa5384903bfea4f41580f255fddfa", size = 2023982, upload-time = "2025-04-23T18:32:53.14Z" }, - { url = "https://files.pythonhosted.org/packages/a4/16/145f54ac08c96a63d8ed6442f9dec17b2773d19920b627b18d4f10a061ea/pydantic_core-2.33.2-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:d946c8bf0d5c24bf4fe333af284c59a19358aa3ec18cb3dc4370080da1e8ad29", size = 1858412, upload-time = "2025-04-23T18:32:55.52Z" }, - { url = "https://files.pythonhosted.org/packages/41/b1/c6dc6c3e2de4516c0bb2c46f6a373b91b5660312342a0cf5826e38ad82fa/pydantic_core-2.33.2-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:87b31b6846e361ef83fedb187bb5b4372d0da3f7e28d85415efa92d6125d6e6d", size = 1892749, upload-time = "2025-04-23T18:32:57.546Z" }, - { url = "https://files.pythonhosted.org/packages/12/73/8cd57e20afba760b21b742106f9dbdfa6697f1570b189c7457a1af4cd8a0/pydantic_core-2.33.2-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:aa9d91b338f2df0508606f7009fde642391425189bba6d8c653afd80fd6bb64e", size = 2067527, upload-time = "2025-04-23T18:32:59.771Z" }, - { url = "https://files.pythonhosted.org/packages/e3/d5/0bb5d988cc019b3cba4a78f2d4b3854427fc47ee8ec8e9eaabf787da239c/pydantic_core-2.33.2-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:2058a32994f1fde4ca0480ab9d1e75a0e8c87c22b53a3ae66554f9af78f2fe8c", size = 2108225, upload-time = "2025-04-23T18:33:04.51Z" }, - { url = "https://files.pythonhosted.org/packages/f1/c5/00c02d1571913d496aabf146106ad8239dc132485ee22efe08085084ff7c/pydantic_core-2.33.2-pp310-pypy310_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:0e03262ab796d986f978f79c943fc5f620381be7287148b8010b4097f79a39ec", size = 2069490, upload-time = "2025-04-23T18:33:06.391Z" }, - { url = "https://files.pythonhosted.org/packages/22/a8/dccc38768274d3ed3a59b5d06f59ccb845778687652daa71df0cab4040d7/pydantic_core-2.33.2-pp310-pypy310_pp73-musllinux_1_1_armv7l.whl", hash = "sha256:1a8695a8d00c73e50bff9dfda4d540b7dee29ff9b8053e38380426a85ef10052", size = 2237525, upload-time = "2025-04-23T18:33:08.44Z" }, - { url = "https://files.pythonhosted.org/packages/d4/e7/4f98c0b125dda7cf7ccd14ba936218397b44f50a56dd8c16a3091df116c3/pydantic_core-2.33.2-pp310-pypy310_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:fa754d1850735a0b0e03bcffd9d4b4343eb417e47196e4485d9cca326073a42c", size = 2238446, upload-time = "2025-04-23T18:33:10.313Z" }, - { url = "https://files.pythonhosted.org/packages/ce/91/2ec36480fdb0b783cd9ef6795753c1dea13882f2e68e73bce76ae8c21e6a/pydantic_core-2.33.2-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:a11c8d26a50bfab49002947d3d237abe4d9e4b5bdc8846a63537b6488e197808", size = 2066678, upload-time = "2025-04-23T18:33:12.224Z" }, { url = "https://files.pythonhosted.org/packages/7b/27/d4ae6487d73948d6f20dddcd94be4ea43e74349b56eba82e9bdee2d7494c/pydantic_core-2.33.2-pp311-pypy311_pp73-macosx_10_12_x86_64.whl", hash = "sha256:dd14041875d09cc0f9308e37a6f8b65f5585cf2598a53aa0123df8b129d481f8", size = 2025200, upload-time = "2025-04-23T18:33:14.199Z" }, { url = "https://files.pythonhosted.org/packages/f1/b8/b3cb95375f05d33801024079b9392a5ab45267a63400bf1866e7ce0f0de4/pydantic_core-2.33.2-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:d87c561733f66531dced0da6e864f44ebf89a8fba55f31407b00c2f7f9449593", size = 1859123, upload-time = "2025-04-23T18:33:16.555Z" }, { url = "https://files.pythonhosted.org/packages/05/bc/0d0b5adeda59a261cd30a1235a445bf55c7e46ae44aea28f7bd6ed46e091/pydantic_core-2.33.2-pp311-pypy311_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2f82865531efd18d6e07a04a17331af02cb7a651583c418df8266f17a63c6612", size = 1892852, upload-time = "2025-04-23T18:33:18.513Z" }, @@ -892,6 +788,22 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/61/06/0763e0ccc81754d3eadb21b2cb86cf21bdedc9b52698c2ad6785db7f0a4e/pypandoc-1.15-py3-none-any.whl", hash = "sha256:4ededcc76c8770f27aaca6dff47724578428eca84212a31479403a9731fc2b16", size = 21321, upload-time = "2025-01-08T17:39:09.928Z" }, ] +[[package]] +name = "pytest" +version = "8.4.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "colorama", marker = "sys_platform == 'win32'" }, + { name = "iniconfig" }, + { name = "packaging" }, + { name = "pluggy" }, + { name = "pygments" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/08/ba/45911d754e8eba3d5a841a5ce61a65a685ff1798421ac054f85aa8747dfb/pytest-8.4.1.tar.gz", hash = "sha256:7c67fd69174877359ed9371ec3af8a3d2b04741818c51e5e99cc1742251fa93c", size = 1517714, upload-time = "2025-06-18T05:48:06.109Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/29/16/c8a903f4c4dffe7a12843191437d7cd8e32751d5de349d45d3fe69544e87/pytest-8.4.1-py3-none-any.whl", hash = "sha256:539c70ba6fcead8e78eebbf1115e8b589e7565830d7d006a8723f19ac8a0afb7", size = 365474, upload-time = "2025-06-18T05:48:03.955Z" }, +] + [[package]] name = "python-dateutil" version = "2.9.0.post0" @@ -919,15 +831,6 @@ version = "6.0.2" source = { registry = "https://pypi.org/simple" } sdist = { url = "https://files.pythonhosted.org/packages/54/ed/79a089b6be93607fa5cdaedf301d7dfb23af5f25c398d5ead2525b063e17/pyyaml-6.0.2.tar.gz", hash = "sha256:d584d9ec91ad65861cc08d42e834324ef890a082e591037abe114850ff7bbc3e", size = 130631, upload-time = "2024-08-06T20:33:50.674Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/9b/95/a3fac87cb7158e231b5a6012e438c647e1a87f09f8e0d123acec8ab8bf71/PyYAML-6.0.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086", size = 184199, upload-time = "2024-08-06T20:31:40.178Z" }, - { url = "https://files.pythonhosted.org/packages/c7/7a/68bd47624dab8fd4afbfd3c48e3b79efe09098ae941de5b58abcbadff5cb/PyYAML-6.0.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:29717114e51c84ddfba879543fb232a6ed60086602313ca38cce623c1d62cfbf", size = 171758, upload-time = "2024-08-06T20:31:42.173Z" }, - { url = "https://files.pythonhosted.org/packages/49/ee/14c54df452143b9ee9f0f29074d7ca5516a36edb0b4cc40c3f280131656f/PyYAML-6.0.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8824b5a04a04a047e72eea5cec3bc266db09e35de6bdfe34c9436ac5ee27d237", size = 718463, upload-time = "2024-08-06T20:31:44.263Z" }, - { url = "https://files.pythonhosted.org/packages/4d/61/de363a97476e766574650d742205be468921a7b532aa2499fcd886b62530/PyYAML-6.0.2-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:7c36280e6fb8385e520936c3cb3b8042851904eba0e58d277dca80a5cfed590b", size = 719280, upload-time = "2024-08-06T20:31:50.199Z" }, - { url = "https://files.pythonhosted.org/packages/6b/4e/1523cb902fd98355e2e9ea5e5eb237cbc5f3ad5f3075fa65087aa0ecb669/PyYAML-6.0.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ec031d5d2feb36d1d1a24380e4db6d43695f3748343d99434e6f5f9156aaa2ed", size = 751239, upload-time = "2024-08-06T20:31:52.292Z" }, - { url = "https://files.pythonhosted.org/packages/b7/33/5504b3a9a4464893c32f118a9cc045190a91637b119a9c881da1cf6b7a72/PyYAML-6.0.2-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:936d68689298c36b53b29f23c6dbb74de12b4ac12ca6cfe0e047bedceea56180", size = 695802, upload-time = "2024-08-06T20:31:53.836Z" }, - { url = "https://files.pythonhosted.org/packages/5c/20/8347dcabd41ef3a3cdc4f7b7a2aff3d06598c8779faa189cdbf878b626a4/PyYAML-6.0.2-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:23502f431948090f597378482b4812b0caae32c22213aecf3b55325e049a6c68", size = 720527, upload-time = "2024-08-06T20:31:55.565Z" }, - { url = "https://files.pythonhosted.org/packages/be/aa/5afe99233fb360d0ff37377145a949ae258aaab831bde4792b32650a4378/PyYAML-6.0.2-cp310-cp310-win32.whl", hash = "sha256:2e99c6826ffa974fe6e27cdb5ed0021786b03fc98e5ee3c5bfe1fd5015f42b99", size = 144052, upload-time = "2024-08-06T20:31:56.914Z" }, - { url = "https://files.pythonhosted.org/packages/b5/84/0fa4b06f6d6c958d207620fc60005e241ecedceee58931bb20138e1e5776/PyYAML-6.0.2-cp310-cp310-win_amd64.whl", hash = "sha256:a4d3091415f010369ae4ed1fc6b79def9416358877534caf6a0fdd2146c87a3e", size = 161774, upload-time = "2024-08-06T20:31:58.304Z" }, { url = "https://files.pythonhosted.org/packages/f8/aa/7af4e81f7acba21a4c6be026da38fd2b872ca46226673c89a758ebdc4fd2/PyYAML-6.0.2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:cc1c1159b3d456576af7a3e4d1ba7e6924cb39de8f67111c735f6fc832082774", size = 184612, upload-time = "2024-08-06T20:32:03.408Z" }, { url = "https://files.pythonhosted.org/packages/8b/62/b9faa998fd185f65c1371643678e4d58254add437edb764a08c5a98fb986/PyYAML-6.0.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:1e2120ef853f59c7419231f3bf4e7021f1b936f6ebd222406c3b60212205d2ee", size = 172040, upload-time = "2024-08-06T20:32:04.926Z" }, { url = "https://files.pythonhosted.org/packages/ad/0c/c804f5f922a9a6563bab712d8dcc70251e8af811fce4524d57c2c0fd49a4/PyYAML-6.0.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5d225db5a45f21e78dd9358e58a98702a0302f2659a3c6cd320564b75b86f47c", size = 736829, upload-time = "2024-08-06T20:32:06.459Z" }, @@ -975,21 +878,6 @@ version = "3.13.0" source = { registry = "https://pypi.org/simple" } sdist = { url = "https://files.pythonhosted.org/packages/ed/f6/6895abc3a3d056b9698da3199b04c0e56226d530ae44a470edabf8b664f0/rapidfuzz-3.13.0.tar.gz", hash = "sha256:d2eaf3839e52cbcc0accbe9817a67b4b0fcf70aaeb229cfddc1c28061f9ce5d8", size = 57904226, upload-time = "2025-04-03T20:38:51.226Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/de/27/ca10b3166024ae19a7e7c21f73c58dfd4b7fef7420e5497ee64ce6b73453/rapidfuzz-3.13.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:aafc42a1dc5e1beeba52cd83baa41372228d6d8266f6d803c16dbabbcc156255", size = 1998899, upload-time = "2025-04-03T20:35:08.764Z" }, - { url = "https://files.pythonhosted.org/packages/f0/38/c4c404b13af0315483a6909b3a29636e18e1359307fb74a333fdccb3730d/rapidfuzz-3.13.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:85c9a131a44a95f9cac2eb6e65531db014e09d89c4f18c7b1fa54979cb9ff1f3", size = 1449949, upload-time = "2025-04-03T20:35:11.26Z" }, - { url = "https://files.pythonhosted.org/packages/12/ae/15c71d68a6df6b8e24595421fdf5bcb305888318e870b7be8d935a9187ee/rapidfuzz-3.13.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:7d7cec4242d30dd521ef91c0df872e14449d1dffc2a6990ede33943b0dae56c3", size = 1424199, upload-time = "2025-04-03T20:35:12.954Z" }, - { url = "https://files.pythonhosted.org/packages/dc/9a/765beb9e14d7b30d12e2d6019e8b93747a0bedbc1d0cce13184fa3825426/rapidfuzz-3.13.0-cp310-cp310-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e297c09972698c95649e89121e3550cee761ca3640cd005e24aaa2619175464e", size = 5352400, upload-time = "2025-04-03T20:35:15.421Z" }, - { url = "https://files.pythonhosted.org/packages/e2/b8/49479fe6f06b06cd54d6345ed16de3d1ac659b57730bdbe897df1e059471/rapidfuzz-3.13.0-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ef0f5f03f61b0e5a57b1df7beafd83df993fd5811a09871bad6038d08e526d0d", size = 1652465, upload-time = "2025-04-03T20:35:18.43Z" }, - { url = "https://files.pythonhosted.org/packages/6f/d8/08823d496b7dd142a7b5d2da04337df6673a14677cfdb72f2604c64ead69/rapidfuzz-3.13.0-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:d8cf5f7cd6e4d5eb272baf6a54e182b2c237548d048e2882258336533f3f02b7", size = 1616590, upload-time = "2025-04-03T20:35:20.482Z" }, - { url = "https://files.pythonhosted.org/packages/38/d4/5cfbc9a997e544f07f301c54d42aac9e0d28d457d543169e4ec859b8ce0d/rapidfuzz-3.13.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9256218ac8f1a957806ec2fb9a6ddfc6c32ea937c0429e88cf16362a20ed8602", size = 3086956, upload-time = "2025-04-03T20:35:22.756Z" }, - { url = "https://files.pythonhosted.org/packages/25/1e/06d8932a72fa9576095234a15785136407acf8f9a7dbc8136389a3429da1/rapidfuzz-3.13.0-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:e1bdd2e6d0c5f9706ef7595773a81ca2b40f3b33fd7f9840b726fb00c6c4eb2e", size = 2494220, upload-time = "2025-04-03T20:35:25.563Z" }, - { url = "https://files.pythonhosted.org/packages/03/16/5acf15df63119d5ca3d9a54b82807866ff403461811d077201ca351a40c3/rapidfuzz-3.13.0-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:5280be8fd7e2bee5822e254fe0a5763aa0ad57054b85a32a3d9970e9b09bbcbf", size = 7585481, upload-time = "2025-04-03T20:35:27.426Z" }, - { url = "https://files.pythonhosted.org/packages/e1/cf/ebade4009431ea8e715e59e882477a970834ddaacd1a670095705b86bd0d/rapidfuzz-3.13.0-cp310-cp310-musllinux_1_2_ppc64le.whl", hash = "sha256:fd742c03885db1fce798a1cd87a20f47f144ccf26d75d52feb6f2bae3d57af05", size = 2894842, upload-time = "2025-04-03T20:35:29.457Z" }, - { url = "https://files.pythonhosted.org/packages/a7/bd/0732632bd3f906bf613229ee1b7cbfba77515db714a0e307becfa8a970ae/rapidfuzz-3.13.0-cp310-cp310-musllinux_1_2_s390x.whl", hash = "sha256:5435fcac94c9ecf0504bf88a8a60c55482c32e18e108d6079a0089c47f3f8cf6", size = 3438517, upload-time = "2025-04-03T20:35:31.381Z" }, - { url = "https://files.pythonhosted.org/packages/83/89/d3bd47ec9f4b0890f62aea143a1e35f78f3d8329b93d9495b4fa8a3cbfc3/rapidfuzz-3.13.0-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:93a755266856599be4ab6346273f192acde3102d7aa0735e2f48b456397a041f", size = 4412773, upload-time = "2025-04-03T20:35:33.425Z" }, - { url = "https://files.pythonhosted.org/packages/b3/57/1a152a07883e672fc117c7f553f5b933f6e43c431ac3fd0e8dae5008f481/rapidfuzz-3.13.0-cp310-cp310-win32.whl", hash = "sha256:3abe6a4e8eb4cfc4cda04dd650a2dc6d2934cbdeda5def7e6fd1c20f6e7d2a0b", size = 1842334, upload-time = "2025-04-03T20:35:35.648Z" }, - { url = "https://files.pythonhosted.org/packages/a7/68/7248addf95b6ca51fc9d955161072285da3059dd1472b0de773cff910963/rapidfuzz-3.13.0-cp310-cp310-win_amd64.whl", hash = "sha256:e8ddb58961401da7d6f55f185512c0d6bd24f529a637078d41dd8ffa5a49c107", size = 1624392, upload-time = "2025-04-03T20:35:37.294Z" }, - { url = "https://files.pythonhosted.org/packages/68/23/f41c749f2c61ed1ed5575eaf9e73ef9406bfedbf20a3ffa438d15b5bf87e/rapidfuzz-3.13.0-cp310-cp310-win_arm64.whl", hash = "sha256:c523620d14ebd03a8d473c89e05fa1ae152821920c3ff78b839218ff69e19ca3", size = 865584, upload-time = "2025-04-03T20:35:39.005Z" }, { url = "https://files.pythonhosted.org/packages/87/17/9be9eff5a3c7dfc831c2511262082c6786dca2ce21aa8194eef1cb71d67a/rapidfuzz-3.13.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:d395a5cad0c09c7f096433e5fd4224d83b53298d53499945a9b0e5a971a84f3a", size = 1999453, upload-time = "2025-04-03T20:35:40.804Z" }, { url = "https://files.pythonhosted.org/packages/75/67/62e57896ecbabe363f027d24cc769d55dd49019e576533ec10e492fcd8a2/rapidfuzz-3.13.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:b7b3eda607a019169f7187328a8d1648fb9a90265087f6903d7ee3a8eee01805", size = 1450881, upload-time = "2025-04-03T20:35:42.734Z" }, { url = "https://files.pythonhosted.org/packages/96/5c/691c5304857f3476a7b3df99e91efc32428cbe7d25d234e967cc08346c13/rapidfuzz-3.13.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:98e0bfa602e1942d542de077baf15d658bd9d5dcfe9b762aff791724c1c38b70", size = 1422990, upload-time = "2025-04-03T20:35:45.158Z" }, @@ -1035,12 +923,6 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/0c/f3/5e0c6ae452cbb74e5436d3445467447e8c32f3021f48f93f15934b8cffc2/rapidfuzz-3.13.0-cp313-cp313-win32.whl", hash = "sha256:0e1d08cb884805a543f2de1f6744069495ef527e279e05370dd7c83416af83f8", size = 1822066, upload-time = "2025-04-03T20:37:14.425Z" }, { url = "https://files.pythonhosted.org/packages/96/e3/a98c25c4f74051df4dcf2f393176b8663bfd93c7afc6692c84e96de147a2/rapidfuzz-3.13.0-cp313-cp313-win_amd64.whl", hash = "sha256:9a7c6232be5f809cd39da30ee5d24e6cadd919831e6020ec6c2391f4c3bc9264", size = 1615100, upload-time = "2025-04-03T20:37:16.611Z" }, { url = "https://files.pythonhosted.org/packages/60/b1/05cd5e697c00cd46d7791915f571b38c8531f714832eff2c5e34537c49ee/rapidfuzz-3.13.0-cp313-cp313-win_arm64.whl", hash = "sha256:3f32f15bacd1838c929b35c84b43618481e1b3d7a61b5ed2db0291b70ae88b53", size = 858976, upload-time = "2025-04-03T20:37:19.336Z" }, - { url = "https://files.pythonhosted.org/packages/d5/e1/f5d85ae3c53df6f817ca70dbdd37c83f31e64caced5bb867bec6b43d1fdf/rapidfuzz-3.13.0-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:fe5790a36d33a5d0a6a1f802aa42ecae282bf29ac6f7506d8e12510847b82a45", size = 1904437, upload-time = "2025-04-03T20:38:00.255Z" }, - { url = "https://files.pythonhosted.org/packages/db/d7/ded50603dddc5eb182b7ce547a523ab67b3bf42b89736f93a230a398a445/rapidfuzz-3.13.0-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:cdb33ee9f8a8e4742c6b268fa6bd739024f34651a06b26913381b1413ebe7590", size = 1383126, upload-time = "2025-04-03T20:38:02.676Z" }, - { url = "https://files.pythonhosted.org/packages/c4/48/6f795e793babb0120b63a165496d64f989b9438efbeed3357d9a226ce575/rapidfuzz-3.13.0-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8c99b76b93f7b495eee7dcb0d6a38fb3ce91e72e99d9f78faa5664a881cb2b7d", size = 1365565, upload-time = "2025-04-03T20:38:06.646Z" }, - { url = "https://files.pythonhosted.org/packages/f0/50/0062a959a2d72ed17815824e40e2eefdb26f6c51d627389514510a7875f3/rapidfuzz-3.13.0-pp310-pypy310_pp73-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:6af42f2ede8b596a6aaf6d49fdee3066ca578f4856b85ab5c1e2145de367a12d", size = 5251719, upload-time = "2025-04-03T20:38:09.191Z" }, - { url = "https://files.pythonhosted.org/packages/e7/02/bd8b70cd98b7a88e1621264778ac830c9daa7745cd63e838bd773b1aeebd/rapidfuzz-3.13.0-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6c0efa73afbc5b265aca0d8a467ae2a3f40d6854cbe1481cb442a62b7bf23c99", size = 2991095, upload-time = "2025-04-03T20:38:12.554Z" }, - { url = "https://files.pythonhosted.org/packages/9f/8d/632d895cdae8356826184864d74a5f487d40cb79f50a9137510524a1ba86/rapidfuzz-3.13.0-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:7ac21489de962a4e2fc1e8f0b0da4aa1adc6ab9512fd845563fecb4b4c52093a", size = 1553888, upload-time = "2025-04-03T20:38:15.357Z" }, { url = "https://files.pythonhosted.org/packages/88/df/6060c5a9c879b302bd47a73fc012d0db37abf6544c57591bcbc3459673bd/rapidfuzz-3.13.0-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:1ba007f4d35a45ee68656b2eb83b8715e11d0f90e5b9f02d615a8a321ff00c27", size = 1905935, upload-time = "2025-04-03T20:38:18.07Z" }, { url = "https://files.pythonhosted.org/packages/a2/6c/a0b819b829e20525ef1bd58fc776fb8d07a0c38d819e63ba2b7c311a2ed4/rapidfuzz-3.13.0-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:d7a217310429b43be95b3b8ad7f8fc41aba341109dc91e978cd7c703f928c58f", size = 1383714, upload-time = "2025-04-03T20:38:20.628Z" }, { url = "https://files.pythonhosted.org/packages/6a/c1/3da3466cc8a9bfb9cd345ad221fac311143b6a9664b5af4adb95b5e6ce01/rapidfuzz-3.13.0-pp311-pypy311_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:558bf526bcd777de32b7885790a95a9548ffdcce68f704a81207be4a286c1095", size = 1367329, upload-time = "2025-04-03T20:38:23.01Z" }, @@ -1098,20 +980,6 @@ version = "0.27.0" source = { registry = "https://pypi.org/simple" } sdist = { url = "https://files.pythonhosted.org/packages/1e/d9/991a0dee12d9fc53ed027e26a26a64b151d77252ac477e22666b9688bc16/rpds_py-0.27.0.tar.gz", hash = "sha256:8b23cf252f180cda89220b378d917180f29d313cd6a07b2431c0d3b776aae86f", size = 27420, upload-time = "2025-08-07T08:26:39.624Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/75/2d/ad2e37dee3f45580f7fa0066c412a521f9bee53d2718b0e9436d308a1ecd/rpds_py-0.27.0-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:130c1ffa5039a333f5926b09e346ab335f0d4ec393b030a18549a7c7e7c2cea4", size = 371511, upload-time = "2025-08-07T08:23:06.205Z" }, - { url = "https://files.pythonhosted.org/packages/f5/67/57b4b2479193fde9dd6983a13c2550b5f9c3bcdf8912dffac2068945eb14/rpds_py-0.27.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:a4cf32a26fa744101b67bfd28c55d992cd19438aff611a46cac7f066afca8fd4", size = 354718, upload-time = "2025-08-07T08:23:08.222Z" }, - { url = "https://files.pythonhosted.org/packages/a3/be/c2b95ec4b813eb11f3a3c3d22f22bda8d3a48a074a0519cde968c4d102cf/rpds_py-0.27.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:64a0fe3f334a40b989812de70160de6b0ec7e3c9e4a04c0bbc48d97c5d3600ae", size = 381518, upload-time = "2025-08-07T08:23:09.696Z" }, - { url = "https://files.pythonhosted.org/packages/a5/d2/5a7279bc2b93b20bd50865a2269016238cee45f7dc3cc33402a7f41bd447/rpds_py-0.27.0-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:9a0ff7ee28583ab30a52f371b40f54e7138c52ca67f8ca17ccb7ccf0b383cb5f", size = 396694, upload-time = "2025-08-07T08:23:11.105Z" }, - { url = "https://files.pythonhosted.org/packages/65/e9/bac8b3714bd853c5bcb466e04acfb9a5da030d77e0ddf1dfad9afb791c31/rpds_py-0.27.0-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:15ea4d2e182345dd1b4286593601d766411b43f868924afe297570658c31a62b", size = 514813, upload-time = "2025-08-07T08:23:12.215Z" }, - { url = "https://files.pythonhosted.org/packages/1d/aa/293115e956d7d13b7d2a9e9a4121f74989a427aa125f00ce4426ca8b7b28/rpds_py-0.27.0-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:36184b44bf60a480863e51021c26aca3dfe8dd2f5eeabb33622b132b9d8b8b54", size = 402246, upload-time = "2025-08-07T08:23:13.699Z" }, - { url = "https://files.pythonhosted.org/packages/88/59/2d6789bb898fb3e2f0f7b82b7bcf27f579ebcb6cc36c24f4e208f7f58a5b/rpds_py-0.27.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9b78430703cfcf5f5e86eb74027a1ed03a93509273d7c705babb547f03e60016", size = 383661, upload-time = "2025-08-07T08:23:15.231Z" }, - { url = "https://files.pythonhosted.org/packages/0c/55/add13a593a7a81243a9eed56d618d3d427be5dc1214931676e3f695dfdc1/rpds_py-0.27.0-cp310-cp310-manylinux_2_31_riscv64.whl", hash = "sha256:dbd749cff1defbde270ca346b69b3baf5f1297213ef322254bf2a28537f0b046", size = 401691, upload-time = "2025-08-07T08:23:16.681Z" }, - { url = "https://files.pythonhosted.org/packages/04/09/3e8b2aad494ffaca571e4e19611a12cc18fcfd756d9274f3871a2d822445/rpds_py-0.27.0-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:6bde37765564cd22a676dd8101b657839a1854cfaa9c382c5abf6ff7accfd4ae", size = 416529, upload-time = "2025-08-07T08:23:17.863Z" }, - { url = "https://files.pythonhosted.org/packages/a4/6d/bd899234728f1d8f72c9610f50fdf1c140ecd0a141320e1f1d0f6b20595d/rpds_py-0.27.0-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:1d66f45b9399036e890fb9c04e9f70c33857fd8f58ac8db9f3278cfa835440c3", size = 558673, upload-time = "2025-08-07T08:23:18.99Z" }, - { url = "https://files.pythonhosted.org/packages/79/f4/f3e02def5193fb899d797c232f90d6f8f0f2b9eca2faef6f0d34cbc89b2e/rpds_py-0.27.0-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:d85d784c619370d9329bbd670f41ff5f2ae62ea4519761b679d0f57f0f0ee267", size = 588426, upload-time = "2025-08-07T08:23:20.541Z" }, - { url = "https://files.pythonhosted.org/packages/e3/0c/88e716cd8fd760e5308835fe298255830de4a1c905fd51760b9bb40aa965/rpds_py-0.27.0-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:5df559e9e7644d9042f626f2c3997b555f347d7a855a15f170b253f6c5bfe358", size = 554552, upload-time = "2025-08-07T08:23:21.714Z" }, - { url = "https://files.pythonhosted.org/packages/2b/a9/0a8243c182e7ac59b901083dff7e671feba6676a131bfff3f8d301cd2b36/rpds_py-0.27.0-cp310-cp310-win32.whl", hash = "sha256:b8a4131698b6992b2a56015f51646711ec5d893a0b314a4b985477868e240c87", size = 218081, upload-time = "2025-08-07T08:23:23.273Z" }, - { url = "https://files.pythonhosted.org/packages/0f/e7/202ff35852312760148be9e08fe2ba6900aa28e7a46940a313eae473c10c/rpds_py-0.27.0-cp310-cp310-win_amd64.whl", hash = "sha256:cbc619e84a5e3ab2d452de831c88bdcad824414e9c2d28cd101f94dbdf26329c", size = 230077, upload-time = "2025-08-07T08:23:24.308Z" }, { url = "https://files.pythonhosted.org/packages/b4/c1/49d515434c1752e40f5e35b985260cf27af052593378580a2f139a5be6b8/rpds_py-0.27.0-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:dbc2ab5d10544eb485baa76c63c501303b716a5c405ff2469a1d8ceffaabf622", size = 371577, upload-time = "2025-08-07T08:23:25.379Z" }, { url = "https://files.pythonhosted.org/packages/e1/6d/bf2715b2fee5087fa13b752b5fd573f1a93e4134c74d275f709e38e54fe7/rpds_py-0.27.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:7ec85994f96a58cf7ed288caa344b7fe31fd1d503bdf13d7331ead5f70ab60d5", size = 354959, upload-time = "2025-08-07T08:23:26.767Z" }, { url = "https://files.pythonhosted.org/packages/a3/5c/e7762808c746dd19733a81373c10da43926f6a6adcf4920a21119697a60a/rpds_py-0.27.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:190d7285cd3bb6d31d37a0534d7359c1ee191eb194c511c301f32a4afa5a1dd4", size = 381485, upload-time = "2025-08-07T08:23:27.869Z" }, @@ -1200,19 +1068,6 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/63/09/ee1bb5536f99f42c839b177d552f6114aa3142d82f49cef49261ed28dbe0/rpds_py-0.27.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:3001013dae10f806380ba739d40dee11db1ecb91684febb8406a87c2ded23dae", size = 555090, upload-time = "2025-08-07T08:25:20.461Z" }, { url = "https://files.pythonhosted.org/packages/7d/2c/363eada9e89f7059199d3724135a86c47082cbf72790d6ba2f336d146ddb/rpds_py-0.27.0-cp314-cp314t-win32.whl", hash = "sha256:0f401c369186a5743694dd9fc08cba66cf70908757552e1f714bfc5219c655b5", size = 218001, upload-time = "2025-08-07T08:25:21.761Z" }, { url = "https://files.pythonhosted.org/packages/e2/3f/d6c216ed5199c9ef79e2a33955601f454ed1e7420a93b89670133bca5ace/rpds_py-0.27.0-cp314-cp314t-win_amd64.whl", hash = "sha256:8a1dca5507fa1337f75dcd5070218b20bc68cf8844271c923c1b79dfcbc20391", size = 230993, upload-time = "2025-08-07T08:25:23.34Z" }, - { url = "https://files.pythonhosted.org/packages/47/55/287068956f9ba1cb40896d291213f09fdd4527630709058b45a592bc09dc/rpds_py-0.27.0-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:46f48482c1a4748ab2773f75fffbdd1951eb59794e32788834b945da857c47a8", size = 371566, upload-time = "2025-08-07T08:25:43.95Z" }, - { url = "https://files.pythonhosted.org/packages/a2/fb/443af59cbe552e89680bb0f1d1ba47f6387b92083e28a45b8c8863b86c5a/rpds_py-0.27.0-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:419dd9c98bcc9fb0242be89e0c6e922df333b975d4268faa90d58499fd9c9ebe", size = 355781, upload-time = "2025-08-07T08:25:45.256Z" }, - { url = "https://files.pythonhosted.org/packages/ad/f0/35f48bb073b5ca42b1dcc55cb148f4a3bd4411a3e584f6a18d26f0ea8832/rpds_py-0.27.0-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:55d42a0ef2bdf6bc81e1cc2d49d12460f63c6ae1423c4f4851b828e454ccf6f1", size = 382575, upload-time = "2025-08-07T08:25:46.524Z" }, - { url = "https://files.pythonhosted.org/packages/51/e1/5f5296a21d1189f0f116a938af2e346d83172bf814d373695e54004a936f/rpds_py-0.27.0-pp310-pypy310_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:2e39169ac6aae06dd79c07c8a69d9da867cef6a6d7883a0186b46bb46ccfb0c3", size = 397435, upload-time = "2025-08-07T08:25:48.204Z" }, - { url = "https://files.pythonhosted.org/packages/97/79/3af99b7852b2b55cad8a08863725cbe9dc14781bcf7dc6ecead0c3e1dc54/rpds_py-0.27.0-pp310-pypy310_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:935afcdea4751b0ac918047a2df3f720212892347767aea28f5b3bf7be4f27c0", size = 514861, upload-time = "2025-08-07T08:25:49.814Z" }, - { url = "https://files.pythonhosted.org/packages/df/3e/11fd6033708ed3ae0e6947bb94f762f56bb46bf59a1b16eef6944e8a62ee/rpds_py-0.27.0-pp310-pypy310_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:8de567dec6d451649a781633d36f5c7501711adee329d76c095be2178855b042", size = 402776, upload-time = "2025-08-07T08:25:51.135Z" }, - { url = "https://files.pythonhosted.org/packages/b7/89/f9375ceaa996116de9cbc949874804c7874d42fb258c384c037a46d730b8/rpds_py-0.27.0-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:555ed147cbe8c8f76e72a4c6cd3b7b761cbf9987891b9448808148204aed74a5", size = 384665, upload-time = "2025-08-07T08:25:52.82Z" }, - { url = "https://files.pythonhosted.org/packages/48/bf/0061e55c6f1f573a63c0f82306b8984ed3b394adafc66854a936d5db3522/rpds_py-0.27.0-pp310-pypy310_pp73-manylinux_2_31_riscv64.whl", hash = "sha256:d2cc2b34f9e1d31ce255174da82902ad75bd7c0d88a33df54a77a22f2ef421ee", size = 402518, upload-time = "2025-08-07T08:25:54.073Z" }, - { url = "https://files.pythonhosted.org/packages/ae/dc/8d506676bfe87b3b683332ec8e6ab2b0be118a3d3595ed021e3274a63191/rpds_py-0.27.0-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:cb0702c12983be3b2fab98ead349ac63a98216d28dda6f518f52da5498a27a1b", size = 416247, upload-time = "2025-08-07T08:25:55.433Z" }, - { url = "https://files.pythonhosted.org/packages/2e/02/9a89eea1b75c69e81632de7963076e455b1e00e1cfb46dfdabb055fa03e3/rpds_py-0.27.0-pp310-pypy310_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:ba783541be46f27c8faea5a6645e193943c17ea2f0ffe593639d906a327a9bcc", size = 559456, upload-time = "2025-08-07T08:25:56.866Z" }, - { url = "https://files.pythonhosted.org/packages/38/4a/0f3ac4351957847c0d322be6ec72f916e43804a2c1d04e9672ea4a67c315/rpds_py-0.27.0-pp310-pypy310_pp73-musllinux_1_2_i686.whl", hash = "sha256:2406d034635d1497c596c40c85f86ecf2bf9611c1df73d14078af8444fe48031", size = 587778, upload-time = "2025-08-07T08:25:58.202Z" }, - { url = "https://files.pythonhosted.org/packages/c2/8e/39d0d7401095bed5a5ad5ef304fae96383f9bef40ca3f3a0807ff5b68d9d/rpds_py-0.27.0-pp310-pypy310_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:dea0808153f1fbbad772669d906cddd92100277533a03845de6893cadeffc8be", size = 555247, upload-time = "2025-08-07T08:25:59.707Z" }, - { url = "https://files.pythonhosted.org/packages/e0/04/6b8311e811e620b9eaca67cd80a118ff9159558a719201052a7b2abb88bf/rpds_py-0.27.0-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:d2a81bdcfde4245468f7030a75a37d50400ac2455c3a4819d9d550c937f90ab5", size = 230256, upload-time = "2025-08-07T08:26:01.07Z" }, { url = "https://files.pythonhosted.org/packages/59/64/72ab5b911fdcc48058359b0e786e5363e3fde885156116026f1a2ba9a5b5/rpds_py-0.27.0-pp311-pypy311_pp73-macosx_10_12_x86_64.whl", hash = "sha256:e6491658dd2569f05860bad645569145c8626ac231877b0fb2d5f9bcb7054089", size = 371658, upload-time = "2025-08-07T08:26:02.369Z" }, { url = "https://files.pythonhosted.org/packages/6c/4b/90ff04b4da055db53d8fea57640d8d5d55456343a1ec9a866c0ecfe10fd1/rpds_py-0.27.0-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:bec77545d188f8bdd29d42bccb9191682a46fb2e655e3d1fb446d47c55ac3b8d", size = 355529, upload-time = "2025-08-07T08:26:03.83Z" }, { url = "https://files.pythonhosted.org/packages/a4/be/527491fb1afcd86fc5ce5812eb37bc70428ee017d77fee20de18155c3937/rpds_py-0.27.0-pp311-pypy311_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:25a4aebf8ca02bbb90a9b3e7a463bbf3bee02ab1c446840ca07b1695a68ce424", size = 382822, upload-time = "2025-08-07T08:26:05.52Z" }, @@ -1233,19 +1088,12 @@ version = "1.6.1" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "joblib" }, - { name = "numpy", version = "2.2.6", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version < '3.11'" }, - { name = "numpy", version = "2.3.2", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version >= '3.11'" }, - { name = "scipy", version = "1.15.3", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version < '3.11'" }, - { name = "scipy", version = "1.16.1", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version >= '3.11'" }, + { name = "numpy" }, + { name = "scipy" }, { name = "threadpoolctl" }, ] sdist = { url = "https://files.pythonhosted.org/packages/9e/a5/4ae3b3a0755f7b35a280ac90b28817d1f380318973cff14075ab41ef50d9/scikit_learn-1.6.1.tar.gz", hash = "sha256:b4fc2525eca2c69a59260f583c56a7557c6ccdf8deafdba6e060f94c1c59738e", size = 7068312, upload-time = "2025-01-10T08:07:55.348Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/2e/3a/f4597eb41049110b21ebcbb0bcb43e4035017545daa5eedcfeb45c08b9c5/scikit_learn-1.6.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:d056391530ccd1e501056160e3c9673b4da4805eb67eb2bdf4e983e1f9c9204e", size = 12067702, upload-time = "2025-01-10T08:05:56.515Z" }, - { url = "https://files.pythonhosted.org/packages/37/19/0423e5e1fd1c6ec5be2352ba05a537a473c1677f8188b9306097d684b327/scikit_learn-1.6.1-cp310-cp310-macosx_12_0_arm64.whl", hash = "sha256:0c8d036eb937dbb568c6242fa598d551d88fb4399c0344d95c001980ec1c7d36", size = 11112765, upload-time = "2025-01-10T08:06:00.272Z" }, - { url = "https://files.pythonhosted.org/packages/70/95/d5cb2297a835b0f5fc9a77042b0a2d029866379091ab8b3f52cc62277808/scikit_learn-1.6.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8634c4bd21a2a813e0a7e3900464e6d593162a29dd35d25bdf0103b3fce60ed5", size = 12643991, upload-time = "2025-01-10T08:06:04.813Z" }, - { url = "https://files.pythonhosted.org/packages/b7/91/ab3c697188f224d658969f678be86b0968ccc52774c8ab4a86a07be13c25/scikit_learn-1.6.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:775da975a471c4f6f467725dff0ced5c7ac7bda5e9316b260225b48475279a1b", size = 13497182, upload-time = "2025-01-10T08:06:08.42Z" }, - { url = "https://files.pythonhosted.org/packages/17/04/d5d556b6c88886c092cc989433b2bab62488e0f0dafe616a1d5c9cb0efb1/scikit_learn-1.6.1-cp310-cp310-win_amd64.whl", hash = "sha256:8a600c31592bd7dab31e1c61b9bbd6dea1b3433e67d264d17ce1017dbdce8002", size = 11125517, upload-time = "2025-01-10T08:06:12.783Z" }, { url = "https://files.pythonhosted.org/packages/6c/2a/e291c29670795406a824567d1dfc91db7b699799a002fdaa452bceea8f6e/scikit_learn-1.6.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:72abc587c75234935e97d09aa4913a82f7b03ee0b74111dcc2881cba3c5a7b33", size = 12102620, upload-time = "2025-01-10T08:06:16.675Z" }, { url = "https://files.pythonhosted.org/packages/25/92/ee1d7a00bb6b8c55755d4984fd82608603a3cc59959245068ce32e7fb808/scikit_learn-1.6.1-cp311-cp311-macosx_12_0_arm64.whl", hash = "sha256:b3b00cdc8f1317b5f33191df1386c0befd16625f49d979fe77a8d44cae82410d", size = 11116234, upload-time = "2025-01-10T08:06:21.83Z" }, { url = "https://files.pythonhosted.org/packages/30/cd/ed4399485ef364bb25f388ab438e3724e60dc218c547a407b6e90ccccaef/scikit_learn-1.6.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:dc4765af3386811c3ca21638f63b9cf5ecf66261cc4815c1db3f1e7dc7b79db2", size = 12592155, upload-time = "2025-01-10T08:06:27.309Z" }, @@ -1267,75 +1115,12 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/ff/4f/c83853af13901a574f8f13b645467285a48940f185b690936bb700a50863/scikit_learn-1.6.1-cp313-cp313t-win_amd64.whl", hash = "sha256:3f59fe08dc03ea158605170eb52b22a105f238a5d512c4470ddeca71feae8e5f", size = 11337256, upload-time = "2025-01-10T08:07:31.084Z" }, ] -[[package]] -name = "scipy" -version = "1.15.3" -source = { registry = "https://pypi.org/simple" } -resolution-markers = [ - "python_full_version < '3.11'", -] -dependencies = [ - { name = "numpy", version = "2.2.6", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version < '3.11'" }, -] -sdist = { url = "https://files.pythonhosted.org/packages/0f/37/6964b830433e654ec7485e45a00fc9a27cf868d622838f6b6d9c5ec0d532/scipy-1.15.3.tar.gz", hash = "sha256:eae3cf522bc7df64b42cad3925c876e1b0b6c35c1337c93e12c0f366f55b0eaf", size = 59419214, upload-time = "2025-05-08T16:13:05.955Z" } -wheels = [ - { url = "https://files.pythonhosted.org/packages/78/2f/4966032c5f8cc7e6a60f1b2e0ad686293b9474b65246b0c642e3ef3badd0/scipy-1.15.3-cp310-cp310-macosx_10_13_x86_64.whl", hash = "sha256:a345928c86d535060c9c2b25e71e87c39ab2f22fc96e9636bd74d1dbf9de448c", size = 38702770, upload-time = "2025-05-08T16:04:20.849Z" }, - { url = "https://files.pythonhosted.org/packages/a0/6e/0c3bf90fae0e910c274db43304ebe25a6b391327f3f10b5dcc638c090795/scipy-1.15.3-cp310-cp310-macosx_12_0_arm64.whl", hash = "sha256:ad3432cb0f9ed87477a8d97f03b763fd1d57709f1bbde3c9369b1dff5503b253", size = 30094511, upload-time = "2025-05-08T16:04:27.103Z" }, - { url = "https://files.pythonhosted.org/packages/ea/b1/4deb37252311c1acff7f101f6453f0440794f51b6eacb1aad4459a134081/scipy-1.15.3-cp310-cp310-macosx_14_0_arm64.whl", hash = "sha256:aef683a9ae6eb00728a542b796f52a5477b78252edede72b8327a886ab63293f", size = 22368151, upload-time = "2025-05-08T16:04:31.731Z" }, - { url = "https://files.pythonhosted.org/packages/38/7d/f457626e3cd3c29b3a49ca115a304cebb8cc6f31b04678f03b216899d3c6/scipy-1.15.3-cp310-cp310-macosx_14_0_x86_64.whl", hash = "sha256:1c832e1bd78dea67d5c16f786681b28dd695a8cb1fb90af2e27580d3d0967e92", size = 25121732, upload-time = "2025-05-08T16:04:36.596Z" }, - { url = "https://files.pythonhosted.org/packages/db/0a/92b1de4a7adc7a15dcf5bddc6e191f6f29ee663b30511ce20467ef9b82e4/scipy-1.15.3-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:263961f658ce2165bbd7b99fa5135195c3a12d9bef045345016b8b50c315cb82", size = 35547617, upload-time = "2025-05-08T16:04:43.546Z" }, - { url = "https://files.pythonhosted.org/packages/8e/6d/41991e503e51fc1134502694c5fa7a1671501a17ffa12716a4a9151af3df/scipy-1.15.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9e2abc762b0811e09a0d3258abee2d98e0c703eee49464ce0069590846f31d40", size = 37662964, upload-time = "2025-05-08T16:04:49.431Z" }, - { url = "https://files.pythonhosted.org/packages/25/e1/3df8f83cb15f3500478c889be8fb18700813b95e9e087328230b98d547ff/scipy-1.15.3-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:ed7284b21a7a0c8f1b6e5977ac05396c0d008b89e05498c8b7e8f4a1423bba0e", size = 37238749, upload-time = "2025-05-08T16:04:55.215Z" }, - { url = "https://files.pythonhosted.org/packages/93/3e/b3257cf446f2a3533ed7809757039016b74cd6f38271de91682aa844cfc5/scipy-1.15.3-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:5380741e53df2c566f4d234b100a484b420af85deb39ea35a1cc1be84ff53a5c", size = 40022383, upload-time = "2025-05-08T16:05:01.914Z" }, - { url = "https://files.pythonhosted.org/packages/d1/84/55bc4881973d3f79b479a5a2e2df61c8c9a04fcb986a213ac9c02cfb659b/scipy-1.15.3-cp310-cp310-win_amd64.whl", hash = "sha256:9d61e97b186a57350f6d6fd72640f9e99d5a4a2b8fbf4b9ee9a841eab327dc13", size = 41259201, upload-time = "2025-05-08T16:05:08.166Z" }, - { url = "https://files.pythonhosted.org/packages/96/ab/5cc9f80f28f6a7dff646c5756e559823614a42b1939d86dd0ed550470210/scipy-1.15.3-cp311-cp311-macosx_10_13_x86_64.whl", hash = "sha256:993439ce220d25e3696d1b23b233dd010169b62f6456488567e830654ee37a6b", size = 38714255, upload-time = "2025-05-08T16:05:14.596Z" }, - { url = "https://files.pythonhosted.org/packages/4a/4a/66ba30abe5ad1a3ad15bfb0b59d22174012e8056ff448cb1644deccbfed2/scipy-1.15.3-cp311-cp311-macosx_12_0_arm64.whl", hash = "sha256:34716e281f181a02341ddeaad584205bd2fd3c242063bd3423d61ac259ca7eba", size = 30111035, upload-time = "2025-05-08T16:05:20.152Z" }, - { url = "https://files.pythonhosted.org/packages/4b/fa/a7e5b95afd80d24313307f03624acc65801846fa75599034f8ceb9e2cbf6/scipy-1.15.3-cp311-cp311-macosx_14_0_arm64.whl", hash = "sha256:3b0334816afb8b91dab859281b1b9786934392aa3d527cd847e41bb6f45bee65", size = 22384499, upload-time = "2025-05-08T16:05:24.494Z" }, - { url = "https://files.pythonhosted.org/packages/17/99/f3aaddccf3588bb4aea70ba35328c204cadd89517a1612ecfda5b2dd9d7a/scipy-1.15.3-cp311-cp311-macosx_14_0_x86_64.whl", hash = "sha256:6db907c7368e3092e24919b5e31c76998b0ce1684d51a90943cb0ed1b4ffd6c1", size = 25152602, upload-time = "2025-05-08T16:05:29.313Z" }, - { url = "https://files.pythonhosted.org/packages/56/c5/1032cdb565f146109212153339f9cb8b993701e9fe56b1c97699eee12586/scipy-1.15.3-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:721d6b4ef5dc82ca8968c25b111e307083d7ca9091bc38163fb89243e85e3889", size = 35503415, upload-time = "2025-05-08T16:05:34.699Z" }, - { url = "https://files.pythonhosted.org/packages/bd/37/89f19c8c05505d0601ed5650156e50eb881ae3918786c8fd7262b4ee66d3/scipy-1.15.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:39cb9c62e471b1bb3750066ecc3a3f3052b37751c7c3dfd0fd7e48900ed52982", size = 37652622, upload-time = "2025-05-08T16:05:40.762Z" }, - { url = "https://files.pythonhosted.org/packages/7e/31/be59513aa9695519b18e1851bb9e487de66f2d31f835201f1b42f5d4d475/scipy-1.15.3-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:795c46999bae845966368a3c013e0e00947932d68e235702b5c3f6ea799aa8c9", size = 37244796, upload-time = "2025-05-08T16:05:48.119Z" }, - { url = "https://files.pythonhosted.org/packages/10/c0/4f5f3eeccc235632aab79b27a74a9130c6c35df358129f7ac8b29f562ac7/scipy-1.15.3-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:18aaacb735ab38b38db42cb01f6b92a2d0d4b6aabefeb07f02849e47f8fb3594", size = 40047684, upload-time = "2025-05-08T16:05:54.22Z" }, - { url = "https://files.pythonhosted.org/packages/ab/a7/0ddaf514ce8a8714f6ed243a2b391b41dbb65251affe21ee3077ec45ea9a/scipy-1.15.3-cp311-cp311-win_amd64.whl", hash = "sha256:ae48a786a28412d744c62fd7816a4118ef97e5be0bee968ce8f0a2fba7acf3bb", size = 41246504, upload-time = "2025-05-08T16:06:00.437Z" }, - { url = "https://files.pythonhosted.org/packages/37/4b/683aa044c4162e10ed7a7ea30527f2cbd92e6999c10a8ed8edb253836e9c/scipy-1.15.3-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:6ac6310fdbfb7aa6612408bd2f07295bcbd3fda00d2d702178434751fe48e019", size = 38766735, upload-time = "2025-05-08T16:06:06.471Z" }, - { url = "https://files.pythonhosted.org/packages/7b/7e/f30be3d03de07f25dc0ec926d1681fed5c732d759ac8f51079708c79e680/scipy-1.15.3-cp312-cp312-macosx_12_0_arm64.whl", hash = "sha256:185cd3d6d05ca4b44a8f1595af87f9c372bb6acf9c808e99aa3e9aa03bd98cf6", size = 30173284, upload-time = "2025-05-08T16:06:11.686Z" }, - { url = "https://files.pythonhosted.org/packages/07/9c/0ddb0d0abdabe0d181c1793db51f02cd59e4901da6f9f7848e1f96759f0d/scipy-1.15.3-cp312-cp312-macosx_14_0_arm64.whl", hash = "sha256:05dc6abcd105e1a29f95eada46d4a3f251743cfd7d3ae8ddb4088047f24ea477", size = 22446958, upload-time = "2025-05-08T16:06:15.97Z" }, - { url = "https://files.pythonhosted.org/packages/af/43/0bce905a965f36c58ff80d8bea33f1f9351b05fad4beaad4eae34699b7a1/scipy-1.15.3-cp312-cp312-macosx_14_0_x86_64.whl", hash = "sha256:06efcba926324df1696931a57a176c80848ccd67ce6ad020c810736bfd58eb1c", size = 25242454, upload-time = "2025-05-08T16:06:20.394Z" }, - { url = "https://files.pythonhosted.org/packages/56/30/a6f08f84ee5b7b28b4c597aca4cbe545535c39fe911845a96414700b64ba/scipy-1.15.3-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c05045d8b9bfd807ee1b9f38761993297b10b245f012b11b13b91ba8945f7e45", size = 35210199, upload-time = "2025-05-08T16:06:26.159Z" }, - { url = "https://files.pythonhosted.org/packages/0b/1f/03f52c282437a168ee2c7c14a1a0d0781a9a4a8962d84ac05c06b4c5b555/scipy-1.15.3-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:271e3713e645149ea5ea3e97b57fdab61ce61333f97cfae392c28ba786f9bb49", size = 37309455, upload-time = "2025-05-08T16:06:32.778Z" }, - { url = "https://files.pythonhosted.org/packages/89/b1/fbb53137f42c4bf630b1ffdfc2151a62d1d1b903b249f030d2b1c0280af8/scipy-1.15.3-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:6cfd56fc1a8e53f6e89ba3a7a7251f7396412d655bca2aa5611c8ec9a6784a1e", size = 36885140, upload-time = "2025-05-08T16:06:39.249Z" }, - { url = "https://files.pythonhosted.org/packages/2e/2e/025e39e339f5090df1ff266d021892694dbb7e63568edcfe43f892fa381d/scipy-1.15.3-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:0ff17c0bb1cb32952c09217d8d1eed9b53d1463e5f1dd6052c7857f83127d539", size = 39710549, upload-time = "2025-05-08T16:06:45.729Z" }, - { url = "https://files.pythonhosted.org/packages/e6/eb/3bf6ea8ab7f1503dca3a10df2e4b9c3f6b3316df07f6c0ded94b281c7101/scipy-1.15.3-cp312-cp312-win_amd64.whl", hash = "sha256:52092bc0472cfd17df49ff17e70624345efece4e1a12b23783a1ac59a1b728ed", size = 40966184, upload-time = "2025-05-08T16:06:52.623Z" }, - { url = "https://files.pythonhosted.org/packages/73/18/ec27848c9baae6e0d6573eda6e01a602e5649ee72c27c3a8aad673ebecfd/scipy-1.15.3-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:2c620736bcc334782e24d173c0fdbb7590a0a436d2fdf39310a8902505008759", size = 38728256, upload-time = "2025-05-08T16:06:58.696Z" }, - { url = "https://files.pythonhosted.org/packages/74/cd/1aef2184948728b4b6e21267d53b3339762c285a46a274ebb7863c9e4742/scipy-1.15.3-cp313-cp313-macosx_12_0_arm64.whl", hash = "sha256:7e11270a000969409d37ed399585ee530b9ef6aa99d50c019de4cb01e8e54e62", size = 30109540, upload-time = "2025-05-08T16:07:04.209Z" }, - { url = "https://files.pythonhosted.org/packages/5b/d8/59e452c0a255ec352bd0a833537a3bc1bfb679944c4938ab375b0a6b3a3e/scipy-1.15.3-cp313-cp313-macosx_14_0_arm64.whl", hash = "sha256:8c9ed3ba2c8a2ce098163a9bdb26f891746d02136995df25227a20e71c396ebb", size = 22383115, upload-time = "2025-05-08T16:07:08.998Z" }, - { url = "https://files.pythonhosted.org/packages/08/f5/456f56bbbfccf696263b47095291040655e3cbaf05d063bdc7c7517f32ac/scipy-1.15.3-cp313-cp313-macosx_14_0_x86_64.whl", hash = "sha256:0bdd905264c0c9cfa74a4772cdb2070171790381a5c4d312c973382fc6eaf730", size = 25163884, upload-time = "2025-05-08T16:07:14.091Z" }, - { url = "https://files.pythonhosted.org/packages/a2/66/a9618b6a435a0f0c0b8a6d0a2efb32d4ec5a85f023c2b79d39512040355b/scipy-1.15.3-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:79167bba085c31f38603e11a267d862957cbb3ce018d8b38f79ac043bc92d825", size = 35174018, upload-time = "2025-05-08T16:07:19.427Z" }, - { url = "https://files.pythonhosted.org/packages/b5/09/c5b6734a50ad4882432b6bb7c02baf757f5b2f256041da5df242e2d7e6b6/scipy-1.15.3-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c9deabd6d547aee2c9a81dee6cc96c6d7e9a9b1953f74850c179f91fdc729cb7", size = 37269716, upload-time = "2025-05-08T16:07:25.712Z" }, - { url = "https://files.pythonhosted.org/packages/77/0a/eac00ff741f23bcabd352731ed9b8995a0a60ef57f5fd788d611d43d69a1/scipy-1.15.3-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:dde4fc32993071ac0c7dd2d82569e544f0bdaff66269cb475e0f369adad13f11", size = 36872342, upload-time = "2025-05-08T16:07:31.468Z" }, - { url = "https://files.pythonhosted.org/packages/fe/54/4379be86dd74b6ad81551689107360d9a3e18f24d20767a2d5b9253a3f0a/scipy-1.15.3-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:f77f853d584e72e874d87357ad70f44b437331507d1c311457bed8ed2b956126", size = 39670869, upload-time = "2025-05-08T16:07:38.002Z" }, - { url = "https://files.pythonhosted.org/packages/87/2e/892ad2862ba54f084ffe8cc4a22667eaf9c2bcec6d2bff1d15713c6c0703/scipy-1.15.3-cp313-cp313-win_amd64.whl", hash = "sha256:b90ab29d0c37ec9bf55424c064312930ca5f4bde15ee8619ee44e69319aab163", size = 40988851, upload-time = "2025-05-08T16:08:33.671Z" }, - { url = "https://files.pythonhosted.org/packages/1b/e9/7a879c137f7e55b30d75d90ce3eb468197646bc7b443ac036ae3fe109055/scipy-1.15.3-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:3ac07623267feb3ae308487c260ac684b32ea35fd81e12845039952f558047b8", size = 38863011, upload-time = "2025-05-08T16:07:44.039Z" }, - { url = "https://files.pythonhosted.org/packages/51/d1/226a806bbd69f62ce5ef5f3ffadc35286e9fbc802f606a07eb83bf2359de/scipy-1.15.3-cp313-cp313t-macosx_12_0_arm64.whl", hash = "sha256:6487aa99c2a3d509a5227d9a5e889ff05830a06b2ce08ec30df6d79db5fcd5c5", size = 30266407, upload-time = "2025-05-08T16:07:49.891Z" }, - { url = "https://files.pythonhosted.org/packages/e5/9b/f32d1d6093ab9eeabbd839b0f7619c62e46cc4b7b6dbf05b6e615bbd4400/scipy-1.15.3-cp313-cp313t-macosx_14_0_arm64.whl", hash = "sha256:50f9e62461c95d933d5c5ef4a1f2ebf9a2b4e83b0db374cb3f1de104d935922e", size = 22540030, upload-time = "2025-05-08T16:07:54.121Z" }, - { url = "https://files.pythonhosted.org/packages/e7/29/c278f699b095c1a884f29fda126340fcc201461ee8bfea5c8bdb1c7c958b/scipy-1.15.3-cp313-cp313t-macosx_14_0_x86_64.whl", hash = "sha256:14ed70039d182f411ffc74789a16df3835e05dc469b898233a245cdfd7f162cb", size = 25218709, upload-time = "2025-05-08T16:07:58.506Z" }, - { url = "https://files.pythonhosted.org/packages/24/18/9e5374b617aba742a990581373cd6b68a2945d65cc588482749ef2e64467/scipy-1.15.3-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0a769105537aa07a69468a0eefcd121be52006db61cdd8cac8a0e68980bbb723", size = 34809045, upload-time = "2025-05-08T16:08:03.929Z" }, - { url = "https://files.pythonhosted.org/packages/e1/fe/9c4361e7ba2927074360856db6135ef4904d505e9b3afbbcb073c4008328/scipy-1.15.3-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9db984639887e3dffb3928d118145ffe40eff2fa40cb241a306ec57c219ebbbb", size = 36703062, upload-time = "2025-05-08T16:08:09.558Z" }, - { url = "https://files.pythonhosted.org/packages/b7/8e/038ccfe29d272b30086b25a4960f757f97122cb2ec42e62b460d02fe98e9/scipy-1.15.3-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:40e54d5c7e7ebf1aa596c374c49fa3135f04648a0caabcb66c52884b943f02b4", size = 36393132, upload-time = "2025-05-08T16:08:15.34Z" }, - { url = "https://files.pythonhosted.org/packages/10/7e/5c12285452970be5bdbe8352c619250b97ebf7917d7a9a9e96b8a8140f17/scipy-1.15.3-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:5e721fed53187e71d0ccf382b6bf977644c533e506c4d33c3fb24de89f5c3ed5", size = 38979503, upload-time = "2025-05-08T16:08:21.513Z" }, - { url = "https://files.pythonhosted.org/packages/81/06/0a5e5349474e1cbc5757975b21bd4fad0e72ebf138c5592f191646154e06/scipy-1.15.3-cp313-cp313t-win_amd64.whl", hash = "sha256:76ad1fb5f8752eabf0fa02e4cc0336b4e8f021e2d5f061ed37d6d264db35e3ca", size = 40308097, upload-time = "2025-05-08T16:08:27.627Z" }, -] - [[package]] name = "scipy" version = "1.16.1" source = { registry = "https://pypi.org/simple" } -resolution-markers = [ - "python_full_version >= '3.12'", - "python_full_version == '3.11.*'", -] dependencies = [ - { name = "numpy", version = "2.3.2", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version >= '3.11'" }, + { name = "numpy" }, ] sdist = { url = "https://files.pythonhosted.org/packages/f5/4a/b927028464795439faec8eaf0b03b011005c487bb2d07409f28bf30879c4/scipy-1.16.1.tar.gz", hash = "sha256:44c76f9e8b6e8e488a586190ab38016e4ed2f8a038af7cd3defa903c0a2238b3", size = 30580861, upload-time = "2025-07-27T16:33:30.834Z" } wheels = [ @@ -1441,12 +1226,16 @@ dependencies = [ { name = "pandas" }, { name = "pydantic" }, { name = "scikit-learn" }, - { name = "scipy", version = "1.15.3", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version < '3.11'" }, - { name = "scipy", version = "1.16.1", source = { registry = "https://pypi.org/simple" }, marker = "python_full_version >= '3.11'" }, + { name = "scipy" }, { name = "semver" }, { name = "thefuzz" }, ] +[package.dev-dependencies] +dev = [ + { name = "pytest" }, +] + [package.metadata] requires-dist = [ { name = "jsonschema", specifier = "==4.25.0" }, @@ -1464,11 +1253,14 @@ requires-dist = [ { name = "pandas", specifier = "==2.3.1" }, { name = "pydantic", specifier = "==2.11.7" }, { name = "scikit-learn", specifier = "==1.6.1" }, - { name = "scipy" }, + { name = "scipy", specifier = "==1.16.1" }, { name = "semver", specifier = "==3.0.4" }, { name = "thefuzz", specifier = "==0.22.1" }, ] +[package.metadata.requires-dev] +dev = [{ name = "pytest", specifier = ">=8.4.1" }] + [[package]] name = "tabulate" version = "0.9.0" @@ -1553,9 +1345,6 @@ version = "6.0.0" source = { registry = "https://pypi.org/simple" } sdist = { url = "https://files.pythonhosted.org/packages/db/7d/7f3d619e951c88ed75c6037b246ddcf2d322812ee8ea189be89511721d54/watchdog-6.0.0.tar.gz", hash = "sha256:9ddf7c82fda3ae8e24decda1338ede66e1c99883db93711d8fb941eaa2d8c282", size = 131220, upload-time = "2024-11-01T14:07:13.037Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/0c/56/90994d789c61df619bfc5ce2ecdabd5eeff564e1eb47512bd01b5e019569/watchdog-6.0.0-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:d1cdb490583ebd691c012b3d6dae011000fe42edb7a82ece80965b42abd61f26", size = 96390, upload-time = "2024-11-01T14:06:24.793Z" }, - { url = "https://files.pythonhosted.org/packages/55/46/9a67ee697342ddf3c6daa97e3a587a56d6c4052f881ed926a849fcf7371c/watchdog-6.0.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:bc64ab3bdb6a04d69d4023b29422170b74681784ffb9463ed4870cf2f3e66112", size = 88389, upload-time = "2024-11-01T14:06:27.112Z" }, - { url = "https://files.pythonhosted.org/packages/44/65/91b0985747c52064d8701e1075eb96f8c40a79df889e59a399453adfb882/watchdog-6.0.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:c897ac1b55c5a1461e16dae288d22bb2e412ba9807df8397a635d88f671d36c3", size = 89020, upload-time = "2024-11-01T14:06:29.876Z" }, { url = "https://files.pythonhosted.org/packages/e0/24/d9be5cd6642a6aa68352ded4b4b10fb0d7889cb7f45814fb92cecd35f101/watchdog-6.0.0-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:6eb11feb5a0d452ee41f824e271ca311a09e250441c262ca2fd7ebcf2461a06c", size = 96393, upload-time = "2024-11-01T14:06:31.756Z" }, { url = "https://files.pythonhosted.org/packages/63/7a/6013b0d8dbc56adca7fdd4f0beed381c59f6752341b12fa0886fa7afc78b/watchdog-6.0.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:ef810fbf7b781a5a593894e4f439773830bdecb885e6880d957d5b9382a960d2", size = 88392, upload-time = "2024-11-01T14:06:32.99Z" }, { url = "https://files.pythonhosted.org/packages/d1/40/b75381494851556de56281e053700e46bff5b37bf4c7267e858640af5a7f/watchdog-6.0.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:afd0fe1b2270917c5e23c2a65ce50c2a4abb63daafb0d419fde368e272a76b7c", size = 89019, upload-time = "2024-11-01T14:06:34.963Z" }, @@ -1565,8 +1354,6 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/68/98/b0345cabdce2041a01293ba483333582891a3bd5769b08eceb0d406056ef/watchdog-6.0.0-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:490ab2ef84f11129844c23fb14ecf30ef3d8a6abafd3754a6f75ca1e6654136c", size = 96480, upload-time = "2024-11-01T14:06:42.952Z" }, { url = "https://files.pythonhosted.org/packages/85/83/cdf13902c626b28eedef7ec4f10745c52aad8a8fe7eb04ed7b1f111ca20e/watchdog-6.0.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:76aae96b00ae814b181bb25b1b98076d5fc84e8a53cd8885a318b42b6d3a5134", size = 88451, upload-time = "2024-11-01T14:06:45.084Z" }, { url = "https://files.pythonhosted.org/packages/fe/c4/225c87bae08c8b9ec99030cd48ae9c4eca050a59bf5c2255853e18c87b50/watchdog-6.0.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:a175f755fc2279e0b7312c0035d52e27211a5bc39719dd529625b1930917345b", size = 89057, upload-time = "2024-11-01T14:06:47.324Z" }, - { url = "https://files.pythonhosted.org/packages/30/ad/d17b5d42e28a8b91f8ed01cb949da092827afb9995d4559fd448d0472763/watchdog-6.0.0-pp310-pypy310_pp73-macosx_10_15_x86_64.whl", hash = "sha256:c7ac31a19f4545dd92fc25d200694098f42c9a8e391bc00bdd362c5736dbf881", size = 87902, upload-time = "2024-11-01T14:06:53.119Z" }, - { url = "https://files.pythonhosted.org/packages/5c/ca/c3649991d140ff6ab67bfc85ab42b165ead119c9e12211e08089d763ece5/watchdog-6.0.0-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:9513f27a1a582d9808cf21a07dae516f0fab1cf2d7683a742c498b93eedabb11", size = 88380, upload-time = "2024-11-01T14:06:55.19Z" }, { url = "https://files.pythonhosted.org/packages/a9/c7/ca4bf3e518cb57a686b2feb4f55a1892fd9a3dd13f470fca14e00f80ea36/watchdog-6.0.0-py3-none-manylinux2014_aarch64.whl", hash = "sha256:7607498efa04a3542ae3e05e64da8202e58159aa1fa4acddf7678d34a35d4f13", size = 79079, upload-time = "2024-11-01T14:06:59.472Z" }, { url = "https://files.pythonhosted.org/packages/5c/51/d46dc9332f9a647593c947b4b88e2381c8dfc0942d15b8edc0310fa4abb1/watchdog-6.0.0-py3-none-manylinux2014_armv7l.whl", hash = "sha256:9041567ee8953024c83343288ccc458fd0a2d811d6a0fd68c4c22609e3490379", size = 79078, upload-time = "2024-11-01T14:07:01.431Z" }, { url = "https://files.pythonhosted.org/packages/d4/57/04edbf5e169cd318d5f07b4766fee38e825d64b6913ca157ca32d1a42267/watchdog-6.0.0-py3-none-manylinux2014_i686.whl", hash = "sha256:82dc3e3143c7e38ec49d61af98d6558288c415eac98486a5c581726e0737c00e", size = 79076, upload-time = "2024-11-01T14:07:02.568Z" }, From a1216f27b2432afb72dc13bb58af950284bb2ab5 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 19 Aug 2025 12:41:28 -0400 Subject: [PATCH 268/468] bump python to 3.12 --- requirements.txt | 155 ++------------------------------------------- src/pyproject.toml | 2 +- src/uv.lock | 149 +------------------------------------------ 3 files changed, 8 insertions(+), 298 deletions(-) diff --git a/requirements.txt b/requirements.txt index 049e2647..29499cc5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -33,21 +33,16 @@ certifi==2025.8.3 \ --hash=sha256:f6c12493cfb1b06ba2ff328595af9350c65d6644968e5d3a2ffd78699af217a5 # via requests charset-normalizer==3.4.3 \ - --hash=sha256:00237675befef519d9af72169d8604a067d92755e84fe76492fef5441db05b91 \ --hash=sha256:027b776c26d38b7f15b26a5da1044f376455fb3766df8fc38563b4efbc515154 \ --hash=sha256:0cacf8f7297b0c4fcb74227692ca46b4a5852f8f4f24b3c766dd94a1075c4884 \ - --hash=sha256:0e78314bdc32fa80696f72fa16dc61168fda4d6a0c014e0380f9d02f0e5d8a07 \ - --hash=sha256:13faeacfe61784e2559e690fc53fa4c5ae97c6fcedb8eb6fb8d0a15b475d2c64 \ --hash=sha256:14c2a87c65b351109f6abfc424cab3927b3bdece6f706e4d12faaf3d52ee5efe \ --hash=sha256:1606f4a55c0fd363d754049cdf400175ee96c992b1f8018b993941f221221c5f \ --hash=sha256:18343b2d246dc6761a249ba1fb13f9ee9a2bcd95decc767319506056ea4ad4dc \ --hash=sha256:18b97b8404387b96cdbd30ad660f6407799126d26a39ca65729162fd810a99aa \ --hash=sha256:1bb60174149316da1c35fa5233681f7c0f9f514509b8e399ab70fea5f17e45c9 \ - --hash=sha256:1e8ac75d72fa3775e0b7cb7e4629cec13b7514d928d15ef8ea06bca03ef01cae \ --hash=sha256:2001a39612b241dae17b4687898843f254f8748b796a2e16f1051a17078d991d \ --hash=sha256:30a96e1e1f865f78b030d65241c1ee850cdf422d869e9028e2fc1d5e4db73b92 \ --hash=sha256:30d006f98569de3459c2fc1f2acde170b7b2bd265dc1943e87e1a4efe1b67c31 \ - --hash=sha256:31a9a6f775f9bcd865d88ee350f0ffb0e25936a7f930ca98995c05abf1faf21c \ --hash=sha256:320e8e66157cc4e247d9ddca8e21f427efc7a04bbd0ac8a9faf56583fa543f9f \ --hash=sha256:3cd35b7e8aedeb9e34c41385fda4f73ba609e561faedfae0a9e75e44ac558a15 \ --hash=sha256:3cfb2aad70f2c6debfbcb717f23b7eb55febc0bb23dcffc0f076009da10c6392 \ @@ -55,17 +50,12 @@ charset-normalizer==3.4.3 \ --hash=sha256:41d1fc408ff5fdfb910200ec0e74abc40387bccb3252f3f27c0676731df2b2c8 \ --hash=sha256:42e5088973e56e31e4fa58eb6bd709e42fc03799c11c42929592889a2e54c491 \ --hash=sha256:53cd68b185d98dde4ad8990e56a58dea83a4162161b1ea9272e5c9182ce415e0 \ - --hash=sha256:585f3b2a80fbd26b048a0be90c5aae8f06605d3c92615911c3a2b03a8a3b796f \ --hash=sha256:6aab0f181c486f973bc7262a97f5aca3ee7e1437011ef0c2ec04b5a11d16c927 \ - --hash=sha256:6cf8fd4c04756b6b60146d98cd8a77d0cdae0e1ca20329da2ac85eed779b6849 \ --hash=sha256:6fb70de56f1859a3f71261cbe41005f56a7842cc348d3aeb26237560bfa5e0ce \ --hash=sha256:6fce4b8500244f6fcb71465d4a4930d132ba9ab8e71a7859e6a5d59851068d14 \ --hash=sha256:73dc19b562516fc9bcf6e5d6e596df0b4eb98d87e4f79f3ae71840e6ed21361c \ --hash=sha256:86df271bf921c2ee3818f0522e9a5b8092ca2ad8b065ece5d7d9d0e9f4849bcc \ --hash=sha256:8dcfc373f888e4fb39a7bc57e93e3b845e7f462dacc008d9749568b1c4ece096 \ - --hash=sha256:939578d9d8fd4299220161fdd76e86c6a251987476f5243e8864a7844476ba14 \ - --hash=sha256:96b2b3d1a83ad55310de8c7b4a2d04d9277d5591f40761274856635acc5fcb30 \ - --hash=sha256:b256ee2e749283ef3ddcff51a675ff43798d92d746d1a6e4631bf8c707d22d0b \ --hash=sha256:b89bc04de1d83006373429975f8ef9e7932534b8cc9ca582e4db7d20d91816db \ --hash=sha256:bd28b817ea8c70215401f657edef3a8aa83c29d447fb0b622c35403780ba11d5 \ --hash=sha256:c6dbd0ccdda3a2ba7c2ecd9d77b37f3b5831687d8dc1b6ca5f56a4880cc7b7ce \ @@ -77,7 +67,6 @@ charset-normalizer==3.4.3 \ --hash=sha256:d716a916938e03231e86e43782ca7878fb602a125a91e7acb8b5112e2e96ac16 \ --hash=sha256:e28e334d3ff134e88989d90ba04b47d84382a828c061d0d1027b1b12a62b39b1 \ --hash=sha256:fb6fecfd65564f208cbf0fba07f107fb661bcd1a7c389edbced3f7a493f70e37 \ - --hash=sha256:fd10de089bcdcd1be95a2f73dbe6254798ec1bda9f450d5828c96f93e2536b9c \ --hash=sha256:fdabf8315679312cfa71302f9bd509ded4f2f263fb5b765cf1433b39106c3cc9 # via requests click==8.2.1 \ @@ -146,30 +135,21 @@ markdown-exec==1.11.0 \ --hash=sha256:e0313a0dff715869a311d24853b3a7ecbbaa12e74eb0f3cf7d91401a7d8f0082 # via ssvc markupsafe==3.0.2 \ - --hash=sha256:0bff5e0ae4ef2e1ae4fdf2dfd5b76c75e5c2fa4132d05fc1b0dabcd20c7e28c4 \ --hash=sha256:0f4ca02bea9a23221c0182836703cbf8930c5e9454bacce27e767509fa286a30 \ --hash=sha256:131a3c7689c85f5ad20f9f6fb1b866f402c445b220c19fe4308c0b147ccd2ad9 \ --hash=sha256:15ab75ef81add55874e7ab7055e9c397312385bd9ced94920f2802310c930396 \ --hash=sha256:1c99d261bd2d5f6b59325c92c73df481e05e57f19837bdca8413b9eac4bd8028 \ - --hash=sha256:1e084f686b92e5b83186b07e8a17fc09e38fff551f3602b249881fec658d3eca \ --hash=sha256:2181e67807fc2fa785d0592dc2d6206c019b9502410671cc905d132a92866557 \ - --hash=sha256:2cb8438c3cbb25e220c2ab33bb226559e7afb3baec11c4f218ffa7308603c832 \ --hash=sha256:3d79d162e7be8f996986c064d1c7c817f6df3a77fe3d6859f6f9e7be4b8c213a \ --hash=sha256:444dcda765c8a838eaae23112db52f1efaf750daddb2d9ca300bcae1039adc5c \ --hash=sha256:4aa4e5faecf353ed117801a068ebab7b7e09ffb6e1d5e412dc852e0da018126c \ --hash=sha256:52305740fe773d09cffb16f8ed0427942901f00adedac82ec8b67752f58a1b22 \ --hash=sha256:569511d3b58c8791ab4c2e1285575265991e6d8f8700c7be0e88f86cb0672094 \ - --hash=sha256:5b02fb34468b6aaa40dfc198d813a641e3a63b98c2b05a16b9f80b7ec314185e \ --hash=sha256:6381026f158fdb7c72a168278597a5e3a5222e83ea18f543112b2662a9b699c5 \ - --hash=sha256:6c89876f41da747c8d3677a2b540fb32ef5715f97b66eeb0c6b66f5e3ef6f59d \ - --hash=sha256:70a87b411535ccad5ef2f1df5136506a10775d267e197e4cf531ced10537bd6b \ --hash=sha256:846ade7b71e3536c4e56b386c2a47adf5741d2d8b94ec9dc3e92e5e1ee1e2225 \ --hash=sha256:88416bd1e65dcea10bc7569faacb2c20ce071dd1f87539ca2ab364bf6231393c \ --hash=sha256:8e06879fc22a25ca47312fbe7c8264eb0b662f6db27cb2d3bbbc74b1df4b9b87 \ - --hash=sha256:9025b4018f3a1314059769c7bf15441064b2207cb3f065e6ea1e7359cb46db9d \ - --hash=sha256:93335ca3812df2f366e80509ae119189886b0f3c2b81325d39efdb84a1e2ae93 \ --hash=sha256:9778bd8ab0a994ebf6f84c2b949e65736d5575320a17ae8984a77fab08db94cf \ - --hash=sha256:a123e330ef0853c6e822384873bef7507557d8e4a082961e1defa947aa59ba84 \ --hash=sha256:a904af0a6162c73e3edcb969eeeb53a63ceeb5d8cf642fade7d39e7963a22ddb \ --hash=sha256:ad10d3ded218f1039f11a75f8091880239651b52e9bb592ca27de44eed242a48 \ --hash=sha256:b5a6b3ada725cea8a5e634536b1b01c30bcdcd7f9c6fff4151548d5bf6b3a36c \ @@ -180,7 +160,6 @@ markupsafe==3.0.2 \ --hash=sha256:cabc348d87e913db6ab4aa100f01b08f481097838bdddf7c7a84b7575b7309ca \ --hash=sha256:cdb82a876c47801bb54a690c5ae105a46b392ac6099881cdfb9f6e95e4014c6a \ --hash=sha256:d16a81a06776313e817c951135cf7340a3e91e8c1ff2fac444cfd75fffa04afe \ - --hash=sha256:d8213e09c917a951de9d09ecee036d5c7d36cb6cb7dbaece4c71a60d79fb9798 \ --hash=sha256:e17c96c14e19278594aa4841ec148115f9c7615a47382ecb6b82bd8fea3ab0c8 \ --hash=sha256:e444a31f8db13eb18ada366ab3cf45fd4b31e4db1236a4448f68778c1d1a5a2f \ --hash=sha256:e6a2a455bd412959b57a172ce6328d2dd1f01cb2135efda2e4576e8a23fa3b0f \ @@ -270,19 +249,12 @@ numpy==2.3.2 \ --hash=sha256:103ea7063fa624af04a791c39f97070bf93b96d7af7eb23530cd087dc8dbe9dc \ --hash=sha256:11e58218c0c46c80509186e460d79fbdc9ca1eb8d8aee39d8f2dc768eb781089 \ --hash=sha256:122bf5ed9a0221b3419672493878ba4967121514b1d7d4656a7580cd11dddcbf \ - --hash=sha256:14a91ebac98813a49bc6aa1a0dfc09513dcec1d97eaf31ca21a87221a1cdcb15 \ - --hash=sha256:1f91e5c028504660d606340a084db4b216567ded1056ea2b4be4f9d10b67197f \ - --hash=sha256:20b8200721840f5621b7bd03f8dcd78de33ec522fc40dc2641aa09537df010c3 \ - --hash=sha256:240259d6564f1c65424bcd10f435145a7644a65a6811cfc3201c4a429ba79170 \ --hash=sha256:2738534837c6a1d0c39340a190177d7d66fdf432894f469728da901f8f6dc910 \ --hash=sha256:27c9f90e7481275c7800dc9c24b7cc40ace3fdb970ae4d21eaff983a32f70c91 \ --hash=sha256:293b2192c6bcce487dbc6326de5853787f870aeb6c43f8f9c6496db5b1781e45 \ - --hash=sha256:2c3271cc4097beb5a60f010bcc1cc204b300bb3eafb4399376418a83a1c6373c \ --hash=sha256:2f4f0215edb189048a3c03bd5b19345bdfa7b45a7a6f72ae5945d2a28272727f \ --hash=sha256:3dcf02866b977a38ba3ec10215220609ab9667378a9e2150615673f3ffd6c73b \ - --hash=sha256:4209f874d45f921bde2cff1ffcd8a3695f545ad2ffbef6d3d3c6768162efab89 \ --hash=sha256:448a66d052d0cf14ce9865d159bfc403282c9bc7bb2a31b03cc18b651eca8b1a \ - --hash=sha256:4ae6863868aaee2f57503c7a5052b3a2807cf7a3914475e637a0ecd366ced220 \ --hash=sha256:4d002ecf7c9b53240be3bb69d80f86ddbd34078bae04d87be81c1f58466f264e \ --hash=sha256:4e6ecfeddfa83b02318f4d84acf15fbdbf9ded18e46989a15a8b6995dfbf85ab \ --hash=sha256:508b0eada3eded10a3b55725b40806a4b855961040180028f52580c4729916a2 \ @@ -290,19 +262,13 @@ numpy==2.3.2 \ --hash=sha256:572d5512df5470f50ada8d1972c5f1082d9a0b7aa5944db8084077570cf98370 \ --hash=sha256:5ad4ebcb683a1f99f4f392cc522ee20a18b2bb12a2c1c42c3d48d5a1adc9d3d2 \ --hash=sha256:66459dccc65d8ec98cc7df61307b64bf9e08101f9598755d42d8ae65d9a7a6ee \ - --hash=sha256:6936aff90dda378c09bea075af0d9c675fe3a977a9d2402f95a87f440f59f619 \ - --hash=sha256:69779198d9caee6e547adb933941ed7520f896fd9656834c300bdf4dd8642712 \ --hash=sha256:6f1ae3dcb840edccc45af496f312528c15b1f79ac318169d094e85e4bb35fdf1 \ - --hash=sha256:71669b5daae692189540cffc4c439468d35a3f84f0c88b078ecd94337f6cb0ec \ --hash=sha256:72c6df2267e926a6d5286b0a6d556ebe49eae261062059317837fda12ddf0c1a \ --hash=sha256:72dbebb2dcc8305c431b2836bcc66af967df91be793d63a24e3d9b741374c450 \ --hash=sha256:754d6755d9a7588bdc6ac47dc4ee97867271b17cee39cb87aef079574366db0a \ --hash=sha256:76c3e9501ceb50b2ff3824c3589d5d1ab4ac857b0ee3f8f49629d0de55ecf7c2 \ - --hash=sha256:7a0e27186e781a69959d0230dd9909b5e26024f8da10683bd6344baea1885168 \ --hash=sha256:7d6e390423cc1f76e1b8108c9b6889d20a7a1f59d9a60cac4a050fa734d6c1e2 \ --hash=sha256:8145dd6d10df13c559d1e4314df29695613575183fa2e2d11fac4c208c8a1f73 \ - --hash=sha256:8446acd11fe3dc1830568c941d44449fd5cb83068e5c70bd5a470d323d448296 \ - --hash=sha256:852ae5bed3478b92f093e30f785c98e0cb62fa0a939ed057c31716e18a7a22b9 \ --hash=sha256:87c930d52f45df092f7578889711a0768094debf73cfcde105e2d66954358125 \ --hash=sha256:8b1224a734cd509f70816455c3cffe13a4f599b1bf7130f913ba0e2c0b2006c0 \ --hash=sha256:8dc082ea901a62edb8f59713c6a7e28a85daddcb67454c839de57656478f5b19 \ @@ -313,7 +279,6 @@ numpy==2.3.2 \ --hash=sha256:a3ef07ec8cbc8fc9e369c8dcd52019510c12da4de81367d8b20bc692aa07573a \ --hash=sha256:a7af9ed2aa9ec5950daf05bb11abc4076a108bd3c7db9aa7251d5f107079b6a6 \ --hash=sha256:a9f66e7d2b2d7712410d3bc5684149040ef5f19856f20277cd17ea83e5006286 \ - --hash=sha256:aa098a5ab53fa407fded5870865c6275a5cd4101cfdef8d6fafc48286a96e981 \ --hash=sha256:af58de8745f7fa9ca1c0c7c943616c6fe28e75d0c81f5c295810e3c83b5be92f \ --hash=sha256:b05a89f2fb84d21235f93de47129dd4f11c16f64c87c33f5e284e6a3a54e43f2 \ --hash=sha256:b5e40e80299607f597e1a8a247ff8d71d79c5b52baa11cc1cce30aa92d2da6e0 \ @@ -322,7 +287,6 @@ numpy==2.3.2 \ --hash=sha256:c63d95dc9d67b676e9108fe0d2182987ccb0f11933c1e8959f42fa0da8d4fa56 \ --hash=sha256:c771cfac34a4f2c0de8e8c97312d07d64fd8f8ed45bc9f5726a7e947270152b5 \ --hash=sha256:c8d9727f5316a256425892b043736d63e89ed15bbfe6556c5ff4d9d4448ff3b3 \ - --hash=sha256:cbc95b3813920145032412f7e33d12080f11dc776262df1712e1638207dde9e8 \ --hash=sha256:cefc2219baa48e468e3db7e706305fcd0c095534a192a08f31e98d83a7d45fb0 \ --hash=sha256:d95f59afe7f808c103be692175008bab926b59309ade3e6d25009e9a171f7036 \ --hash=sha256:dd937f088a2df683cbb79dda9a772b62a3e5a8a7e76690612c2737f38c6ef1b6 \ @@ -330,10 +294,7 @@ numpy==2.3.2 \ --hash=sha256:e0486a11ec30cdecb53f184d496d1c6a20786c81e55e41640270130056f8ee48 \ --hash=sha256:ee807923782faaf60d0d7331f5e86da7d5e3079e28b291973c545476c2b00d07 \ --hash=sha256:efc81393f25f14d11c9d161e46e6ee348637c0a1e8a54bf9dedc472a3fae993b \ - --hash=sha256:f0a1a8476ad77a228e41619af2fa9505cf69df928e9aaa165746584ea17fed2b \ - --hash=sha256:f75018be4980a7324edc5930fe39aa391d5734531b1926968605416ff58c332d \ --hash=sha256:f92d6c2a8535dc4fe4419562294ff957f83a16ebdec66df0805e473ffaad8bd0 \ - --hash=sha256:fb1752a3bb9a3ad2d6b090b88a9a0ae1cd6f004ef95f75825e2f382c183b2097 \ --hash=sha256:fc927d7f289d14f5e037be917539620603294454130b6de200091e23d27dc9be \ --hash=sha256:fed5527c4cf10f16c6d0b6bee1f89958bccb0ad2522c8cadc2efd318bcd545f5 # via @@ -354,11 +315,8 @@ pandas==2.3.1 \ --hash=sha256:025e92411c16cbe5bb2a4abc99732a6b132f439b8aab23a59fa593eb00704232 \ --hash=sha256:0a95b9ac964fe83ce317827f80304d37388ea77616b1425f0ae41c9d2d0d7bb2 \ --hash=sha256:1c78cf43c8fde236342a1cb2c34bcff89564a7bfed7e474ed2fffa6aed03a956 \ - --hash=sha256:2b0540963d83431f5ce8870ea02a7430adca100cec8a050f0811f8e31035541b \ --hash=sha256:2ba6aff74075311fc88504b1db890187a3cd0f887a5b10f5525f8e2ef55bfdb9 \ --hash=sha256:2f4d6feeba91744872a600e6edbbd5b033005b431d5ae8379abee5bcfa479fab \ - --hash=sha256:3462c3735fe19f2638f2c3a40bd94ec2dc5ba13abbb032dd2fa1f540a075509d \ - --hash=sha256:4d544806b485ddf29e52d75b1f559142514e60ef58a832f74fb38e48d757b299 \ --hash=sha256:56a342b231e8862c96bdb6ab97170e203ce511f4d0429589c8ede1ee8ece48b8 \ --hash=sha256:5db9637dbc24b631ff3707269ae4559bce4b7fd75c1c4d7e13f40edc42df4444 \ --hash=sha256:689968e841136f9e542020698ee1c4fbe9caa2ed2213ae2388dc7b81721510d3 \ @@ -369,16 +327,12 @@ pandas==2.3.1 \ --hash=sha256:8dfc17328e8da77be3cf9f47509e5637ba8f137148ed0e9b5241e1baf526e20a \ --hash=sha256:9026bd4a80108fac2239294a15ef9003c4ee191a0f64b90f170b40cfb7cf2d22 \ --hash=sha256:911580460fc4884d9b05254b38a6bfadddfcc6aaef856fb5859e7ca202e45275 \ - --hash=sha256:98bcc8b5bf7afed22cc753a28bc4d9e26e078e777066bc53fac7904ddef9a678 \ --hash=sha256:9b7ff55f31c4fcb3e316e8f7fa194566b286d6ac430afec0d461163312c5841e \ --hash=sha256:ac942bfd0aca577bef61f2bc8da8147c4ef6879965ef883d8e8d5d2dc3e744b8 \ - --hash=sha256:b3cd4273d3cb3707b6fffd217204c52ed92859533e31dc03b7c5008aa933aaab \ --hash=sha256:ca7ed14832bce68baef331f4d7f294411bed8efd032f8109d690df45e00c4679 \ --hash=sha256:e5635178b387bd2ba4ac040f82bc2ef6e6b500483975c4ebacd34bec945fda12 \ - --hash=sha256:e6723a27ad7b244c0c79d8e7007092d7c8f0f11305770e2f4cd778b3ad5f9f85 \ --hash=sha256:ec6c851509364c59a5344458ab935e6451b31b818be467eb24b0fe89bd05b6b9 \ - --hash=sha256:fe37e757f462d31a9cd7580236a82f353f5713a80e059a29753cf938c6775d96 \ - --hash=sha256:fe7317f578c6a153912bd2292f02e40c1d8f253e93c599e82620c7f69755c74f + --hash=sha256:fe37e757f462d31a9cd7580236a82f353f5713a80e059a29753cf938c6775d96 # via # mkdocs-table-reader-plugin # ssvc @@ -407,57 +361,34 @@ pydantic-core==2.33.2 \ --hash=sha256:0a9f2c9dd19656823cb8250b0724ee9c60a82f3cdf68a080979d13092a3b0fef \ --hash=sha256:0fb2d542b4d66f9470e8065c5469ec676978d625a8b7a363f07d9a501a9cb36a \ --hash=sha256:1082dd3e2d7109ad8b7da48e1d4710c8d06c253cbc4a27c1cff4fbcaa97a9e3f \ - --hash=sha256:1e063337ef9e9820c77acc768546325ebe04ee38b08703244c1309cccc4f1bab \ --hash=sha256:1ea40a64d23faa25e62a70ad163571c0b342b8bf66d5fa612ac0dec4f069d916 \ - --hash=sha256:235f45e5dbcccf6bd99f9f472858849f73d11120d76ea8707115415f8e5ebebf \ --hash=sha256:2b0a451c263b01acebe51895bfb0e1cc842a5c666efe06cdf13846c7418caa9a \ - --hash=sha256:2bfb5112df54209d820d7bf9317c7a6c9025ea52e49f46b6a2060104bba37de7 \ - --hash=sha256:2f82865531efd18d6e07a04a17331af02cb7a651583c418df8266f17a63c6612 \ - --hash=sha256:329467cecfb529c925cf2bbd4d60d2c509bc2fb52a20c1045bf09bb70971a9c1 \ --hash=sha256:3c6db6e52c6d70aa0d00d45cdb9b40f0433b96380071ea80b09277dba021ddf7 \ - --hash=sha256:3dc625f4aa79713512d1976fe9f0bc99f706a9dee21dfd1810b4bbbf228d0e8a \ - --hash=sha256:4c5b0a576fb381edd6d27f0a85915c6daf2f8138dc5c267a57c08a62900758c7 \ --hash=sha256:4e61206137cbc65e6d5256e1166f88331d3b6238e082d9f74613b9b765fb9025 \ --hash=sha256:52fb90784e0a242bb96ec53f42196a17278855b0f31ac7c3cc6f5c1ec4811849 \ --hash=sha256:572c7e6c8bb4774d2ac88929e3d1f12bc45714ae5ee6d9a788a9fb35e60bb04b \ --hash=sha256:5c92edd15cd58b3c2d34873597a1e20f13094f59cf88068adb18947df5455b4e \ --hash=sha256:5f483cfb75ff703095c59e365360cb73e00185e01aaea067cd19acffd2ab20ea \ --hash=sha256:61c18fba8e5e9db3ab908620af374db0ac1baa69f0f32df4f61ae23f15e586ac \ - --hash=sha256:6368900c2d3ef09b69cb0b913f9f8263b03786e5b2a387706c5afb66800efd51 \ - --hash=sha256:64632ff9d614e5eecfb495796ad51b0ed98c453e447a76bcbeeb69615079fc7e \ --hash=sha256:65132b7b4a1c0beded5e057324b7e16e10910c106d43675d9bd87d4f38dde162 \ - --hash=sha256:6b99022f1d19bc32a4c2a0d544fc9a76e3be90f0b3f4af413f87d38749300e65 \ - --hash=sha256:73cf6373c21bc80b2e0dc88444f41ae60b2f070ed02095754eb5a01df12256de \ --hash=sha256:7cb8bc3605c29176e1b105350d2e6474142d7c1bd1d9327c4a9bdb46bf827acc \ - --hash=sha256:82f68293f055f51b51ea42fafc74b6aad03e70e191799430b90c13d643059ebb \ - --hash=sha256:881b21b5549499972441da4758d662aeea93f1923f953e9cbaff14b8b9565aef \ --hash=sha256:8f57a69461af2a5fa6e6bbd7a5f60d3b7e6cebb687f55106933188e79ad155c1 \ --hash=sha256:95237e53bb015f67b63c91af7518a62a8660376a6a0db19b89acc77a4d6199f5 \ --hash=sha256:96081f1605125ba0855dfda83f6f3df5ec90c61195421ba72223de35ccfb2f88 \ --hash=sha256:9cb1da0f5a471435a7bc7e439b8a728e8b61e59784b2af70d7c169f8dd8ae290 \ --hash=sha256:9fdac5d6ffa1b5a83bca06ffe7583f5576555e6c8b3a91fbd25ea7780f825f7d \ - --hash=sha256:a144d4f717285c6d9234a66778059f33a89096dfb9b39117663fd8413d582dcc \ --hash=sha256:a7ec89dc587667f22b6a0b6579c249fca9026ce7c333fc142ba42411fa243cdc \ - --hash=sha256:bc7aee6f634a6f4a95676fcb5d6559a2c2a390330098dba5e5a5f28a2e4ada30 \ - --hash=sha256:bdc25f3681f7b78572699569514036afe3c243bc3059d3942624e936ec93450e \ --hash=sha256:c083a3bdd5a93dfe480f1125926afcdbf2917ae714bdb80b36d34318b2bec5d9 \ --hash=sha256:c2fc0a768ef76c15ab9238afa6da7f69895bb5d1ee83aeea2e3509af4472d0b9 \ --hash=sha256:c52b02ad8b4e2cf14ca7b3d918f3eb0ee91e63b3167c32591e57c4317e134f8f \ --hash=sha256:c8e7af2f4e0194c22b5b37205bfb293d166a7344a5b0d0eaccebc376546d77d5 \ --hash=sha256:cca3868ddfaccfbc4bfb1d608e2ccaaebe0ae628e1416aeb9c4d88c001bb45ab \ - --hash=sha256:d87c561733f66531dced0da6e864f44ebf89a8fba55f31407b00c2f7f9449593 \ --hash=sha256:db4b41f9bd95fbe5acd76d89920336ba96f03e149097365afe1cb092fceb89a1 \ - --hash=sha256:dc46a01bf8d62f227d5ecee74178ffc448ff4e5197c756331f71efcc66dc980f \ - --hash=sha256:dd14041875d09cc0f9308e37a6f8b65f5585cf2598a53aa0123df8b129d481f8 \ - --hash=sha256:de4b83bb311557e439b9e186f733f6c645b9417c84e2eb8203f3f820a4b988bf \ - --hash=sha256:e799c050df38a639db758c617ec771fd8fb7a5f8eaaa4b27b101f266b216a246 \ --hash=sha256:e80b087132752f6b3d714f041ccf74403799d3b23a72722ea2e6ba2e892555b9 \ --hash=sha256:eb8c529b2819c37140eb51b914153063d27ed88e3bdc31b71198a198e921e011 \ --hash=sha256:f517ca031dfc037a9c07e748cefd8d96235088b83b4f4ba8939105d20fa1dcd6 \ - --hash=sha256:f889f7a40498cc077332c7ab6b4608d296d852182211787d4f3ee377aaae66e8 \ --hash=sha256:f941635f2a3d96b2973e867144fde513665c87f13fe0e193c158ac51bfaaa7b2 \ - --hash=sha256:fa854f5cf7e33842a892e5c73f45327760bc7bc516339fda888c75ae60edaeb6 \ - --hash=sha256:fe5b32187cbc0c862ee201ad66c30cf218e5ed468ec8dc1cf49dec66e160cc4d + --hash=sha256:fa854f5cf7e33842a892e5c73f45327760bc7bc516339fda888c75ae60edaeb6 # via pydantic pygments==2.19.2 \ --hash=sha256:636cb2477cec7f8952536970bc533bc43743542f70392ae026374600add5b887 \ @@ -492,18 +423,12 @@ pytz==2025.2 \ pyyaml==6.0.2 \ --hash=sha256:0833f8694549e586547b576dcfaba4a6b55b9e96098b36cdc7ebefe667dfed48 \ --hash=sha256:0ffe8360bab4910ef1b9e87fb812d8bc0a308b0d0eef8c8f44e0254ab3b07133 \ - --hash=sha256:11d8f3dd2b9c1207dcaf2ee0bbbfd5991f571186ec9cc78427ba5bd32afae4b5 \ --hash=sha256:17e311b6c678207928d649faa7cb0d7b4c26a0ba73d41e99c4fff6b6c3276484 \ - --hash=sha256:1e2120ef853f59c7419231f3bf4e7021f1b936f6ebd222406c3b60212205d2ee \ --hash=sha256:1f71ea527786de97d1a0cc0eacd1defc0985dcf6b3f17bb77dcfc8c34bec4dc5 \ - --hash=sha256:3ad2a3decf9aaba3d29c8f537ac4b243e36bef957511b4766cb0057d32b0be85 \ --hash=sha256:41e4e3953a79407c794916fa277a82531dd93aad34e29c2a514c2c0c5fe971cc \ --hash=sha256:50187695423ffe49e2deacb8cd10510bc361faac997de9efef88badc3bb9e2d1 \ - --hash=sha256:5ac9328ec4831237bec75defaf839f7d4564be1e6b25ac710bd1a96321cc8317 \ - --hash=sha256:5d225db5a45f21e78dd9358e58a98702a0302f2659a3c6cd320564b75b86f47c \ --hash=sha256:68ccc6023a3400877818152ad9a1033e3db8625d899c72eacb5a668902e4d652 \ --hash=sha256:70b189594dbe54f75ab3a1acec5f1e3faa7e8cf2f1e08d9b561cb41b845f69d5 \ - --hash=sha256:797b4f722ffa07cc8d62053e4cff1486fa6dc094105d13fea7b1de7d8bf71c9e \ --hash=sha256:7e7401d0de89a9a855c839bc697c079a4af81cf878373abd7dc625847d25cbd8 \ --hash=sha256:80bab7bfc629882493af4aa31a4cfa43a4c57c83813253626916b8c7ada83476 \ --hash=sha256:8388ee1976c416731879ac16da0aff3f63b286ffdd57cdeb95f3f2e085687563 \ @@ -511,13 +436,10 @@ pyyaml==6.0.2 \ --hash=sha256:9b22676e8097e9e22e36d6b7bda33190d0d400f345f23d4065d48f4ca7ae0425 \ --hash=sha256:bc2fa7c6b47d6bc618dd7fb02ef6fdedb1090ec036abab80d4681424b84c1183 \ --hash=sha256:c70c95198c015b85feafc136515252a261a84561b7b1d51e3384e0655ddf25ab \ - --hash=sha256:cc1c1159b3d456576af7a3e4d1ba7e6924cb39de8f67111c735f6fc832082774 \ --hash=sha256:ce826d6ef20b1bc864f0a68340c8b3287705cae2f8b4b1d932177dcc76721725 \ --hash=sha256:d584d9ec91ad65861cc08d42e834324ef890a082e591037abe114850ff7bbc3e \ - --hash=sha256:e10ce637b18caea04431ce14fabcf5c64a1c61ec9c56b071a4b7ca131ca52d44 \ --hash=sha256:ef6107725bd54b262d6dedcc2af448a266975032bc85ef0172c5f059da6325b4 \ - --hash=sha256:efdca5630322a10774e8e98e1af481aad470dd62c3170801852d752aa7a783ba \ - --hash=sha256:ff3824dc5261f50c9b0dfb3be22b4567a6f938ccce4587b38952d85fd9e9afe4 + --hash=sha256:efdca5630322a10774e8e98e1af481aad470dd62c3170801852d752aa7a783ba # via # mkdocs # mkdocs-get-deps @@ -537,52 +459,31 @@ rapidfuzz==3.13.0 \ --hash=sha256:11b125d8edd67e767b2295eac6eb9afe0b1cdc82ea3d4b9257da4b8e06077798 \ --hash=sha256:11b47b40650e06147dee5e51a9c9ad73bb7b86968b6f7d30e503b9f8dd1292db \ --hash=sha256:1343d745fbf4688e412d8f398c6e6d6f269db99a54456873f232ba2e7aeb4939 \ - --hash=sha256:1ba007f4d35a45ee68656b2eb83b8715e11d0f90e5b9f02d615a8a321ff00c27 \ --hash=sha256:1dc82b6ed01acb536b94a43996a94471a218f4d89f3fdd9185ab496de4b2a981 \ - --hash=sha256:1f219f1e3c3194d7a7de222f54450ce12bc907862ff9a8962d83061c1f923c86 \ - --hash=sha256:202a87760f5145140d56153b193a797ae9338f7939eb16652dd7ff96f8faf64c \ - --hash=sha256:25343ccc589a4579fbde832e6a1e27258bfdd7f2eb0f28cb836d6694ab8591fc \ --hash=sha256:2d18228a2390375cf45726ce1af9d36ff3dc1f11dce9775eae1f1b13ac6ec50f \ --hash=sha256:2fd0975e015b05c79a97f38883a11236f5a24cca83aa992bd2558ceaa5652b26 \ - --hash=sha256:3b6f913ee4618ddb6d6f3e387b76e8ec2fc5efee313a128809fbd44e65c2bbb2 \ --hash=sha256:3f32f15bacd1838c929b35c84b43618481e1b3d7a61b5ed2db0291b70ae88b53 \ --hash=sha256:461fd13250a2adf8e90ca9a0e1e166515cbcaa5e9c3b1f37545cbbeff9e77f6b \ --hash=sha256:4671ee300d1818d7bdfd8fa0608580d7778ba701817216f0c17fb29e6b972514 \ --hash=sha256:4a1a6a906ba62f2556372282b1ef37b26bca67e3d2ea957277cfcefc6275cca7 \ - --hash=sha256:5158da7f2ec02a930be13bac53bb5903527c073c90ee37804090614cab83c29e \ - --hash=sha256:558bf526bcd777de32b7885790a95a9548ffdcce68f704a81207be4a286c1095 \ --hash=sha256:57c390336cb50d5d3bfb0cfe1467478a15733703af61f6dffb14b1cd312a6fae \ --hash=sha256:5d4e13593d298c50c4f94ce453f757b4b398af3fa0fd2fde693c3e51195b7f69 \ - --hash=sha256:5dc71ef23845bb6b62d194c39a97bb30ff171389c9812d83030c1199f319098c \ --hash=sha256:65cc97c2fc2c2fe23586599686f3b1ceeedeca8e598cfcc1b7e56dc8ca7e2aa7 \ --hash=sha256:694eb531889f71022b2be86f625a4209c4049e74be9ca836919b9e395d5e33b3 \ --hash=sha256:6e2065f68fb1d0bf65adc289c1bdc45ba7e464e406b319d67bb54441a1b9da9e \ - --hash=sha256:9093cdeb926deb32a4887ebe6910f57fbcdbc9fbfa52252c10b56ef2efb0289f \ --hash=sha256:98b8107ff14f5af0243f27d236bcc6e1ef8e7e3b3c25df114e91e3a99572da73 \ - --hash=sha256:98e0bfa602e1942d542de077baf15d658bd9d5dcfe9b762aff791724c1c38b70 \ --hash=sha256:9a7c6232be5f809cd39da30ee5d24e6cadd919831e6020ec6c2391f4c3bc9264 \ --hash=sha256:9f5fe634c9482ec5d4a6692afb8c45d370ae86755e5f57aa6c50bfe4ca2bdd87 \ - --hash=sha256:a9ad1f37894e3ffb76bbab76256e8a8b789657183870be11aa64e306bb5228fd \ --hash=sha256:ae4574cb66cf1e85d32bb7e9ec45af5409c5b3970b7ceb8dea90168024127566 \ --hash=sha256:b1b065f370d54551dcc785c6f9eeb5bd517ae14c983d2784c064b3aa525896df \ - --hash=sha256:b5104b62711565e0ff6deab2a8f5dbf1fbe333c5155abe26d2cfd6f1849b6c87 \ - --hash=sha256:b7b3eda607a019169f7187328a8d1648fb9a90265087f6903d7ee3a8eee01805 \ - --hash=sha256:b7f4c65facdb94f44be759bbd9b6dda1fa54d0d6169cdf1a209a5ab97d311a75 \ --hash=sha256:b836f486dba0aceb2551e838ff3f514a38ee72b015364f739e526d720fdb823a \ - --hash=sha256:bef86df6d59667d9655905b02770a0c776d2853971c0773767d5ef8077acd624 \ --hash=sha256:c2b3dd5d206a12deca16870acc0d6e5036abeb70e3cad6549c294eff15591527 \ --hash=sha256:c33f9c841630b2bb7e69a3fb5c84a854075bb812c47620978bddc591f764da3d \ - --hash=sha256:cfcccc08f671646ccb1e413c773bb92e7bba789e3a1796fd49d23c12539fe2e4 \ - --hash=sha256:d25fdbce6459ccbbbf23b4b044f56fbd1158b97ac50994eaae2a1c0baae78301 \ --hash=sha256:d2eaf3839e52cbcc0accbe9817a67b4b0fcf70aaeb229cfddc1c28061f9ce5d8 \ - --hash=sha256:d395a5cad0c09c7f096433e5fd4224d83b53298d53499945a9b0e5a971a84f3a \ - --hash=sha256:d7a217310429b43be95b3b8ad7f8fc41aba341109dc91e978cd7c703f928c58f \ --hash=sha256:df8e8c21e67afb9d7fbe18f42c6111fe155e801ab103c81109a61312927cc611 \ --hash=sha256:e05752418b24bbd411841b256344c26f57da1148c5509e34ea39c7eb5099ab72 \ --hash=sha256:e9d824de871daa6e443b39ff495a884931970d567eb0dfa213d234337343835f \ - --hash=sha256:ed6f416bda1c9133000009d84d9409823eb2358df0950231cc936e4bf784eb97 \ - --hash=sha256:f70f646751b6aa9d05be1fb40372f006cc89d6aad54e9d79ae97bd1f5fce5203 \ - --hash=sha256:fedd316c165beed6307bf754dee54d3faca2c47e1f3bcbd67595001dfa11e969 + --hash=sha256:ed6f416bda1c9133000009d84d9409823eb2358df0950231cc936e4bf784eb97 # via thefuzz referencing==0.36.2 \ --hash=sha256:df2e89862cd09deabbdba16944cc3f10feb6b3e6f18e902f7cc25609a34775aa \ @@ -605,7 +506,6 @@ rpds-py==0.27.0 \ --hash=sha256:010c4843a3b92b54373e3d2291a7447d6c3fc29f591772cc2ea0e9f5c1da434b \ --hash=sha256:0665be515767dc727ffa5f74bd2ef60b0ff85dad6bb8f50d91eaa6b5fb226f51 \ --hash=sha256:069e0384a54f427bd65d7fda83b68a90606a3835901aaff42185fcd94f5a9295 \ - --hash=sha256:08680820d23df1df0a0260f714d12966bc6c42d02e8055a91d61e03f0c47dda0 \ --hash=sha256:0954e3a92e1d62e83a54ea7b3fdc9efa5d61acef8488a8a3d31fdafbfb00460d \ --hash=sha256:09965b314091829b378b60607022048953e25f0b396c2b70e7c4c81bcecf932e \ --hash=sha256:0c431bfb91478d7cbe368d0a699978050d3b112d7f1d440a41e90faa325557fd \ @@ -613,36 +513,25 @@ rpds-py==0.27.0 \ --hash=sha256:0f4f69d7a4300fbf91efb1fb4916421bd57804c01ab938ab50ac9c4aa2212f03 \ --hash=sha256:13bbc4846ae4c993f07c93feb21a24d8ec637573d567a924b1001e81c8ae80f9 \ --hash=sha256:14f028eb47f59e9169bfdf9f7ceafd29dd64902141840633683d0bad5b04ff34 \ - --hash=sha256:181bc29e59e5e5e6e9d63b143ff4d5191224d355e246b5a48c88ce6b35c4e466 \ --hash=sha256:183f5e221ba3e283cd36fdfbe311d95cd87699a083330b4f792543987167eff1 \ --hash=sha256:184f0d7b342967f6cda94a07d0e1fae177d11d0b8f17d73e06e36ac02889f303 \ - --hash=sha256:190d7285cd3bb6d31d37a0534d7359c1ee191eb194c511c301f32a4afa5a1dd4 \ --hash=sha256:19c990fdf5acecbf0623e906ae2e09ce1c58947197f9bced6bbd7482662231c4 \ --hash=sha256:203f581accef67300a942e49a37d74c12ceeef4514874c7cede21b012613ca2c \ --hash=sha256:20e222a44ae9f507d0f2678ee3dd0c45ec1e930f6875d99b8459631c24058aec \ --hash=sha256:249ab91ceaa6b41abc5f19513cb95b45c6f956f6b89f1fe3d99c81255a849f9e \ - --hash=sha256:25a4aebf8ca02bbb90a9b3e7a463bbf3bee02ab1c446840ca07b1695a68ce424 \ --hash=sha256:27bac29bbbf39601b2aab474daf99dbc8e7176ca3389237a23944b17f8913d97 \ --hash=sha256:2cff9bdd6c7b906cc562a505c04a57d92e82d37200027e8d362518df427f96cd \ --hash=sha256:2fe6e18e5c8581f0361b35ae575043c7029d0a92cb3429e6e596c2cdde251432 \ --hash=sha256:3001013dae10f806380ba739d40dee11db1ecb91684febb8406a87c2ded23dae \ --hash=sha256:32196b5a99821476537b3f7732432d64d93a58d680a52c5e12a190ee0135d8b5 \ --hash=sha256:341d8acb6724c0c17bdf714319c393bb27f6d23d39bc74f94221b3e59fc31828 \ - --hash=sha256:343cf24de9ed6c728abefc5d5c851d5de06497caa7ac37e5e65dd572921ed1b5 \ --hash=sha256:3841f66c1ffdc6cebce8aed64e36db71466f1dc23c0d9a5592e2a782a3042c79 \ --hash=sha256:4045e2fc4b37ec4b48e8907a5819bdd3380708c139d7cc358f03a3653abedb89 \ --hash=sha256:42894616da0fc0dcb2ec08a77896c3f56e9cb2f4b66acd76fc8992c3557ceb1c \ - --hash=sha256:4300e15e7d03660f04be84a125d1bdd0e6b2f674bc0723bc0fd0122f1a4585dc \ --hash=sha256:443d239d02d9ae55b74015234f2cd8eb09e59fbba30bf60baeb3123ad4c6d5ff \ - --hash=sha256:44524b96481a4c9b8e6c46d6afe43fa1fb485c261e359fbe32b63ff60e3884d8 \ - --hash=sha256:45d04a73c54b6a5fd2bab91a4b5bc8b426949586e61340e212a8484919183859 \ - --hash=sha256:4790c9d5dd565ddb3e9f656092f57268951398cef52e364c405ed3112dc7c7c1 \ --hash=sha256:4bc262ace5a1a7dc3e2eac2fa97b8257ae795389f688b5adf22c5db1e2431c43 \ --hash=sha256:5355527adaa713ab693cbce7c1e0ec71682f599f61b128cf19d07e5c13c9b1f1 \ - --hash=sha256:59195dc244fc183209cf8a93406889cadde47dfd2f0a6b137783aa9c56d67c85 \ - --hash=sha256:59714ab0a5af25d723d8e9816638faf7f4254234decb7d212715c1aa71eee7be \ --hash=sha256:5b3a5c8089eed498a3af23ce87a80805ff98f6ef8f7bdb70bd1b7dae5105f6ac \ - --hash=sha256:5d6790ff400254137b81b8053b34417e2c46921e302d655181d55ea46df58cf7 \ --hash=sha256:5fa01b3d5e3b7d97efab65bd3d88f164e289ec323a8c033c5c38e53ee25c007e \ --hash=sha256:6168af0be75bba990a39f9431cdfae5f0ad501f4af32ae62e8856307200517b8 \ --hash=sha256:64f689ab822f9b5eb6dfc69893b4b9366db1d2420f7db1f6a2adf2a9ca15ad64 \ @@ -652,12 +541,8 @@ rpds-py==0.27.0 \ --hash=sha256:6de6a7f622860af0146cb9ee148682ff4d0cea0b8fd3ad51ce4d40efb2f061d0 \ --hash=sha256:7451ede3560086abe1aa27dcdcf55cd15c96b56f543fb12e5826eee6f721f858 \ --hash=sha256:7873b65686a6471c0037139aa000d23fe94628e0daaa27b6e40607c90e3f5ec4 \ - --hash=sha256:7aed8118ae20515974650d08eb724150dc2e20c2814bcc307089569995e88a14 \ --hash=sha256:7e57906e38583a2cba67046a09c2637e23297618dc1f3caddbc493f2be97c93f \ - --hash=sha256:7ec85994f96a58cf7ed288caa344b7fe31fd1d503bdf13d7331ead5f70ab60d5 \ --hash=sha256:86aca1616922b40d8ac1b3073a1ead4255a2f13405e5700c01f7c8d29a03972d \ - --hash=sha256:88051c3b7d5325409f433c5a40328fcb0685fc04e5db49ff936e910901d10114 \ - --hash=sha256:887ab1f12b0d227e9260558a4a2320024b20102207ada65c43e1ffc4546df72e \ --hash=sha256:8a06aa1197ec0281eb1d7daf6073e199eb832fe591ffa329b88bae28f25f5fe5 \ --hash=sha256:8a1dca5507fa1337f75dcd5070218b20bc68cf8844271c923c1b79dfcbc20391 \ --hash=sha256:8b23cf252f180cda89220b378d917180f29d313cd6a07b2431c0d3b776aae86f \ @@ -671,14 +556,10 @@ rpds-py==0.27.0 \ --hash=sha256:a1b3db5fae5cbce2131b7420a3f83553d4d89514c03d67804ced36161fe8b6b2 \ --hash=sha256:aa0bf113d15e8abdfee92aa4db86761b709a09954083afcb5bf0f952d6065fdb \ --hash=sha256:ab47fe727c13c09d0e6f508e3a49e545008e23bf762a245b020391b621f5b726 \ - --hash=sha256:af9d4fd79ee1cc8e7caf693ee02737daabfc0fcf2773ca0a4735b356c8ad6f7c \ --hash=sha256:b1fef1f13c842a39a03409e30ca0bf87b39a1e2a305a9924deadb75a43105d23 \ --hash=sha256:b4c4fbbcff474e1e5f38be1bf04511c03d492d42eec0babda5d03af3b5589374 \ --hash=sha256:b8a7acf04fda1f30f1007f3cc96d29d8cf0a53e626e4e1655fdf4eabc082d367 \ --hash=sha256:be0744661afbc4099fef7f4e604e7f1ea1be1dd7284f357924af12a705cc7d5c \ - --hash=sha256:bec77545d188f8bdd29d42bccb9191682a46fb2e655e3d1fb446d47c55ac3b8d \ - --hash=sha256:c10d92fb6d7fd827e44055fcd932ad93dac6a11e832d51534d77b97d1d85400f \ - --hash=sha256:c3782fb753aa825b4ccabc04292e07897e2fd941448eabf666856c5530277626 \ --hash=sha256:c9ce7a9e967afc0a2af7caa0d15a3e9c1054815f73d6a8cb9225b61921b419bd \ --hash=sha256:ce4ed8e0c7dbc5b19352b9c2c6131dd23b95fa8698b5cdd076307a33626b72dc \ --hash=sha256:ce96ab0bdfcef1b8c371ada2100767ace6804ea35aacce0aef3aeb4f3f499ca8 \ @@ -687,19 +568,12 @@ rpds-py==0.27.0 \ --hash=sha256:d3c622c39f04d5751408f5b801ecb527e6e0a471b367f420a877f7a660d583f6 \ --hash=sha256:d93ebdb82363d2e7bec64eecdc3632b59e84bd270d74fe5be1659f7787052f9b \ --hash=sha256:db8a6313dbac934193fc17fe7610f70cd8181c542a91382531bef5ed785e5615 \ - --hash=sha256:dbc2ab5d10544eb485baa76c63c501303b716a5c405ff2469a1d8ceffaabf622 \ --hash=sha256:dc79d192fb76fc0c84f2c58672c17bbbc383fd26c3cdc29daae16ce3d927e8b2 \ - --hash=sha256:dd2c1d27ebfe6a015cfa2005b7fe8c52d5019f7bbdd801bc6f7499aab9ae739e \ --hash=sha256:e14aab02258cb776a108107bd15f5b5e4a1bbaa61ef33b36693dfab6f89d54f9 \ - --hash=sha256:e24d8031a2c62f34853756d9208eeafa6b940a1efcbfe36e8f57d99d52bb7261 \ --hash=sha256:e36c80c49853b3ffda7aa1831bf175c13356b210c73128c861f3aa93c3cc4015 \ - --hash=sha256:e3dc8d4ede2dbae6c0fc2b6c958bf51ce9fd7e9b40c0f5b8835c3fde44f5807d \ - --hash=sha256:e6491658dd2569f05860bad645569145c8626ac231877b0fb2d5f9bcb7054089 \ --hash=sha256:eb91d252b35004a84670dfeafadb042528b19842a0080d8b53e5ec1128e8f433 \ - --hash=sha256:f0396e894bd1e66c74ecbc08b4f6a03dc331140942c4b1d345dd131b68574a60 \ --hash=sha256:f3cd110e02c5bf17d8fb562f6c9df5c20e73029d587cf8602a2da6c5ef1e32cb \ --hash=sha256:f7a37dd208f0d658e0487522078b1ed68cd6bce20ef4b5a915d2809b9094b410 \ - --hash=sha256:fae4a01ef8c4cb2bbe92ef2063149596907dc4a881a8d26743b3f6b304713171 \ --hash=sha256:fc327f4497b7087d06204235199daf208fd01c82d80465dc5efa4ec9df1c5b4e \ --hash=sha256:fcc01c57ce6e70b728af02b2401c5bc853a9e14eb07deda30624374f0aebfe42 \ --hash=sha256:fde355b02934cc6b07200cc3b27ab0c15870a757d1a72fd401aa92e2ea3c6bfe @@ -709,32 +583,24 @@ rpds-py==0.27.0 \ scikit-learn==1.6.1 \ --hash=sha256:0650e730afb87402baa88afbf31c07b84c98272622aaba002559b614600ca691 \ --hash=sha256:1061b7c028a8663fb9a1a1baf9317b64a257fcb036dae5c8752b2abef31d136f \ - --hash=sha256:25fc636bdaf1cc2f4a124a116312d837148b5e10872147bdaf4887926b8c03d8 \ --hash=sha256:2c2cae262064e6a9b77eee1c8e768fc46aa0b8338c6a8297b9b6759720ec0ff2 \ --hash=sha256:2e69fab4ebfc9c9b580a7a80111b43d214ab06250f8a7ef590a4edf72464dd86 \ --hash=sha256:2ffa1e9e25b3d93990e74a4be2c2fc61ee5af85811562f1288d5d055880c4322 \ --hash=sha256:3f59fe08dc03ea158605170eb52b22a105f238a5d512c4470ddeca71feae8e5f \ --hash=sha256:6a7aa5f9908f0f28f4edaa6963c0a6183f1911e63a69aa03782f0d924c830a35 \ --hash=sha256:70b1d7e85b1c96383f872a519b3375f92f14731e279a7b4c6cfd650cf5dffc52 \ - --hash=sha256:72abc587c75234935e97d09aa4913a82f7b03ee0b74111dcc2881cba3c5a7b33 \ --hash=sha256:7a1c43c8ec9fde528d664d947dc4c0789be4077a3647f232869f41d9bf50e0fb \ --hash=sha256:926f207c804104677af4857b2c609940b743d04c4c35ce0ddc8ff4f053cddc1b \ --hash=sha256:a17c1dea1d56dcda2fac315712f3651a1fea86565b64b48fa1bc090249cbf236 \ - --hash=sha256:b3b00cdc8f1317b5f33191df1386c0befd16625f49d979fe77a8d44cae82410d \ --hash=sha256:b4fc2525eca2c69a59260f583c56a7557c6ccdf8deafdba6e060f94c1c59738e \ --hash=sha256:c06beb2e839ecc641366000ca84f3cf6fa9faa1777e29cf0c04be6e4d096a348 \ - --hash=sha256:dc4765af3386811c3ca21638f63b9cf5ecf66261cc4815c1db3f1e7dc7b79db2 \ --hash=sha256:dc5cf3d68c5a20ad6d571584c0750ec641cc46aeef1c1507be51300e6003a7e1 \ - --hash=sha256:e8ca8cb270fee8f1f76fa9bfd5c3507d60c6438bbee5687f81042e2bb98e5a97 \ - --hash=sha256:fa909b1a36e000a03c382aade0bd2063fd5680ff8b8e501660c0f59f021a6415 + --hash=sha256:e8ca8cb270fee8f1f76fa9bfd5c3507d60c6438bbee5687f81042e2bb98e5a97 # via ssvc scipy==1.16.1 \ --hash=sha256:0851f6a1e537fe9399f35986897e395a1aa61c574b178c0d456be5b1a0f5ca1f \ - --hash=sha256:0a55ffe0ba0f59666e90951971a884d1ff6f4ec3275a48f472cfb64175570f77 \ --hash=sha256:15240c3aac087a522b4eaedb09f0ad061753c5eebf1ea430859e5bf8640d5919 \ - --hash=sha256:18aca1646a29ee9a0625a1be5637fa798d4d81fdf426481f06d69af828f16958 \ --hash=sha256:21a611ced9275cb861bacadbada0b8c0623bc00b05b09eb97f23b370fc2ae56d \ - --hash=sha256:226652fca853008119c03a8ce71ffe1b3f6d2844cc1686e8f9806edafae68596 \ --hash=sha256:2ef500e72f9623a6735769e4b93e9dcb158d40752cdbb077f305487e3e2d1f45 \ --hash=sha256:30cc4bb81c41831ecfd6dc450baf48ffd80ef5aed0f5cf3ea775740e80f16ecc \ --hash=sha256:367d567ee9fc1e9e2047d31f39d9d6a7a04e0710c86e701e053f237d14a9b4f6 \ @@ -750,7 +616,6 @@ scipy==1.16.1 \ --hash=sha256:5e1a106f8c023d57a2a903e771228bf5c5b27b5d692088f457acacd3b54511e4 \ --hash=sha256:65f81a25805f3659b48126b5053d9e823d3215e4a63730b5e1671852a1705921 \ --hash=sha256:6c62eea7f607f122069b9bad3f99489ddca1a5173bef8a0c75555d7488b6f725 \ - --hash=sha256:6e5c2f74e5df33479b5cd4e97a9104c511518fbd979aa9b8f6aec18b2e9ecae7 \ --hash=sha256:709559a1db68a9abc3b2c8672c4badf1614f3b440b3ab326d86a5c0491eafae3 \ --hash=sha256:744d977daa4becb9fc59135e75c069f8d301a87d64f88f1e602a9ecf51e77b27 \ --hash=sha256:796a5a9ad36fa3a782375db8f4241ab02a091308eb079746bc0f874c9b998318 \ @@ -762,15 +627,11 @@ scipy==1.16.1 \ --hash=sha256:89728678c5ca5abd610aee148c199ac1afb16e19844401ca97d43dc548a354eb \ --hash=sha256:8dfbb25dffc4c3dd9371d8ab456ca81beeaf6f9e1c2119f179392f0dc1ab7695 \ --hash=sha256:978d8311674b05a8f7ff2ea6c6bce5d8b45a0cb09d4c5793e0318f448613ea65 \ - --hash=sha256:adccd93a2fa937a27aae826d33e3bfa5edf9aa672376a4852d23a7cd67a2e5b7 \ --hash=sha256:bcc12db731858abda693cecdb3bdc9e6d4bd200213f49d224fe22df82687bdd6 \ - --hash=sha256:c033fa32bab91dc98ca59d0cf23bb876454e2bb02cbe592d5023138778f70030 \ --hash=sha256:c0c804d60492a0aad7f5b2bb1862f4548b990049e27e828391ff2bf6f7199998 \ --hash=sha256:c24fa02f7ed23ae514460a22c57eca8f530dbfa50b1cfdbf4f37c05b5309cc39 \ --hash=sha256:ca66d980469cb623b1759bdd6e9fd97d4e33a9fad5b33771ced24d0cb24df67e \ - --hash=sha256:cb18899127278058bcc09e7b9966d41a5a43740b5bb8dcba401bd983f82e885b \ --hash=sha256:cc1d2f2fd48ba1e0620554fe5bc44d3e8f5d4185c8c109c7fbdf5af2792cfad2 \ - --hash=sha256:d85495cef541729a70cdddbbf3e6b903421bc1af3e8e3a9a72a06751f33b7c39 \ --hash=sha256:d8da7c3dd67bcd93f15618938f43ed0995982eb38973023d46d4646c4283ad65 \ --hash=sha256:dc54f76ac18073bcecffb98d93f03ed6b81a92ef91b5d3b135dcc81d55a724c7 \ --hash=sha256:e756d688cb03fd07de0fffad475649b03cb89bee696c98ce508b17c11a03f95c \ @@ -781,7 +642,6 @@ scipy==1.16.1 \ --hash=sha256:f1b9e5962656f2734c2b285a8745358ecb4e4efbadd00208c80a389227ec61ff \ --hash=sha256:f23634f9e5adb51b2a77766dac217063e764337fbc816aa8ad9aaebcd4397fd3 \ --hash=sha256:f7b8013c6c066609577d910d1a2a077021727af07b6fab0ee22c2f901f22352a \ - --hash=sha256:f8a5d6cd147acecc2603fbd382fed6c46f474cccfcf69ea32582e033fb54dcfe \ --hash=sha256:f965bbf3235b01c776115ab18f092a95aa74c271a52577bcb0563e85738fd618 \ --hash=sha256:fedc2cbd1baed37474b1924c331b97bdff611d762c196fac1a9b71e67b813b1b # via @@ -843,7 +703,6 @@ watchdog==6.0.0 \ --hash=sha256:212ac9b8bf1161dc91bd09c048048a95ca3a4c4f5e5d4a7d1b1a7d5752a7f96f \ --hash=sha256:2cce7cfc2008eb51feb6aab51251fd79b85d9894e98ba847408f662b3395ca3c \ --hash=sha256:490ab2ef84f11129844c23fb14ecf30ef3d8a6abafd3754a6f75ca1e6654136c \ - --hash=sha256:6eb11feb5a0d452ee41f824e271ca311a09e250441c262ca2fd7ebcf2461a06c \ --hash=sha256:6f10cb2d5902447c7d0da897e2c6768bca89174d0c6e1e30abec5421af97a5b0 \ --hash=sha256:7607498efa04a3542ae3e05e64da8202e58159aa1fa4acddf7678d34a35d4f13 \ --hash=sha256:76aae96b00ae814b181bb25b1b98076d5fc84e8a53cd8885a318b42b6d3a5134 \ @@ -852,12 +711,10 @@ watchdog==6.0.0 \ --hash=sha256:9ddf7c82fda3ae8e24decda1338ede66e1c99883db93711d8fb941eaa2d8c282 \ --hash=sha256:a175f755fc2279e0b7312c0035d52e27211a5bc39719dd529625b1930917345b \ --hash=sha256:a1914259fa9e1454315171103c6a30961236f508b9b623eae470268bbcc6a22f \ - --hash=sha256:afd0fe1b2270917c5e23c2a65ce50c2a4abb63daafb0d419fde368e272a76b7c \ --hash=sha256:bdd4e6f14b8b18c334febb9c4425a878a2ac20efd1e0b231978e7b150f92a948 \ --hash=sha256:c7c15dda13c4eb00d6fb6fc508b3c0ed88b9d5d374056b239c4ad1611125c860 \ --hash=sha256:cbafb470cf848d93b5d013e2ecb245d4aa1c8fd0504e863ccefa32445359d680 \ - --hash=sha256:e3df4cbb9a450c6d49318f6d14f4bbc80d763fa587ba46ec86f99f9e6876bb26 \ - --hash=sha256:ef810fbf7b781a5a593894e4f439773830bdecb885e6880d957d5b9382a960d2 + --hash=sha256:e3df4cbb9a450c6d49318f6d14f4bbc80d763fa587ba46ec86f99f9e6876bb26 # via mkdocs wcmatch==10.1 \ --hash=sha256:5848ace7dbb0476e5e55ab63c6bbd529745089343427caa5537f230cc01beb8a \ diff --git a/src/pyproject.toml b/src/pyproject.toml index ca44c224..0a3c1f73 100644 --- a/src/pyproject.toml +++ b/src/pyproject.toml @@ -20,7 +20,7 @@ authors = [ ] description = "Tools for working with a Stakeholder Specific Vulnerability Categorization (SSVC)" readme = {file="README.md", content-type="text/markdown"} -requires-python = ">=3.11" +requires-python = ">=3.12" keywords =["ssvc","vulnerability management","vulnerability management"] license = {file="LICENSE.md"} classifiers = [ diff --git a/src/uv.lock b/src/uv.lock index 7e15c9a4..6f456d82 100644 --- a/src/uv.lock +++ b/src/uv.lock @@ -1,10 +1,6 @@ version = 1 revision = 3 -requires-python = ">=3.11" -resolution-markers = [ - "python_full_version >= '3.12'", - "python_full_version < '3.12'", -] +requires-python = ">=3.12" [[package]] name = "annotated-types" @@ -71,17 +67,6 @@ version = "3.4.3" source = { registry = "https://pypi.org/simple" } sdist = { url = "https://files.pythonhosted.org/packages/83/2d/5fd176ceb9b2fc619e63405525573493ca23441330fcdaee6bef9460e924/charset_normalizer-3.4.3.tar.gz", hash = "sha256:6fce4b8500244f6fcb71465d4a4930d132ba9ab8e71a7859e6a5d59851068d14", size = 122371, upload-time = "2025-08-09T07:57:28.46Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/7f/b5/991245018615474a60965a7c9cd2b4efbaabd16d582a5547c47ee1c7730b/charset_normalizer-3.4.3-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:b256ee2e749283ef3ddcff51a675ff43798d92d746d1a6e4631bf8c707d22d0b", size = 204483, upload-time = "2025-08-09T07:55:53.12Z" }, - { url = "https://files.pythonhosted.org/packages/c7/2a/ae245c41c06299ec18262825c1569c5d3298fc920e4ddf56ab011b417efd/charset_normalizer-3.4.3-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:13faeacfe61784e2559e690fc53fa4c5ae97c6fcedb8eb6fb8d0a15b475d2c64", size = 145520, upload-time = "2025-08-09T07:55:54.712Z" }, - { url = "https://files.pythonhosted.org/packages/3a/a4/b3b6c76e7a635748c4421d2b92c7b8f90a432f98bda5082049af37ffc8e3/charset_normalizer-3.4.3-cp311-cp311-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:00237675befef519d9af72169d8604a067d92755e84fe76492fef5441db05b91", size = 158876, upload-time = "2025-08-09T07:55:56.024Z" }, - { url = "https://files.pythonhosted.org/packages/e2/e6/63bb0e10f90a8243c5def74b5b105b3bbbfb3e7bb753915fe333fb0c11ea/charset_normalizer-3.4.3-cp311-cp311-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:585f3b2a80fbd26b048a0be90c5aae8f06605d3c92615911c3a2b03a8a3b796f", size = 156083, upload-time = "2025-08-09T07:55:57.582Z" }, - { url = "https://files.pythonhosted.org/packages/87/df/b7737ff046c974b183ea9aa111b74185ac8c3a326c6262d413bd5a1b8c69/charset_normalizer-3.4.3-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:0e78314bdc32fa80696f72fa16dc61168fda4d6a0c014e0380f9d02f0e5d8a07", size = 150295, upload-time = "2025-08-09T07:55:59.147Z" }, - { url = "https://files.pythonhosted.org/packages/61/f1/190d9977e0084d3f1dc169acd060d479bbbc71b90bf3e7bf7b9927dec3eb/charset_normalizer-3.4.3-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:96b2b3d1a83ad55310de8c7b4a2d04d9277d5591f40761274856635acc5fcb30", size = 148379, upload-time = "2025-08-09T07:56:00.364Z" }, - { url = "https://files.pythonhosted.org/packages/4c/92/27dbe365d34c68cfe0ca76f1edd70e8705d82b378cb54ebbaeabc2e3029d/charset_normalizer-3.4.3-cp311-cp311-musllinux_1_2_ppc64le.whl", hash = "sha256:939578d9d8fd4299220161fdd76e86c6a251987476f5243e8864a7844476ba14", size = 160018, upload-time = "2025-08-09T07:56:01.678Z" }, - { url = "https://files.pythonhosted.org/packages/99/04/baae2a1ea1893a01635d475b9261c889a18fd48393634b6270827869fa34/charset_normalizer-3.4.3-cp311-cp311-musllinux_1_2_s390x.whl", hash = "sha256:fd10de089bcdcd1be95a2f73dbe6254798ec1bda9f450d5828c96f93e2536b9c", size = 157430, upload-time = "2025-08-09T07:56:02.87Z" }, - { url = "https://files.pythonhosted.org/packages/2f/36/77da9c6a328c54d17b960c89eccacfab8271fdaaa228305330915b88afa9/charset_normalizer-3.4.3-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:1e8ac75d72fa3775e0b7cb7e4629cec13b7514d928d15ef8ea06bca03ef01cae", size = 151600, upload-time = "2025-08-09T07:56:04.089Z" }, - { url = "https://files.pythonhosted.org/packages/64/d4/9eb4ff2c167edbbf08cdd28e19078bf195762e9bd63371689cab5ecd3d0d/charset_normalizer-3.4.3-cp311-cp311-win32.whl", hash = "sha256:6cf8fd4c04756b6b60146d98cd8a77d0cdae0e1ca20329da2ac85eed779b6849", size = 99616, upload-time = "2025-08-09T07:56:05.658Z" }, - { url = "https://files.pythonhosted.org/packages/f4/9c/996a4a028222e7761a96634d1820de8a744ff4327a00ada9c8942033089b/charset_normalizer-3.4.3-cp311-cp311-win_amd64.whl", hash = "sha256:31a9a6f775f9bcd865d88ee350f0ffb0e25936a7f930ca98995c05abf1faf21c", size = 107108, upload-time = "2025-08-09T07:56:07.176Z" }, { url = "https://files.pythonhosted.org/packages/e9/5e/14c94999e418d9b87682734589404a25854d5f5d0408df68bc15b6ff54bb/charset_normalizer-3.4.3-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:e28e334d3ff134e88989d90ba04b47d84382a828c061d0d1027b1b12a62b39b1", size = 205655, upload-time = "2025-08-09T07:56:08.475Z" }, { url = "https://files.pythonhosted.org/packages/7d/a8/c6ec5d389672521f644505a257f50544c074cf5fc292d5390331cd6fc9c3/charset_normalizer-3.4.3-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:0cacf8f7297b0c4fcb74227692ca46b4a5852f8f4f24b3c766dd94a1075c4884", size = 146223, upload-time = "2025-08-09T07:56:09.708Z" }, { url = "https://files.pythonhosted.org/packages/fc/eb/a2ffb08547f4e1e5415fb69eb7db25932c52a52bed371429648db4d84fb1/charset_normalizer-3.4.3-cp312-cp312-manylinux2014_ppc64le.manylinux_2_17_ppc64le.manylinux_2_28_ppc64le.whl", hash = "sha256:c6fd51128a41297f5409deab284fecbe5305ebd7e5a1f959bee1c054622b7018", size = 159366, upload-time = "2025-08-09T07:56:11.326Z" }, @@ -265,16 +250,6 @@ version = "3.0.2" source = { registry = "https://pypi.org/simple" } sdist = { url = "https://files.pythonhosted.org/packages/b2/97/5d42485e71dfc078108a86d6de8fa46db44a1a9295e89c5d6d4a06e23a62/markupsafe-3.0.2.tar.gz", hash = "sha256:ee55d3edf80167e48ea11a923c7386f4669df67d7994554387f84e7d8b0a2bf0", size = 20537, upload-time = "2024-10-18T15:21:54.129Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/6b/28/bbf83e3f76936960b850435576dd5e67034e200469571be53f69174a2dfd/MarkupSafe-3.0.2-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:9025b4018f3a1314059769c7bf15441064b2207cb3f065e6ea1e7359cb46db9d", size = 14353, upload-time = "2024-10-18T15:21:02.187Z" }, - { url = "https://files.pythonhosted.org/packages/6c/30/316d194b093cde57d448a4c3209f22e3046c5bb2fb0820b118292b334be7/MarkupSafe-3.0.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:93335ca3812df2f366e80509ae119189886b0f3c2b81325d39efdb84a1e2ae93", size = 12392, upload-time = "2024-10-18T15:21:02.941Z" }, - { url = "https://files.pythonhosted.org/packages/f2/96/9cdafba8445d3a53cae530aaf83c38ec64c4d5427d975c974084af5bc5d2/MarkupSafe-3.0.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2cb8438c3cbb25e220c2ab33bb226559e7afb3baec11c4f218ffa7308603c832", size = 23984, upload-time = "2024-10-18T15:21:03.953Z" }, - { url = "https://files.pythonhosted.org/packages/f1/a4/aefb044a2cd8d7334c8a47d3fb2c9f328ac48cb349468cc31c20b539305f/MarkupSafe-3.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a123e330ef0853c6e822384873bef7507557d8e4a082961e1defa947aa59ba84", size = 23120, upload-time = "2024-10-18T15:21:06.495Z" }, - { url = "https://files.pythonhosted.org/packages/8d/21/5e4851379f88f3fad1de30361db501300d4f07bcad047d3cb0449fc51f8c/MarkupSafe-3.0.2-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1e084f686b92e5b83186b07e8a17fc09e38fff551f3602b249881fec658d3eca", size = 23032, upload-time = "2024-10-18T15:21:07.295Z" }, - { url = "https://files.pythonhosted.org/packages/00/7b/e92c64e079b2d0d7ddf69899c98842f3f9a60a1ae72657c89ce2655c999d/MarkupSafe-3.0.2-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:d8213e09c917a951de9d09ecee036d5c7d36cb6cb7dbaece4c71a60d79fb9798", size = 24057, upload-time = "2024-10-18T15:21:08.073Z" }, - { url = "https://files.pythonhosted.org/packages/f9/ac/46f960ca323037caa0a10662ef97d0a4728e890334fc156b9f9e52bcc4ca/MarkupSafe-3.0.2-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:5b02fb34468b6aaa40dfc198d813a641e3a63b98c2b05a16b9f80b7ec314185e", size = 23359, upload-time = "2024-10-18T15:21:09.318Z" }, - { url = "https://files.pythonhosted.org/packages/69/84/83439e16197337b8b14b6a5b9c2105fff81d42c2a7c5b58ac7b62ee2c3b1/MarkupSafe-3.0.2-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:0bff5e0ae4ef2e1ae4fdf2dfd5b76c75e5c2fa4132d05fc1b0dabcd20c7e28c4", size = 23306, upload-time = "2024-10-18T15:21:10.185Z" }, - { url = "https://files.pythonhosted.org/packages/9a/34/a15aa69f01e2181ed8d2b685c0d2f6655d5cca2c4db0ddea775e631918cd/MarkupSafe-3.0.2-cp311-cp311-win32.whl", hash = "sha256:6c89876f41da747c8d3677a2b540fb32ef5715f97b66eeb0c6b66f5e3ef6f59d", size = 15094, upload-time = "2024-10-18T15:21:11.005Z" }, - { url = "https://files.pythonhosted.org/packages/da/b8/3a3bd761922d416f3dc5d00bfbed11f66b1ab89a0c2b6e887240a30b0f6b/MarkupSafe-3.0.2-cp311-cp311-win_amd64.whl", hash = "sha256:70a87b411535ccad5ef2f1df5136506a10775d267e197e4cf531ced10537bd6b", size = 15521, upload-time = "2024-10-18T15:21:12.911Z" }, { url = "https://files.pythonhosted.org/packages/22/09/d1f21434c97fc42f09d290cbb6350d44eb12f09cc62c9476effdb33a18aa/MarkupSafe-3.0.2-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:9778bd8ab0a994ebf6f84c2b949e65736d5575320a17ae8984a77fab08db94cf", size = 14274, upload-time = "2024-10-18T15:21:13.777Z" }, { url = "https://files.pythonhosted.org/packages/6b/b0/18f76bba336fa5aecf79d45dcd6c806c280ec44538b3c13671d49099fdd0/MarkupSafe-3.0.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:846ade7b71e3536c4e56b386c2a47adf5741d2d8b94ec9dc3e92e5e1ee1e2225", size = 12348, upload-time = "2024-10-18T15:21:14.822Z" }, { url = "https://files.pythonhosted.org/packages/e0/25/dd5c0f6ac1311e9b40f4af06c78efde0f3b5cbf02502f8ef9501294c425b/MarkupSafe-3.0.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1c99d261bd2d5f6b59325c92c73df481e05e57f19837bdca8413b9eac4bd8028", size = 24149, upload-time = "2024-10-18T15:21:15.642Z" }, @@ -503,17 +478,6 @@ version = "2.3.2" source = { registry = "https://pypi.org/simple" } sdist = { url = "https://files.pythonhosted.org/packages/37/7d/3fec4199c5ffb892bed55cff901e4f39a58c81df9c44c280499e92cad264/numpy-2.3.2.tar.gz", hash = "sha256:e0486a11ec30cdecb53f184d496d1c6a20786c81e55e41640270130056f8ee48", size = 20489306, upload-time = "2025-07-24T21:32:07.553Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/96/26/1320083986108998bd487e2931eed2aeedf914b6e8905431487543ec911d/numpy-2.3.2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:852ae5bed3478b92f093e30f785c98e0cb62fa0a939ed057c31716e18a7a22b9", size = 21259016, upload-time = "2025-07-24T20:24:35.214Z" }, - { url = "https://files.pythonhosted.org/packages/c4/2b/792b341463fa93fc7e55abbdbe87dac316c5b8cb5e94fb7a59fb6fa0cda5/numpy-2.3.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:7a0e27186e781a69959d0230dd9909b5e26024f8da10683bd6344baea1885168", size = 14451158, upload-time = "2025-07-24T20:24:58.397Z" }, - { url = "https://files.pythonhosted.org/packages/b7/13/e792d7209261afb0c9f4759ffef6135b35c77c6349a151f488f531d13595/numpy-2.3.2-cp311-cp311-macosx_14_0_arm64.whl", hash = "sha256:f0a1a8476ad77a228e41619af2fa9505cf69df928e9aaa165746584ea17fed2b", size = 5379817, upload-time = "2025-07-24T20:25:07.746Z" }, - { url = "https://files.pythonhosted.org/packages/49/ce/055274fcba4107c022b2113a213c7287346563f48d62e8d2a5176ad93217/numpy-2.3.2-cp311-cp311-macosx_14_0_x86_64.whl", hash = "sha256:cbc95b3813920145032412f7e33d12080f11dc776262df1712e1638207dde9e8", size = 6913606, upload-time = "2025-07-24T20:25:18.84Z" }, - { url = "https://files.pythonhosted.org/packages/17/f2/e4d72e6bc5ff01e2ab613dc198d560714971900c03674b41947e38606502/numpy-2.3.2-cp311-cp311-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:f75018be4980a7324edc5930fe39aa391d5734531b1926968605416ff58c332d", size = 14589652, upload-time = "2025-07-24T20:25:40.356Z" }, - { url = "https://files.pythonhosted.org/packages/c8/b0/fbeee3000a51ebf7222016e2939b5c5ecf8000a19555d04a18f1e02521b8/numpy-2.3.2-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:20b8200721840f5621b7bd03f8dcd78de33ec522fc40dc2641aa09537df010c3", size = 16938816, upload-time = "2025-07-24T20:26:05.721Z" }, - { url = "https://files.pythonhosted.org/packages/a9/ec/2f6c45c3484cc159621ea8fc000ac5a86f1575f090cac78ac27193ce82cd/numpy-2.3.2-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:1f91e5c028504660d606340a084db4b216567ded1056ea2b4be4f9d10b67197f", size = 16370512, upload-time = "2025-07-24T20:26:30.545Z" }, - { url = "https://files.pythonhosted.org/packages/b5/01/dd67cf511850bd7aefd6347aaae0956ed415abea741ae107834aae7d6d4e/numpy-2.3.2-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:fb1752a3bb9a3ad2d6b090b88a9a0ae1cd6f004ef95f75825e2f382c183b2097", size = 18884947, upload-time = "2025-07-24T20:26:58.24Z" }, - { url = "https://files.pythonhosted.org/packages/a7/17/2cf60fd3e6a61d006778735edf67a222787a8c1a7842aed43ef96d777446/numpy-2.3.2-cp311-cp311-win32.whl", hash = "sha256:4ae6863868aaee2f57503c7a5052b3a2807cf7a3914475e637a0ecd366ced220", size = 6599494, upload-time = "2025-07-24T20:27:09.786Z" }, - { url = "https://files.pythonhosted.org/packages/d5/03/0eade211c504bda872a594f045f98ddcc6caef2b7c63610946845e304d3f/numpy-2.3.2-cp311-cp311-win_amd64.whl", hash = "sha256:240259d6564f1c65424bcd10f435145a7644a65a6811cfc3201c4a429ba79170", size = 13087889, upload-time = "2025-07-24T20:27:29.558Z" }, - { url = "https://files.pythonhosted.org/packages/13/32/2c7979d39dafb2a25087e12310fc7f3b9d3c7d960df4f4bc97955ae0ce1d/numpy-2.3.2-cp311-cp311-win_arm64.whl", hash = "sha256:4209f874d45f921bde2cff1ffcd8a3695f545ad2ffbef6d3d3c6768162efab89", size = 10459560, upload-time = "2025-07-24T20:27:46.803Z" }, { url = "https://files.pythonhosted.org/packages/00/6d/745dd1c1c5c284d17725e5c802ca4d45cfc6803519d777f087b71c9f4069/numpy-2.3.2-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:bc3186bea41fae9d8e90c2b4fb5f0a1f5a690682da79b92574d63f56b529080b", size = 20956420, upload-time = "2025-07-24T20:28:18.002Z" }, { url = "https://files.pythonhosted.org/packages/bc/96/e7b533ea5740641dd62b07a790af5d9d8fec36000b8e2d0472bd7574105f/numpy-2.3.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:2f4f0215edb189048a3c03bd5b19345bdfa7b45a7a6f72ae5945d2a28272727f", size = 14184660, upload-time = "2025-07-24T20:28:39.522Z" }, { url = "https://files.pythonhosted.org/packages/2b/53/102c6122db45a62aa20d1b18c9986f67e6b97e0d6fbc1ae13e3e4c84430c/numpy-2.3.2-cp312-cp312-macosx_14_0_arm64.whl", hash = "sha256:8b1224a734cd509f70816455c3cffe13a4f599b1bf7130f913ba0e2c0b2006c0", size = 5113382, upload-time = "2025-07-24T20:28:48.544Z" }, @@ -569,13 +533,6 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/14/ba/5b5c9978c4bb161034148ade2de9db44ec316fab89ce8c400db0e0c81f86/numpy-2.3.2-cp314-cp314t-win32.whl", hash = "sha256:6f1ae3dcb840edccc45af496f312528c15b1f79ac318169d094e85e4bb35fdf1", size = 6514777, upload-time = "2025-07-24T20:55:57.66Z" }, { url = "https://files.pythonhosted.org/packages/eb/46/3dbaf0ae7c17cdc46b9f662c56da2054887b8d9e737c1476f335c83d33db/numpy-2.3.2-cp314-cp314t-win_amd64.whl", hash = "sha256:087ffc25890d89a43536f75c5fe8770922008758e8eeeef61733957041ed2f9b", size = 13111856, upload-time = "2025-07-24T20:56:17.318Z" }, { url = "https://files.pythonhosted.org/packages/c1/9e/1652778bce745a67b5fe05adde60ed362d38eb17d919a540e813d30f6874/numpy-2.3.2-cp314-cp314t-win_arm64.whl", hash = "sha256:092aeb3449833ea9c0bf0089d70c29ae480685dd2377ec9cdbbb620257f84631", size = 10544226, upload-time = "2025-07-24T20:56:34.509Z" }, - { url = "https://files.pythonhosted.org/packages/cf/ea/50ebc91d28b275b23b7128ef25c3d08152bc4068f42742867e07a870a42a/numpy-2.3.2-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:14a91ebac98813a49bc6aa1a0dfc09513dcec1d97eaf31ca21a87221a1cdcb15", size = 21130338, upload-time = "2025-07-24T20:57:54.37Z" }, - { url = "https://files.pythonhosted.org/packages/9f/57/cdd5eac00dd5f137277355c318a955c0d8fb8aa486020c22afd305f8b88f/numpy-2.3.2-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:71669b5daae692189540cffc4c439468d35a3f84f0c88b078ecd94337f6cb0ec", size = 14375776, upload-time = "2025-07-24T20:58:16.303Z" }, - { url = "https://files.pythonhosted.org/packages/83/85/27280c7f34fcd305c2209c0cdca4d70775e4859a9eaa92f850087f8dea50/numpy-2.3.2-pp311-pypy311_pp73-macosx_14_0_arm64.whl", hash = "sha256:69779198d9caee6e547adb933941ed7520f896fd9656834c300bdf4dd8642712", size = 5304882, upload-time = "2025-07-24T20:58:26.199Z" }, - { url = "https://files.pythonhosted.org/packages/48/b4/6500b24d278e15dd796f43824e69939d00981d37d9779e32499e823aa0aa/numpy-2.3.2-pp311-pypy311_pp73-macosx_14_0_x86_64.whl", hash = "sha256:2c3271cc4097beb5a60f010bcc1cc204b300bb3eafb4399376418a83a1c6373c", size = 6818405, upload-time = "2025-07-24T20:58:37.341Z" }, - { url = "https://files.pythonhosted.org/packages/9b/c9/142c1e03f199d202da8e980c2496213509291b6024fd2735ad28ae7065c7/numpy-2.3.2-pp311-pypy311_pp73-manylinux_2_27_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:8446acd11fe3dc1830568c941d44449fd5cb83068e5c70bd5a470d323d448296", size = 14419651, upload-time = "2025-07-24T20:58:59.048Z" }, - { url = "https://files.pythonhosted.org/packages/8b/95/8023e87cbea31a750a6c00ff9427d65ebc5fef104a136bfa69f76266d614/numpy-2.3.2-pp311-pypy311_pp73-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:aa098a5ab53fa407fded5870865c6275a5cd4101cfdef8d6fafc48286a96e981", size = 16760166, upload-time = "2025-07-24T21:28:56.38Z" }, - { url = "https://files.pythonhosted.org/packages/78/e3/6690b3f85a05506733c7e90b577e4762517404ea78bab2ca3a5cb1aeb78d/numpy-2.3.2-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:6936aff90dda378c09bea075af0d9c675fe3a977a9d2402f95a87f440f59f619", size = 12977811, upload-time = "2025-07-24T21:29:18.234Z" }, ] [[package]] @@ -608,13 +565,6 @@ dependencies = [ ] sdist = { url = "https://files.pythonhosted.org/packages/d1/6f/75aa71f8a14267117adeeed5d21b204770189c0a0025acbdc03c337b28fc/pandas-2.3.1.tar.gz", hash = "sha256:0a95b9ac964fe83ce317827f80304d37388ea77616b1425f0ae41c9d2d0d7bb2", size = 4487493, upload-time = "2025-07-07T19:20:04.079Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/76/1c/ccf70029e927e473a4476c00e0d5b32e623bff27f0402d0a92b7fc29bb9f/pandas-2.3.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:2b0540963d83431f5ce8870ea02a7430adca100cec8a050f0811f8e31035541b", size = 11566608, upload-time = "2025-07-07T19:18:33.86Z" }, - { url = "https://files.pythonhosted.org/packages/ec/d3/3c37cb724d76a841f14b8f5fe57e5e3645207cc67370e4f84717e8bb7657/pandas-2.3.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:fe7317f578c6a153912bd2292f02e40c1d8f253e93c599e82620c7f69755c74f", size = 10823181, upload-time = "2025-07-07T19:18:36.151Z" }, - { url = "https://files.pythonhosted.org/packages/8a/4c/367c98854a1251940edf54a4df0826dcacfb987f9068abf3e3064081a382/pandas-2.3.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e6723a27ad7b244c0c79d8e7007092d7c8f0f11305770e2f4cd778b3ad5f9f85", size = 11793570, upload-time = "2025-07-07T19:18:38.385Z" }, - { url = "https://files.pythonhosted.org/packages/07/5f/63760ff107bcf5146eee41b38b3985f9055e710a72fdd637b791dea3495c/pandas-2.3.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3462c3735fe19f2638f2c3a40bd94ec2dc5ba13abbb032dd2fa1f540a075509d", size = 12378887, upload-time = "2025-07-07T19:18:41.284Z" }, - { url = "https://files.pythonhosted.org/packages/15/53/f31a9b4dfe73fe4711c3a609bd8e60238022f48eacedc257cd13ae9327a7/pandas-2.3.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:98bcc8b5bf7afed22cc753a28bc4d9e26e078e777066bc53fac7904ddef9a678", size = 13230957, upload-time = "2025-07-07T19:18:44.187Z" }, - { url = "https://files.pythonhosted.org/packages/e0/94/6fce6bf85b5056d065e0a7933cba2616dcb48596f7ba3c6341ec4bcc529d/pandas-2.3.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:4d544806b485ddf29e52d75b1f559142514e60ef58a832f74fb38e48d757b299", size = 13883883, upload-time = "2025-07-07T19:18:46.498Z" }, - { url = "https://files.pythonhosted.org/packages/c8/7b/bdcb1ed8fccb63d04bdb7635161d0ec26596d92c9d7a6cce964e7876b6c1/pandas-2.3.1-cp311-cp311-win_amd64.whl", hash = "sha256:b3cd4273d3cb3707b6fffd217204c52ed92859533e31dc03b7c5008aa933aaab", size = 11340212, upload-time = "2025-07-07T19:18:49.293Z" }, { url = "https://files.pythonhosted.org/packages/46/de/b8445e0f5d217a99fe0eeb2f4988070908979bec3587c0633e5428ab596c/pandas-2.3.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:689968e841136f9e542020698ee1c4fbe9caa2ed2213ae2388dc7b81721510d3", size = 11588172, upload-time = "2025-07-07T19:18:52.054Z" }, { url = "https://files.pythonhosted.org/packages/1e/e0/801cdb3564e65a5ac041ab99ea6f1d802a6c325bb6e58c79c06a3f1cd010/pandas-2.3.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:025e92411c16cbe5bb2a4abc99732a6b132f439b8aab23a59fa593eb00704232", size = 10717365, upload-time = "2025-07-07T19:18:54.785Z" }, { url = "https://files.pythonhosted.org/packages/51/a5/c76a8311833c24ae61a376dbf360eb1b1c9247a5d9c1e8b356563b31b80c/pandas-2.3.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9b7ff55f31c4fcb3e316e8f7fa194566b286d6ac430afec0d461163312c5841e", size = 11280411, upload-time = "2025-07-07T19:18:57.045Z" }, @@ -701,20 +651,6 @@ dependencies = [ ] sdist = { url = "https://files.pythonhosted.org/packages/ad/88/5f2260bdfae97aabf98f1778d43f69574390ad787afb646292a638c923d4/pydantic_core-2.33.2.tar.gz", hash = "sha256:7cb8bc3605c29176e1b105350d2e6474142d7c1bd1d9327c4a9bdb46bf827acc", size = 435195, upload-time = "2025-04-23T18:33:52.104Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/3f/8d/71db63483d518cbbf290261a1fc2839d17ff89fce7089e08cad07ccfce67/pydantic_core-2.33.2-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:4c5b0a576fb381edd6d27f0a85915c6daf2f8138dc5c267a57c08a62900758c7", size = 2028584, upload-time = "2025-04-23T18:31:03.106Z" }, - { url = "https://files.pythonhosted.org/packages/24/2f/3cfa7244ae292dd850989f328722d2aef313f74ffc471184dc509e1e4e5a/pydantic_core-2.33.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:e799c050df38a639db758c617ec771fd8fb7a5f8eaaa4b27b101f266b216a246", size = 1855071, upload-time = "2025-04-23T18:31:04.621Z" }, - { url = "https://files.pythonhosted.org/packages/b3/d3/4ae42d33f5e3f50dd467761304be2fa0a9417fbf09735bc2cce003480f2a/pydantic_core-2.33.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:dc46a01bf8d62f227d5ecee74178ffc448ff4e5197c756331f71efcc66dc980f", size = 1897823, upload-time = "2025-04-23T18:31:06.377Z" }, - { url = "https://files.pythonhosted.org/packages/f4/f3/aa5976e8352b7695ff808599794b1fba2a9ae2ee954a3426855935799488/pydantic_core-2.33.2-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:a144d4f717285c6d9234a66778059f33a89096dfb9b39117663fd8413d582dcc", size = 1983792, upload-time = "2025-04-23T18:31:07.93Z" }, - { url = "https://files.pythonhosted.org/packages/d5/7a/cda9b5a23c552037717f2b2a5257e9b2bfe45e687386df9591eff7b46d28/pydantic_core-2.33.2-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:73cf6373c21bc80b2e0dc88444f41ae60b2f070ed02095754eb5a01df12256de", size = 2136338, upload-time = "2025-04-23T18:31:09.283Z" }, - { url = "https://files.pythonhosted.org/packages/2b/9f/b8f9ec8dd1417eb9da784e91e1667d58a2a4a7b7b34cf4af765ef663a7e5/pydantic_core-2.33.2-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:3dc625f4aa79713512d1976fe9f0bc99f706a9dee21dfd1810b4bbbf228d0e8a", size = 2730998, upload-time = "2025-04-23T18:31:11.7Z" }, - { url = "https://files.pythonhosted.org/packages/47/bc/cd720e078576bdb8255d5032c5d63ee5c0bf4b7173dd955185a1d658c456/pydantic_core-2.33.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:881b21b5549499972441da4758d662aeea93f1923f953e9cbaff14b8b9565aef", size = 2003200, upload-time = "2025-04-23T18:31:13.536Z" }, - { url = "https://files.pythonhosted.org/packages/ca/22/3602b895ee2cd29d11a2b349372446ae9727c32e78a94b3d588a40fdf187/pydantic_core-2.33.2-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:bdc25f3681f7b78572699569514036afe3c243bc3059d3942624e936ec93450e", size = 2113890, upload-time = "2025-04-23T18:31:15.011Z" }, - { url = "https://files.pythonhosted.org/packages/ff/e6/e3c5908c03cf00d629eb38393a98fccc38ee0ce8ecce32f69fc7d7b558a7/pydantic_core-2.33.2-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:fe5b32187cbc0c862ee201ad66c30cf218e5ed468ec8dc1cf49dec66e160cc4d", size = 2073359, upload-time = "2025-04-23T18:31:16.393Z" }, - { url = "https://files.pythonhosted.org/packages/12/e7/6a36a07c59ebefc8777d1ffdaf5ae71b06b21952582e4b07eba88a421c79/pydantic_core-2.33.2-cp311-cp311-musllinux_1_1_armv7l.whl", hash = "sha256:bc7aee6f634a6f4a95676fcb5d6559a2c2a390330098dba5e5a5f28a2e4ada30", size = 2245883, upload-time = "2025-04-23T18:31:17.892Z" }, - { url = "https://files.pythonhosted.org/packages/16/3f/59b3187aaa6cc0c1e6616e8045b284de2b6a87b027cce2ffcea073adf1d2/pydantic_core-2.33.2-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:235f45e5dbcccf6bd99f9f472858849f73d11120d76ea8707115415f8e5ebebf", size = 2241074, upload-time = "2025-04-23T18:31:19.205Z" }, - { url = "https://files.pythonhosted.org/packages/e0/ed/55532bb88f674d5d8f67ab121a2a13c385df382de2a1677f30ad385f7438/pydantic_core-2.33.2-cp311-cp311-win32.whl", hash = "sha256:6368900c2d3ef09b69cb0b913f9f8263b03786e5b2a387706c5afb66800efd51", size = 1910538, upload-time = "2025-04-23T18:31:20.541Z" }, - { url = "https://files.pythonhosted.org/packages/fe/1b/25b7cccd4519c0b23c2dd636ad39d381abf113085ce4f7bec2b0dc755eb1/pydantic_core-2.33.2-cp311-cp311-win_amd64.whl", hash = "sha256:1e063337ef9e9820c77acc768546325ebe04ee38b08703244c1309cccc4f1bab", size = 1952909, upload-time = "2025-04-23T18:31:22.371Z" }, - { url = "https://files.pythonhosted.org/packages/49/a9/d809358e49126438055884c4366a1f6227f0f84f635a9014e2deb9b9de54/pydantic_core-2.33.2-cp311-cp311-win_arm64.whl", hash = "sha256:6b99022f1d19bc32a4c2a0d544fc9a76e3be90f0b3f4af413f87d38749300e65", size = 1897786, upload-time = "2025-04-23T18:31:24.161Z" }, { url = "https://files.pythonhosted.org/packages/18/8a/2b41c97f554ec8c71f2a8a5f85cb56a8b0956addfe8b0efb5b3d77e8bdc3/pydantic_core-2.33.2-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:a7ec89dc587667f22b6a0b6579c249fca9026ce7c333fc142ba42411fa243cdc", size = 2009000, upload-time = "2025-04-23T18:31:25.863Z" }, { url = "https://files.pythonhosted.org/packages/a1/02/6224312aacb3c8ecbaa959897af57181fb6cf3a3d7917fd44d0f2917e6f2/pydantic_core-2.33.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:3c6db6e52c6d70aa0d00d45cdb9b40f0433b96380071ea80b09277dba021ddf7", size = 1847996, upload-time = "2025-04-23T18:31:27.341Z" }, { url = "https://files.pythonhosted.org/packages/d6/46/6dcdf084a523dbe0a0be59d054734b86a981726f221f4562aed313dbcb49/pydantic_core-2.33.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4e61206137cbc65e6d5256e1166f88331d3b6238e082d9f74613b9b765fb9025", size = 1880957, upload-time = "2025-04-23T18:31:28.956Z" }, @@ -746,15 +682,6 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/a4/7d/e09391c2eebeab681df2b74bfe6c43422fffede8dc74187b2b0bf6fd7571/pydantic_core-2.33.2-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:61c18fba8e5e9db3ab908620af374db0ac1baa69f0f32df4f61ae23f15e586ac", size = 1806162, upload-time = "2025-04-23T18:32:20.188Z" }, { url = "https://files.pythonhosted.org/packages/f1/3d/847b6b1fed9f8ed3bb95a9ad04fbd0b212e832d4f0f50ff4d9ee5a9f15cf/pydantic_core-2.33.2-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:95237e53bb015f67b63c91af7518a62a8660376a6a0db19b89acc77a4d6199f5", size = 1981560, upload-time = "2025-04-23T18:32:22.354Z" }, { url = "https://files.pythonhosted.org/packages/6f/9a/e73262f6c6656262b5fdd723ad90f518f579b7bc8622e43a942eec53c938/pydantic_core-2.33.2-cp313-cp313t-win_amd64.whl", hash = "sha256:c2fc0a768ef76c15ab9238afa6da7f69895bb5d1ee83aeea2e3509af4472d0b9", size = 1935777, upload-time = "2025-04-23T18:32:25.088Z" }, - { url = "https://files.pythonhosted.org/packages/7b/27/d4ae6487d73948d6f20dddcd94be4ea43e74349b56eba82e9bdee2d7494c/pydantic_core-2.33.2-pp311-pypy311_pp73-macosx_10_12_x86_64.whl", hash = "sha256:dd14041875d09cc0f9308e37a6f8b65f5585cf2598a53aa0123df8b129d481f8", size = 2025200, upload-time = "2025-04-23T18:33:14.199Z" }, - { url = "https://files.pythonhosted.org/packages/f1/b8/b3cb95375f05d33801024079b9392a5ab45267a63400bf1866e7ce0f0de4/pydantic_core-2.33.2-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:d87c561733f66531dced0da6e864f44ebf89a8fba55f31407b00c2f7f9449593", size = 1859123, upload-time = "2025-04-23T18:33:16.555Z" }, - { url = "https://files.pythonhosted.org/packages/05/bc/0d0b5adeda59a261cd30a1235a445bf55c7e46ae44aea28f7bd6ed46e091/pydantic_core-2.33.2-pp311-pypy311_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2f82865531efd18d6e07a04a17331af02cb7a651583c418df8266f17a63c6612", size = 1892852, upload-time = "2025-04-23T18:33:18.513Z" }, - { url = "https://files.pythonhosted.org/packages/3e/11/d37bdebbda2e449cb3f519f6ce950927b56d62f0b84fd9cb9e372a26a3d5/pydantic_core-2.33.2-pp311-pypy311_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2bfb5112df54209d820d7bf9317c7a6c9025ea52e49f46b6a2060104bba37de7", size = 2067484, upload-time = "2025-04-23T18:33:20.475Z" }, - { url = "https://files.pythonhosted.org/packages/8c/55/1f95f0a05ce72ecb02a8a8a1c3be0579bbc29b1d5ab68f1378b7bebc5057/pydantic_core-2.33.2-pp311-pypy311_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:64632ff9d614e5eecfb495796ad51b0ed98c453e447a76bcbeeb69615079fc7e", size = 2108896, upload-time = "2025-04-23T18:33:22.501Z" }, - { url = "https://files.pythonhosted.org/packages/53/89/2b2de6c81fa131f423246a9109d7b2a375e83968ad0800d6e57d0574629b/pydantic_core-2.33.2-pp311-pypy311_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:f889f7a40498cc077332c7ab6b4608d296d852182211787d4f3ee377aaae66e8", size = 2069475, upload-time = "2025-04-23T18:33:24.528Z" }, - { url = "https://files.pythonhosted.org/packages/b8/e9/1f7efbe20d0b2b10f6718944b5d8ece9152390904f29a78e68d4e7961159/pydantic_core-2.33.2-pp311-pypy311_pp73-musllinux_1_1_armv7l.whl", hash = "sha256:de4b83bb311557e439b9e186f733f6c645b9417c84e2eb8203f3f820a4b988bf", size = 2239013, upload-time = "2025-04-23T18:33:26.621Z" }, - { url = "https://files.pythonhosted.org/packages/3c/b2/5309c905a93811524a49b4e031e9851a6b00ff0fb668794472ea7746b448/pydantic_core-2.33.2-pp311-pypy311_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:82f68293f055f51b51ea42fafc74b6aad03e70e191799430b90c13d643059ebb", size = 2238715, upload-time = "2025-04-23T18:33:28.656Z" }, - { url = "https://files.pythonhosted.org/packages/32/56/8a7ca5d2cd2cda1d245d34b1c9a942920a718082ae8e54e5f3e5a58b7add/pydantic_core-2.33.2-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:329467cecfb529c925cf2bbd4d60d2c509bc2fb52a20c1045bf09bb70971a9c1", size = 2066757, upload-time = "2025-04-23T18:33:30.645Z" }, ] [[package]] @@ -831,15 +758,6 @@ version = "6.0.2" source = { registry = "https://pypi.org/simple" } sdist = { url = "https://files.pythonhosted.org/packages/54/ed/79a089b6be93607fa5cdaedf301d7dfb23af5f25c398d5ead2525b063e17/pyyaml-6.0.2.tar.gz", hash = "sha256:d584d9ec91ad65861cc08d42e834324ef890a082e591037abe114850ff7bbc3e", size = 130631, upload-time = "2024-08-06T20:33:50.674Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/f8/aa/7af4e81f7acba21a4c6be026da38fd2b872ca46226673c89a758ebdc4fd2/PyYAML-6.0.2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:cc1c1159b3d456576af7a3e4d1ba7e6924cb39de8f67111c735f6fc832082774", size = 184612, upload-time = "2024-08-06T20:32:03.408Z" }, - { url = "https://files.pythonhosted.org/packages/8b/62/b9faa998fd185f65c1371643678e4d58254add437edb764a08c5a98fb986/PyYAML-6.0.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:1e2120ef853f59c7419231f3bf4e7021f1b936f6ebd222406c3b60212205d2ee", size = 172040, upload-time = "2024-08-06T20:32:04.926Z" }, - { url = "https://files.pythonhosted.org/packages/ad/0c/c804f5f922a9a6563bab712d8dcc70251e8af811fce4524d57c2c0fd49a4/PyYAML-6.0.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5d225db5a45f21e78dd9358e58a98702a0302f2659a3c6cd320564b75b86f47c", size = 736829, upload-time = "2024-08-06T20:32:06.459Z" }, - { url = "https://files.pythonhosted.org/packages/51/16/6af8d6a6b210c8e54f1406a6b9481febf9c64a3109c541567e35a49aa2e7/PyYAML-6.0.2-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:5ac9328ec4831237bec75defaf839f7d4564be1e6b25ac710bd1a96321cc8317", size = 764167, upload-time = "2024-08-06T20:32:08.338Z" }, - { url = "https://files.pythonhosted.org/packages/75/e4/2c27590dfc9992f73aabbeb9241ae20220bd9452df27483b6e56d3975cc5/PyYAML-6.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3ad2a3decf9aaba3d29c8f537ac4b243e36bef957511b4766cb0057d32b0be85", size = 762952, upload-time = "2024-08-06T20:32:14.124Z" }, - { url = "https://files.pythonhosted.org/packages/9b/97/ecc1abf4a823f5ac61941a9c00fe501b02ac3ab0e373c3857f7d4b83e2b6/PyYAML-6.0.2-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:ff3824dc5261f50c9b0dfb3be22b4567a6f938ccce4587b38952d85fd9e9afe4", size = 735301, upload-time = "2024-08-06T20:32:16.17Z" }, - { url = "https://files.pythonhosted.org/packages/45/73/0f49dacd6e82c9430e46f4a027baa4ca205e8b0a9dce1397f44edc23559d/PyYAML-6.0.2-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:797b4f722ffa07cc8d62053e4cff1486fa6dc094105d13fea7b1de7d8bf71c9e", size = 756638, upload-time = "2024-08-06T20:32:18.555Z" }, - { url = "https://files.pythonhosted.org/packages/22/5f/956f0f9fc65223a58fbc14459bf34b4cc48dec52e00535c79b8db361aabd/PyYAML-6.0.2-cp311-cp311-win32.whl", hash = "sha256:11d8f3dd2b9c1207dcaf2ee0bbbfd5991f571186ec9cc78427ba5bd32afae4b5", size = 143850, upload-time = "2024-08-06T20:32:19.889Z" }, - { url = "https://files.pythonhosted.org/packages/ed/23/8da0bbe2ab9dcdd11f4f4557ccaf95c10b9811b13ecced089d43ce59c3c8/PyYAML-6.0.2-cp311-cp311-win_amd64.whl", hash = "sha256:e10ce637b18caea04431ce14fabcf5c64a1c61ec9c56b071a4b7ca131ca52d44", size = 161980, upload-time = "2024-08-06T20:32:21.273Z" }, { url = "https://files.pythonhosted.org/packages/86/0c/c581167fc46d6d6d7ddcfb8c843a4de25bdd27e4466938109ca68492292c/PyYAML-6.0.2-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:c70c95198c015b85feafc136515252a261a84561b7b1d51e3384e0655ddf25ab", size = 183873, upload-time = "2024-08-06T20:32:25.131Z" }, { url = "https://files.pythonhosted.org/packages/a8/0c/38374f5bb272c051e2a69281d71cba6fdb983413e6758b84482905e29a5d/PyYAML-6.0.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:ce826d6ef20b1bc864f0a68340c8b3287705cae2f8b4b1d932177dcc76721725", size = 173302, upload-time = "2024-08-06T20:32:26.511Z" }, { url = "https://files.pythonhosted.org/packages/c3/93/9916574aa8c00aa06bbac729972eb1071d002b8e158bd0e83a3b9a20a1f7/PyYAML-6.0.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1f71ea527786de97d1a0cc0eacd1defc0985dcf6b3f17bb77dcfc8c34bec4dc5", size = 739154, upload-time = "2024-08-06T20:32:28.363Z" }, @@ -878,21 +796,6 @@ version = "3.13.0" source = { registry = "https://pypi.org/simple" } sdist = { url = "https://files.pythonhosted.org/packages/ed/f6/6895abc3a3d056b9698da3199b04c0e56226d530ae44a470edabf8b664f0/rapidfuzz-3.13.0.tar.gz", hash = "sha256:d2eaf3839e52cbcc0accbe9817a67b4b0fcf70aaeb229cfddc1c28061f9ce5d8", size = 57904226, upload-time = "2025-04-03T20:38:51.226Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/87/17/9be9eff5a3c7dfc831c2511262082c6786dca2ce21aa8194eef1cb71d67a/rapidfuzz-3.13.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:d395a5cad0c09c7f096433e5fd4224d83b53298d53499945a9b0e5a971a84f3a", size = 1999453, upload-time = "2025-04-03T20:35:40.804Z" }, - { url = "https://files.pythonhosted.org/packages/75/67/62e57896ecbabe363f027d24cc769d55dd49019e576533ec10e492fcd8a2/rapidfuzz-3.13.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:b7b3eda607a019169f7187328a8d1648fb9a90265087f6903d7ee3a8eee01805", size = 1450881, upload-time = "2025-04-03T20:35:42.734Z" }, - { url = "https://files.pythonhosted.org/packages/96/5c/691c5304857f3476a7b3df99e91efc32428cbe7d25d234e967cc08346c13/rapidfuzz-3.13.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:98e0bfa602e1942d542de077baf15d658bd9d5dcfe9b762aff791724c1c38b70", size = 1422990, upload-time = "2025-04-03T20:35:45.158Z" }, - { url = "https://files.pythonhosted.org/packages/46/81/7a7e78f977496ee2d613154b86b203d373376bcaae5de7bde92f3ad5a192/rapidfuzz-3.13.0-cp311-cp311-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:bef86df6d59667d9655905b02770a0c776d2853971c0773767d5ef8077acd624", size = 5342309, upload-time = "2025-04-03T20:35:46.952Z" }, - { url = "https://files.pythonhosted.org/packages/51/44/12fdd12a76b190fe94bf38d252bb28ddf0ab7a366b943e792803502901a2/rapidfuzz-3.13.0-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:fedd316c165beed6307bf754dee54d3faca2c47e1f3bcbd67595001dfa11e969", size = 1656881, upload-time = "2025-04-03T20:35:49.954Z" }, - { url = "https://files.pythonhosted.org/packages/27/ae/0d933e660c06fcfb087a0d2492f98322f9348a28b2cc3791a5dbadf6e6fb/rapidfuzz-3.13.0-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:5158da7f2ec02a930be13bac53bb5903527c073c90ee37804090614cab83c29e", size = 1608494, upload-time = "2025-04-03T20:35:51.646Z" }, - { url = "https://files.pythonhosted.org/packages/3d/2c/4b2f8aafdf9400e5599b6ed2f14bc26ca75f5a923571926ccbc998d4246a/rapidfuzz-3.13.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3b6f913ee4618ddb6d6f3e387b76e8ec2fc5efee313a128809fbd44e65c2bbb2", size = 3072160, upload-time = "2025-04-03T20:35:53.472Z" }, - { url = "https://files.pythonhosted.org/packages/60/7d/030d68d9a653c301114101c3003b31ce01cf2c3224034cd26105224cd249/rapidfuzz-3.13.0-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:d25fdbce6459ccbbbf23b4b044f56fbd1158b97ac50994eaae2a1c0baae78301", size = 2491549, upload-time = "2025-04-03T20:35:55.391Z" }, - { url = "https://files.pythonhosted.org/packages/8e/cd/7040ba538fc6a8ddc8816a05ecf46af9988b46c148ddd7f74fb0fb73d012/rapidfuzz-3.13.0-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:25343ccc589a4579fbde832e6a1e27258bfdd7f2eb0f28cb836d6694ab8591fc", size = 7584142, upload-time = "2025-04-03T20:35:57.71Z" }, - { url = "https://files.pythonhosted.org/packages/c1/96/85f7536fbceb0aa92c04a1c37a3fc4fcd4e80649e9ed0fb585382df82edc/rapidfuzz-3.13.0-cp311-cp311-musllinux_1_2_ppc64le.whl", hash = "sha256:a9ad1f37894e3ffb76bbab76256e8a8b789657183870be11aa64e306bb5228fd", size = 2896234, upload-time = "2025-04-03T20:35:59.969Z" }, - { url = "https://files.pythonhosted.org/packages/55/fd/460e78438e7019f2462fe9d4ecc880577ba340df7974c8a4cfe8d8d029df/rapidfuzz-3.13.0-cp311-cp311-musllinux_1_2_s390x.whl", hash = "sha256:5dc71ef23845bb6b62d194c39a97bb30ff171389c9812d83030c1199f319098c", size = 3437420, upload-time = "2025-04-03T20:36:01.91Z" }, - { url = "https://files.pythonhosted.org/packages/cc/df/c3c308a106a0993befd140a414c5ea78789d201cf1dfffb8fd9749718d4f/rapidfuzz-3.13.0-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:b7f4c65facdb94f44be759bbd9b6dda1fa54d0d6169cdf1a209a5ab97d311a75", size = 4410860, upload-time = "2025-04-03T20:36:04.352Z" }, - { url = "https://files.pythonhosted.org/packages/75/ee/9d4ece247f9b26936cdeaae600e494af587ce9bf8ddc47d88435f05cfd05/rapidfuzz-3.13.0-cp311-cp311-win32.whl", hash = "sha256:b5104b62711565e0ff6deab2a8f5dbf1fbe333c5155abe26d2cfd6f1849b6c87", size = 1843161, upload-time = "2025-04-03T20:36:06.802Z" }, - { url = "https://files.pythonhosted.org/packages/c9/5a/d00e1f63564050a20279015acb29ecaf41646adfacc6ce2e1e450f7f2633/rapidfuzz-3.13.0-cp311-cp311-win_amd64.whl", hash = "sha256:9093cdeb926deb32a4887ebe6910f57fbcdbc9fbfa52252c10b56ef2efb0289f", size = 1629962, upload-time = "2025-04-03T20:36:09.133Z" }, - { url = "https://files.pythonhosted.org/packages/3b/74/0a3de18bc2576b794f41ccd07720b623e840fda219ab57091897f2320fdd/rapidfuzz-3.13.0-cp311-cp311-win_arm64.whl", hash = "sha256:f70f646751b6aa9d05be1fb40372f006cc89d6aad54e9d79ae97bd1f5fce5203", size = 866631, upload-time = "2025-04-03T20:36:11.022Z" }, { url = "https://files.pythonhosted.org/packages/13/4b/a326f57a4efed8f5505b25102797a58e37ee11d94afd9d9422cb7c76117e/rapidfuzz-3.13.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:4a1a6a906ba62f2556372282b1ef37b26bca67e3d2ea957277cfcefc6275cca7", size = 1989501, upload-time = "2025-04-03T20:36:13.43Z" }, { url = "https://files.pythonhosted.org/packages/b7/53/1f7eb7ee83a06c400089ec7cb841cbd581c2edd7a4b21eb2f31030b88daa/rapidfuzz-3.13.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:2fd0975e015b05c79a97f38883a11236f5a24cca83aa992bd2558ceaa5652b26", size = 1445379, upload-time = "2025-04-03T20:36:16.439Z" }, { url = "https://files.pythonhosted.org/packages/07/09/de8069a4599cc8e6d194e5fa1782c561151dea7d5e2741767137e2a8c1f0/rapidfuzz-3.13.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5d4e13593d298c50c4f94ce453f757b4b398af3fa0fd2fde693c3e51195b7f69", size = 1405986, upload-time = "2025-04-03T20:36:18.447Z" }, @@ -923,12 +826,6 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/0c/f3/5e0c6ae452cbb74e5436d3445467447e8c32f3021f48f93f15934b8cffc2/rapidfuzz-3.13.0-cp313-cp313-win32.whl", hash = "sha256:0e1d08cb884805a543f2de1f6744069495ef527e279e05370dd7c83416af83f8", size = 1822066, upload-time = "2025-04-03T20:37:14.425Z" }, { url = "https://files.pythonhosted.org/packages/96/e3/a98c25c4f74051df4dcf2f393176b8663bfd93c7afc6692c84e96de147a2/rapidfuzz-3.13.0-cp313-cp313-win_amd64.whl", hash = "sha256:9a7c6232be5f809cd39da30ee5d24e6cadd919831e6020ec6c2391f4c3bc9264", size = 1615100, upload-time = "2025-04-03T20:37:16.611Z" }, { url = "https://files.pythonhosted.org/packages/60/b1/05cd5e697c00cd46d7791915f571b38c8531f714832eff2c5e34537c49ee/rapidfuzz-3.13.0-cp313-cp313-win_arm64.whl", hash = "sha256:3f32f15bacd1838c929b35c84b43618481e1b3d7a61b5ed2db0291b70ae88b53", size = 858976, upload-time = "2025-04-03T20:37:19.336Z" }, - { url = "https://files.pythonhosted.org/packages/88/df/6060c5a9c879b302bd47a73fc012d0db37abf6544c57591bcbc3459673bd/rapidfuzz-3.13.0-pp311-pypy311_pp73-macosx_10_15_x86_64.whl", hash = "sha256:1ba007f4d35a45ee68656b2eb83b8715e11d0f90e5b9f02d615a8a321ff00c27", size = 1905935, upload-time = "2025-04-03T20:38:18.07Z" }, - { url = "https://files.pythonhosted.org/packages/a2/6c/a0b819b829e20525ef1bd58fc776fb8d07a0c38d819e63ba2b7c311a2ed4/rapidfuzz-3.13.0-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:d7a217310429b43be95b3b8ad7f8fc41aba341109dc91e978cd7c703f928c58f", size = 1383714, upload-time = "2025-04-03T20:38:20.628Z" }, - { url = "https://files.pythonhosted.org/packages/6a/c1/3da3466cc8a9bfb9cd345ad221fac311143b6a9664b5af4adb95b5e6ce01/rapidfuzz-3.13.0-pp311-pypy311_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:558bf526bcd777de32b7885790a95a9548ffdcce68f704a81207be4a286c1095", size = 1367329, upload-time = "2025-04-03T20:38:23.01Z" }, - { url = "https://files.pythonhosted.org/packages/da/f0/9f2a9043bfc4e66da256b15d728c5fc2d865edf0028824337f5edac36783/rapidfuzz-3.13.0-pp311-pypy311_pp73-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:202a87760f5145140d56153b193a797ae9338f7939eb16652dd7ff96f8faf64c", size = 5251057, upload-time = "2025-04-03T20:38:25.52Z" }, - { url = "https://files.pythonhosted.org/packages/6a/ff/af2cb1d8acf9777d52487af5c6b34ce9d13381a753f991d95ecaca813407/rapidfuzz-3.13.0-pp311-pypy311_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:cfcccc08f671646ccb1e413c773bb92e7bba789e3a1796fd49d23c12539fe2e4", size = 2992401, upload-time = "2025-04-03T20:38:28.196Z" }, - { url = "https://files.pythonhosted.org/packages/c1/c5/c243b05a15a27b946180db0d1e4c999bef3f4221505dff9748f1f6c917be/rapidfuzz-3.13.0-pp311-pypy311_pp73-win_amd64.whl", hash = "sha256:1f219f1e3c3194d7a7de222f54450ce12bc907862ff9a8962d83061c1f923c86", size = 1553782, upload-time = "2025-04-03T20:38:30.778Z" }, ] [[package]] @@ -980,21 +877,6 @@ version = "0.27.0" source = { registry = "https://pypi.org/simple" } sdist = { url = "https://files.pythonhosted.org/packages/1e/d9/991a0dee12d9fc53ed027e26a26a64b151d77252ac477e22666b9688bc16/rpds_py-0.27.0.tar.gz", hash = "sha256:8b23cf252f180cda89220b378d917180f29d313cd6a07b2431c0d3b776aae86f", size = 27420, upload-time = "2025-08-07T08:26:39.624Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/b4/c1/49d515434c1752e40f5e35b985260cf27af052593378580a2f139a5be6b8/rpds_py-0.27.0-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:dbc2ab5d10544eb485baa76c63c501303b716a5c405ff2469a1d8ceffaabf622", size = 371577, upload-time = "2025-08-07T08:23:25.379Z" }, - { url = "https://files.pythonhosted.org/packages/e1/6d/bf2715b2fee5087fa13b752b5fd573f1a93e4134c74d275f709e38e54fe7/rpds_py-0.27.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:7ec85994f96a58cf7ed288caa344b7fe31fd1d503bdf13d7331ead5f70ab60d5", size = 354959, upload-time = "2025-08-07T08:23:26.767Z" }, - { url = "https://files.pythonhosted.org/packages/a3/5c/e7762808c746dd19733a81373c10da43926f6a6adcf4920a21119697a60a/rpds_py-0.27.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:190d7285cd3bb6d31d37a0534d7359c1ee191eb194c511c301f32a4afa5a1dd4", size = 381485, upload-time = "2025-08-07T08:23:27.869Z" }, - { url = "https://files.pythonhosted.org/packages/40/51/0d308eb0b558309ca0598bcba4243f52c4cd20e15fe991b5bd75824f2e61/rpds_py-0.27.0-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:c10d92fb6d7fd827e44055fcd932ad93dac6a11e832d51534d77b97d1d85400f", size = 396816, upload-time = "2025-08-07T08:23:29.424Z" }, - { url = "https://files.pythonhosted.org/packages/5c/aa/2d585ec911d78f66458b2c91252134ca0c7c70f687a72c87283173dc0c96/rpds_py-0.27.0-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:dd2c1d27ebfe6a015cfa2005b7fe8c52d5019f7bbdd801bc6f7499aab9ae739e", size = 514950, upload-time = "2025-08-07T08:23:30.576Z" }, - { url = "https://files.pythonhosted.org/packages/0b/ef/aced551cc1148179557aed84343073adadf252c91265263ee6203458a186/rpds_py-0.27.0-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:4790c9d5dd565ddb3e9f656092f57268951398cef52e364c405ed3112dc7c7c1", size = 402132, upload-time = "2025-08-07T08:23:32.428Z" }, - { url = "https://files.pythonhosted.org/packages/4b/ac/cf644803d8d417653fe2b3604186861d62ea6afaef1b2284045741baef17/rpds_py-0.27.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4300e15e7d03660f04be84a125d1bdd0e6b2f674bc0723bc0fd0122f1a4585dc", size = 383660, upload-time = "2025-08-07T08:23:33.829Z" }, - { url = "https://files.pythonhosted.org/packages/c9/ec/caf47c55ce02b76cbaeeb2d3b36a73da9ca2e14324e3d75cf72b59dcdac5/rpds_py-0.27.0-cp311-cp311-manylinux_2_31_riscv64.whl", hash = "sha256:59195dc244fc183209cf8a93406889cadde47dfd2f0a6b137783aa9c56d67c85", size = 401730, upload-time = "2025-08-07T08:23:34.97Z" }, - { url = "https://files.pythonhosted.org/packages/0b/71/c1f355afdcd5b99ffc253422aa4bdcb04ccf1491dcd1bda3688a0c07fd61/rpds_py-0.27.0-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:fae4a01ef8c4cb2bbe92ef2063149596907dc4a881a8d26743b3f6b304713171", size = 416122, upload-time = "2025-08-07T08:23:36.062Z" }, - { url = "https://files.pythonhosted.org/packages/38/0f/f4b5b1eda724ed0e04d2b26d8911cdc131451a7ee4c4c020a1387e5c6ded/rpds_py-0.27.0-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:e3dc8d4ede2dbae6c0fc2b6c958bf51ce9fd7e9b40c0f5b8835c3fde44f5807d", size = 558771, upload-time = "2025-08-07T08:23:37.478Z" }, - { url = "https://files.pythonhosted.org/packages/93/c0/5f8b834db2289ab48d5cffbecbb75e35410103a77ac0b8da36bf9544ec1c/rpds_py-0.27.0-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:c3782fb753aa825b4ccabc04292e07897e2fd941448eabf666856c5530277626", size = 587876, upload-time = "2025-08-07T08:23:38.662Z" }, - { url = "https://files.pythonhosted.org/packages/d2/dd/1a1df02ab8eb970115cff2ae31a6f73916609b900dc86961dc382b8c2e5e/rpds_py-0.27.0-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:887ab1f12b0d227e9260558a4a2320024b20102207ada65c43e1ffc4546df72e", size = 554359, upload-time = "2025-08-07T08:23:39.897Z" }, - { url = "https://files.pythonhosted.org/packages/a1/e4/95a014ab0d51ab6e3bebbdb476a42d992d2bbf9c489d24cff9fda998e925/rpds_py-0.27.0-cp311-cp311-win32.whl", hash = "sha256:5d6790ff400254137b81b8053b34417e2c46921e302d655181d55ea46df58cf7", size = 218084, upload-time = "2025-08-07T08:23:41.086Z" }, - { url = "https://files.pythonhosted.org/packages/49/78/f8d5b71ec65a0376b0de31efcbb5528ce17a9b7fdd19c3763303ccfdedec/rpds_py-0.27.0-cp311-cp311-win_amd64.whl", hash = "sha256:e24d8031a2c62f34853756d9208eeafa6b940a1efcbfe36e8f57d99d52bb7261", size = 230085, upload-time = "2025-08-07T08:23:42.143Z" }, - { url = "https://files.pythonhosted.org/packages/e7/d3/84429745184091e06b4cc70f8597408e314c2d2f7f5e13249af9ffab9e3d/rpds_py-0.27.0-cp311-cp311-win_arm64.whl", hash = "sha256:08680820d23df1df0a0260f714d12966bc6c42d02e8055a91d61e03f0c47dda0", size = 222112, upload-time = "2025-08-07T08:23:43.233Z" }, { url = "https://files.pythonhosted.org/packages/cd/17/e67309ca1ac993fa1888a0d9b2f5ccc1f67196ace32e76c9f8e1dbbbd50c/rpds_py-0.27.0-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:19c990fdf5acecbf0623e906ae2e09ce1c58947197f9bced6bbd7482662231c4", size = 362611, upload-time = "2025-08-07T08:23:44.773Z" }, { url = "https://files.pythonhosted.org/packages/93/2e/28c2fb84aa7aa5d75933d1862d0f7de6198ea22dfd9a0cca06e8a4e7509e/rpds_py-0.27.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:6c27a7054b5224710fcfb1a626ec3ff4f28bcb89b899148c72873b18210e446b", size = 347680, upload-time = "2025-08-07T08:23:46.014Z" }, { url = "https://files.pythonhosted.org/packages/44/3e/9834b4c8f4f5fe936b479e623832468aa4bd6beb8d014fecaee9eac6cdb1/rpds_py-0.27.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:09965b314091829b378b60607022048953e25f0b396c2b70e7c4c81bcecf932e", size = 384600, upload-time = "2025-08-07T08:23:48Z" }, @@ -1068,18 +950,6 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/63/09/ee1bb5536f99f42c839b177d552f6114aa3142d82f49cef49261ed28dbe0/rpds_py-0.27.0-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:3001013dae10f806380ba739d40dee11db1ecb91684febb8406a87c2ded23dae", size = 555090, upload-time = "2025-08-07T08:25:20.461Z" }, { url = "https://files.pythonhosted.org/packages/7d/2c/363eada9e89f7059199d3724135a86c47082cbf72790d6ba2f336d146ddb/rpds_py-0.27.0-cp314-cp314t-win32.whl", hash = "sha256:0f401c369186a5743694dd9fc08cba66cf70908757552e1f714bfc5219c655b5", size = 218001, upload-time = "2025-08-07T08:25:21.761Z" }, { url = "https://files.pythonhosted.org/packages/e2/3f/d6c216ed5199c9ef79e2a33955601f454ed1e7420a93b89670133bca5ace/rpds_py-0.27.0-cp314-cp314t-win_amd64.whl", hash = "sha256:8a1dca5507fa1337f75dcd5070218b20bc68cf8844271c923c1b79dfcbc20391", size = 230993, upload-time = "2025-08-07T08:25:23.34Z" }, - { url = "https://files.pythonhosted.org/packages/59/64/72ab5b911fdcc48058359b0e786e5363e3fde885156116026f1a2ba9a5b5/rpds_py-0.27.0-pp311-pypy311_pp73-macosx_10_12_x86_64.whl", hash = "sha256:e6491658dd2569f05860bad645569145c8626ac231877b0fb2d5f9bcb7054089", size = 371658, upload-time = "2025-08-07T08:26:02.369Z" }, - { url = "https://files.pythonhosted.org/packages/6c/4b/90ff04b4da055db53d8fea57640d8d5d55456343a1ec9a866c0ecfe10fd1/rpds_py-0.27.0-pp311-pypy311_pp73-macosx_11_0_arm64.whl", hash = "sha256:bec77545d188f8bdd29d42bccb9191682a46fb2e655e3d1fb446d47c55ac3b8d", size = 355529, upload-time = "2025-08-07T08:26:03.83Z" }, - { url = "https://files.pythonhosted.org/packages/a4/be/527491fb1afcd86fc5ce5812eb37bc70428ee017d77fee20de18155c3937/rpds_py-0.27.0-pp311-pypy311_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:25a4aebf8ca02bbb90a9b3e7a463bbf3bee02ab1c446840ca07b1695a68ce424", size = 382822, upload-time = "2025-08-07T08:26:05.52Z" }, - { url = "https://files.pythonhosted.org/packages/e0/a5/dcdb8725ce11e6d0913e6fcf782a13f4b8a517e8acc70946031830b98441/rpds_py-0.27.0-pp311-pypy311_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:44524b96481a4c9b8e6c46d6afe43fa1fb485c261e359fbe32b63ff60e3884d8", size = 397233, upload-time = "2025-08-07T08:26:07.179Z" }, - { url = "https://files.pythonhosted.org/packages/33/f9/0947920d1927e9f144660590cc38cadb0795d78fe0d9aae0ef71c1513b7c/rpds_py-0.27.0-pp311-pypy311_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:45d04a73c54b6a5fd2bab91a4b5bc8b426949586e61340e212a8484919183859", size = 514892, upload-time = "2025-08-07T08:26:08.622Z" }, - { url = "https://files.pythonhosted.org/packages/1d/ed/d1343398c1417c68f8daa1afce56ef6ce5cc587daaf98e29347b00a80ff2/rpds_py-0.27.0-pp311-pypy311_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:343cf24de9ed6c728abefc5d5c851d5de06497caa7ac37e5e65dd572921ed1b5", size = 402733, upload-time = "2025-08-07T08:26:10.433Z" }, - { url = "https://files.pythonhosted.org/packages/1d/0b/646f55442cd14014fb64d143428f25667a100f82092c90087b9ea7101c74/rpds_py-0.27.0-pp311-pypy311_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7aed8118ae20515974650d08eb724150dc2e20c2814bcc307089569995e88a14", size = 384447, upload-time = "2025-08-07T08:26:11.847Z" }, - { url = "https://files.pythonhosted.org/packages/4b/15/0596ef7529828e33a6c81ecf5013d1dd33a511a3e0be0561f83079cda227/rpds_py-0.27.0-pp311-pypy311_pp73-manylinux_2_31_riscv64.whl", hash = "sha256:af9d4fd79ee1cc8e7caf693ee02737daabfc0fcf2773ca0a4735b356c8ad6f7c", size = 402502, upload-time = "2025-08-07T08:26:13.537Z" }, - { url = "https://files.pythonhosted.org/packages/c3/8d/986af3c42f8454a6cafff8729d99fb178ae9b08a9816325ac7a8fa57c0c0/rpds_py-0.27.0-pp311-pypy311_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:f0396e894bd1e66c74ecbc08b4f6a03dc331140942c4b1d345dd131b68574a60", size = 416651, upload-time = "2025-08-07T08:26:14.923Z" }, - { url = "https://files.pythonhosted.org/packages/e9/9a/b4ec3629b7b447e896eec574469159b5b60b7781d3711c914748bf32de05/rpds_py-0.27.0-pp311-pypy311_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:59714ab0a5af25d723d8e9816638faf7f4254234decb7d212715c1aa71eee7be", size = 559460, upload-time = "2025-08-07T08:26:16.295Z" }, - { url = "https://files.pythonhosted.org/packages/61/63/d1e127b40c3e4733b3a6f26ae7a063cdf2bc1caa5272c89075425c7d397a/rpds_py-0.27.0-pp311-pypy311_pp73-musllinux_1_2_i686.whl", hash = "sha256:88051c3b7d5325409f433c5a40328fcb0685fc04e5db49ff936e910901d10114", size = 588072, upload-time = "2025-08-07T08:26:17.776Z" }, - { url = "https://files.pythonhosted.org/packages/04/7e/8ffc71a8f6833d9c9fb999f5b0ee736b8b159fd66968e05c7afc2dbcd57e/rpds_py-0.27.0-pp311-pypy311_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:181bc29e59e5e5e6e9d63b143ff4d5191224d355e246b5a48c88ce6b35c4e466", size = 555083, upload-time = "2025-08-07T08:26:19.301Z" }, ] [[package]] @@ -1094,11 +964,6 @@ dependencies = [ ] sdist = { url = "https://files.pythonhosted.org/packages/9e/a5/4ae3b3a0755f7b35a280ac90b28817d1f380318973cff14075ab41ef50d9/scikit_learn-1.6.1.tar.gz", hash = "sha256:b4fc2525eca2c69a59260f583c56a7557c6ccdf8deafdba6e060f94c1c59738e", size = 7068312, upload-time = "2025-01-10T08:07:55.348Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/6c/2a/e291c29670795406a824567d1dfc91db7b699799a002fdaa452bceea8f6e/scikit_learn-1.6.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:72abc587c75234935e97d09aa4913a82f7b03ee0b74111dcc2881cba3c5a7b33", size = 12102620, upload-time = "2025-01-10T08:06:16.675Z" }, - { url = "https://files.pythonhosted.org/packages/25/92/ee1d7a00bb6b8c55755d4984fd82608603a3cc59959245068ce32e7fb808/scikit_learn-1.6.1-cp311-cp311-macosx_12_0_arm64.whl", hash = "sha256:b3b00cdc8f1317b5f33191df1386c0befd16625f49d979fe77a8d44cae82410d", size = 11116234, upload-time = "2025-01-10T08:06:21.83Z" }, - { url = "https://files.pythonhosted.org/packages/30/cd/ed4399485ef364bb25f388ab438e3724e60dc218c547a407b6e90ccccaef/scikit_learn-1.6.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:dc4765af3386811c3ca21638f63b9cf5ecf66261cc4815c1db3f1e7dc7b79db2", size = 12592155, upload-time = "2025-01-10T08:06:27.309Z" }, - { url = "https://files.pythonhosted.org/packages/a8/f3/62fc9a5a659bb58a03cdd7e258956a5824bdc9b4bb3c5d932f55880be569/scikit_learn-1.6.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:25fc636bdaf1cc2f4a124a116312d837148b5e10872147bdaf4887926b8c03d8", size = 13497069, upload-time = "2025-01-10T08:06:32.515Z" }, - { url = "https://files.pythonhosted.org/packages/a1/a6/c5b78606743a1f28eae8f11973de6613a5ee87366796583fb74c67d54939/scikit_learn-1.6.1-cp311-cp311-win_amd64.whl", hash = "sha256:fa909b1a36e000a03c382aade0bd2063fd5680ff8b8e501660c0f59f021a6415", size = 11139809, upload-time = "2025-01-10T08:06:35.514Z" }, { url = "https://files.pythonhosted.org/packages/0a/18/c797c9b8c10380d05616db3bfb48e2a3358c767affd0857d56c2eb501caa/scikit_learn-1.6.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:926f207c804104677af4857b2c609940b743d04c4c35ce0ddc8ff4f053cddc1b", size = 12104516, upload-time = "2025-01-10T08:06:40.009Z" }, { url = "https://files.pythonhosted.org/packages/c4/b7/2e35f8e289ab70108f8cbb2e7a2208f0575dc704749721286519dcf35f6f/scikit_learn-1.6.1-cp312-cp312-macosx_12_0_arm64.whl", hash = "sha256:2c2cae262064e6a9b77eee1c8e768fc46aa0b8338c6a8297b9b6759720ec0ff2", size = 11167837, upload-time = "2025-01-10T08:06:43.305Z" }, { url = "https://files.pythonhosted.org/packages/a4/f6/ff7beaeb644bcad72bcfd5a03ff36d32ee4e53a8b29a639f11bcb65d06cd/scikit_learn-1.6.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1061b7c028a8663fb9a1a1baf9317b64a257fcb036dae5c8752b2abef31d136f", size = 12253728, upload-time = "2025-01-10T08:06:47.618Z" }, @@ -1124,15 +989,6 @@ dependencies = [ ] sdist = { url = "https://files.pythonhosted.org/packages/f5/4a/b927028464795439faec8eaf0b03b011005c487bb2d07409f28bf30879c4/scipy-1.16.1.tar.gz", hash = "sha256:44c76f9e8b6e8e488a586190ab38016e4ed2f8a038af7cd3defa903c0a2238b3", size = 30580861, upload-time = "2025-07-27T16:33:30.834Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/da/91/812adc6f74409b461e3a5fa97f4f74c769016919203138a3bf6fc24ba4c5/scipy-1.16.1-cp311-cp311-macosx_10_14_x86_64.whl", hash = "sha256:c033fa32bab91dc98ca59d0cf23bb876454e2bb02cbe592d5023138778f70030", size = 36552519, upload-time = "2025-07-27T16:26:29.658Z" }, - { url = "https://files.pythonhosted.org/packages/47/18/8e355edcf3b71418d9e9f9acd2708cc3a6c27e8f98fde0ac34b8a0b45407/scipy-1.16.1-cp311-cp311-macosx_12_0_arm64.whl", hash = "sha256:6e5c2f74e5df33479b5cd4e97a9104c511518fbd979aa9b8f6aec18b2e9ecae7", size = 28638010, upload-time = "2025-07-27T16:26:38.196Z" }, - { url = "https://files.pythonhosted.org/packages/d9/eb/e931853058607bdfbc11b86df19ae7a08686121c203483f62f1ecae5989c/scipy-1.16.1-cp311-cp311-macosx_14_0_arm64.whl", hash = "sha256:0a55ffe0ba0f59666e90951971a884d1ff6f4ec3275a48f472cfb64175570f77", size = 20909790, upload-time = "2025-07-27T16:26:43.93Z" }, - { url = "https://files.pythonhosted.org/packages/45/0c/be83a271d6e96750cd0be2e000f35ff18880a46f05ce8b5d3465dc0f7a2a/scipy-1.16.1-cp311-cp311-macosx_14_0_x86_64.whl", hash = "sha256:f8a5d6cd147acecc2603fbd382fed6c46f474cccfcf69ea32582e033fb54dcfe", size = 23513352, upload-time = "2025-07-27T16:26:50.017Z" }, - { url = "https://files.pythonhosted.org/packages/7c/bf/fe6eb47e74f762f933cca962db7f2c7183acfdc4483bd1c3813cfe83e538/scipy-1.16.1-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:cb18899127278058bcc09e7b9966d41a5a43740b5bb8dcba401bd983f82e885b", size = 33534643, upload-time = "2025-07-27T16:26:57.503Z" }, - { url = "https://files.pythonhosted.org/packages/bb/ba/63f402e74875486b87ec6506a4f93f6d8a0d94d10467280f3d9d7837ce3a/scipy-1.16.1-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:adccd93a2fa937a27aae826d33e3bfa5edf9aa672376a4852d23a7cd67a2e5b7", size = 35376776, upload-time = "2025-07-27T16:27:06.639Z" }, - { url = "https://files.pythonhosted.org/packages/c3/b4/04eb9d39ec26a1b939689102da23d505ea16cdae3dbb18ffc53d1f831044/scipy-1.16.1-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:18aca1646a29ee9a0625a1be5637fa798d4d81fdf426481f06d69af828f16958", size = 35698906, upload-time = "2025-07-27T16:27:14.943Z" }, - { url = "https://files.pythonhosted.org/packages/04/d6/bb5468da53321baeb001f6e4e0d9049eadd175a4a497709939128556e3ec/scipy-1.16.1-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:d85495cef541729a70cdddbbf3e6b903421bc1af3e8e3a9a72a06751f33b7c39", size = 38129275, upload-time = "2025-07-27T16:27:23.873Z" }, - { url = "https://files.pythonhosted.org/packages/c4/94/994369978509f227cba7dfb9e623254d0d5559506fe994aef4bea3ed469c/scipy-1.16.1-cp311-cp311-win_amd64.whl", hash = "sha256:226652fca853008119c03a8ce71ffe1b3f6d2844cc1686e8f9806edafae68596", size = 38644572, upload-time = "2025-07-27T16:27:32.637Z" }, { url = "https://files.pythonhosted.org/packages/f8/d9/ec4864f5896232133f51382b54a08de91a9d1af7a76dfa372894026dfee2/scipy-1.16.1-cp312-cp312-macosx_10_14_x86_64.whl", hash = "sha256:81b433bbeaf35728dad619afc002db9b189e45eebe2cd676effe1fb93fef2b9c", size = 36575194, upload-time = "2025-07-27T16:27:41.321Z" }, { url = "https://files.pythonhosted.org/packages/5c/6d/40e81ecfb688e9d25d34a847dca361982a6addf8e31f0957b1a54fbfa994/scipy-1.16.1-cp312-cp312-macosx_12_0_arm64.whl", hash = "sha256:886cc81fdb4c6903a3bb0464047c25a6d1016fef77bb97949817d0c0d79f9e04", size = 28594590, upload-time = "2025-07-27T16:27:49.204Z" }, { url = "https://files.pythonhosted.org/packages/0e/37/9f65178edfcc629377ce9a64fc09baebea18c80a9e57ae09a52edf84880b/scipy-1.16.1-cp312-cp312-macosx_14_0_arm64.whl", hash = "sha256:15240c3aac087a522b4eaedb09f0ad061753c5eebf1ea430859e5bf8640d5919", size = 20866458, upload-time = "2025-07-27T16:27:54.98Z" }, @@ -1345,9 +1201,6 @@ version = "6.0.0" source = { registry = "https://pypi.org/simple" } sdist = { url = "https://files.pythonhosted.org/packages/db/7d/7f3d619e951c88ed75c6037b246ddcf2d322812ee8ea189be89511721d54/watchdog-6.0.0.tar.gz", hash = "sha256:9ddf7c82fda3ae8e24decda1338ede66e1c99883db93711d8fb941eaa2d8c282", size = 131220, upload-time = "2024-11-01T14:07:13.037Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/e0/24/d9be5cd6642a6aa68352ded4b4b10fb0d7889cb7f45814fb92cecd35f101/watchdog-6.0.0-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:6eb11feb5a0d452ee41f824e271ca311a09e250441c262ca2fd7ebcf2461a06c", size = 96393, upload-time = "2024-11-01T14:06:31.756Z" }, - { url = "https://files.pythonhosted.org/packages/63/7a/6013b0d8dbc56adca7fdd4f0beed381c59f6752341b12fa0886fa7afc78b/watchdog-6.0.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:ef810fbf7b781a5a593894e4f439773830bdecb885e6880d957d5b9382a960d2", size = 88392, upload-time = "2024-11-01T14:06:32.99Z" }, - { url = "https://files.pythonhosted.org/packages/d1/40/b75381494851556de56281e053700e46bff5b37bf4c7267e858640af5a7f/watchdog-6.0.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:afd0fe1b2270917c5e23c2a65ce50c2a4abb63daafb0d419fde368e272a76b7c", size = 89019, upload-time = "2024-11-01T14:06:34.963Z" }, { url = "https://files.pythonhosted.org/packages/39/ea/3930d07dafc9e286ed356a679aa02d777c06e9bfd1164fa7c19c288a5483/watchdog-6.0.0-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:bdd4e6f14b8b18c334febb9c4425a878a2ac20efd1e0b231978e7b150f92a948", size = 96471, upload-time = "2024-11-01T14:06:37.745Z" }, { url = "https://files.pythonhosted.org/packages/12/87/48361531f70b1f87928b045df868a9fd4e253d9ae087fa4cf3f7113be363/watchdog-6.0.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:c7c15dda13c4eb00d6fb6fc508b3c0ed88b9d5d374056b239c4ad1611125c860", size = 88449, upload-time = "2024-11-01T14:06:39.748Z" }, { url = "https://files.pythonhosted.org/packages/5b/7e/8f322f5e600812e6f9a31b75d242631068ca8f4ef0582dd3ae6e72daecc8/watchdog-6.0.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:6f10cb2d5902447c7d0da897e2c6768bca89174d0c6e1e30abec5421af97a5b0", size = 89054, upload-time = "2024-11-01T14:06:41.009Z" }, From 6a7be173a8bc38c6eaee5a5a7d30dc29a1f1914c Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Tue, 19 Aug 2025 18:58:40 +0200 Subject: [PATCH 269/468] Namespace ABNF - addresses parts of CERTCC/SSVC#858 - update documentation --- docs/reference/code/namespaces.md | 111 +++++++++++++++++++++--------- 1 file changed, 80 insertions(+), 31 deletions(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index 6259418c..dc382d39 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -44,7 +44,8 @@ subgraph base_ns[Base Namespace] direction LR xpfx[x_] reverse_ns[Reverse Domain Name Notation] - xpfx --> reverse_ns + fragment[Fragment] + xpfx --> reverse_ns --> fragment end subgraph registered[Registered Namespace] direction LR @@ -80,6 +81,8 @@ Registered namespaces are intended to be used as follows: - Objects in other explicitly registered namespaces are provided for convenience, but the SSVC team is not responsible for modifying the content or semantics of those decision points. +- The registered namespaces `example` and `test` can be used in documentation or + as examples, where registered namespaces are necessary. !!! note "Registered Non-`ssvc` Namespaces" @@ -135,22 +138,35 @@ we expect that this will rarely lead to conflicts in practice. Unregistered namespaces must follow the following structure: - Unregistered namespaces must use the `x_` prefix. - - Following the `x_` prefix, unregistered namespaces must use reverse domain name notation of a domain under their control to ensure uniqueness. - - Aside from the required `x_` prefix, unregistered namespaces must contain only alphanumeric characters, dots (`.`), and dashes (`-`). + - Following the `x_` prefix, unregistered namespaces must use reverse domain name + notation of a domain under their control to ensure uniqueness. + - After the reverse domain name, a fragment separated by `#` must follow. + - The construct of reverse domain name followed by `#` and a fragment is called `x-name`. + - Aside from the required `x_` prefix and the fragment separator `#`, unregistered + namespaces must contain only alphanumeric characters, dots (`.`), and dashes (`-`). - For any domain using other characters, DNS Punycode must be used !!! warning "Namespace Conflicts" - Conflicts are possible in the x_ prefix space - especially as the control over a domain may be transferred. + Conflicts are possible in the `x_` prefix space - especially as the control over a + domain may be transferred. Also in tests, Organizations A and B could both choose to use `x_example.test#test`, and there are no guarantees of global uniqueness for the decision points in the `x_example.test#test` namespace. -!!! tip "Test Namespace" + !!! info "Documentation and Test Namespaces" - The `x_example.test#test` namespace is used for testing purposes and is not intended for production use. - It is used to test the SSVC framework and its components, and may contain decision points that are not fully implemented or tested. + Any namespace starting with `x_example` can be used in documentation or as examples, + where a unregistered namespace is needed. + The namespace `x_example.test#test` is recommended for use in testing of current or + new SSVC related code. + + !!! tip "Test Namespace" + + The `x_example.test#test` namespace is commonly used for testing purposes and is not + intended for production use. It is used to test the SSVC framework and its components, + and may contain decision points that are not fully implemented or tested. ### Namespace Extensions @@ -188,11 +204,26 @@ constituencies or to provide translations of existing decision points. The first extension segment is reserved for an optional BCP-47 language tag, which may be left empty. When empty, the default language (`en-US`) is implied. -Subsequent extension segments must begin with a reverse domain name notation string, -and may contain alphanumeric characters (upper or lower case), dots (`.`), and dashes (`-`). -A single fragment identifier (`#`) may be included in an extension segment, but it is optional. -Fragment segments can be used to indicate a specific interpretation or context for the extension. -Note: Without a fragment segment, all decision points of an organization fall into one bucket, which is in most cases not intended. Therefore, the use of a fragment segment is recommended. +Subsequent extension segments must either + +- be a valid BCP 47 language tag (marking an official translation from the previous extension segment entity), +- begin with a `.` followed by an `x-name` (reverse domain name notation string, the fragment separator `#` and a fragment), or +- be a `translation`. + +Except for the delimiters, an extension segment must not contain any other characters than alphanumeric +characters (upper or lower case), dots (`.`), and dashes (`-`). +Only a single fragment identifier (`#`) is allowed per extension segment. +Fragment segments should be used to indicate a specific interpretation or context for the extension. +Note: Without a fragment segment, all decision points of an organization would fall into one bucket, +which is in most cases not intended. Therefore, the use of a fragment segment is required from the start. + +A `translation` starts with a `.` is followed by a reverse domain name or an `x-name`. +Subsequently, a `$` followed by a valid BCP 47 language tag ends the string. +Note: If the `translation` uses just the reverse domain name followed by the language tag, +e.g. `.example.test$de-DE`, this implies an unofficial translation done by the entity in possession of that +domain name. +A `translation` using an `x-name` indicates that the extension bases of a model that had a different language +and no formal translation was used to develop that model. The following diagram illustrates the structure of namespace extensions: ```mermaid @@ -211,9 +242,21 @@ subgraph exts[Extensions] end subgraph ext[Subsequent Extension Segments] direction LR + e_lang[Language Tag] + dot[.] reverse_ns_ext[Reverse Domain Name Notation] - fragment[#Optional Fragment ID] - reverse_ns_ext --> fragment + fragment[#Fragment] + subgraph translation[Translation] + direction LR + t_dot[.] + t_reverse_ns_ext[Reverse Domain Name Notation] + t_fragment[#Optional Fragment] + t_dollar[$] + t_lang[Language Tag] + + t_dot --> t_reverse_ns_ext --> t_fragment --> t_dollar --> t_lang + end + lang ~~~|OR| dot --> reverse_ns_ext --> fragment ~~~|OR| translation end first -->|/| ext ext -->|/| ext @@ -233,8 +276,8 @@ base_ns -->|/| first - If any extension segments are present, the first segment must be a valid BCP-47 language tag or an empty string. - When the first segment is left as an empty string, the default language (`en-US`) is implied. - Subsequent extension segments must begin with a reverse domain name notation string or be a valid, non-empty BCP-47 language tag. - - A fragment identifier (`#`) may be included in extension segments, but it is optional. - - Extension segments may contain alphanumeric characters (upper or lower case), dots (`.`), and dashes (`-`), and zero or one hash (`#`). + - A fragment identifier (`#`) may be included in extension segments. + - Extension segments may contain alphanumeric characters (upper or lower case), dots (`.`), and dashes (`-`), and zero or one hash (`#`) and zero or one dollar sign (`$`). - Extensions must not alter the decision point key, version number, or value keys for any decision point they are derived from. - Extensions may reduce the set of values for a decision point in the parent namespace, but must not add new values. @@ -243,13 +286,13 @@ base_ns -->|/| first !!! tip "Extension Order Matters" - Extension order matters. `ssvc/de-DE/example.organization#ref-arch-1` - denotes that (a) a German (Germany) translation of the SSVC decision points + Extension order matters. `ssvc/de-DE/.example.organization#ref-arch-1` + denotes that (a) an official German (Germany) translation of the SSVC decision points is available, and (b) that this translation has been extended with an extension by `organization.example` to fit their specific needs for `ref-arch-1`. - On the other hand, `ssvc//example.organization#ref-arch-1/de-DE` - denotes that (a) the `example.organization#ref-arch-1` extension is + On the other hand, `ssvc//.example.organization#ref-arch-1/de-DE` + denotes that (a) the `.example.organization#ref-arch-1` extension is available in the default language (`en-US`), and (b) that this extension has been translated into German (Germany). @@ -258,16 +301,20 @@ base_ns -->|/| first Imagine an Information Sharing and Analysis Organization (ISAO) `isao.example` wants to create an extension to refine an existing decision point in the `ssvc` namespace with additional context for a part of their constituency. They could create an extension - namespace like `ssvc//example.isao#constituency` to indicate that this extension + namespace like `ssvc//.example.isao#constituency` to indicate that this extension is specifically tailored for a particular constituency within the ISAO. Note the empty first segment, which implies the default language (`en-US`). If they further chose to create a Polish language version of their extension, they would add a language segment _following_ their extension namespace, - e.g., `ssvc//example.isao#constituency/pl-PL`. Note that this is different - from a hypothetical `ssvc/pl-PL/example.isao#constituency` extension, which would imply - that the `ssvc` namespace has been translated to Polish (Poland) and then extended - (in Polish) with the `example.isao#constituency` extension. + e.g., `ssvc//.example.isao#constituency/pl-PL`. Note that this is different + from a hypothetical `ssvc/pl-PL/.example.isao#constituency` extension, which would imply + that the `ssvc` namespace has been officially translated to Polish (Poland) and then + extended (in Polish) with the `.example.isao#constituency` extension. + + It is also different from `ssvc//.example.isao$pl-PL/example.isao#constituency` which + denotes that the ISAO did a translation of the `ssvc` namespace to Polish and based + the model for their constituency on that translation. !!! example "Refinement of Concepts for a Specific Constituency" @@ -276,9 +323,9 @@ base_ns -->|/| first For example, say that a hypothetical registered namespace `foo` has a decision point for `Regulated System=(Y,N)`. A medical-focused ISAO might create an extension - `foo//example.med-isao` where they refine the values to refer to specific - regulations. If multiple regulatory regimes exist, they might even have - `foo//example.med-isao#regulation-1` and `foo//example.med-isao#regulation-2` + `foo//.example.med-isao#specific-regulations` where they refine the values to refer + to specific regulations. If multiple regulatory regimes exist, they might even have + `foo//.example.med-isao#regulation-1` and `foo//.example.med-isao#regulation-2` to cover assessment of the appropriate regulations. ### Usage Suggestions @@ -293,13 +340,15 @@ segment of the extension. must be used for any language-based extension. Note, however that we do not yet strictly enforce this recommendation in the SSVC codebase outside of the first extension segment. + Nevertheless, validators should check that the used strings are valid BCP-47 + language tags and exist. !!! example "Translation of a custom extension" If you have a custom extension that is not a translation of an existing decision point, you might use a language tag in a later segment to indicate a translation of the extension. - For example, `ssvc//com.example/extension/pl-PL` would indicate that the + For example, `ssvc//.example.documentation#extension/pl-PL` would indicate that the an extension in the default `en-US` language has been translated to Polish (Poland). !!! tip "Use Reverse Domain Name Notation for Extensions" @@ -307,8 +356,8 @@ segment of the extension. To avoid conflicts with other users' extensions, we require the use of reverse domain name notation for your extensions. This helps to ensure that your extensions are unique and easily identifiable. - For example, if your organization is `example.com`, you might use an extension - like `ssvc//com.example#extension`. + For example, if your organization is `documentation.example`, you might use an extension + like `ssvc//.example.documentation#extension`. ## Technical requirements From e111f4f961660beae27161a32e541c9727da5517 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 19 Aug 2025 12:58:52 -0400 Subject: [PATCH 270/468] add `make dev` environment target --- Makefile | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index e8739c17..6c5b50f5 100644 --- a/Makefile +++ b/Makefile @@ -1,19 +1,23 @@ # Project-specific vars MKDOCS_PORT=8765 DOCKER_DIR=docker - +PROJECT_DIR = ./src # Targets .PHONY: all test docs docker_test clean help mdlint_fix up down regenerate_json all: help +dev: + @echo "Set up dev environment..." + uv sync --dev --project $(PROJECT_DIR) + mdlint_fix: @echo "Running markdownlint..." markdownlint --config .markdownlint.yml --fix . test: @echo "Running tests locally..." - pytest -v src/test + uv run --project $(PROJECT_DIR) pytest -v docker_test: @echo "Building the latest test image..." @@ -41,12 +45,13 @@ regenerate_json: clean: @echo "Cleaning up Docker resources..." pushd $(DOCKER_DIR) && docker-compose down --rmi local || true - + rm -rf $(PROJECT_DIR)/.venv $(PROJECT_DIR)/uv.lock help: @echo "Usage: make [target]" @echo "" @echo "Targets:" @echo " all - Display this help message" + @echo " dev - Set up development environment" @echo " mdlint_fix - Run markdownlint with fix" @echo " test - Run tests locally" @echo " docker_test - Run tests in Docker" From 86b62f4ac6b42515e964a34a4a4a7510e7930353 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Tue, 19 Aug 2025 19:31:59 +0200 Subject: [PATCH 271/468] improve ssvc_namespace_pattern.abnf (minor) * Use SPECIALCHAR instead of `[ "." / "-" ]` --- src/ssvc/utils/ssvc_namespace_pattern.abnf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ssvc/utils/ssvc_namespace_pattern.abnf b/src/ssvc/utils/ssvc_namespace_pattern.abnf index 1a93ecea..89874cd1 100644 --- a/src/ssvc/utils/ssvc_namespace_pattern.abnf +++ b/src/ssvc/utils/ssvc_namespace_pattern.abnf @@ -14,7 +14,7 @@ reg-base = ns-core [ "#" fragment-seg ] ; ns-core starts with a lowercase letter and may have '.' or '-' separators. ; Consecutive '.' or '-' are not allowed. ; It needs at least 3 characters. -ns-core = LOWER ALNUMLOW 1*( [ "." / "-" ] 1*ALNUMLOW) +ns-core = LOWER ALNUMLOW 1*( SPECIALCHAR 1*ALNUMLOW) x-name = reverse-dns "#" fragment-seg @@ -25,7 +25,7 @@ reverse-dns = label 1*("." label) ; Each label must be between 1 and 63 characters long label = ALNUMLOW [ *61(ALNUMLOWDASH) ALNUMLOW ] -fragment-seg = 1*ALNUMLOW *( ("." / "-") 1*ALNUMLOW ) +fragment-seg = 1*ALNUMLOW *( SPECIALCHAR 1*ALNUMLOW ) extensions = lang-ext [ 1*("/" ext-seg) ] From df2d4941435e702fa616a93b22fcb00c2e64f1d1 Mon Sep 17 00:00:00 2001 From: "Bernhard E. Reiter" Date: Tue, 19 Aug 2025 19:35:23 +0200 Subject: [PATCH 272/468] Update src/ssvc/utils/ssvc_namespace_pattern.abnf Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- src/ssvc/utils/ssvc_namespace_pattern.abnf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ssvc/utils/ssvc_namespace_pattern.abnf b/src/ssvc/utils/ssvc_namespace_pattern.abnf index 89874cd1..488975d6 100644 --- a/src/ssvc/utils/ssvc_namespace_pattern.abnf +++ b/src/ssvc/utils/ssvc_namespace_pattern.abnf @@ -30,7 +30,8 @@ fragment-seg = 1*ALNUMLOW *( SPECIALCHAR 1*ALNUMLOW ) extensions = lang-ext [ 1*("/" ext-seg) ] ; Language extension: either / (empty language extension) -; or // (BCP-47 language code) +; or / (BCP-47 language code) + lang-ext = "/" / ( "/" bcp47 ) ; Extension segment between slashes. From 52e921f21268eba393e48399685e1b175fe39bca Mon Sep 17 00:00:00 2001 From: "Bernhard E. Reiter" Date: Tue, 19 Aug 2025 19:41:07 +0200 Subject: [PATCH 273/468] Update src/ssvc/utils/ssvc_namespace_pattern.abnf Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- src/ssvc/utils/ssvc_namespace_pattern.abnf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/ssvc/utils/ssvc_namespace_pattern.abnf b/src/ssvc/utils/ssvc_namespace_pattern.abnf index 488975d6..54793f38 100644 --- a/src/ssvc/utils/ssvc_namespace_pattern.abnf +++ b/src/ssvc/utils/ssvc_namespace_pattern.abnf @@ -40,7 +40,8 @@ lang-ext = "/" / ( "/" bcp47 ) ; - a third-party/unofficial translation ext-seg = bcp47 / "." x-name / translation -; BCP-47 tag (based on the regex expansion) +; BCP-47 tag (based on ABNF of [RFC 5646 section 2.1](https://www.rfc-editor.org/rfc/rfc5646.html#section-2.1) +; and language regex used in CSAF) bcp47 = ( 2*3ALPHA [ "-" 3ALPHA *2( "-" 3ALPHA ) ] / 4*8ALPHA ) From 43e7496f07b300b703882a0a81897b43ba457b3a Mon Sep 17 00:00:00 2001 From: "Bernhard E. Reiter" Date: Tue, 19 Aug 2025 19:41:51 +0200 Subject: [PATCH 274/468] Update src/ssvc/utils/ssvc_namespace_pattern.abnf Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- src/ssvc/utils/ssvc_namespace_pattern.abnf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ssvc/utils/ssvc_namespace_pattern.abnf b/src/ssvc/utils/ssvc_namespace_pattern.abnf index 54793f38..78be5ab4 100644 --- a/src/ssvc/utils/ssvc_namespace_pattern.abnf +++ b/src/ssvc/utils/ssvc_namespace_pattern.abnf @@ -54,8 +54,8 @@ bcp47 = ( 2*3ALPHA / "i-default" / "i-mingo" - ; Single alphanumerics - ; "x" reserved for private use +; Single alphanumerics +; "x" reserved for private use singleton = DIGIT ; 0 - 9 / %x41-57 ; A - W / %x59-5A ; Y - Z From 48d0835cbf13d6a6943224ee0f086fe336eaeaec Mon Sep 17 00:00:00 2001 From: "Bernhard E. Reiter" Date: Tue, 19 Aug 2025 19:42:40 +0200 Subject: [PATCH 275/468] Update src/ssvc/utils/ssvc_namespace_pattern.abnf Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- src/ssvc/utils/ssvc_namespace_pattern.abnf | 1 - 1 file changed, 1 deletion(-) diff --git a/src/ssvc/utils/ssvc_namespace_pattern.abnf b/src/ssvc/utils/ssvc_namespace_pattern.abnf index 78be5ab4..bea81a70 100644 --- a/src/ssvc/utils/ssvc_namespace_pattern.abnf +++ b/src/ssvc/utils/ssvc_namespace_pattern.abnf @@ -76,7 +76,6 @@ ALNUMLOW = LOWER / DIGIT SPECIALCHAR = DOT / DASH DOT = %x2E; . DASH = %x2D ; - -ALNUMLOWSC = ALNUMLOW / SPECIALCHAR ALNUMLOWDASH = ALNUMLOW / DASH ; Constraints: From 77be0098c3d7d8ec78af7eebfc11ad0f94ac50ed Mon Sep 17 00:00:00 2001 From: "Bernhard E. Reiter" Date: Tue, 19 Aug 2025 19:47:29 +0200 Subject: [PATCH 276/468] Update src/test/test_mixins.py Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- src/test/test_mixins.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/test_mixins.py b/src/test/test_mixins.py index 1c53b01c..23b94a3c 100644 --- a/src/test/test_mixins.py +++ b/src/test/test_mixins.py @@ -122,7 +122,7 @@ def test_namespaced_create(self): # and then follow `x-name = reverse-dns "#" fragment-seg` for _ in range(100): # we're just fuzzing some random strings here - ns = f"x_com.example.a{randint(1000,1000000)}#foo" + ns = f"x_example.test{randint(1000,1000000)}#test" obj = _Namespaced(namespace=ns) self.assertEqual(obj.namespace, ns) From 2f343786abcc4ea7357f7ea8613a41bd3d5ec4d6 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Tue, 19 Aug 2025 20:01:02 +0200 Subject: [PATCH 277/468] improve test_namespaces.py make sure pattern is ended and correct example --- src/test/test_namespaces.py | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/test/test_namespaces.py b/src/test/test_namespaces.py index 40182fbc..a4a1ff2f 100644 --- a/src/test/test_namespaces.py +++ b/src/test/test_namespaces.py @@ -32,16 +32,24 @@ def tearDown(self): pass def test_ns_pattern(self): + + # end pattern like in + # test_namespaces_pattern._test_successes_failures() + pattern_str = NS_PATTERN.pattern + if not pattern_str.endswith("$"): + pattern_str = pattern_str + "$" + pattern = re.compile(pattern_str) + should_match = [ "foo.bar#baz", "foo.bar.baz#quux", - "foo.bar#baz/jp-JP/bar.baz#foo/quux", + "foo.bar#baz/jp-JP/.bar.baz#foo/quux", ] should_match.extend([f"x_{ns}" for ns in should_match]) for ns in should_match: with self.subTest(ns=ns): - self.assertTrue(NS_PATTERN.match(ns), ns) + self.assertTrue(pattern.match(ns), ns) should_not_match = [ "", @@ -56,13 +64,6 @@ def test_ns_pattern(self): should_not_match.extend([f"_{ns}" for ns in should_not_match]) - # end pattern just like in - # test_namespaces_pattern._test_successes_failures() - pattern_str = NS_PATTERN.pattern - if not pattern_str.endswith("$"): - pattern_str = pattern_str + "$" - pattern = re.compile(pattern_str) - for ns in should_not_match: with self.subTest(ns=ns): self.assertFalse(pattern.match(ns)) From 47191aa73a7c401c4b7237913d7991af91411a39 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Tue, 19 Aug 2025 20:08:27 +0200 Subject: [PATCH 278/468] Fix ssvc/utils/patterns.py by anchoring NS_PATTERN remove code that added an anchor to fix a test --- src/ssvc/utils/patterns.py | 2 +- src/test/test_namespaces.py | 11 ++--------- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/src/ssvc/utils/patterns.py b/src/ssvc/utils/patterns.py index 67645a82..750552eb 100644 --- a/src/ssvc/utils/patterns.py +++ b/src/ssvc/utils/patterns.py @@ -80,7 +80,7 @@ EXT_SEGMENT_PATTERN = fragment_seg # --- Combine all parts into the full namespace pattern --- -NS_PATTERN_STR = rf"^{LENGTH_CHECK_PATTERN}" rf"{namespace}" +NS_PATTERN_STR = rf"^{LENGTH_CHECK_PATTERN}" rf"{namespace}$" # Compile the regex with verbose flag for readability (if needed) NS_PATTERN = re.compile(NS_PATTERN_STR) diff --git a/src/test/test_namespaces.py b/src/test/test_namespaces.py index a4a1ff2f..f96b7512 100644 --- a/src/test/test_namespaces.py +++ b/src/test/test_namespaces.py @@ -33,13 +33,6 @@ def tearDown(self): def test_ns_pattern(self): - # end pattern like in - # test_namespaces_pattern._test_successes_failures() - pattern_str = NS_PATTERN.pattern - if not pattern_str.endswith("$"): - pattern_str = pattern_str + "$" - pattern = re.compile(pattern_str) - should_match = [ "foo.bar#baz", "foo.bar.baz#quux", @@ -49,7 +42,7 @@ def test_ns_pattern(self): for ns in should_match: with self.subTest(ns=ns): - self.assertTrue(pattern.match(ns), ns) + self.assertTrue(NS_PATTERN.match(ns), ns) should_not_match = [ "", @@ -66,7 +59,7 @@ def test_ns_pattern(self): for ns in should_not_match: with self.subTest(ns=ns): - self.assertFalse(pattern.match(ns)) + self.assertFalse(NS_PATTERN.match(ns)) def test_namspace_enum(self): for ns in NameSpace: From 0dd4e936c6f5ee7c287841f48b99d56bee388a18 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Tue, 19 Aug 2025 20:27:48 +0200 Subject: [PATCH 279/468] cleanup tailing whitespace for ssvc_namespace_pattern.abnf --- src/ssvc/utils/ssvc_namespace_pattern.abnf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ssvc/utils/ssvc_namespace_pattern.abnf b/src/ssvc/utils/ssvc_namespace_pattern.abnf index bea81a70..6e042554 100644 --- a/src/ssvc/utils/ssvc_namespace_pattern.abnf +++ b/src/ssvc/utils/ssvc_namespace_pattern.abnf @@ -8,7 +8,7 @@ namespace = base-ns [ extensions ] ; (Enforced via regex length lookahead) base-ns = x-base / reg-base -x-base = "x_" x-name +x-base = "x_" x-name reg-base = ns-core [ "#" fragment-seg ] ; ns-core starts with a lowercase letter and may have '.' or '-' separators. @@ -40,7 +40,7 @@ lang-ext = "/" / ( "/" bcp47 ) ; - a third-party/unofficial translation ext-seg = bcp47 / "." x-name / translation -; BCP-47 tag (based on ABNF of [RFC 5646 section 2.1](https://www.rfc-editor.org/rfc/rfc5646.html#section-2.1) +; BCP-47 tag (based on ABNF of [RFC 5646 section 2.1](https://www.rfc-editor.org/rfc/rfc5646.html#section-2.1) ; and language regex used in CSAF) bcp47 = ( 2*3ALPHA [ "-" 3ALPHA *2( "-" 3ALPHA ) ] @@ -64,7 +64,7 @@ singleton = DIGIT ; 0 - 9 ; Translations is either a ; - third-party/unofficial translation (depicted by using the reverse-dns before the target language) or -; - a (context) model (depicted by using the x-name) directly used in a different language +; - a (context) model (depicted by using the x-name) directly used in a different language translation = "." ( reverse-dns / x-name ) "$" bcp47 ; Character sets From 975a4b96c73656b5a16f81ce0a862b752facd2e9 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Tue, 19 Aug 2025 20:35:39 +0200 Subject: [PATCH 280/468] change to updated json schema files after previous changes that anchored the ssvc pattern --- data/schema/v2/Decision_Point-2-0-0.schema.json | 2 +- data/schema/v2/Decision_Point_Group-2-0-0.schema.json | 2 +- .../v2/Decision_Point_Value_Selection-2-0-0.schema.json | 2 +- data/schema/v2/Decision_Table-2-0-0.schema.json | 4 ++-- data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/data/schema/v2/Decision_Point-2-0-0.schema.json b/data/schema/v2/Decision_Point-2-0-0.schema.json index 50d3e0ee..326f98fe 100644 --- a/data/schema/v2/Decision_Point-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point-2-0-0.schema.json @@ -53,7 +53,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", "type": "string" }, "key": { diff --git a/data/schema/v2/Decision_Point_Group-2-0-0.schema.json b/data/schema/v2/Decision_Point_Group-2-0-0.schema.json index c1972f73..6d068e4b 100644 --- a/data/schema/v2/Decision_Point_Group-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Group-2-0-0.schema.json @@ -18,7 +18,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", "type": "string" }, "key": { diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index d96bfdd8..e91cbc38 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -79,7 +79,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", "type": "string" }, "key": { diff --git a/data/schema/v2/Decision_Table-2-0-0.schema.json b/data/schema/v2/Decision_Table-2-0-0.schema.json index c0886f45..7c4ece79 100644 --- a/data/schema/v2/Decision_Table-2-0-0.schema.json +++ b/data/schema/v2/Decision_Table-2-0-0.schema.json @@ -18,7 +18,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", "type": "string" }, "key": { @@ -131,7 +131,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", "type": "string" }, "key": { diff --git a/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json b/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json index d7b4e2a4..011f78bd 100644 --- a/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json +++ b/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json @@ -17,7 +17,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", "type": "string" }, "key": { @@ -132,7 +132,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", "type": "string" }, "key": { From 1ba65105f90319959f7756125604ed7fff80eaea Mon Sep 17 00:00:00 2001 From: "Bernhard E. Reiter" Date: Tue, 19 Aug 2025 20:52:35 +0200 Subject: [PATCH 281/468] Update src/test/test_namespaces.py Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- src/test/test_namespaces.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/test/test_namespaces.py b/src/test/test_namespaces.py index f96b7512..84e22d72 100644 --- a/src/test/test_namespaces.py +++ b/src/test/test_namespaces.py @@ -79,10 +79,11 @@ def test_namespace_validator(self): NameSpace.validate(ns) for ns in [ - "x_com.example#foo", - "x_com.example#bar", - "x_com.example#baz", - "x_com.example#quux", + "x_example.test#test", + "x_example.test#foo", + "x_example.test#bar", + "x_example.test#baz", + "x_example.test#quux", ]: self.assertEqual(ns, NameSpace.validate(ns)) From 410886079ec27934f60ed6038e10469acd427ace Mon Sep 17 00:00:00 2001 From: "Bernhard E. Reiter" Date: Tue, 19 Aug 2025 20:54:12 +0200 Subject: [PATCH 282/468] Update src/test/test_namespaces_pattern.py Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- src/test/test_namespaces_pattern.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index 3d96af7e..25a2afb4 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -47,7 +47,7 @@ def setUp(self): "ssvc//.de.bund.bsi#ref-arch-1/de-DE", # BSI's official translation to German as used in Germany of its ref-arch-1 model which is originally written in English "ssvc//.de.bund.bsi#ref-arch-2$de-DE", # BSI's ref-arch-2 model which is originally written in German "ssvc//.de.bund.bsi#ref-arch-2$de-DE/en-GB", # BSI's official translation to English as used in GB of its ref-arch-2 model which is originally written in German - "ssvc//.example.organization#model/.com.example#foo", # valid BCP-47 tag, two segments with one hash each + "ssvc//.example.organization#model/.com.example#foo", # empty BCP-47 tag, two segments with one hash each "nist#800-30", # NIST's registered model regarding its publication 800-30 "x_gov.nist#800-30/de-DE", # NIST's official translation to German as used in Germany of its model (regarding its publication) 800-30 "x_gov.nist#800-30//.de.bund.bsi$de-DE", # BSI's translation to German as used in Germany of NIST's model (regarding its publication) 800-30 From 72c3f7e790124d3faeecb9334feb27550a5deb99 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Tue, 19 Aug 2025 20:56:04 +0200 Subject: [PATCH 283/468] fix typo in comment of test_namespaces_pattern.py --- src/test/test_namespaces_pattern.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index 25a2afb4..4e55667b 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -89,7 +89,7 @@ def setUp(self): "ab", # too short "x_", # too short after prefix "x_x_some-weird-private-one", # double x_ not allowed - "x_example.test///org.example#fragment", # three slashes in a row (was an mistake in ABNF previously) + "x_example.test///org.example#fragment", # three slashes in a row (was a mistake in ABNF previously) ] def test_ns_pattern(self): From 24713a0d0def68a807d77bc23c95190ac3bacc74 Mon Sep 17 00:00:00 2001 From: "Bernhard E. Reiter" Date: Tue, 19 Aug 2025 20:57:33 +0200 Subject: [PATCH 284/468] Update src/test/test_namespaces_pattern.py Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- src/test/test_namespaces_pattern.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index 4e55667b..b898980e 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -73,7 +73,7 @@ def setUp(self): "abc/invalid-bcp-47", # not in enum (but that's ok for the pattern), not a valid BCP-47 tag "x_custom/extension", # not a valid BCP-47 tag "x_example.test/not-bcp-47", # not a valid BCP-47 tag - "x_com.example#foo" + "oo" * 990, # exceeds max length + "x_example.test#test" + "0" * 990, # exceeds max length "ssvc$de-DE", # official translations / base language are at the first extension level "anssi#800-30$fr-FR", # official translations / base language are at the first extension level "x_gov.nist#800-30$de-DE", # official translations / base language are at the first extension level From c12f28ae756cf096f662ca763db66e0b7008fa70 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 19 Aug 2025 15:00:16 -0400 Subject: [PATCH 285/468] add mkdocs-exec --- Makefile | 4 ++++ src/pyproject.toml | 2 +- src/uv.lock | 21 +++++++++++++++++++-- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 6c5b50f5..b87fdcd4 100644 --- a/Makefile +++ b/Makefile @@ -25,6 +25,10 @@ docker_test: @echo "Running tests in Docker..." pushd $(DOCKER_DIR) && docker-compose run --rm test +docs_local: + @echo "Building and running docs locally..." + uv run --project $(PROJECT_DIR) mkdocs serve + docs: @echo "Building and running docs in Docker..." pushd $(DOCKER_DIR) && docker-compose up docs diff --git a/src/pyproject.toml b/src/pyproject.toml index 0a3c1f73..a2b099c3 100644 --- a/src/pyproject.toml +++ b/src/pyproject.toml @@ -43,7 +43,7 @@ dependencies = [ "mkdocs-bibtex==4.4.0", "mkdocs-table-reader-plugin==3.1.0", "mkdocs-print-site-plugin==2.8", - "markdown-exec==1.11.0", + "markdown-exec[ansi]==1.11.0", "thefuzz==0.22.1", "scikit-learn==1.6.1", "networkx==3.4.2", diff --git a/src/uv.lock b/src/uv.lock index 6f456d82..396bb023 100644 --- a/src/uv.lock +++ b/src/uv.lock @@ -244,6 +244,11 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/22/41/5551f05c0e6430e3d2dcbd40965840a4cf280c045a529552690f04b7c0a0/markdown_exec-1.11.0-py3-none-any.whl", hash = "sha256:0526957984980f55c02b425d32e8ac8bb21090c109c7012ff905d3ddcc468ceb", size = 34747, upload-time = "2025-06-28T10:30:42.265Z" }, ] +[package.optional-dependencies] +ansi = [ + { name = "pygments-ansi-color" }, +] + [[package]] name = "markupsafe" version = "3.0.2" @@ -693,6 +698,18 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/c7/21/705964c7812476f378728bdf590ca4b771ec72385c533964653c68e86bdc/pygments-2.19.2-py3-none-any.whl", hash = "sha256:86540386c03d588bb81d44bc3928634ff26449851e99741617ecb9037ee5ec0b", size = 1225217, upload-time = "2025-06-21T13:39:07.939Z" }, ] +[[package]] +name = "pygments-ansi-color" +version = "0.3.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "pygments" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/50/f9/7f417aaee98a74b4f757f2b72971245181fcf25d824d2e7a190345669eaf/pygments-ansi-color-0.3.0.tar.gz", hash = "sha256:7018954cf5b11d1e734383a1bafab5af613213f246109417fee3f76da26d5431", size = 7317, upload-time = "2023-05-18T22:44:35.792Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e6/17/8306a0bcd8c88d7761c2e73e831b0be026cd6873ce1f12beb3b4c9a03ffa/pygments_ansi_color-0.3.0-py3-none-any.whl", hash = "sha256:7eb063feaecadad9d4d1fd3474cbfeadf3486b64f760a8f2a00fc25392180aba", size = 10242, upload-time = "2023-05-18T22:44:34.287Z" }, +] + [[package]] name = "pymdown-extensions" version = "10.16.1" @@ -1068,7 +1085,7 @@ name = "ssvc" source = { editable = "." } dependencies = [ { name = "jsonschema" }, - { name = "markdown-exec" }, + { name = "markdown-exec", extra = ["ansi"] }, { name = "mkdocs" }, { name = "mkdocs-bibtex" }, { name = "mkdocs-include-markdown-plugin" }, @@ -1095,7 +1112,7 @@ dev = [ [package.metadata] requires-dist = [ { name = "jsonschema", specifier = "==4.25.0" }, - { name = "markdown-exec", specifier = "==1.11.0" }, + { name = "markdown-exec", extras = ["ansi"], specifier = "==1.11.0" }, { name = "mkdocs", specifier = "==1.6.1" }, { name = "mkdocs-bibtex", specifier = "==4.4.0" }, { name = "mkdocs-include-markdown-plugin", specifier = "==7.1.6" }, From 1b23c9c08d633736ebb0b15fafbedb243aa32f98 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 19 Aug 2025 15:00:40 -0400 Subject: [PATCH 286/468] swap print() for logger.warning() --- src/ssvc/decision_tables/helpers.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/ssvc/decision_tables/helpers.py b/src/ssvc/decision_tables/helpers.py index 16ef89c3..7da2c694 100644 --- a/src/ssvc/decision_tables/helpers.py +++ b/src/ssvc/decision_tables/helpers.py @@ -23,12 +23,15 @@ # DM24-0278 +import logging + from ssvc.decision_tables.base import ( DecisionTable, decision_table_to_longform_df, decision_table_to_shortform_df, ) +logger = logging.getLogger(__name__) EDGE_LIMIT = 500 @@ -196,7 +199,7 @@ def mapping2mermaid(rows: list[dict[str:str]], title: str = None) -> str: ) diagrams.append(diagram) except ValueError as e: - print(f"Skipping {value} due to error: {e}") + logger.error(f"Skipping {title} {value} due to error: {e}") return ( "\n\n".join(diagrams) From 1c199b44113b3b04b0f41c45dfd73e644a9f4f03 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Tue, 19 Aug 2025 21:20:08 +0200 Subject: [PATCH 287/468] change test case for namespace to `.example.test#test` from `.com.example#foo` and other combinations. --- src/ssvc/decision_tables/base.py | 2 +- src/ssvc/selection.py | 4 ++-- src/ssvc/utils/field_specs.py | 4 ++-- src/test/decision_points/test_dp_base.py | 2 +- src/test/decision_tables/test_base.py | 14 +++++------ src/test/registry/test_base.py | 28 +++++++++++----------- src/test/test_namespaces_pattern.py | 30 ++++++++++++------------ src/test/utils/test_toposort.py | 4 ++-- 8 files changed, 44 insertions(+), 44 deletions(-) diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index 05f46159..1417b56d 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -732,7 +732,7 @@ def main() -> None: table = DecisionTable( name="Test Table", description="A test decision table", - namespace="x_com.example#test-table", + namespace="x_example.test#test-table", decision_points=dpg.decision_points, outcome=outcomes.id, ) diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 0fbc9b71..7aeaac09 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -252,8 +252,8 @@ class SelectionList(_Timestamped, BaseModel): "summary": "JSON representation of decision point 2", }, { - "uri": "https://example.com/ssvc/x_com.example/decision_points.json", - "summary": "A JSON file containing extension decision points in the x_com.example namespace", + "uri": "https://test.example/ssvc/x_example.test#test/decision_points.json", + "summary": "A JSON file containing extension decision points in the x_example.test#test namespace", }, ], ], diff --git a/src/ssvc/utils/field_specs.py b/src/ssvc/utils/field_specs.py index b2f2f50f..85a7479e 100644 --- a/src/ssvc/utils/field_specs.py +++ b/src/ssvc/utils/field_specs.py @@ -47,8 +47,8 @@ examples=[ "ssvc", "cisa", - "x_com.example//com.example#private", - "ssvc/de-DE/example.organization#reference-arch-1", + "x_example.test#test//.example.test#test", + "ssvc/de-DE/.example.organization#reference-arch-1", ], pattern=NS_PATTERN, min_length=MIN_NS_LENGTH, diff --git a/src/test/decision_points/test_dp_base.py b/src/test/decision_points/test_dp_base.py index fccb1297..99881127 100644 --- a/src/test/decision_points/test_dp_base.py +++ b/src/test/decision_points/test_dp_base.py @@ -85,7 +85,7 @@ def test_registry(self): key="asdfasdf", description="asdfasdf", version="1.33.1", - namespace="x_com.example#foo", + namespace="x_example.test#test", values=tuple(self.values), ) diff --git a/src/test/decision_tables/test_base.py b/src/test/decision_tables/test_base.py index 13596509..5a93f0eb 100644 --- a/src/test/decision_tables/test_base.py +++ b/src/test/decision_tables/test_base.py @@ -67,7 +67,7 @@ def setUp(self): name="dp1", description="description for dp1", version="1.0.0", - namespace="x_com.example#foo", + namespace="x_example.test#test", key="dp1", values=(self.dp1v1, self.dp1v2), ) @@ -75,7 +75,7 @@ def setUp(self): name="dp2", description="description for dp2", version="1.0.0", - namespace="x_com.example#foo", + namespace="x_example.test#test", key="dp2", values=(self.dp2v1, self.dp2v2, self.dp2v3, self.dp2v4), ) @@ -94,7 +94,7 @@ def setUp(self): name="outcome", description="description for outcome", version="1.0.0", - namespace="x_com.example#foo", + namespace="x_example.test#test", key="outcome", values=(self.ogv1, self.ogv2, self.ogv3), ) @@ -104,7 +104,7 @@ def setUp(self): self.dt = DecisionTable( key="TEST", - namespace="x_com.example#foo", + namespace="x_example.test#test", name="Test Table", description="Describes the test table", decision_points=self.dpdict, @@ -357,13 +357,13 @@ def test_single_dp_dt(self): name="dp_in", description="A single decision point", version="1.0.0", - namespace="x_com.example#foo", + namespace="x_example.test#test", key="dp", values=(self.dp1v1, self.dp1v2), registered=False, ) dp_out = DecisionPoint( - namespace="x_com.example#foo", + namespace="x_example.test#test", key="outcome", name="Outcome", description="Outcome for single DP test", @@ -374,7 +374,7 @@ def test_single_dp_dt(self): single_dt = DecisionTable( key="SINGLE_TEST", - namespace="x_com.example#foo", + namespace="x_example.test#test", name="Single DP Test Table", description="Describes the single DP test table", decision_points={dp.id: dp for dp in [dp_in, dp_out]}, diff --git a/src/test/registry/test_base.py b/src/test/registry/test_base.py index e50d90c7..3098ae05 100644 --- a/src/test/registry/test_base.py +++ b/src/test/registry/test_base.py @@ -72,7 +72,7 @@ class Dummy: obj = DecisionPoint( name="TestDP", description="A test decision point", - namespace="x_com.example#foo", + namespace="x_example.test#test", key="TEST", values=[ DecisionPointValue( @@ -92,7 +92,7 @@ class DpSubclass(DecisionPoint): obj2 = DpSubclass( name="TestDP2", description="Another test decision point", - namespace="x_com.example#foo", + namespace="x_example.test#test", key="TEST2", values=[ DecisionPointValue( @@ -115,7 +115,7 @@ def test_valued_version(self): dp = DecisionPoint( name="TestDP", description="A test decision point", - namespace="x_com.example#foo", + namespace="x_example.test#test", version="2.0.0", key="TEST", values=[ @@ -138,7 +138,7 @@ def test_nonvalued_version(self): # test with a known type dp1 = DecisionPoint( - namespace="x_com.example#foo", + namespace="x_example.test#test", key="TEST", version="2.0.0", name="TestDP", @@ -163,7 +163,7 @@ def test_nonvalued_version(self): registered=False, ) dp2 = DecisionPoint( - namespace="x_com.example#foo", + namespace="x_example.test#test", key="TEST2", version="2.0.0", name="TestDP", @@ -183,7 +183,7 @@ def test_nonvalued_version(self): ) dp3 = DecisionPoint( - namespace="x_com.example#foo", + namespace="x_example.test#test", key="TEST3", version="2.0.0", name="TestDP2", @@ -196,7 +196,7 @@ def test_nonvalued_version(self): ) dt = DecisionTable( - namespace="x_com.example#foo", + namespace="x_example.test#test", key="TEST_DT", version="2.0.0", name="TestDT", @@ -224,7 +224,7 @@ def test_key(self, mock_valued_version, mock_nonvalued_version): mockobj1 = Mock() mockobj1.schemaVersion = "2.0.0" mockobj1.key = "TEST" - mockobj1.namespace = "x_com.example#foo" + mockobj1.namespace = "x_example.test#test" mockobj1.version = "1.0.0" mockobj1.name = "Test Object" mockobj1.description = "A test object" @@ -238,7 +238,7 @@ def test_key(self, mock_valued_version, mock_nonvalued_version): mockobj2.schemaVersion = "2.0.0" mockobj2.key = "TEST2" mockobj2.version = "2.0.0" - mockobj2.namespace = "x_com.example#foo" + mockobj2.namespace = "x_example.test#test" mockobj2.name = "Test Object" mockobj2.description = "A test object" mockobj2.id = "test-id" @@ -269,7 +269,7 @@ def test__insert(self): dp = DecisionPoint( name="TestDP", description="A test decision point", - namespace="x_com.example#foo", + namespace="x_example.test#test", key="TEST", values=[ DecisionPointValue( @@ -303,7 +303,7 @@ def test__compare(self): dp1 = DecisionPoint( name="TestDP", description="A test decision point", - namespace="x_com.example#foo", + namespace="x_example.test#test", key="TEST", values=[ DecisionPointValue( @@ -319,7 +319,7 @@ def test__compare(self): dp2 = DecisionPoint( name="TestDP2", description="A test decision point", - namespace="x_com.example#foo", + namespace="x_example.test#test", key="TEST", values=[ DecisionPointValue( @@ -357,7 +357,7 @@ def test_lookup_latest(self): dp = DecisionPoint( name="TestDP", description="A test decision point", - namespace="x_com.example#foo", + namespace="x_example.test#test", key="TEST", version=version, values=[ @@ -385,7 +385,7 @@ def test_lookup_latest(self): latest = base.lookup_latest( objtype="DecisionPoint", - namespace="x_com.example#foo", + namespace="x_example.test#test", key="TEST", registry=self.registry, ) diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index b898980e..b4d95c43 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -40,25 +40,25 @@ def setUp(self): "cisa", "custom", # not in enum, but valid for the pattern "abc", # not in enum, but valid for the pattern - "x_com.example#foo/", - "x_com.example#foo//.org.example#bar", + "x_example.test#test/", + "x_example.test#test//.org.example#bar", "ssvc/de-DE/.org.example#reference-arch-1", # valid BCP-47 tag, reverse domain notation, hash "ssvc//.de.bund.bsi$de-DE", # BSI's translation of SSVC "ssvc//.de.bund.bsi#ref-arch-1/de-DE", # BSI's official translation to German as used in Germany of its ref-arch-1 model which is originally written in English "ssvc//.de.bund.bsi#ref-arch-2$de-DE", # BSI's ref-arch-2 model which is originally written in German "ssvc//.de.bund.bsi#ref-arch-2$de-DE/en-GB", # BSI's official translation to English as used in GB of its ref-arch-2 model which is originally written in German - "ssvc//.example.organization#model/.com.example#foo", # empty BCP-47 tag, two segments with one hash each + "ssvc//.example.organization#model/.example.test#test", # empty BCP-47 tag, two segments with one hash each "nist#800-30", # NIST's registered model regarding its publication 800-30 "x_gov.nist#800-30/de-DE", # NIST's official translation to German as used in Germany of its model (regarding its publication) 800-30 "x_gov.nist#800-30//.de.bund.bsi$de-DE", # BSI's translation to German as used in Germany of NIST's model (regarding its publication) 800-30 - "x_com.example.test#bar/pl-PL/.com.example#foo/.org.example#bar/newfound", # valid BCP-47 tag and multiple segments - "com.example", # valid namespace with dots following reverse domain notation - "x_com.example#foo", # valid namespace with x_ prefix and dots following reverse domain notation + "x_example.test.test#test/pl-PL/.example.test#test/.example.test#test/newfound", # valid BCP-47 tag and multiple segments + "example.test", # valid namespace with dots following reverse domain notation + "x_example.test#test", # valid namespace with x_ prefix and dots following reverse domain notation "au.com.example", # valid namespace with dots following reverse domain notation for 2-letter TLD "x_au.com.example#bar" # valid namespace with x_ prefix and dots following reverse domain notation - "abc//.com.example#foo", - "abc//.com.au.example#foo", - "abc//.com.example#foo/.foo.bar#bar", + "abc//.example.test#test", + "abc//.com.au.example#test", + "abc//.example.test#test/.example.test#test", "foo.bar//.baz.quux#foo", ] self.expect_fail = [ @@ -110,9 +110,9 @@ def test_base_pattern(self): "a", # too short "9abc", # starts with a number "x_foo", # no x_ in base pattern - "com.example#foo", # no hashes in base - "com.example##foo", # double hash - "com.example#foo#bar", # multiple hashes not allowed + "example.test#test", # no hashes in base + "example.test##test", # double hash + "example.test.test#test#test", # multiple hashes not allowed "contains..double.dot", # double dot "contains--double-dash", # double dash "contains_underscore", # underscore not allowed @@ -131,7 +131,7 @@ def test_base_ns_pattern(self): x_success = [ "abc", "abc-with-dashes", # dashes are allowed in the base pattern - "x_example.com#foo", + "x_example.test#test", ] x_fail = [ "9abc", # starts with a number @@ -209,8 +209,8 @@ def test_ext_segment_pattern(self): "invalid.segment.", # ends with a dot "invalid.segment-", # ends with a dash "invalid/segment", # slash not allowed - "com.example##foo", # hashes not allows - "com.example#foo", # hashes not allows + "example.test##test", # hashes not allowed + "example.test#test", # hashes not allowed "invalid#segment#with#multiple#hashes", # multiple hashes not allowed "invalid/segment/", # ends with a slash ] diff --git a/src/test/utils/test_toposort.py b/src/test/utils/test_toposort.py index 104bc95d..eab7d7cc 100644 --- a/src/test/utils/test_toposort.py +++ b/src/test/utils/test_toposort.py @@ -72,7 +72,7 @@ def setUp(self): from ssvc.decision_points.base import DecisionPoint, DecisionPointValue self.dp1 = DecisionPoint( - namespace="x_com.example#foo", + namespace="x_example.test#test", name="Decision Point 1", key="DP1", version="1.0.0", @@ -87,7 +87,7 @@ def setUp(self): ], ) self.dp2 = DecisionPoint( - namespace="x_com.example#foo", + namespace="x_example.test#test", name="Decision Point 2", key="DP2", version="1.0.0", From b277f90f7e4fd4a79708574ba5d5c836c7aae911 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 19 Aug 2025 15:39:42 -0400 Subject: [PATCH 288/468] uv --project=./src add "fastapi[standard]" --- src/pyproject.toml | 1 + src/uv.lock | 477 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 478 insertions(+) diff --git a/src/pyproject.toml b/src/pyproject.toml index a2b099c3..e0d5e5a0 100644 --- a/src/pyproject.toml +++ b/src/pyproject.toml @@ -49,6 +49,7 @@ dependencies = [ "networkx==3.4.2", "pydantic==2.11.7", "semver==3.0.4", + "fastapi[standard]>=0.116.1", ] dynamic = ["version",] diff --git a/src/uv.lock b/src/uv.lock index 396bb023..22312702 100644 --- a/src/uv.lock +++ b/src/uv.lock @@ -11,6 +11,20 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/78/b6/6307fbef88d9b5ee7421e68d78a9f162e0da4900bc5f5793f6d3d0e34fb8/annotated_types-0.7.0-py3-none-any.whl", hash = "sha256:1f02e8b43a8fbbc3f3e0d4f0f4bfc8131bcb4eebe8849b8e5c773f3a1c582a53", size = 13643, upload-time = "2024-05-20T21:33:24.1Z" }, ] +[[package]] +name = "anyio" +version = "4.10.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "idna" }, + { name = "sniffio" }, + { name = "typing-extensions", marker = "python_full_version < '3.13'" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/f1/b4/636b3b65173d3ce9a38ef5f0522789614e590dab6a8d505340a4efe4c567/anyio-4.10.0.tar.gz", hash = "sha256:3f3fae35c96039744587aa5b8371e7e8e603c0702999535961dd336026973ba6", size = 213252, upload-time = "2025-08-04T08:54:26.451Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/6f/12/e5e0282d673bb9746bacfb6e2dba8719989d3660cdb2ea79aee9a9651afb/anyio-4.10.0-py3-none-any.whl", hash = "sha256:60e474ac86736bbfd6f210f7a61218939c318f43f9972497381f1c5e930ed3d1", size = 107213, upload-time = "2025-08-04T08:54:24.882Z" }, +] + [[package]] name = "attrs" version = "25.3.0" @@ -124,6 +138,90 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/d1/d6/3965ed04c63042e047cb6a3e6ed1a63a35087b6a609aa3a15ed8ac56c221/colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6", size = 25335, upload-time = "2022-10-25T02:36:20.889Z" }, ] +[[package]] +name = "dnspython" +version = "2.7.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/b5/4a/263763cb2ba3816dd94b08ad3a33d5fdae34ecb856678773cc40a3605829/dnspython-2.7.0.tar.gz", hash = "sha256:ce9c432eda0dc91cf618a5cedf1a4e142651196bbcd2c80e89ed5a907e5cfaf1", size = 345197, upload-time = "2024-10-05T20:14:59.362Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/68/1b/e0a87d256e40e8c888847551b20a017a6b98139178505dc7ffb96f04e954/dnspython-2.7.0-py3-none-any.whl", hash = "sha256:b4c34b7d10b51bcc3a5071e7b8dee77939f1e878477eeecc965e9835f63c6c86", size = 313632, upload-time = "2024-10-05T20:14:57.687Z" }, +] + +[[package]] +name = "email-validator" +version = "2.2.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "dnspython" }, + { name = "idna" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/48/ce/13508a1ec3f8bb981ae4ca79ea40384becc868bfae97fd1c942bb3a001b1/email_validator-2.2.0.tar.gz", hash = "sha256:cb690f344c617a714f22e66ae771445a1ceb46821152df8e165c5f9a364582b7", size = 48967, upload-time = "2024-06-20T11:30:30.034Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/d7/ee/bf0adb559ad3c786f12bcbc9296b3f5675f529199bef03e2df281fa1fadb/email_validator-2.2.0-py3-none-any.whl", hash = "sha256:561977c2d73ce3611850a06fa56b414621e0c8faa9d66f2611407d87465da631", size = 33521, upload-time = "2024-06-20T11:30:28.248Z" }, +] + +[[package]] +name = "fastapi" +version = "0.116.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "pydantic" }, + { name = "starlette" }, + { name = "typing-extensions" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/78/d7/6c8b3bfe33eeffa208183ec037fee0cce9f7f024089ab1c5d12ef04bd27c/fastapi-0.116.1.tar.gz", hash = "sha256:ed52cbf946abfd70c5a0dccb24673f0670deeb517a88b3544d03c2a6bf283143", size = 296485, upload-time = "2025-07-11T16:22:32.057Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e5/47/d63c60f59a59467fda0f93f46335c9d18526d7071f025cb5b89d5353ea42/fastapi-0.116.1-py3-none-any.whl", hash = "sha256:c46ac7c312df840f0c9e220f7964bada936781bc4e2e6eb71f1c4d7553786565", size = 95631, upload-time = "2025-07-11T16:22:30.485Z" }, +] + +[package.optional-dependencies] +standard = [ + { name = "email-validator" }, + { name = "fastapi-cli", extra = ["standard"] }, + { name = "httpx" }, + { name = "jinja2" }, + { name = "python-multipart" }, + { name = "uvicorn", extra = ["standard"] }, +] + +[[package]] +name = "fastapi-cli" +version = "0.0.8" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "rich-toolkit" }, + { name = "typer" }, + { name = "uvicorn", extra = ["standard"] }, +] +sdist = { url = "https://files.pythonhosted.org/packages/c6/94/3ef75d9c7c32936ecb539b9750ccbdc3d2568efd73b1cb913278375f4533/fastapi_cli-0.0.8.tar.gz", hash = "sha256:2360f2989b1ab4a3d7fc8b3a0b20e8288680d8af2e31de7c38309934d7f8a0ee", size = 16884, upload-time = "2025-07-07T14:44:09.326Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e0/3f/6ad3103c5f59208baf4c798526daea6a74085bb35d1c161c501863470476/fastapi_cli-0.0.8-py3-none-any.whl", hash = "sha256:0ea95d882c85b9219a75a65ab27e8da17dac02873e456850fa0a726e96e985eb", size = 10770, upload-time = "2025-07-07T14:44:08.255Z" }, +] + +[package.optional-dependencies] +standard = [ + { name = "fastapi-cloud-cli" }, + { name = "uvicorn", extra = ["standard"] }, +] + +[[package]] +name = "fastapi-cloud-cli" +version = "0.1.5" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "httpx" }, + { name = "pydantic", extra = ["email"] }, + { name = "rich-toolkit" }, + { name = "rignore" }, + { name = "sentry-sdk" }, + { name = "typer" }, + { name = "uvicorn", extra = ["standard"] }, +] +sdist = { url = "https://files.pythonhosted.org/packages/a9/2e/3b6e5016affc310e5109bc580f760586eabecea0c8a7ab067611cd849ac0/fastapi_cloud_cli-0.1.5.tar.gz", hash = "sha256:341ee585eb731a6d3c3656cb91ad38e5f39809bf1a16d41de1333e38635a7937", size = 22710, upload-time = "2025-07-28T13:30:48.216Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e5/a6/5aa862489a2918a096166fd98d9fe86b7fd53c607678b3fa9d8c432d88d5/fastapi_cloud_cli-0.1.5-py3-none-any.whl", hash = "sha256:d80525fb9c0e8af122370891f9fa83cf5d496e4ad47a8dd26c0496a6c85a012a", size = 18992, upload-time = "2025-07-28T13:30:47.427Z" }, +] + [[package]] name = "ghp-import" version = "2.1.0" @@ -148,6 +246,65 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/13/f2/4fab6c3e5bcaf38a44cc8a974d2752eaad4c129e45d6533d926a30edd133/griffe-1.12.1-py3-none-any.whl", hash = "sha256:2d7c12334de00089c31905424a00abcfd931b45b8b516967f224133903d302cc", size = 138940, upload-time = "2025-08-14T21:08:13.382Z" }, ] +[[package]] +name = "h11" +version = "0.16.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/01/ee/02a2c011bdab74c6fb3c75474d40b3052059d95df7e73351460c8588d963/h11-0.16.0.tar.gz", hash = "sha256:4e35b956cf45792e4caa5885e69fba00bdbc6ffafbfa020300e549b208ee5ff1", size = 101250, upload-time = "2025-04-24T03:35:25.427Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/04/4b/29cac41a4d98d144bf5f6d33995617b185d14b22401f75ca86f384e87ff1/h11-0.16.0-py3-none-any.whl", hash = "sha256:63cf8bbe7522de3bf65932fda1d9c2772064ffb3dae62d55932da54b31cb6c86", size = 37515, upload-time = "2025-04-24T03:35:24.344Z" }, +] + +[[package]] +name = "httpcore" +version = "1.0.9" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "certifi" }, + { name = "h11" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/06/94/82699a10bca87a5556c9c59b5963f2d039dbd239f25bc2a63907a05a14cb/httpcore-1.0.9.tar.gz", hash = "sha256:6e34463af53fd2ab5d807f399a9b45ea31c3dfa2276f15a2c3f00afff6e176e8", size = 85484, upload-time = "2025-04-24T22:06:22.219Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/7e/f5/f66802a942d491edb555dd61e3a9961140fd64c90bce1eafd741609d334d/httpcore-1.0.9-py3-none-any.whl", hash = "sha256:2d400746a40668fc9dec9810239072b40b4484b640a8c38fd654a024c7a1bf55", size = 78784, upload-time = "2025-04-24T22:06:20.566Z" }, +] + +[[package]] +name = "httptools" +version = "0.6.4" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/a7/9a/ce5e1f7e131522e6d3426e8e7a490b3a01f39a6696602e1c4f33f9e94277/httptools-0.6.4.tar.gz", hash = "sha256:4e93eee4add6493b59a5c514da98c939b244fce4a0d8879cd3f466562f4b7d5c", size = 240639, upload-time = "2024-10-16T19:45:08.902Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/bb/0e/d0b71465c66b9185f90a091ab36389a7352985fe857e352801c39d6127c8/httptools-0.6.4-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:df017d6c780287d5c80601dafa31f17bddb170232d85c066604d8558683711a2", size = 200683, upload-time = "2024-10-16T19:44:30.175Z" }, + { url = "https://files.pythonhosted.org/packages/e2/b8/412a9bb28d0a8988de3296e01efa0bd62068b33856cdda47fe1b5e890954/httptools-0.6.4-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:85071a1e8c2d051b507161f6c3e26155b5c790e4e28d7f236422dbacc2a9cc44", size = 104337, upload-time = "2024-10-16T19:44:31.786Z" }, + { url = "https://files.pythonhosted.org/packages/9b/01/6fb20be3196ffdc8eeec4e653bc2a275eca7f36634c86302242c4fbb2760/httptools-0.6.4-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:69422b7f458c5af875922cdb5bd586cc1f1033295aa9ff63ee196a87519ac8e1", size = 508796, upload-time = "2024-10-16T19:44:32.825Z" }, + { url = "https://files.pythonhosted.org/packages/f7/d8/b644c44acc1368938317d76ac991c9bba1166311880bcc0ac297cb9d6bd7/httptools-0.6.4-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:16e603a3bff50db08cd578d54f07032ca1631450ceb972c2f834c2b860c28ea2", size = 510837, upload-time = "2024-10-16T19:44:33.974Z" }, + { url = "https://files.pythonhosted.org/packages/52/d8/254d16a31d543073a0e57f1c329ca7378d8924e7e292eda72d0064987486/httptools-0.6.4-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:ec4f178901fa1834d4a060320d2f3abc5c9e39766953d038f1458cb885f47e81", size = 485289, upload-time = "2024-10-16T19:44:35.111Z" }, + { url = "https://files.pythonhosted.org/packages/5f/3c/4aee161b4b7a971660b8be71a92c24d6c64372c1ab3ae7f366b3680df20f/httptools-0.6.4-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:f9eb89ecf8b290f2e293325c646a211ff1c2493222798bb80a530c5e7502494f", size = 489779, upload-time = "2024-10-16T19:44:36.253Z" }, + { url = "https://files.pythonhosted.org/packages/12/b7/5cae71a8868e555f3f67a50ee7f673ce36eac970f029c0c5e9d584352961/httptools-0.6.4-cp312-cp312-win_amd64.whl", hash = "sha256:db78cb9ca56b59b016e64b6031eda5653be0589dba2b1b43453f6e8b405a0970", size = 88634, upload-time = "2024-10-16T19:44:37.357Z" }, + { url = "https://files.pythonhosted.org/packages/94/a3/9fe9ad23fd35f7de6b91eeb60848986058bd8b5a5c1e256f5860a160cc3e/httptools-0.6.4-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:ade273d7e767d5fae13fa637f4d53b6e961fb7fd93c7797562663f0171c26660", size = 197214, upload-time = "2024-10-16T19:44:38.738Z" }, + { url = "https://files.pythonhosted.org/packages/ea/d9/82d5e68bab783b632023f2fa31db20bebb4e89dfc4d2293945fd68484ee4/httptools-0.6.4-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:856f4bc0478ae143bad54a4242fccb1f3f86a6e1be5548fecfd4102061b3a083", size = 102431, upload-time = "2024-10-16T19:44:39.818Z" }, + { url = "https://files.pythonhosted.org/packages/96/c1/cb499655cbdbfb57b577734fde02f6fa0bbc3fe9fb4d87b742b512908dff/httptools-0.6.4-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:322d20ea9cdd1fa98bd6a74b77e2ec5b818abdc3d36695ab402a0de8ef2865a3", size = 473121, upload-time = "2024-10-16T19:44:41.189Z" }, + { url = "https://files.pythonhosted.org/packages/af/71/ee32fd358f8a3bb199b03261f10921716990808a675d8160b5383487a317/httptools-0.6.4-cp313-cp313-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4d87b29bd4486c0093fc64dea80231f7c7f7eb4dc70ae394d70a495ab8436071", size = 473805, upload-time = "2024-10-16T19:44:42.384Z" }, + { url = "https://files.pythonhosted.org/packages/8a/0a/0d4df132bfca1507114198b766f1737d57580c9ad1cf93c1ff673e3387be/httptools-0.6.4-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:342dd6946aa6bda4b8f18c734576106b8a31f2fe31492881a9a160ec84ff4bd5", size = 448858, upload-time = "2024-10-16T19:44:43.959Z" }, + { url = "https://files.pythonhosted.org/packages/1e/6a/787004fdef2cabea27bad1073bf6a33f2437b4dbd3b6fb4a9d71172b1c7c/httptools-0.6.4-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:4b36913ba52008249223042dca46e69967985fb4051951f94357ea681e1f5dc0", size = 452042, upload-time = "2024-10-16T19:44:45.071Z" }, + { url = "https://files.pythonhosted.org/packages/4d/dc/7decab5c404d1d2cdc1bb330b1bf70e83d6af0396fd4fc76fc60c0d522bf/httptools-0.6.4-cp313-cp313-win_amd64.whl", hash = "sha256:28908df1b9bb8187393d5b5db91435ccc9c8e891657f9cbb42a2541b44c82fc8", size = 87682, upload-time = "2024-10-16T19:44:46.46Z" }, +] + +[[package]] +name = "httpx" +version = "0.28.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "anyio" }, + { name = "certifi" }, + { name = "httpcore" }, + { name = "idna" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/b1/df/48c586a5fe32a0f01324ee087459e112ebb7224f646c0b5023f5e79e9956/httpx-0.28.1.tar.gz", hash = "sha256:75e98c5f16b0f35b567856f597f06ff2270a374470a5c2392242528e3e3e42fc", size = 141406, upload-time = "2024-12-06T15:37:23.222Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/2a/39/e50c7c3a983047577ee07d2a9e53faf5a69493943ec3f6a384bdc792deb2/httpx-0.28.1-py3-none-any.whl", hash = "sha256:d909fcccc110f8c7faf814ca82a9a4d816bc5a6dbfea25d6591d6985b8ba59ad", size = 73517, upload-time = "2024-12-06T15:37:21.509Z" }, +] + [[package]] name = "idna" version = "3.10" @@ -249,6 +406,18 @@ ansi = [ { name = "pygments-ansi-color" }, ] +[[package]] +name = "markdown-it-py" +version = "4.0.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "mdurl" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/5b/f5/4ec618ed16cc4f8fb3b701563655a69816155e79e24a17b651541804721d/markdown_it_py-4.0.0.tar.gz", hash = "sha256:cb0a2b4aa34f932c007117b194e945bd74e0ec24133ceb5bac59009cda1cb9f3", size = 73070, upload-time = "2025-08-11T12:57:52.854Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/94/54/e7d793b573f298e1c9013b8c4dade17d481164aa517d1d7148619c2cedbf/markdown_it_py-4.0.0-py3-none-any.whl", hash = "sha256:87327c59b172c5011896038353a81343b6754500a08cd7a4973bb48c6d578147", size = 87321, upload-time = "2025-08-11T12:57:51.923Z" }, +] + [[package]] name = "markupsafe" version = "3.0.2" @@ -287,6 +456,15 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/4f/65/6079a46068dfceaeabb5dcad6d674f5f5c61a6fa5673746f42a9f4c233b3/MarkupSafe-3.0.2-cp313-cp313t-win_amd64.whl", hash = "sha256:e444a31f8db13eb18ada366ab3cf45fd4b31e4db1236a4448f68778c1d1a5a2f", size = 15739, upload-time = "2024-10-18T15:21:42.784Z" }, ] +[[package]] +name = "mdurl" +version = "0.1.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/d6/54/cfe61301667036ec958cb99bd3efefba235e65cdeb9c84d24a8293ba1d90/mdurl-0.1.2.tar.gz", hash = "sha256:bb413d29f5eea38f31dd4754dd7377d4465116fb207585f97bf925588687c1ba", size = 8729, upload-time = "2022-08-14T12:40:10.846Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/b3/38/89ba8ad64ae25be8de66a6d463314cf1eb366222074cfda9ee839c56a4b4/mdurl-0.1.2-py3-none-any.whl", hash = "sha256:84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8", size = 9979, upload-time = "2022-08-14T12:40:09.779Z" }, +] + [[package]] name = "mergedeep" version = "1.3.4" @@ -647,6 +825,11 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/6a/c0/ec2b1c8712ca690e5d61979dee872603e92b8a32f94cc1b72d53beab008a/pydantic-2.11.7-py3-none-any.whl", hash = "sha256:dde5df002701f6de26248661f6835bbe296a47bf73990135c7d07ce741b9623b", size = 444782, upload-time = "2025-06-14T08:33:14.905Z" }, ] +[package.optional-dependencies] +email = [ + { name = "email-validator" }, +] + [[package]] name = "pydantic-core" version = "2.33.2" @@ -760,6 +943,24 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/ec/57/56b9bcc3c9c6a792fcbaf139543cee77261f3651ca9da0c93f5c1221264b/python_dateutil-2.9.0.post0-py2.py3-none-any.whl", hash = "sha256:a8b2bc7bffae282281c8140a97d3aa9c14da0b136dfe83f850eea9a5f7470427", size = 229892, upload-time = "2024-03-01T18:36:18.57Z" }, ] +[[package]] +name = "python-dotenv" +version = "1.1.1" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/f6/b0/4bc07ccd3572a2f9df7e6782f52b0c6c90dcbb803ac4a167702d7d0dfe1e/python_dotenv-1.1.1.tar.gz", hash = "sha256:a8a6399716257f45be6a007360200409fce5cda2661e3dec71d23dc15f6189ab", size = 41978, upload-time = "2025-06-24T04:21:07.341Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/5f/ed/539768cf28c661b5b068d66d96a2f155c4971a5d55684a514c1a0e0dec2f/python_dotenv-1.1.1-py3-none-any.whl", hash = "sha256:31f23644fe2602f88ff55e1f5c79ba497e01224ee7737937930c448e4d0e24dc", size = 20556, upload-time = "2025-06-24T04:21:06.073Z" }, +] + +[[package]] +name = "python-multipart" +version = "0.0.20" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/f3/87/f44d7c9f274c7ee665a29b885ec97089ec5dc034c7f3fafa03da9e39a09e/python_multipart-0.0.20.tar.gz", hash = "sha256:8dd0cab45b8e23064ae09147625994d090fa46f5b0d1e13af944c331a7fa9d13", size = 37158, upload-time = "2024-12-16T19:45:46.972Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/45/58/38b5afbc1a800eeea951b9285d3912613f2603bdf897a4ab0f4bd7f405fc/python_multipart-0.0.20-py3-none-any.whl", hash = "sha256:8a62d3a8335e06589fe01f2a3e178cdcc632f3fbe0d492ad9ee0ec35aab1f104", size = 24546, upload-time = "2024-12-16T19:45:44.423Z" }, +] + [[package]] name = "pytz" version = "2025.2" @@ -888,6 +1089,79 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/1c/4c/cc276ce57e572c102d9542d383b2cfd551276581dc60004cb94fe8774c11/responses-0.25.8-py3-none-any.whl", hash = "sha256:0c710af92def29c8352ceadff0c3fe340ace27cf5af1bbe46fb71275bcd2831c", size = 34769, upload-time = "2025-08-08T19:01:45.018Z" }, ] +[[package]] +name = "rich" +version = "14.1.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "markdown-it-py" }, + { name = "pygments" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/fe/75/af448d8e52bf1d8fa6a9d089ca6c07ff4453d86c65c145d0a300bb073b9b/rich-14.1.0.tar.gz", hash = "sha256:e497a48b844b0320d45007cdebfeaeed8db2a4f4bcf49f15e455cfc4af11eaa8", size = 224441, upload-time = "2025-07-25T07:32:58.125Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e3/30/3c4d035596d3cf444529e0b2953ad0466f6049528a879d27534700580395/rich-14.1.0-py3-none-any.whl", hash = "sha256:536f5f1785986d6dbdea3c75205c473f970777b4a0d6c6dd1b696aa05a3fa04f", size = 243368, upload-time = "2025-07-25T07:32:56.73Z" }, +] + +[[package]] +name = "rich-toolkit" +version = "0.15.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "click" }, + { name = "rich" }, + { name = "typing-extensions" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/65/36/cdb3d51371ad0cccbf1541506304783bd72d55790709b8eb68c0d401a13a/rich_toolkit-0.15.0.tar.gz", hash = "sha256:3f5730e9f2d36d0bfe01cf723948b7ecf4cc355d2b71e2c00e094f7963128c09", size = 115118, upload-time = "2025-08-11T10:55:37.909Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/75/e4/b0794eefb3cf78566b15e5bf576492c1d4a92ce5f6da55675bc11e9ef5d8/rich_toolkit-0.15.0-py3-none-any.whl", hash = "sha256:ddb91008283d4a7989fd8ff0324a48773a7a2276229c6a3070755645538ef1bb", size = 29062, upload-time = "2025-08-11T10:55:37.152Z" }, +] + +[[package]] +name = "rignore" +version = "0.6.4" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/73/46/05a94dc55ac03cf931d18e43b86ecee5ee054cb88b7853fffd741e35009c/rignore-0.6.4.tar.gz", hash = "sha256:e893fdd2d7fdcfa9407d0b7600ef2c2e2df97f55e1c45d4a8f54364829ddb0ab", size = 11633, upload-time = "2025-07-19T19:24:46.219Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/ec/6c/e5af4383cdd7829ef9aa63ac82a6507983e02dbc7c2e7b9aa64b7b8e2c7a/rignore-0.6.4-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:74720d074b79f32449d5d212ce732e0144a294a184246d1f1e7bcc1fc5c83b69", size = 885885, upload-time = "2025-07-19T19:23:53.236Z" }, + { url = "https://files.pythonhosted.org/packages/89/3e/1b02a868830e464769aa417ee195ac352fe71ff818df8ce50c4b998edb9c/rignore-0.6.4-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:0a8184fcf567bd6b6d7b85a0c138d98dd40f63054141c96b175844414c5530d7", size = 819736, upload-time = "2025-07-19T19:23:46.565Z" }, + { url = "https://files.pythonhosted.org/packages/e0/75/b9be0c523d97c09f3c6508a67ce376aba4efe41c333c58903a0d7366439a/rignore-0.6.4-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:bcb0d7d7ecc3fbccf6477bb187c04a091579ea139f15f139abe0b3b48bdfef69", size = 892779, upload-time = "2025-07-19T19:22:35.167Z" }, + { url = "https://files.pythonhosted.org/packages/91/f4/3064b06233697f2993485d132f06fe95061fef71631485da75aed246c4fd/rignore-0.6.4-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:feac73377a156fb77b3df626c76f7e5893d9b4e9e886ac8c0f9d44f1206a2a91", size = 872116, upload-time = "2025-07-19T19:22:47.828Z" }, + { url = "https://files.pythonhosted.org/packages/99/94/cb8e7af9a3c0a665f10e2366144e0ebc66167cf846aca5f1ac31b3661598/rignore-0.6.4-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:465179bc30beb1f7a3439e428739a2b5777ed26660712b8c4e351b15a7c04483", size = 1163345, upload-time = "2025-07-19T19:23:00.557Z" }, + { url = "https://files.pythonhosted.org/packages/86/6b/49faa7ad85ceb6ccef265df40091d9992232d7f6055fa664fe0a8b13781c/rignore-0.6.4-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:4a4877b4dca9cf31a4d09845b300c677c86267657540d0b4d3e6d0ce3110e6e9", size = 939967, upload-time = "2025-07-19T19:23:13.494Z" }, + { url = "https://files.pythonhosted.org/packages/80/c8/b91afda10bd5ca1e3a80463340b899c0dc26a7750a9f3c94f668585c7f40/rignore-0.6.4-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:456456802b1e77d1e2d149320ee32505b8183e309e228129950b807d204ddd17", size = 949717, upload-time = "2025-07-19T19:23:36.404Z" }, + { url = "https://files.pythonhosted.org/packages/3f/f1/88bfdde58ae3fb1c1a92bb801f492eea8eafcdaf05ab9b75130023a4670b/rignore-0.6.4-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:4c1ff2fc223f1d9473d36923160af37bf765548578eb9d47a2f52e90da8ae408", size = 975534, upload-time = "2025-07-19T19:23:25.988Z" }, + { url = "https://files.pythonhosted.org/packages/aa/8f/a80b4a2e48ceba56ba19e096d41263d844757e10aa36ede212571b5d8117/rignore-0.6.4-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:e445fbc214ae18e0e644a78086ea5d0f579e210229a4fbe86367d11a4cd03c11", size = 1067837, upload-time = "2025-07-19T19:23:59.888Z" }, + { url = "https://files.pythonhosted.org/packages/7d/90/0905597af0e78748909ef58418442a480ddd93e9fc89b0ca9ab170c357c0/rignore-0.6.4-cp312-cp312-musllinux_1_2_armv7l.whl", hash = "sha256:e07d9c5270fc869bc431aadcfb6ed0447f89b8aafaa666914c077435dc76a123", size = 1134959, upload-time = "2025-07-19T19:24:12.396Z" }, + { url = "https://files.pythonhosted.org/packages/cc/7d/0fa29adf9183b61947ce6dc8a1a9779a8ea16573f557be28ec893f6ddbaa/rignore-0.6.4-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:7a6ccc0ea83d2c0c6df6b166f2acacedcc220a516436490f41e99a5ae73b6019", size = 1109708, upload-time = "2025-07-19T19:24:24.176Z" }, + { url = "https://files.pythonhosted.org/packages/4e/a7/92892ed86b2e36da403dd3a0187829f2d880414cef75bd612bfdf4dedebc/rignore-0.6.4-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:536392c5ec91755db48389546c833c4ab1426fe03e5a8522992b54ef8a244e7e", size = 1120546, upload-time = "2025-07-19T19:24:36.377Z" }, + { url = "https://files.pythonhosted.org/packages/31/1b/d29ae1fe901d523741d6d1d3ffe0d630734dd0ed6b047628a69c1e15ea44/rignore-0.6.4-cp312-cp312-win32.whl", hash = "sha256:f5f9dca46fc41c0a1e236767f68be9d63bdd2726db13a0ae3a30f68414472969", size = 642005, upload-time = "2025-07-19T19:24:56.671Z" }, + { url = "https://files.pythonhosted.org/packages/1a/41/a224944824688995374e4525115ce85fecd82442fc85edd5bcd81f4f256d/rignore-0.6.4-cp312-cp312-win_amd64.whl", hash = "sha256:e02eecb9e1b9f9bf7c9030ae73308a777bed3b2486204cc74dfcfbe699ab1497", size = 720358, upload-time = "2025-07-19T19:24:49.959Z" }, + { url = "https://files.pythonhosted.org/packages/db/a3/edd7d0d5cc0720de132b6651cef95ee080ce5fca11c77d8a47db848e5f90/rignore-0.6.4-cp313-cp313-macosx_10_12_x86_64.whl", hash = "sha256:2b3b1e266ce45189240d14dfa1057f8013ea34b9bc8b3b44125ec8d25fdb3985", size = 885304, upload-time = "2025-07-19T19:23:54.268Z" }, + { url = "https://files.pythonhosted.org/packages/93/a1/d8d2fb97a6548307507d049b7e93885d4a0dfa1c907af5983fd9f9362a21/rignore-0.6.4-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:45fe803628cc14714df10e8d6cdc23950a47eb9eb37dfea9a4779f4c672d2aa0", size = 818799, upload-time = "2025-07-19T19:23:47.544Z" }, + { url = "https://files.pythonhosted.org/packages/b1/cd/949981fcc180ad5ba7b31c52e78b74b2dea6b7bf744ad4c0c4b212f6da78/rignore-0.6.4-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e439f034277a947a4126e2da79dbb43e33d73d7c09d3d72a927e02f8a16f59aa", size = 892024, upload-time = "2025-07-19T19:22:36.18Z" }, + { url = "https://files.pythonhosted.org/packages/b0/d3/9042d701a8062d9c88f87760bbc2695ee2c23b3f002d34486b72a85f8efe/rignore-0.6.4-cp313-cp313-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:84b5121650ae24621154c7bdba8b8970b0739d8146505c9f38e0cda9385d1004", size = 871430, upload-time = "2025-07-19T19:22:49.62Z" }, + { url = "https://files.pythonhosted.org/packages/eb/50/3370249b984212b7355f3d9241aa6d02e706067c6d194a2614dfbc0f5b27/rignore-0.6.4-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:52b0957b585ab48a445cf8ac1dbc33a272ab060835e583b4f95aa8c67c23fb2b", size = 1160559, upload-time = "2025-07-19T19:23:01.629Z" }, + { url = "https://files.pythonhosted.org/packages/6c/6f/2ad7f925838091d065524f30a8abda846d1813eee93328febf262b5cda21/rignore-0.6.4-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:50359e0d5287b5e2743bd2f2fbf05df619c8282fd3af12f6628ff97b9675551d", size = 939947, upload-time = "2025-07-19T19:23:14.608Z" }, + { url = "https://files.pythonhosted.org/packages/1f/01/626ec94d62475ae7ef8b00ef98cea61cbea52a389a666703c97c4673d406/rignore-0.6.4-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:efe18096dcb1596757dfe0b412aab6d32564473ae7ee58dea0a8b4be5b1a2e3b", size = 949471, upload-time = "2025-07-19T19:23:37.521Z" }, + { url = "https://files.pythonhosted.org/packages/e8/c3/699c4f03b3c46f4b5c02f17a0a339225da65aad547daa5b03001e7c6a382/rignore-0.6.4-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:b79c212d9990a273ad91e8d9765e1766ef6ecedd3be65375d786a252762ba385", size = 974912, upload-time = "2025-07-19T19:23:27.13Z" }, + { url = "https://files.pythonhosted.org/packages/cd/35/04626c12f9f92a9fc789afc2be32838a5d9b23b6fa8b2ad4a8625638d15b/rignore-0.6.4-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:c6ffa7f2a8894c65aa5dc4e8ac8bbdf39a326c0c6589efd27686cfbb48f0197d", size = 1067281, upload-time = "2025-07-19T19:24:01.016Z" }, + { url = "https://files.pythonhosted.org/packages/fe/9c/8f17baf3b984afea151cb9094716f6f1fb8e8737db97fc6eb6d494bd0780/rignore-0.6.4-cp313-cp313-musllinux_1_2_armv7l.whl", hash = "sha256:a63f5720dffc8d8fb0a4d02fafb8370a4031ebf3f99a4e79f334a91e905b7349", size = 1134414, upload-time = "2025-07-19T19:24:13.534Z" }, + { url = "https://files.pythonhosted.org/packages/10/88/ef84ffa916a96437c12cefcc39d474122da9626d75e3a2ebe09ec5d32f1b/rignore-0.6.4-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:ce33982da47ac5dc09d19b04fa8d7c9aa6292fc0bd1ecf33076989faa8886094", size = 1109330, upload-time = "2025-07-19T19:24:25.303Z" }, + { url = "https://files.pythonhosted.org/packages/27/43/2ada5a2ec03b82e903610a1c483f516f78e47700ee6db9823f739e08b3af/rignore-0.6.4-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:d899621867aa266824fbd9150e298f19d25b93903ef0133c09f70c65a3416eca", size = 1120381, upload-time = "2025-07-19T19:24:37.798Z" }, + { url = "https://files.pythonhosted.org/packages/3b/99/e7bcc643085131cb14dbea772def72bf1f6fe9037171ebe177c4f228abc8/rignore-0.6.4-cp313-cp313-win32.whl", hash = "sha256:d0615a6bf4890ec5a90b5fb83666822088fbd4e8fcd740c386fcce51e2f6feea", size = 641761, upload-time = "2025-07-19T19:24:58.096Z" }, + { url = "https://files.pythonhosted.org/packages/d9/25/7798908044f27dea1a8abdc75c14523e33770137651e5f775a15143f4218/rignore-0.6.4-cp313-cp313-win_amd64.whl", hash = "sha256:145177f0e32716dc2f220b07b3cde2385b994b7ea28d5c96fbec32639e9eac6f", size = 719876, upload-time = "2025-07-19T19:24:51.125Z" }, + { url = "https://files.pythonhosted.org/packages/b4/e3/ae1e30b045bf004ad77bbd1679b9afff2be8edb166520921c6f29420516a/rignore-0.6.4-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e55bf8f9bbd186f58ab646b4a08718c77131d28a9004e477612b0cbbd5202db2", size = 891776, upload-time = "2025-07-19T19:22:37.78Z" }, + { url = "https://files.pythonhosted.org/packages/45/a9/1193e3bc23ca0e6eb4f17cf4b99971237f97cfa6f241d98366dff90a6d09/rignore-0.6.4-cp313-cp313t-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:2521f7bf3ee1f2ab22a100a3a4eed39a97b025804e5afe4323528e9ce8f084a5", size = 871442, upload-time = "2025-07-19T19:22:50.972Z" }, + { url = "https://files.pythonhosted.org/packages/20/83/4c52ae429a0b2e1ce667e35b480e9a6846f9468c443baeaed5d775af9485/rignore-0.6.4-cp313-cp313t-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:0cc35773a8a9c119359ef974d0856988d4601d4daa6f532c05f66b4587cf35bc", size = 1159844, upload-time = "2025-07-19T19:23:02.751Z" }, + { url = "https://files.pythonhosted.org/packages/c1/2f/c740f5751f464c937bfe252dc15a024ae081352cfe80d94aa16d6a617482/rignore-0.6.4-cp313-cp313t-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b665b1ea14457d7b49e834baabc635a3b8c10cfb5cca5c21161fabdbfc2b850e", size = 939456, upload-time = "2025-07-19T19:23:15.72Z" }, + { url = "https://files.pythonhosted.org/packages/fc/dd/68dbb08ac0edabf44dd144ff546a3fb0253c5af708e066847df39fc9188f/rignore-0.6.4-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:c7fd339f344a8548724f289495b835bed7b81174a0bc1c28c6497854bd8855db", size = 1067070, upload-time = "2025-07-19T19:24:02.803Z" }, + { url = "https://files.pythonhosted.org/packages/3b/3a/7e7ea6f0d31d3f5beb0f2cf2c4c362672f5f7f125714458673fc579e2bed/rignore-0.6.4-cp313-cp313t-musllinux_1_2_armv7l.whl", hash = "sha256:91dc94b1cc5af8d6d25ce6edd29e7351830f19b0a03b75cb3adf1f76d00f3007", size = 1134598, upload-time = "2025-07-19T19:24:15.039Z" }, + { url = "https://files.pythonhosted.org/packages/7e/06/1b3307f6437d29bede5a95738aa89e6d910ba68d4054175c9f60d8e2c6b1/rignore-0.6.4-cp313-cp313t-musllinux_1_2_i686.whl", hash = "sha256:4d1918221a249e5342b60fd5fa513bf3d6bf272a8738e66023799f0c82ecd788", size = 1108862, upload-time = "2025-07-19T19:24:26.765Z" }, + { url = "https://files.pythonhosted.org/packages/b0/d5/b37c82519f335f2c472a63fc6215c6f4c51063ecf3166e3acf508011afbd/rignore-0.6.4-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:240777332b859dc89dcba59ab6e3f1e062bc8e862ffa3e5f456e93f7fd5cb415", size = 1120002, upload-time = "2025-07-19T19:24:38.952Z" }, + { url = "https://files.pythonhosted.org/packages/ac/72/2f05559ed5e69bdfdb56ea3982b48e6c0017c59f7241f7e1c5cae992b347/rignore-0.6.4-cp314-cp314-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:66b0e548753e55cc648f1e7b02d9f74285fe48bb49cec93643d31e563773ab3f", size = 949454, upload-time = "2025-07-19T19:23:38.664Z" }, + { url = "https://files.pythonhosted.org/packages/0b/92/186693c8f838d670510ac1dfb35afbe964320fbffb343ba18f3d24441941/rignore-0.6.4-cp314-cp314-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:6971ac9fdd5a0bd299a181096f091c4f3fd286643adceba98eccc03c688a6637", size = 974663, upload-time = "2025-07-19T19:23:28.24Z" }, +] + [[package]] name = "rpds-py" version = "0.27.0" @@ -1062,6 +1336,19 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/a6/24/4d91e05817e92e3a61c8a21e08fd0f390f5301f1c448b137c57c4bc6e543/semver-3.0.4-py3-none-any.whl", hash = "sha256:9c824d87ba7f7ab4a1890799cec8596f15c1241cb473404ea1cb0c55e4b04746", size = 17912, upload-time = "2025-01-24T13:19:24.949Z" }, ] +[[package]] +name = "sentry-sdk" +version = "2.35.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "certifi" }, + { name = "urllib3" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/31/83/055dc157b719651ef13db569bb8cf2103df11174478649735c1b2bf3f6bc/sentry_sdk-2.35.0.tar.gz", hash = "sha256:5ea58d352779ce45d17bc2fa71ec7185205295b83a9dbb5707273deb64720092", size = 343014, upload-time = "2025-08-14T17:11:20.223Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/36/3d/742617a7c644deb0c1628dcf6bb2d2165ab7c6aab56fe5222758994007f8/sentry_sdk-2.35.0-py2.py3-none-any.whl", hash = "sha256:6e0c29b9a5d34de8575ffb04d289a987ff3053cf2c98ede445bea995e3830263", size = 363806, upload-time = "2025-08-14T17:11:18.29Z" }, +] + [[package]] name = "setuptools" version = "80.9.0" @@ -1071,6 +1358,15 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/a3/dc/17031897dae0efacfea57dfd3a82fdd2a2aeb58e0ff71b77b87e44edc772/setuptools-80.9.0-py3-none-any.whl", hash = "sha256:062d34222ad13e0cc312a4c02d73f059e86a4acbfbdea8f8f76b28c99f306922", size = 1201486, upload-time = "2025-05-27T00:56:49.664Z" }, ] +[[package]] +name = "shellingham" +version = "1.5.4" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/58/15/8b3609fd3830ef7b27b655beb4b4e9c62313a4e8da8c676e142cc210d58e/shellingham-1.5.4.tar.gz", hash = "sha256:8dbca0739d487e5bd35ab3ca4b36e11c4078f3a234bfce294b0a0291363404de", size = 10310, upload-time = "2023-10-24T04:13:40.426Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e0/f9/0595336914c5619e5f28a1fb793285925a8cd4b432c9da0a987836c7f822/shellingham-1.5.4-py2.py3-none-any.whl", hash = "sha256:7ecfff8f2fd72616f7481040475a65b2bf8af90a56c89140852d1120324e8686", size = 9755, upload-time = "2023-10-24T04:13:38.866Z" }, +] + [[package]] name = "six" version = "1.17.0" @@ -1080,10 +1376,20 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/b7/ce/149a00dd41f10bc29e5921b496af8b574d8413afcd5e30dfa0ed46c2cc5e/six-1.17.0-py2.py3-none-any.whl", hash = "sha256:4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274", size = 11050, upload-time = "2024-12-04T17:35:26.475Z" }, ] +[[package]] +name = "sniffio" +version = "1.3.1" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/a2/87/a6771e1546d97e7e041b6ae58d80074f81b7d5121207425c964ddf5cfdbd/sniffio-1.3.1.tar.gz", hash = "sha256:f4324edc670a0f49750a81b895f35c3adb843cca46f0530f79fc1babb23789dc", size = 20372, upload-time = "2024-02-25T23:20:04.057Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e9/44/75a9c9421471a6c4805dbf2356f7c181a29c1879239abab1ea2cc8f38b40/sniffio-1.3.1-py3-none-any.whl", hash = "sha256:2f6da418d1f1e0fddd844478f41680e794e6051915791a034ff65e5f100525a2", size = 10235, upload-time = "2024-02-25T23:20:01.196Z" }, +] + [[package]] name = "ssvc" source = { editable = "." } dependencies = [ + { name = "fastapi", extra = ["standard"] }, { name = "jsonschema" }, { name = "markdown-exec", extra = ["ansi"] }, { name = "mkdocs" }, @@ -1111,6 +1417,7 @@ dev = [ [package.metadata] requires-dist = [ + { name = "fastapi", extras = ["standard"], specifier = ">=0.116.1" }, { name = "jsonschema", specifier = "==4.25.0" }, { name = "markdown-exec", extras = ["ansi"], specifier = "==1.11.0" }, { name = "mkdocs", specifier = "==1.6.1" }, @@ -1134,6 +1441,19 @@ requires-dist = [ [package.metadata.requires-dev] dev = [{ name = "pytest", specifier = ">=8.4.1" }] +[[package]] +name = "starlette" +version = "0.47.2" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "anyio" }, + { name = "typing-extensions", marker = "python_full_version < '3.13'" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/04/57/d062573f391d062710d4088fa1369428c38d51460ab6fedff920efef932e/starlette-0.47.2.tar.gz", hash = "sha256:6ae9aa5db235e4846decc1e7b79c4f346adf41e9777aebeb49dfd09bbd7023d8", size = 2583948, upload-time = "2025-07-20T17:31:58.522Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/f7/1f/b876b1f83aef204198a42dc101613fefccb32258e5428b5f9259677864b4/starlette-0.47.2-py3-none-any.whl", hash = "sha256:c5847e96134e5c5371ee9fac6fdf1a67336d5815e09eb2a01fdb57a351ef915b", size = 72984, upload-time = "2025-07-20T17:31:56.738Z" }, +] + [[package]] name = "tabulate" version = "0.9.0" @@ -1164,6 +1484,21 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/32/d5/f9a850d79b0851d1d4ef6456097579a9005b31fea68726a4ae5f2d82ddd9/threadpoolctl-3.6.0-py3-none-any.whl", hash = "sha256:43a0b8fd5a2928500110039e43a5eed8480b918967083ea48dc3ab9f13c4a7fb", size = 18638, upload-time = "2025-03-13T13:49:21.846Z" }, ] +[[package]] +name = "typer" +version = "0.16.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "click" }, + { name = "rich" }, + { name = "shellingham" }, + { name = "typing-extensions" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/43/78/d90f616bf5f88f8710ad067c1f8705bf7618059836ca084e5bb2a0855d75/typer-0.16.1.tar.gz", hash = "sha256:d358c65a464a7a90f338e3bb7ff0c74ac081449e53884b12ba658cbd72990614", size = 102836, upload-time = "2025-08-18T19:18:22.898Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/2d/76/06dbe78f39b2203d2a47d5facc5df5102d0561e2807396471b5f7c5a30a1/typer-0.16.1-py3-none-any.whl", hash = "sha256:90ee01cb02d9b8395ae21ee3368421faf21fa138cb2a541ed369c08cec5237c9", size = 46397, upload-time = "2025-08-18T19:18:21.663Z" }, +] + [[package]] name = "typing-extensions" version = "4.14.1" @@ -1203,6 +1538,50 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/a7/c2/fe1e52489ae3122415c51f387e221dd0773709bad6c6cdaa599e8a2c5185/urllib3-2.5.0-py3-none-any.whl", hash = "sha256:e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc", size = 129795, upload-time = "2025-06-18T14:07:40.39Z" }, ] +[[package]] +name = "uvicorn" +version = "0.35.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "click" }, + { name = "h11" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/5e/42/e0e305207bb88c6b8d3061399c6a961ffe5fbb7e2aa63c9234df7259e9cd/uvicorn-0.35.0.tar.gz", hash = "sha256:bc662f087f7cf2ce11a1d7fd70b90c9f98ef2e2831556dd078d131b96cc94a01", size = 78473, upload-time = "2025-06-28T16:15:46.058Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/d2/e2/dc81b1bd1dcfe91735810265e9d26bc8ec5da45b4c0f6237e286819194c3/uvicorn-0.35.0-py3-none-any.whl", hash = "sha256:197535216b25ff9b785e29a0b79199f55222193d47f820816e7da751e9bc8d4a", size = 66406, upload-time = "2025-06-28T16:15:44.816Z" }, +] + +[package.optional-dependencies] +standard = [ + { name = "colorama", marker = "sys_platform == 'win32'" }, + { name = "httptools" }, + { name = "python-dotenv" }, + { name = "pyyaml" }, + { name = "uvloop", marker = "platform_python_implementation != 'PyPy' and sys_platform != 'cygwin' and sys_platform != 'win32'" }, + { name = "watchfiles" }, + { name = "websockets" }, +] + +[[package]] +name = "uvloop" +version = "0.21.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/af/c0/854216d09d33c543f12a44b393c402e89a920b1a0a7dc634c42de91b9cf6/uvloop-0.21.0.tar.gz", hash = "sha256:3bf12b0fda68447806a7ad847bfa591613177275d35b6724b1ee573faa3704e3", size = 2492741, upload-time = "2024-10-14T23:38:35.489Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/8c/4c/03f93178830dc7ce8b4cdee1d36770d2f5ebb6f3d37d354e061eefc73545/uvloop-0.21.0-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:359ec2c888397b9e592a889c4d72ba3d6befba8b2bb01743f72fffbde663b59c", size = 1471284, upload-time = "2024-10-14T23:37:47.833Z" }, + { url = "https://files.pythonhosted.org/packages/43/3e/92c03f4d05e50f09251bd8b2b2b584a2a7f8fe600008bcc4523337abe676/uvloop-0.21.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:f7089d2dc73179ce5ac255bdf37c236a9f914b264825fdaacaded6990a7fb4c2", size = 821349, upload-time = "2024-10-14T23:37:50.149Z" }, + { url = "https://files.pythonhosted.org/packages/a6/ef/a02ec5da49909dbbfb1fd205a9a1ac4e88ea92dcae885e7c961847cd51e2/uvloop-0.21.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:baa4dcdbd9ae0a372f2167a207cd98c9f9a1ea1188a8a526431eef2f8116cc8d", size = 4580089, upload-time = "2024-10-14T23:37:51.703Z" }, + { url = "https://files.pythonhosted.org/packages/06/a7/b4e6a19925c900be9f98bec0a75e6e8f79bb53bdeb891916609ab3958967/uvloop-0.21.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:86975dca1c773a2c9864f4c52c5a55631038e387b47eaf56210f873887b6c8dc", size = 4693770, upload-time = "2024-10-14T23:37:54.122Z" }, + { url = "https://files.pythonhosted.org/packages/ce/0c/f07435a18a4b94ce6bd0677d8319cd3de61f3a9eeb1e5f8ab4e8b5edfcb3/uvloop-0.21.0-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:461d9ae6660fbbafedd07559c6a2e57cd553b34b0065b6550685f6653a98c1cb", size = 4451321, upload-time = "2024-10-14T23:37:55.766Z" }, + { url = "https://files.pythonhosted.org/packages/8f/eb/f7032be105877bcf924709c97b1bf3b90255b4ec251f9340cef912559f28/uvloop-0.21.0-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:183aef7c8730e54c9a3ee3227464daed66e37ba13040bb3f350bc2ddc040f22f", size = 4659022, upload-time = "2024-10-14T23:37:58.195Z" }, + { url = "https://files.pythonhosted.org/packages/3f/8d/2cbef610ca21539f0f36e2b34da49302029e7c9f09acef0b1c3b5839412b/uvloop-0.21.0-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:bfd55dfcc2a512316e65f16e503e9e450cab148ef11df4e4e679b5e8253a5281", size = 1468123, upload-time = "2024-10-14T23:38:00.688Z" }, + { url = "https://files.pythonhosted.org/packages/93/0d/b0038d5a469f94ed8f2b2fce2434a18396d8fbfb5da85a0a9781ebbdec14/uvloop-0.21.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:787ae31ad8a2856fc4e7c095341cccc7209bd657d0e71ad0dc2ea83c4a6fa8af", size = 819325, upload-time = "2024-10-14T23:38:02.309Z" }, + { url = "https://files.pythonhosted.org/packages/50/94/0a687f39e78c4c1e02e3272c6b2ccdb4e0085fda3b8352fecd0410ccf915/uvloop-0.21.0-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5ee4d4ef48036ff6e5cfffb09dd192c7a5027153948d85b8da7ff705065bacc6", size = 4582806, upload-time = "2024-10-14T23:38:04.711Z" }, + { url = "https://files.pythonhosted.org/packages/d2/19/f5b78616566ea68edd42aacaf645adbf71fbd83fc52281fba555dc27e3f1/uvloop-0.21.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f3df876acd7ec037a3d005b3ab85a7e4110422e4d9c1571d4fc89b0fc41b6816", size = 4701068, upload-time = "2024-10-14T23:38:06.385Z" }, + { url = "https://files.pythonhosted.org/packages/47/57/66f061ee118f413cd22a656de622925097170b9380b30091b78ea0c6ea75/uvloop-0.21.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:bd53ecc9a0f3d87ab847503c2e1552b690362e005ab54e8a48ba97da3924c0dc", size = 4454428, upload-time = "2024-10-14T23:38:08.416Z" }, + { url = "https://files.pythonhosted.org/packages/63/9a/0962b05b308494e3202d3f794a6e85abe471fe3cafdbcf95c2e8c713aabd/uvloop-0.21.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:a5c39f217ab3c663dc699c04cbd50c13813e31d917642d459fdcec07555cc553", size = 4660018, upload-time = "2024-10-14T23:38:10.888Z" }, +] + [[package]] name = "validators" version = "0.35.0" @@ -1236,6 +1615,73 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/33/e8/e40370e6d74ddba47f002a32919d91310d6074130fe4e17dabcafc15cbf1/watchdog-6.0.0-py3-none-win_ia64.whl", hash = "sha256:a1914259fa9e1454315171103c6a30961236f508b9b623eae470268bbcc6a22f", size = 79067, upload-time = "2024-11-01T14:07:11.845Z" }, ] +[[package]] +name = "watchfiles" +version = "1.1.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "anyio" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/2a/9a/d451fcc97d029f5812e898fd30a53fd8c15c7bbd058fd75cfc6beb9bd761/watchfiles-1.1.0.tar.gz", hash = "sha256:693ed7ec72cbfcee399e92c895362b6e66d63dac6b91e2c11ae03d10d503e575", size = 94406, upload-time = "2025-06-15T19:06:59.42Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/f6/b8/858957045a38a4079203a33aaa7d23ea9269ca7761c8a074af3524fbb240/watchfiles-1.1.0-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:9dc001c3e10de4725c749d4c2f2bdc6ae24de5a88a339c4bce32300a31ede179", size = 402339, upload-time = "2025-06-15T19:05:24.516Z" }, + { url = "https://files.pythonhosted.org/packages/80/28/98b222cca751ba68e88521fabd79a4fab64005fc5976ea49b53fa205d1fa/watchfiles-1.1.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:d9ba68ec283153dead62cbe81872d28e053745f12335d037de9cbd14bd1877f5", size = 394409, upload-time = "2025-06-15T19:05:25.469Z" }, + { url = "https://files.pythonhosted.org/packages/86/50/dee79968566c03190677c26f7f47960aff738d32087087bdf63a5473e7df/watchfiles-1.1.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:130fc497b8ee68dce163e4254d9b0356411d1490e868bd8790028bc46c5cc297", size = 450939, upload-time = "2025-06-15T19:05:26.494Z" }, + { url = "https://files.pythonhosted.org/packages/40/45/a7b56fb129700f3cfe2594a01aa38d033b92a33dddce86c8dfdfc1247b72/watchfiles-1.1.0-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:50a51a90610d0845a5931a780d8e51d7bd7f309ebc25132ba975aca016b576a0", size = 457270, upload-time = "2025-06-15T19:05:27.466Z" }, + { url = "https://files.pythonhosted.org/packages/b5/c8/fa5ef9476b1d02dc6b5e258f515fcaaecf559037edf8b6feffcbc097c4b8/watchfiles-1.1.0-cp312-cp312-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:dc44678a72ac0910bac46fa6a0de6af9ba1355669b3dfaf1ce5f05ca7a74364e", size = 483370, upload-time = "2025-06-15T19:05:28.548Z" }, + { url = "https://files.pythonhosted.org/packages/98/68/42cfcdd6533ec94f0a7aab83f759ec11280f70b11bfba0b0f885e298f9bd/watchfiles-1.1.0-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a543492513a93b001975ae283a51f4b67973662a375a403ae82f420d2c7205ee", size = 598654, upload-time = "2025-06-15T19:05:29.997Z" }, + { url = "https://files.pythonhosted.org/packages/d3/74/b2a1544224118cc28df7e59008a929e711f9c68ce7d554e171b2dc531352/watchfiles-1.1.0-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:8ac164e20d17cc285f2b94dc31c384bc3aa3dd5e7490473b3db043dd70fbccfd", size = 478667, upload-time = "2025-06-15T19:05:31.172Z" }, + { url = "https://files.pythonhosted.org/packages/8c/77/e3362fe308358dc9f8588102481e599c83e1b91c2ae843780a7ded939a35/watchfiles-1.1.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f7590d5a455321e53857892ab8879dce62d1f4b04748769f5adf2e707afb9d4f", size = 452213, upload-time = "2025-06-15T19:05:32.299Z" }, + { url = "https://files.pythonhosted.org/packages/6e/17/c8f1a36540c9a1558d4faf08e909399e8133599fa359bf52ec8fcee5be6f/watchfiles-1.1.0-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:37d3d3f7defb13f62ece99e9be912afe9dd8a0077b7c45ee5a57c74811d581a4", size = 626718, upload-time = "2025-06-15T19:05:33.415Z" }, + { url = "https://files.pythonhosted.org/packages/26/45/fb599be38b4bd38032643783d7496a26a6f9ae05dea1a42e58229a20ac13/watchfiles-1.1.0-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:7080c4bb3efd70a07b1cc2df99a7aa51d98685be56be6038c3169199d0a1c69f", size = 623098, upload-time = "2025-06-15T19:05:34.534Z" }, + { url = "https://files.pythonhosted.org/packages/a1/e7/fdf40e038475498e160cd167333c946e45d8563ae4dd65caf757e9ffe6b4/watchfiles-1.1.0-cp312-cp312-win32.whl", hash = "sha256:cbcf8630ef4afb05dc30107bfa17f16c0896bb30ee48fc24bf64c1f970f3b1fd", size = 279209, upload-time = "2025-06-15T19:05:35.577Z" }, + { url = "https://files.pythonhosted.org/packages/3f/d3/3ae9d5124ec75143bdf088d436cba39812122edc47709cd2caafeac3266f/watchfiles-1.1.0-cp312-cp312-win_amd64.whl", hash = "sha256:cbd949bdd87567b0ad183d7676feb98136cde5bb9025403794a4c0db28ed3a47", size = 292786, upload-time = "2025-06-15T19:05:36.559Z" }, + { url = "https://files.pythonhosted.org/packages/26/2f/7dd4fc8b5f2b34b545e19629b4a018bfb1de23b3a496766a2c1165ca890d/watchfiles-1.1.0-cp312-cp312-win_arm64.whl", hash = "sha256:0a7d40b77f07be87c6faa93d0951a0fcd8cbca1ddff60a1b65d741bac6f3a9f6", size = 284343, upload-time = "2025-06-15T19:05:37.5Z" }, + { url = "https://files.pythonhosted.org/packages/d3/42/fae874df96595556a9089ade83be34a2e04f0f11eb53a8dbf8a8a5e562b4/watchfiles-1.1.0-cp313-cp313-macosx_10_12_x86_64.whl", hash = "sha256:5007f860c7f1f8df471e4e04aaa8c43673429047d63205d1630880f7637bca30", size = 402004, upload-time = "2025-06-15T19:05:38.499Z" }, + { url = "https://files.pythonhosted.org/packages/fa/55/a77e533e59c3003d9803c09c44c3651224067cbe7fb5d574ddbaa31e11ca/watchfiles-1.1.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:20ecc8abbd957046f1fe9562757903f5eaf57c3bce70929fda6c7711bb58074a", size = 393671, upload-time = "2025-06-15T19:05:39.52Z" }, + { url = "https://files.pythonhosted.org/packages/05/68/b0afb3f79c8e832e6571022611adbdc36e35a44e14f129ba09709aa4bb7a/watchfiles-1.1.0-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f2f0498b7d2a3c072766dba3274fe22a183dbea1f99d188f1c6c72209a1063dc", size = 449772, upload-time = "2025-06-15T19:05:40.897Z" }, + { url = "https://files.pythonhosted.org/packages/ff/05/46dd1f6879bc40e1e74c6c39a1b9ab9e790bf1f5a2fe6c08b463d9a807f4/watchfiles-1.1.0-cp313-cp313-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:239736577e848678e13b201bba14e89718f5c2133dfd6b1f7846fa1b58a8532b", size = 456789, upload-time = "2025-06-15T19:05:42.045Z" }, + { url = "https://files.pythonhosted.org/packages/8b/ca/0eeb2c06227ca7f12e50a47a3679df0cd1ba487ea19cf844a905920f8e95/watchfiles-1.1.0-cp313-cp313-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:eff4b8d89f444f7e49136dc695599a591ff769300734446c0a86cba2eb2f9895", size = 482551, upload-time = "2025-06-15T19:05:43.781Z" }, + { url = "https://files.pythonhosted.org/packages/31/47/2cecbd8694095647406645f822781008cc524320466ea393f55fe70eed3b/watchfiles-1.1.0-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:12b0a02a91762c08f7264e2e79542f76870c3040bbc847fb67410ab81474932a", size = 597420, upload-time = "2025-06-15T19:05:45.244Z" }, + { url = "https://files.pythonhosted.org/packages/d9/7e/82abc4240e0806846548559d70f0b1a6dfdca75c1b4f9fa62b504ae9b083/watchfiles-1.1.0-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:29e7bc2eee15cbb339c68445959108803dc14ee0c7b4eea556400131a8de462b", size = 477950, upload-time = "2025-06-15T19:05:46.332Z" }, + { url = "https://files.pythonhosted.org/packages/25/0d/4d564798a49bf5482a4fa9416dea6b6c0733a3b5700cb8a5a503c4b15853/watchfiles-1.1.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d9481174d3ed982e269c090f780122fb59cee6c3796f74efe74e70f7780ed94c", size = 451706, upload-time = "2025-06-15T19:05:47.459Z" }, + { url = "https://files.pythonhosted.org/packages/81/b5/5516cf46b033192d544102ea07c65b6f770f10ed1d0a6d388f5d3874f6e4/watchfiles-1.1.0-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:80f811146831c8c86ab17b640801c25dc0a88c630e855e2bef3568f30434d52b", size = 625814, upload-time = "2025-06-15T19:05:48.654Z" }, + { url = "https://files.pythonhosted.org/packages/0c/dd/7c1331f902f30669ac3e754680b6edb9a0dd06dea5438e61128111fadd2c/watchfiles-1.1.0-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:60022527e71d1d1fda67a33150ee42869042bce3d0fcc9cc49be009a9cded3fb", size = 622820, upload-time = "2025-06-15T19:05:50.088Z" }, + { url = "https://files.pythonhosted.org/packages/1b/14/36d7a8e27cd128d7b1009e7715a7c02f6c131be9d4ce1e5c3b73d0e342d8/watchfiles-1.1.0-cp313-cp313-win32.whl", hash = "sha256:32d6d4e583593cb8576e129879ea0991660b935177c0f93c6681359b3654bfa9", size = 279194, upload-time = "2025-06-15T19:05:51.186Z" }, + { url = "https://files.pythonhosted.org/packages/25/41/2dd88054b849aa546dbeef5696019c58f8e0774f4d1c42123273304cdb2e/watchfiles-1.1.0-cp313-cp313-win_amd64.whl", hash = "sha256:f21af781a4a6fbad54f03c598ab620e3a77032c5878f3d780448421a6e1818c7", size = 292349, upload-time = "2025-06-15T19:05:52.201Z" }, + { url = "https://files.pythonhosted.org/packages/c8/cf/421d659de88285eb13941cf11a81f875c176f76a6d99342599be88e08d03/watchfiles-1.1.0-cp313-cp313-win_arm64.whl", hash = "sha256:5366164391873ed76bfdf618818c82084c9db7fac82b64a20c44d335eec9ced5", size = 283836, upload-time = "2025-06-15T19:05:53.265Z" }, + { url = "https://files.pythonhosted.org/packages/45/10/6faf6858d527e3599cc50ec9fcae73590fbddc1420bd4fdccfebffeedbc6/watchfiles-1.1.0-cp313-cp313t-macosx_10_12_x86_64.whl", hash = "sha256:17ab167cca6339c2b830b744eaf10803d2a5b6683be4d79d8475d88b4a8a4be1", size = 400343, upload-time = "2025-06-15T19:05:54.252Z" }, + { url = "https://files.pythonhosted.org/packages/03/20/5cb7d3966f5e8c718006d0e97dfe379a82f16fecd3caa7810f634412047a/watchfiles-1.1.0-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:328dbc9bff7205c215a7807da7c18dce37da7da718e798356212d22696404339", size = 392916, upload-time = "2025-06-15T19:05:55.264Z" }, + { url = "https://files.pythonhosted.org/packages/8c/07/d8f1176328fa9e9581b6f120b017e286d2a2d22ae3f554efd9515c8e1b49/watchfiles-1.1.0-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f7208ab6e009c627b7557ce55c465c98967e8caa8b11833531fdf95799372633", size = 449582, upload-time = "2025-06-15T19:05:56.317Z" }, + { url = "https://files.pythonhosted.org/packages/66/e8/80a14a453cf6038e81d072a86c05276692a1826471fef91df7537dba8b46/watchfiles-1.1.0-cp313-cp313t-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:a8f6f72974a19efead54195bc9bed4d850fc047bb7aa971268fd9a8387c89011", size = 456752, upload-time = "2025-06-15T19:05:57.359Z" }, + { url = "https://files.pythonhosted.org/packages/5a/25/0853b3fe0e3c2f5af9ea60eb2e781eade939760239a72c2d38fc4cc335f6/watchfiles-1.1.0-cp313-cp313t-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d181ef50923c29cf0450c3cd47e2f0557b62218c50b2ab8ce2ecaa02bd97e670", size = 481436, upload-time = "2025-06-15T19:05:58.447Z" }, + { url = "https://files.pythonhosted.org/packages/fe/9e/4af0056c258b861fbb29dcb36258de1e2b857be4a9509e6298abcf31e5c9/watchfiles-1.1.0-cp313-cp313t-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:adb4167043d3a78280d5d05ce0ba22055c266cf8655ce942f2fb881262ff3cdf", size = 596016, upload-time = "2025-06-15T19:05:59.59Z" }, + { url = "https://files.pythonhosted.org/packages/c5/fa/95d604b58aa375e781daf350897aaaa089cff59d84147e9ccff2447c8294/watchfiles-1.1.0-cp313-cp313t-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:8c5701dc474b041e2934a26d31d39f90fac8a3dee2322b39f7729867f932b1d4", size = 476727, upload-time = "2025-06-15T19:06:01.086Z" }, + { url = "https://files.pythonhosted.org/packages/65/95/fe479b2664f19be4cf5ceeb21be05afd491d95f142e72d26a42f41b7c4f8/watchfiles-1.1.0-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b067915e3c3936966a8607f6fe5487df0c9c4afb85226613b520890049deea20", size = 451864, upload-time = "2025-06-15T19:06:02.144Z" }, + { url = "https://files.pythonhosted.org/packages/d3/8a/3c4af14b93a15ce55901cd7a92e1a4701910f1768c78fb30f61d2b79785b/watchfiles-1.1.0-cp313-cp313t-musllinux_1_1_aarch64.whl", hash = "sha256:9c733cda03b6d636b4219625a4acb5c6ffb10803338e437fb614fef9516825ef", size = 625626, upload-time = "2025-06-15T19:06:03.578Z" }, + { url = "https://files.pythonhosted.org/packages/da/f5/cf6aa047d4d9e128f4b7cde615236a915673775ef171ff85971d698f3c2c/watchfiles-1.1.0-cp313-cp313t-musllinux_1_1_x86_64.whl", hash = "sha256:cc08ef8b90d78bfac66f0def80240b0197008e4852c9f285907377b2947ffdcb", size = 622744, upload-time = "2025-06-15T19:06:05.066Z" }, + { url = "https://files.pythonhosted.org/packages/2c/00/70f75c47f05dea6fd30df90f047765f6fc2d6eb8b5a3921379b0b04defa2/watchfiles-1.1.0-cp314-cp314-macosx_10_12_x86_64.whl", hash = "sha256:9974d2f7dc561cce3bb88dfa8eb309dab64c729de85fba32e98d75cf24b66297", size = 402114, upload-time = "2025-06-15T19:06:06.186Z" }, + { url = "https://files.pythonhosted.org/packages/53/03/acd69c48db4a1ed1de26b349d94077cca2238ff98fd64393f3e97484cae6/watchfiles-1.1.0-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:c68e9f1fcb4d43798ad8814c4c1b61547b014b667216cb754e606bfade587018", size = 393879, upload-time = "2025-06-15T19:06:07.369Z" }, + { url = "https://files.pythonhosted.org/packages/2f/c8/a9a2a6f9c8baa4eceae5887fecd421e1b7ce86802bcfc8b6a942e2add834/watchfiles-1.1.0-cp314-cp314-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:95ab1594377effac17110e1352989bdd7bdfca9ff0e5eeccd8c69c5389b826d0", size = 450026, upload-time = "2025-06-15T19:06:08.476Z" }, + { url = "https://files.pythonhosted.org/packages/fe/51/d572260d98388e6e2b967425c985e07d47ee6f62e6455cefb46a6e06eda5/watchfiles-1.1.0-cp314-cp314-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:fba9b62da882c1be1280a7584ec4515d0a6006a94d6e5819730ec2eab60ffe12", size = 457917, upload-time = "2025-06-15T19:06:09.988Z" }, + { url = "https://files.pythonhosted.org/packages/c6/2d/4258e52917bf9f12909b6ec314ff9636276f3542f9d3807d143f27309104/watchfiles-1.1.0-cp314-cp314-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3434e401f3ce0ed6b42569128b3d1e3af773d7ec18751b918b89cd49c14eaafb", size = 483602, upload-time = "2025-06-15T19:06:11.088Z" }, + { url = "https://files.pythonhosted.org/packages/84/99/bee17a5f341a4345fe7b7972a475809af9e528deba056f8963d61ea49f75/watchfiles-1.1.0-cp314-cp314-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:fa257a4d0d21fcbca5b5fcba9dca5a78011cb93c0323fb8855c6d2dfbc76eb77", size = 596758, upload-time = "2025-06-15T19:06:12.197Z" }, + { url = "https://files.pythonhosted.org/packages/40/76/e4bec1d59b25b89d2b0716b41b461ed655a9a53c60dc78ad5771fda5b3e6/watchfiles-1.1.0-cp314-cp314-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:7fd1b3879a578a8ec2076c7961076df540b9af317123f84569f5a9ddee64ce92", size = 477601, upload-time = "2025-06-15T19:06:13.391Z" }, + { url = "https://files.pythonhosted.org/packages/1f/fa/a514292956f4a9ce3c567ec0c13cce427c158e9f272062685a8a727d08fc/watchfiles-1.1.0-cp314-cp314-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:62cc7a30eeb0e20ecc5f4bd113cd69dcdb745a07c68c0370cea919f373f65d9e", size = 451936, upload-time = "2025-06-15T19:06:14.656Z" }, + { url = "https://files.pythonhosted.org/packages/32/5d/c3bf927ec3bbeb4566984eba8dd7a8eb69569400f5509904545576741f88/watchfiles-1.1.0-cp314-cp314-musllinux_1_1_aarch64.whl", hash = "sha256:891c69e027748b4a73847335d208e374ce54ca3c335907d381fde4e41661b13b", size = 626243, upload-time = "2025-06-15T19:06:16.232Z" }, + { url = "https://files.pythonhosted.org/packages/e6/65/6e12c042f1a68c556802a84d54bb06d35577c81e29fba14019562479159c/watchfiles-1.1.0-cp314-cp314-musllinux_1_1_x86_64.whl", hash = "sha256:12fe8eaffaf0faa7906895b4f8bb88264035b3f0243275e0bf24af0436b27259", size = 623073, upload-time = "2025-06-15T19:06:17.457Z" }, + { url = "https://files.pythonhosted.org/packages/89/ab/7f79d9bf57329e7cbb0a6fd4c7bd7d0cee1e4a8ef0041459f5409da3506c/watchfiles-1.1.0-cp314-cp314t-macosx_10_12_x86_64.whl", hash = "sha256:bfe3c517c283e484843cb2e357dd57ba009cff351edf45fb455b5fbd1f45b15f", size = 400872, upload-time = "2025-06-15T19:06:18.57Z" }, + { url = "https://files.pythonhosted.org/packages/df/d5/3f7bf9912798e9e6c516094db6b8932df53b223660c781ee37607030b6d3/watchfiles-1.1.0-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:a9ccbf1f129480ed3044f540c0fdbc4ee556f7175e5ab40fe077ff6baf286d4e", size = 392877, upload-time = "2025-06-15T19:06:19.55Z" }, + { url = "https://files.pythonhosted.org/packages/0d/c5/54ec7601a2798604e01c75294770dbee8150e81c6e471445d7601610b495/watchfiles-1.1.0-cp314-cp314t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ba0e3255b0396cac3cc7bbace76404dd72b5438bf0d8e7cefa2f79a7f3649caa", size = 449645, upload-time = "2025-06-15T19:06:20.66Z" }, + { url = "https://files.pythonhosted.org/packages/0a/04/c2f44afc3b2fce21ca0b7802cbd37ed90a29874f96069ed30a36dfe57c2b/watchfiles-1.1.0-cp314-cp314t-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:4281cd9fce9fc0a9dbf0fc1217f39bf9cf2b4d315d9626ef1d4e87b84699e7e8", size = 457424, upload-time = "2025-06-15T19:06:21.712Z" }, + { url = "https://files.pythonhosted.org/packages/9f/b0/eec32cb6c14d248095261a04f290636da3df3119d4040ef91a4a50b29fa5/watchfiles-1.1.0-cp314-cp314t-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:6d2404af8db1329f9a3c9b79ff63e0ae7131986446901582067d9304ae8aaf7f", size = 481584, upload-time = "2025-06-15T19:06:22.777Z" }, + { url = "https://files.pythonhosted.org/packages/d1/e2/ca4bb71c68a937d7145aa25709e4f5d68eb7698a25ce266e84b55d591bbd/watchfiles-1.1.0-cp314-cp314t-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:e78b6ed8165996013165eeabd875c5dfc19d41b54f94b40e9fff0eb3193e5e8e", size = 596675, upload-time = "2025-06-15T19:06:24.226Z" }, + { url = "https://files.pythonhosted.org/packages/a1/dd/b0e4b7fb5acf783816bc950180a6cd7c6c1d2cf7e9372c0ea634e722712b/watchfiles-1.1.0-cp314-cp314t-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:249590eb75ccc117f488e2fabd1bfa33c580e24b96f00658ad88e38844a040bb", size = 477363, upload-time = "2025-06-15T19:06:25.42Z" }, + { url = "https://files.pythonhosted.org/packages/69/c4/088825b75489cb5b6a761a4542645718893d395d8c530b38734f19da44d2/watchfiles-1.1.0-cp314-cp314t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d05686b5487cfa2e2c28ff1aa370ea3e6c5accfe6435944ddea1e10d93872147", size = 452240, upload-time = "2025-06-15T19:06:26.552Z" }, + { url = "https://files.pythonhosted.org/packages/10/8c/22b074814970eeef43b7c44df98c3e9667c1f7bf5b83e0ff0201b0bd43f9/watchfiles-1.1.0-cp314-cp314t-musllinux_1_1_aarch64.whl", hash = "sha256:d0e10e6f8f6dc5762adee7dece33b722282e1f59aa6a55da5d493a97282fedd8", size = 625607, upload-time = "2025-06-15T19:06:27.606Z" }, + { url = "https://files.pythonhosted.org/packages/32/fa/a4f5c2046385492b2273213ef815bf71a0d4c1943b784fb904e184e30201/watchfiles-1.1.0-cp314-cp314t-musllinux_1_1_x86_64.whl", hash = "sha256:af06c863f152005c7592df1d6a7009c836a247c9d8adb78fef8575a5a98699db", size = 623315, upload-time = "2025-06-15T19:06:29.076Z" }, +] + [[package]] name = "wcmatch" version = "10.1" @@ -1247,3 +1693,34 @@ sdist = { url = "https://files.pythonhosted.org/packages/79/3e/c0bdc27cf06f4e476 wheels = [ { url = "https://files.pythonhosted.org/packages/eb/d8/0d1d2e9d3fabcf5d6840362adcf05f8cf3cd06a73358140c3a97189238ae/wcmatch-10.1-py3-none-any.whl", hash = "sha256:5848ace7dbb0476e5e55ab63c6bbd529745089343427caa5537f230cc01beb8a", size = 39854, upload-time = "2025-06-22T19:14:00.978Z" }, ] + +[[package]] +name = "websockets" +version = "15.0.1" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/21/e6/26d09fab466b7ca9c7737474c52be4f76a40301b08362eb2dbc19dcc16c1/websockets-15.0.1.tar.gz", hash = "sha256:82544de02076bafba038ce055ee6412d68da13ab47f0c60cab827346de828dee", size = 177016, upload-time = "2025-03-05T20:03:41.606Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/51/6b/4545a0d843594f5d0771e86463606a3988b5a09ca5123136f8a76580dd63/websockets-15.0.1-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:3e90baa811a5d73f3ca0bcbf32064d663ed81318ab225ee4f427ad4e26e5aff3", size = 175437, upload-time = "2025-03-05T20:02:16.706Z" }, + { url = "https://files.pythonhosted.org/packages/f4/71/809a0f5f6a06522af902e0f2ea2757f71ead94610010cf570ab5c98e99ed/websockets-15.0.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:592f1a9fe869c778694f0aa806ba0374e97648ab57936f092fd9d87f8bc03665", size = 173096, upload-time = "2025-03-05T20:02:18.832Z" }, + { url = "https://files.pythonhosted.org/packages/3d/69/1a681dd6f02180916f116894181eab8b2e25b31e484c5d0eae637ec01f7c/websockets-15.0.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:0701bc3cfcb9164d04a14b149fd74be7347a530ad3bbf15ab2c678a2cd3dd9a2", size = 173332, upload-time = "2025-03-05T20:02:20.187Z" }, + { url = "https://files.pythonhosted.org/packages/a6/02/0073b3952f5bce97eafbb35757f8d0d54812b6174ed8dd952aa08429bcc3/websockets-15.0.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e8b56bdcdb4505c8078cb6c7157d9811a85790f2f2b3632c7d1462ab5783d215", size = 183152, upload-time = "2025-03-05T20:02:22.286Z" }, + { url = "https://files.pythonhosted.org/packages/74/45/c205c8480eafd114b428284840da0b1be9ffd0e4f87338dc95dc6ff961a1/websockets-15.0.1-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:0af68c55afbd5f07986df82831c7bff04846928ea8d1fd7f30052638788bc9b5", size = 182096, upload-time = "2025-03-05T20:02:24.368Z" }, + { url = "https://files.pythonhosted.org/packages/14/8f/aa61f528fba38578ec553c145857a181384c72b98156f858ca5c8e82d9d3/websockets-15.0.1-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:64dee438fed052b52e4f98f76c5790513235efaa1ef7f3f2192c392cd7c91b65", size = 182523, upload-time = "2025-03-05T20:02:25.669Z" }, + { url = "https://files.pythonhosted.org/packages/ec/6d/0267396610add5bc0d0d3e77f546d4cd287200804fe02323797de77dbce9/websockets-15.0.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:d5f6b181bb38171a8ad1d6aa58a67a6aa9d4b38d0f8c5f496b9e42561dfc62fe", size = 182790, upload-time = "2025-03-05T20:02:26.99Z" }, + { url = "https://files.pythonhosted.org/packages/02/05/c68c5adbf679cf610ae2f74a9b871ae84564462955d991178f95a1ddb7dd/websockets-15.0.1-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:5d54b09eba2bada6011aea5375542a157637b91029687eb4fdb2dab11059c1b4", size = 182165, upload-time = "2025-03-05T20:02:30.291Z" }, + { url = "https://files.pythonhosted.org/packages/29/93/bb672df7b2f5faac89761cb5fa34f5cec45a4026c383a4b5761c6cea5c16/websockets-15.0.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:3be571a8b5afed347da347bfcf27ba12b069d9d7f42cb8c7028b5e98bbb12597", size = 182160, upload-time = "2025-03-05T20:02:31.634Z" }, + { url = "https://files.pythonhosted.org/packages/ff/83/de1f7709376dc3ca9b7eeb4b9a07b4526b14876b6d372a4dc62312bebee0/websockets-15.0.1-cp312-cp312-win32.whl", hash = "sha256:c338ffa0520bdb12fbc527265235639fb76e7bc7faafbb93f6ba80d9c06578a9", size = 176395, upload-time = "2025-03-05T20:02:33.017Z" }, + { url = "https://files.pythonhosted.org/packages/7d/71/abf2ebc3bbfa40f391ce1428c7168fb20582d0ff57019b69ea20fa698043/websockets-15.0.1-cp312-cp312-win_amd64.whl", hash = "sha256:fcd5cf9e305d7b8338754470cf69cf81f420459dbae8a3b40cee57417f4614a7", size = 176841, upload-time = "2025-03-05T20:02:34.498Z" }, + { url = "https://files.pythonhosted.org/packages/cb/9f/51f0cf64471a9d2b4d0fc6c534f323b664e7095640c34562f5182e5a7195/websockets-15.0.1-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:ee443ef070bb3b6ed74514f5efaa37a252af57c90eb33b956d35c8e9c10a1931", size = 175440, upload-time = "2025-03-05T20:02:36.695Z" }, + { url = "https://files.pythonhosted.org/packages/8a/05/aa116ec9943c718905997412c5989f7ed671bc0188ee2ba89520e8765d7b/websockets-15.0.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:5a939de6b7b4e18ca683218320fc67ea886038265fd1ed30173f5ce3f8e85675", size = 173098, upload-time = "2025-03-05T20:02:37.985Z" }, + { url = "https://files.pythonhosted.org/packages/ff/0b/33cef55ff24f2d92924923c99926dcce78e7bd922d649467f0eda8368923/websockets-15.0.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:746ee8dba912cd6fc889a8147168991d50ed70447bf18bcda7039f7d2e3d9151", size = 173329, upload-time = "2025-03-05T20:02:39.298Z" }, + { url = "https://files.pythonhosted.org/packages/31/1d/063b25dcc01faa8fada1469bdf769de3768b7044eac9d41f734fd7b6ad6d/websockets-15.0.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:595b6c3969023ecf9041b2936ac3827e4623bfa3ccf007575f04c5a6aa318c22", size = 183111, upload-time = "2025-03-05T20:02:40.595Z" }, + { url = "https://files.pythonhosted.org/packages/93/53/9a87ee494a51bf63e4ec9241c1ccc4f7c2f45fff85d5bde2ff74fcb68b9e/websockets-15.0.1-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:3c714d2fc58b5ca3e285461a4cc0c9a66bd0e24c5da9911e30158286c9b5be7f", size = 182054, upload-time = "2025-03-05T20:02:41.926Z" }, + { url = "https://files.pythonhosted.org/packages/ff/b2/83a6ddf56cdcbad4e3d841fcc55d6ba7d19aeb89c50f24dd7e859ec0805f/websockets-15.0.1-cp313-cp313-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0f3c1e2ab208db911594ae5b4f79addeb3501604a165019dd221c0bdcabe4db8", size = 182496, upload-time = "2025-03-05T20:02:43.304Z" }, + { url = "https://files.pythonhosted.org/packages/98/41/e7038944ed0abf34c45aa4635ba28136f06052e08fc2168520bb8b25149f/websockets-15.0.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:229cf1d3ca6c1804400b0a9790dc66528e08a6a1feec0d5040e8b9eb14422375", size = 182829, upload-time = "2025-03-05T20:02:48.812Z" }, + { url = "https://files.pythonhosted.org/packages/e0/17/de15b6158680c7623c6ef0db361da965ab25d813ae54fcfeae2e5b9ef910/websockets-15.0.1-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:756c56e867a90fb00177d530dca4b097dd753cde348448a1012ed6c5131f8b7d", size = 182217, upload-time = "2025-03-05T20:02:50.14Z" }, + { url = "https://files.pythonhosted.org/packages/33/2b/1f168cb6041853eef0362fb9554c3824367c5560cbdaad89ac40f8c2edfc/websockets-15.0.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:558d023b3df0bffe50a04e710bc87742de35060580a293c2a984299ed83bc4e4", size = 182195, upload-time = "2025-03-05T20:02:51.561Z" }, + { url = "https://files.pythonhosted.org/packages/86/eb/20b6cdf273913d0ad05a6a14aed4b9a85591c18a987a3d47f20fa13dcc47/websockets-15.0.1-cp313-cp313-win32.whl", hash = "sha256:ba9e56e8ceeeedb2e080147ba85ffcd5cd0711b89576b83784d8605a7df455fa", size = 176393, upload-time = "2025-03-05T20:02:53.814Z" }, + { url = "https://files.pythonhosted.org/packages/1b/6c/c65773d6cab416a64d191d6ee8a8b1c68a09970ea6909d16965d26bfed1e/websockets-15.0.1-cp313-cp313-win_amd64.whl", hash = "sha256:e09473f095a819042ecb2ab9465aee615bd9c2028e4ef7d933600a8401c79561", size = 176837, upload-time = "2025-03-05T20:02:55.237Z" }, + { url = "https://files.pythonhosted.org/packages/fa/a8/5b41e0da817d64113292ab1f8247140aac61cbf6cfd085d6a0fa77f4984f/websockets-15.0.1-py3-none-any.whl", hash = "sha256:f7a866fbc1e97b5c617ee4116daaa09b722101d4a3c170c787450ba409f9736f", size = 169743, upload-time = "2025-03-05T20:03:39.41Z" }, +] From 27b468c6435ec9f8fcafca75797b4fcdd09f2523 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Tue, 19 Aug 2025 22:11:53 +0200 Subject: [PATCH 289/468] add test if NS_PATTERN is anchored --- src/test/test_namespaces.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/test/test_namespaces.py b/src/test/test_namespaces.py index 84e22d72..d506fcaf 100644 --- a/src/test/test_namespaces.py +++ b/src/test/test_namespaces.py @@ -57,9 +57,13 @@ def test_ns_pattern(self): should_not_match.extend([f"_{ns}" for ns in should_not_match]) + # tests to ensure that the pattern is anchored on both ends + should_not_match.extend(["=" + should_match[0], should_match[0] + "="]) + for ns in should_not_match: with self.subTest(ns=ns): - self.assertFalse(NS_PATTERN.match(ns)) + # re.search() to catch if NS_PATTERN is not anchored at start + self.assertFalse(NS_PATTERN.search(ns)) def test_namspace_enum(self): for ns in NameSpace: From 8df22d484b5833133ac903679754c7df9044a6cf Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 19 Aug 2025 16:13:14 -0400 Subject: [PATCH 290/468] uv --project=./src add "fastapi[all]" --- src/pyproject.toml | 2 +- src/uv.lock | 131 ++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 130 insertions(+), 3 deletions(-) diff --git a/src/pyproject.toml b/src/pyproject.toml index e0d5e5a0..52551f9d 100644 --- a/src/pyproject.toml +++ b/src/pyproject.toml @@ -49,7 +49,7 @@ dependencies = [ "networkx==3.4.2", "pydantic==2.11.7", "semver==3.0.4", - "fastapi[standard]>=0.116.1", + "fastapi[all,standard]>=0.116.1", ] dynamic = ["version",] diff --git a/src/uv.lock b/src/uv.lock index 22312702..06c8d3db 100644 --- a/src/uv.lock +++ b/src/uv.lock @@ -175,6 +175,20 @@ wheels = [ ] [package.optional-dependencies] +all = [ + { name = "email-validator" }, + { name = "fastapi-cli", extra = ["standard"] }, + { name = "httpx" }, + { name = "itsdangerous" }, + { name = "jinja2" }, + { name = "orjson" }, + { name = "pydantic-extra-types" }, + { name = "pydantic-settings" }, + { name = "python-multipart" }, + { name = "pyyaml" }, + { name = "ujson" }, + { name = "uvicorn", extra = ["standard"] }, +] standard = [ { name = "email-validator" }, { name = "fastapi-cli", extra = ["standard"] }, @@ -323,6 +337,15 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/2c/e1/e6716421ea10d38022b952c159d5161ca1193197fb744506875fbb87ea7b/iniconfig-2.1.0-py3-none-any.whl", hash = "sha256:9deba5723312380e77435581c6bf4935c94cbfab9b1ed33ef8d238ea168eb760", size = 6050, upload-time = "2025-03-19T20:10:01.071Z" }, ] +[[package]] +name = "itsdangerous" +version = "2.2.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/9c/cb/8ac0172223afbccb63986cc25049b154ecfb5e85932587206f42317be31d/itsdangerous-2.2.0.tar.gz", hash = "sha256:e0050c0b7da1eea53ffaf149c0cfbb5c6e2e2b69c4bef22c81fa6eb73e5f6173", size = 54410, upload-time = "2024-04-16T21:28:15.614Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/04/96/92447566d16df59b2a776c0fb82dbc4d9e07cd95062562af01e408583fc4/itsdangerous-2.2.0-py3-none-any.whl", hash = "sha256:c6242fc49e35958c8b15141343aa660db5fc54d4f13a1db01a3f5891b98700ef", size = 16234, upload-time = "2024-04-16T21:28:14.499Z" }, +] + [[package]] name = "jinja2" version = "3.1.6" @@ -718,6 +741,55 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/c1/9e/1652778bce745a67b5fe05adde60ed362d38eb17d919a540e813d30f6874/numpy-2.3.2-cp314-cp314t-win_arm64.whl", hash = "sha256:092aeb3449833ea9c0bf0089d70c29ae480685dd2377ec9cdbbb620257f84631", size = 10544226, upload-time = "2025-07-24T20:56:34.509Z" }, ] +[[package]] +name = "orjson" +version = "3.11.2" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/df/1d/5e0ae38788bdf0721326695e65fdf41405ed535f633eb0df0f06f57552fa/orjson-3.11.2.tar.gz", hash = "sha256:91bdcf5e69a8fd8e8bdb3de32b31ff01d2bd60c1e8d5fe7d5afabdcf19920309", size = 5470739, upload-time = "2025-08-12T15:12:28.626Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/40/02/46054ebe7996a8adee9640dcad7d39d76c2000dc0377efa38e55dc5cbf78/orjson-3.11.2-cp312-cp312-macosx_10_15_x86_64.macosx_11_0_arm64.macosx_10_15_universal2.whl", hash = "sha256:901d80d349d8452162b3aa1afb82cec5bee79a10550660bc21311cc61a4c5486", size = 226528, upload-time = "2025-08-12T15:11:03.317Z" }, + { url = "https://files.pythonhosted.org/packages/e2/c6/6b6f0b4d8aea1137436546b990f71be2cd8bd870aa2f5aa14dba0fcc95dc/orjson-3.11.2-cp312-cp312-macosx_15_0_arm64.whl", hash = "sha256:cf3bd3967a360e87ee14ed82cb258b7f18c710dacf3822fb0042a14313a673a1", size = 115931, upload-time = "2025-08-12T15:11:04.759Z" }, + { url = "https://files.pythonhosted.org/packages/ae/05/4205cc97c30e82a293dd0d149b1a89b138ebe76afeca66fc129fa2aa4e6a/orjson-3.11.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:26693dde66910078229a943e80eeb99fdce6cd2c26277dc80ead9f3ab97d2131", size = 111382, upload-time = "2025-08-12T15:11:06.468Z" }, + { url = "https://files.pythonhosted.org/packages/50/c7/b8a951a93caa821f9272a7c917115d825ae2e4e8768f5ddf37968ec9de01/orjson-3.11.2-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:4ad4c8acb50a28211c33fc7ef85ddf5cb18d4636a5205fd3fa2dce0411a0e30c", size = 116271, upload-time = "2025-08-12T15:11:07.845Z" }, + { url = "https://files.pythonhosted.org/packages/17/03/1006c7f8782d5327439e26d9b0ec66500ea7b679d4bbb6b891d2834ab3ee/orjson-3.11.2-cp312-cp312-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:994181e7f1725bb5f2d481d7d228738e0743b16bf319ca85c29369c65913df14", size = 119086, upload-time = "2025-08-12T15:11:09.329Z" }, + { url = "https://files.pythonhosted.org/packages/44/61/57d22bc31f36a93878a6f772aea76b2184102c6993dea897656a66d18c74/orjson-3.11.2-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:dbb79a0476393c07656b69c8e763c3cc925fa8e1d9e9b7d1f626901bb5025448", size = 120724, upload-time = "2025-08-12T15:11:10.674Z" }, + { url = "https://files.pythonhosted.org/packages/78/a9/4550e96b4c490c83aea697d5347b8f7eb188152cd7b5a38001055ca5b379/orjson-3.11.2-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:191ed27a1dddb305083d8716af413d7219f40ec1d4c9b0e977453b4db0d6fb6c", size = 123577, upload-time = "2025-08-12T15:11:12.015Z" }, + { url = "https://files.pythonhosted.org/packages/3a/86/09b8cb3ebd513d708ef0c92d36ac3eebda814c65c72137b0a82d6d688fc4/orjson-3.11.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0afb89f16f07220183fd00f5f297328ed0a68d8722ad1b0c8dcd95b12bc82804", size = 121195, upload-time = "2025-08-12T15:11:13.399Z" }, + { url = "https://files.pythonhosted.org/packages/37/68/7b40b39ac2c1c644d4644e706d0de6c9999764341cd85f2a9393cb387661/orjson-3.11.2-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:6ab6e6b4e93b1573a026b6ec16fca9541354dd58e514b62c558b58554ae04307", size = 119234, upload-time = "2025-08-12T15:11:15.134Z" }, + { url = "https://files.pythonhosted.org/packages/40/7c/bb6e7267cd80c19023d44d8cbc4ea4ed5429fcd4a7eb9950f50305697a28/orjson-3.11.2-cp312-cp312-musllinux_1_2_armv7l.whl", hash = "sha256:9cb23527efb61fb75527df55d20ee47989c4ee34e01a9c98ee9ede232abf6219", size = 392250, upload-time = "2025-08-12T15:11:16.604Z" }, + { url = "https://files.pythonhosted.org/packages/64/f2/6730ace05583dbca7c1b406d59f4266e48cd0d360566e71482420fb849fc/orjson-3.11.2-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:a4dd1268e4035af21b8a09e4adf2e61f87ee7bf63b86d7bb0a237ac03fad5b45", size = 134572, upload-time = "2025-08-12T15:11:18.205Z" }, + { url = "https://files.pythonhosted.org/packages/96/0f/7d3e03a30d5aac0432882b539a65b8c02cb6dd4221ddb893babf09c424cc/orjson-3.11.2-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:ff8b155b145eaf5a9d94d2c476fbe18d6021de93cf36c2ae2c8c5b775763f14e", size = 123869, upload-time = "2025-08-12T15:11:19.554Z" }, + { url = "https://files.pythonhosted.org/packages/45/80/1513265eba6d4a960f078f4b1d2bff94a571ab2d28c6f9835e03dfc65cc6/orjson-3.11.2-cp312-cp312-win32.whl", hash = "sha256:ae3bb10279d57872f9aba68c9931aa71ed3b295fa880f25e68da79e79453f46e", size = 124430, upload-time = "2025-08-12T15:11:20.914Z" }, + { url = "https://files.pythonhosted.org/packages/fb/61/eadf057b68a332351eeb3d89a4cc538d14f31cd8b5ec1b31a280426ccca2/orjson-3.11.2-cp312-cp312-win_amd64.whl", hash = "sha256:d026e1967239ec11a2559b4146a61d13914504b396f74510a1c4d6b19dfd8732", size = 119598, upload-time = "2025-08-12T15:11:22.372Z" }, + { url = "https://files.pythonhosted.org/packages/6b/3f/7f4b783402143d965ab7e9a2fc116fdb887fe53bdce7d3523271cd106098/orjson-3.11.2-cp312-cp312-win_arm64.whl", hash = "sha256:59f8d5ad08602711af9589375be98477d70e1d102645430b5a7985fdbf613b36", size = 114052, upload-time = "2025-08-12T15:11:23.762Z" }, + { url = "https://files.pythonhosted.org/packages/c2/f3/0dd6b4750eb556ae4e2c6a9cb3e219ec642e9c6d95f8ebe5dc9020c67204/orjson-3.11.2-cp313-cp313-macosx_10_15_x86_64.macosx_11_0_arm64.macosx_10_15_universal2.whl", hash = "sha256:a079fdba7062ab396380eeedb589afb81dc6683f07f528a03b6f7aae420a0219", size = 226419, upload-time = "2025-08-12T15:11:25.517Z" }, + { url = "https://files.pythonhosted.org/packages/44/d5/e67f36277f78f2af8a4690e0c54da6b34169812f807fd1b4bfc4dbcf9558/orjson-3.11.2-cp313-cp313-macosx_15_0_arm64.whl", hash = "sha256:6a5f62ebbc530bb8bb4b1ead103647b395ba523559149b91a6c545f7cd4110ad", size = 115803, upload-time = "2025-08-12T15:11:27.357Z" }, + { url = "https://files.pythonhosted.org/packages/24/37/ff8bc86e0dacc48f07c2b6e20852f230bf4435611bab65e3feae2b61f0ae/orjson-3.11.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d7df6c7b8b0931feb3420b72838c3e2ba98c228f7aa60d461bc050cf4ca5f7b2", size = 111337, upload-time = "2025-08-12T15:11:28.805Z" }, + { url = "https://files.pythonhosted.org/packages/b9/25/37d4d3e8079ea9784ea1625029988e7f4594ce50d4738b0c1e2bf4a9e201/orjson-3.11.2-cp313-cp313-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:6f59dfea7da1fced6e782bb3699718088b1036cb361f36c6e4dd843c5111aefe", size = 116222, upload-time = "2025-08-12T15:11:30.18Z" }, + { url = "https://files.pythonhosted.org/packages/b7/32/a63fd9c07fce3b4193dcc1afced5dd4b0f3a24e27556604e9482b32189c9/orjson-3.11.2-cp313-cp313-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:edf49146520fef308c31aa4c45b9925fd9c7584645caca7c0c4217d7900214ae", size = 119020, upload-time = "2025-08-12T15:11:31.59Z" }, + { url = "https://files.pythonhosted.org/packages/b4/b6/400792b8adc3079a6b5d649264a3224d6342436d9fac9a0ed4abc9dc4596/orjson-3.11.2-cp313-cp313-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:50995bbeb5d41a32ad15e023305807f561ac5dcd9bd41a12c8d8d1d2c83e44e6", size = 120721, upload-time = "2025-08-12T15:11:33.035Z" }, + { url = "https://files.pythonhosted.org/packages/40/f3/31ab8f8c699eb9e65af8907889a0b7fef74c1d2b23832719a35da7bb0c58/orjson-3.11.2-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:2cc42960515076eb639b705f105712b658c525863d89a1704d984b929b0577d1", size = 123574, upload-time = "2025-08-12T15:11:34.433Z" }, + { url = "https://files.pythonhosted.org/packages/bd/a6/ce4287c412dff81878f38d06d2c80845709c60012ca8daf861cb064b4574/orjson-3.11.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c56777cab2a7b2a8ea687fedafb84b3d7fdafae382165c31a2adf88634c432fa", size = 121225, upload-time = "2025-08-12T15:11:36.133Z" }, + { url = "https://files.pythonhosted.org/packages/69/b0/7a881b2aef4fed0287d2a4fbb029d01ed84fa52b4a68da82bdee5e50598e/orjson-3.11.2-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:07349e88025b9b5c783077bf7a9f401ffbfb07fd20e86ec6fc5b7432c28c2c5e", size = 119201, upload-time = "2025-08-12T15:11:37.642Z" }, + { url = "https://files.pythonhosted.org/packages/cf/98/a325726b37f7512ed6338e5e65035c3c6505f4e628b09a5daf0419f054ea/orjson-3.11.2-cp313-cp313-musllinux_1_2_armv7l.whl", hash = "sha256:45841fbb79c96441a8c58aa29ffef570c5df9af91f0f7a9572e5505e12412f15", size = 392193, upload-time = "2025-08-12T15:11:39.153Z" }, + { url = "https://files.pythonhosted.org/packages/cb/4f/a7194f98b0ce1d28190e0c4caa6d091a3fc8d0107ad2209f75c8ba398984/orjson-3.11.2-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:13d8d8db6cd8d89d4d4e0f4161acbbb373a4d2a4929e862d1d2119de4aa324ac", size = 134548, upload-time = "2025-08-12T15:11:40.768Z" }, + { url = "https://files.pythonhosted.org/packages/e8/5e/b84caa2986c3f472dc56343ddb0167797a708a8d5c3be043e1e2677b55df/orjson-3.11.2-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:51da1ee2178ed09c00d09c1b953e45846bbc16b6420965eb7a913ba209f606d8", size = 123798, upload-time = "2025-08-12T15:11:42.164Z" }, + { url = "https://files.pythonhosted.org/packages/9c/5b/e398449080ce6b4c8fcadad57e51fa16f65768e1b142ba90b23ac5d10801/orjson-3.11.2-cp313-cp313-win32.whl", hash = "sha256:51dc033df2e4a4c91c0ba4f43247de99b3cbf42ee7a42ee2b2b2f76c8b2f2cb5", size = 124402, upload-time = "2025-08-12T15:11:44.036Z" }, + { url = "https://files.pythonhosted.org/packages/b3/66/429e4608e124debfc4790bfc37131f6958e59510ba3b542d5fc163be8e5f/orjson-3.11.2-cp313-cp313-win_amd64.whl", hash = "sha256:29d91d74942b7436f29b5d1ed9bcfc3f6ef2d4f7c4997616509004679936650d", size = 119498, upload-time = "2025-08-12T15:11:45.864Z" }, + { url = "https://files.pythonhosted.org/packages/7b/04/f8b5f317cce7ad3580a9ad12d7e2df0714dfa8a83328ecddd367af802f5b/orjson-3.11.2-cp313-cp313-win_arm64.whl", hash = "sha256:4ca4fb5ac21cd1e48028d4f708b1bb13e39c42d45614befd2ead004a8bba8535", size = 114051, upload-time = "2025-08-12T15:11:47.555Z" }, + { url = "https://files.pythonhosted.org/packages/74/83/2c363022b26c3c25b3708051a19d12f3374739bb81323f05b284392080c0/orjson-3.11.2-cp314-cp314-macosx_10_15_x86_64.macosx_11_0_arm64.macosx_10_15_universal2.whl", hash = "sha256:3dcba7101ea6a8d4ef060746c0f2e7aa8e2453a1012083e1ecce9726d7554cb7", size = 226406, upload-time = "2025-08-12T15:11:49.445Z" }, + { url = "https://files.pythonhosted.org/packages/b0/a7/aa3c973de0b33fc93b4bd71691665ffdfeae589ea9d0625584ab10a7d0f5/orjson-3.11.2-cp314-cp314-macosx_15_0_arm64.whl", hash = "sha256:15d17bdb76a142e1f55d91913e012e6e6769659daa6bfef3ef93f11083137e81", size = 115788, upload-time = "2025-08-12T15:11:50.992Z" }, + { url = "https://files.pythonhosted.org/packages/ef/f2/e45f233dfd09fdbb052ec46352363dca3906618e1a2b264959c18f809d0b/orjson-3.11.2-cp314-cp314-manylinux_2_34_aarch64.whl", hash = "sha256:53c9e81768c69d4b66b8876ec3c8e431c6e13477186d0db1089d82622bccd19f", size = 111318, upload-time = "2025-08-12T15:11:52.495Z" }, + { url = "https://files.pythonhosted.org/packages/3e/23/cf5a73c4da6987204cbbf93167f353ff0c5013f7c5e5ef845d4663a366da/orjson-3.11.2-cp314-cp314-manylinux_2_34_x86_64.whl", hash = "sha256:d4f13af59a7b84c1ca6b8a7ab70d608f61f7c44f9740cd42409e6ae7b6c8d8b7", size = 121231, upload-time = "2025-08-12T15:11:53.941Z" }, + { url = "https://files.pythonhosted.org/packages/40/1d/47468a398ae68a60cc21e599144e786e035bb12829cb587299ecebc088f1/orjson-3.11.2-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:bde64aa469b5ee46cc960ed241fae3721d6a8801dacb2ca3466547a2535951e4", size = 119204, upload-time = "2025-08-12T15:11:55.409Z" }, + { url = "https://files.pythonhosted.org/packages/4d/d9/f99433d89b288b5bc8836bffb32a643f805e673cf840ef8bab6e73ced0d1/orjson-3.11.2-cp314-cp314-musllinux_1_2_armv7l.whl", hash = "sha256:b5ca86300aeb383c8fa759566aca065878d3d98c3389d769b43f0a2e84d52c5f", size = 392237, upload-time = "2025-08-12T15:11:57.18Z" }, + { url = "https://files.pythonhosted.org/packages/d4/dc/1b9d80d40cebef603325623405136a29fb7d08c877a728c0943dd066c29a/orjson-3.11.2-cp314-cp314-musllinux_1_2_i686.whl", hash = "sha256:24e32a558ebed73a6a71c8f1cbc163a7dd5132da5270ff3d8eeb727f4b6d1bc7", size = 134578, upload-time = "2025-08-12T15:11:58.844Z" }, + { url = "https://files.pythonhosted.org/packages/45/b3/72e7a4c5b6485ef4e83ef6aba7f1dd041002bad3eb5d1d106ca5b0fc02c6/orjson-3.11.2-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:e36319a5d15b97e4344110517450396845cc6789aed712b1fbf83c1bd95792f6", size = 123799, upload-time = "2025-08-12T15:12:00.352Z" }, + { url = "https://files.pythonhosted.org/packages/c8/3e/a3d76b392e7acf9b34dc277171aad85efd6accc75089bb35b4c614990ea9/orjson-3.11.2-cp314-cp314-win32.whl", hash = "sha256:40193ada63fab25e35703454d65b6afc71dbc65f20041cb46c6d91709141ef7f", size = 124461, upload-time = "2025-08-12T15:12:01.854Z" }, + { url = "https://files.pythonhosted.org/packages/fb/e3/75c6a596ff8df9e4a5894813ff56695f0a218e6ea99420b4a645c4f7795d/orjson-3.11.2-cp314-cp314-win_amd64.whl", hash = "sha256:7c8ac5f6b682d3494217085cf04dadae66efee45349ad4ee2a1da3c97e2305a8", size = 119494, upload-time = "2025-08-12T15:12:03.337Z" }, + { url = "https://files.pythonhosted.org/packages/5b/3d/9e74742fc261c5ca473c96bb3344d03995869e1dc6402772c60afb97736a/orjson-3.11.2-cp314-cp314-win_arm64.whl", hash = "sha256:21cf261e8e79284242e4cb1e5924df16ae28255184aafeff19be1405f6d33f67", size = 114046, upload-time = "2025-08-12T15:12:04.87Z" }, +] + [[package]] name = "packaging" version = "25.0" @@ -872,6 +944,33 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/6f/9a/e73262f6c6656262b5fdd723ad90f518f579b7bc8622e43a942eec53c938/pydantic_core-2.33.2-cp313-cp313t-win_amd64.whl", hash = "sha256:c2fc0a768ef76c15ab9238afa6da7f69895bb5d1ee83aeea2e3509af4472d0b9", size = 1935777, upload-time = "2025-04-23T18:32:25.088Z" }, ] +[[package]] +name = "pydantic-extra-types" +version = "2.10.5" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "pydantic" }, + { name = "typing-extensions" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/7e/ba/4178111ec4116c54e1dc7ecd2a1ff8f54256cdbd250e576882911e8f710a/pydantic_extra_types-2.10.5.tar.gz", hash = "sha256:1dcfa2c0cf741a422f088e0dbb4690e7bfadaaf050da3d6f80d6c3cf58a2bad8", size = 138429, upload-time = "2025-06-02T09:31:52.713Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/70/1a/5f4fd9e7285f10c44095a4f9fe17d0f358d1702a7c74a9278c794e8a7537/pydantic_extra_types-2.10.5-py3-none-any.whl", hash = "sha256:b60c4e23d573a69a4f1a16dd92888ecc0ef34fb0e655b4f305530377fa70e7a8", size = 38315, upload-time = "2025-06-02T09:31:51.229Z" }, +] + +[[package]] +name = "pydantic-settings" +version = "2.10.1" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "pydantic" }, + { name = "python-dotenv" }, + { name = "typing-inspection" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/68/85/1ea668bbab3c50071ca613c6ab30047fb36ab0da1b92fa8f17bbc38fd36c/pydantic_settings-2.10.1.tar.gz", hash = "sha256:06f0062169818d0f5524420a360d632d5857b83cffd4d42fe29597807a1614ee", size = 172583, upload-time = "2025-06-24T13:26:46.841Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/58/f0/427018098906416f580e3cf1366d3b1abfb408a0652e9f31600c24a1903c/pydantic_settings-2.10.1-py3-none-any.whl", hash = "sha256:a60952460b99cf661dc25c29c0ef171721f98bfcb52ef8d9ea4c943d7c8cc796", size = 45235, upload-time = "2025-06-24T13:26:45.485Z" }, +] + [[package]] name = "pygments" version = "2.19.2" @@ -1389,7 +1488,7 @@ wheels = [ name = "ssvc" source = { editable = "." } dependencies = [ - { name = "fastapi", extra = ["standard"] }, + { name = "fastapi", extra = ["all", "standard"] }, { name = "jsonschema" }, { name = "markdown-exec", extra = ["ansi"] }, { name = "mkdocs" }, @@ -1417,7 +1516,7 @@ dev = [ [package.metadata] requires-dist = [ - { name = "fastapi", extras = ["standard"], specifier = ">=0.116.1" }, + { name = "fastapi", extras = ["all", "standard"], specifier = ">=0.116.1" }, { name = "jsonschema", specifier = "==4.25.0" }, { name = "markdown-exec", extras = ["ansi"], specifier = "==1.11.0" }, { name = "mkdocs", specifier = "==1.6.1" }, @@ -1529,6 +1628,34 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/5c/23/c7abc0ca0a1526a0774eca151daeb8de62ec457e77262b66b359c3c7679e/tzdata-2025.2-py2.py3-none-any.whl", hash = "sha256:1a403fada01ff9221ca8044d701868fa132215d84beb92242d9acd2147f667a8", size = 347839, upload-time = "2025-03-23T13:54:41.845Z" }, ] +[[package]] +name = "ujson" +version = "5.10.0" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/f0/00/3110fd566786bfa542adb7932d62035e0c0ef662a8ff6544b6643b3d6fd7/ujson-5.10.0.tar.gz", hash = "sha256:b3cd8f3c5d8c7738257f1018880444f7b7d9b66232c64649f562d7ba86ad4bc1", size = 7154885, upload-time = "2024-05-14T02:02:34.233Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e8/a6/fd3f8bbd80842267e2d06c3583279555e8354c5986c952385199d57a5b6c/ujson-5.10.0-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:98ba15d8cbc481ce55695beee9f063189dce91a4b08bc1d03e7f0152cd4bbdd5", size = 55642, upload-time = "2024-05-14T02:01:04.055Z" }, + { url = "https://files.pythonhosted.org/packages/a8/47/dd03fd2b5ae727e16d5d18919b383959c6d269c7b948a380fdd879518640/ujson-5.10.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:a9d2edbf1556e4f56e50fab7d8ff993dbad7f54bac68eacdd27a8f55f433578e", size = 51807, upload-time = "2024-05-14T02:01:05.25Z" }, + { url = "https://files.pythonhosted.org/packages/25/23/079a4cc6fd7e2655a473ed9e776ddbb7144e27f04e8fc484a0fb45fe6f71/ujson-5.10.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6627029ae4f52d0e1a2451768c2c37c0c814ffc04f796eb36244cf16b8e57043", size = 51972, upload-time = "2024-05-14T02:01:06.458Z" }, + { url = "https://files.pythonhosted.org/packages/04/81/668707e5f2177791869b624be4c06fb2473bf97ee33296b18d1cf3092af7/ujson-5.10.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f8ccb77b3e40b151e20519c6ae6d89bfe3f4c14e8e210d910287f778368bb3d1", size = 53686, upload-time = "2024-05-14T02:01:07.618Z" }, + { url = "https://files.pythonhosted.org/packages/bd/50/056d518a386d80aaf4505ccf3cee1c40d312a46901ed494d5711dd939bc3/ujson-5.10.0-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f3caf9cd64abfeb11a3b661329085c5e167abbe15256b3b68cb5d914ba7396f3", size = 58591, upload-time = "2024-05-14T02:01:08.901Z" }, + { url = "https://files.pythonhosted.org/packages/fc/d6/aeaf3e2d6fb1f4cfb6bf25f454d60490ed8146ddc0600fae44bfe7eb5a72/ujson-5.10.0-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:6e32abdce572e3a8c3d02c886c704a38a1b015a1fb858004e03d20ca7cecbb21", size = 997853, upload-time = "2024-05-14T02:01:10.772Z" }, + { url = "https://files.pythonhosted.org/packages/f8/d5/1f2a5d2699f447f7d990334ca96e90065ea7f99b142ce96e85f26d7e78e2/ujson-5.10.0-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:a65b6af4d903103ee7b6f4f5b85f1bfd0c90ba4eeac6421aae436c9988aa64a2", size = 1140689, upload-time = "2024-05-14T02:01:12.214Z" }, + { url = "https://files.pythonhosted.org/packages/f2/2c/6990f4ccb41ed93744aaaa3786394bca0875503f97690622f3cafc0adfde/ujson-5.10.0-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:604a046d966457b6cdcacc5aa2ec5314f0e8c42bae52842c1e6fa02ea4bda42e", size = 1043576, upload-time = "2024-05-14T02:01:14.39Z" }, + { url = "https://files.pythonhosted.org/packages/14/f5/a2368463dbb09fbdbf6a696062d0c0f62e4ae6fa65f38f829611da2e8fdd/ujson-5.10.0-cp312-cp312-win32.whl", hash = "sha256:6dea1c8b4fc921bf78a8ff00bbd2bfe166345f5536c510671bccececb187c80e", size = 38764, upload-time = "2024-05-14T02:01:15.83Z" }, + { url = "https://files.pythonhosted.org/packages/59/2d/691f741ffd72b6c84438a93749ac57bf1a3f217ac4b0ea4fd0e96119e118/ujson-5.10.0-cp312-cp312-win_amd64.whl", hash = "sha256:38665e7d8290188b1e0d57d584eb8110951a9591363316dd41cf8686ab1d0abc", size = 42211, upload-time = "2024-05-14T02:01:17.567Z" }, + { url = "https://files.pythonhosted.org/packages/0d/69/b3e3f924bb0e8820bb46671979770c5be6a7d51c77a66324cdb09f1acddb/ujson-5.10.0-cp313-cp313-macosx_10_9_x86_64.whl", hash = "sha256:618efd84dc1acbd6bff8eaa736bb6c074bfa8b8a98f55b61c38d4ca2c1f7f287", size = 55646, upload-time = "2024-05-14T02:01:19.26Z" }, + { url = "https://files.pythonhosted.org/packages/32/8a/9b748eb543c6cabc54ebeaa1f28035b1bd09c0800235b08e85990734c41e/ujson-5.10.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:38d5d36b4aedfe81dfe251f76c0467399d575d1395a1755de391e58985ab1c2e", size = 51806, upload-time = "2024-05-14T02:01:20.593Z" }, + { url = "https://files.pythonhosted.org/packages/39/50/4b53ea234413b710a18b305f465b328e306ba9592e13a791a6a6b378869b/ujson-5.10.0-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:67079b1f9fb29ed9a2914acf4ef6c02844b3153913eb735d4bf287ee1db6e557", size = 51975, upload-time = "2024-05-14T02:01:21.904Z" }, + { url = "https://files.pythonhosted.org/packages/b4/9d/8061934f960cdb6dd55f0b3ceeff207fcc48c64f58b43403777ad5623d9e/ujson-5.10.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d7d0e0ceeb8fe2468c70ec0c37b439dd554e2aa539a8a56365fd761edb418988", size = 53693, upload-time = "2024-05-14T02:01:23.742Z" }, + { url = "https://files.pythonhosted.org/packages/f5/be/7bfa84b28519ddbb67efc8410765ca7da55e6b93aba84d97764cd5794dbc/ujson-5.10.0-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:59e02cd37bc7c44d587a0ba45347cc815fb7a5fe48de16bf05caa5f7d0d2e816", size = 58594, upload-time = "2024-05-14T02:01:25.554Z" }, + { url = "https://files.pythonhosted.org/packages/48/eb/85d465abafb2c69d9699cfa5520e6e96561db787d36c677370e066c7e2e7/ujson-5.10.0-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:2a890b706b64e0065f02577bf6d8ca3b66c11a5e81fb75d757233a38c07a1f20", size = 997853, upload-time = "2024-05-14T02:01:27.151Z" }, + { url = "https://files.pythonhosted.org/packages/9f/76/2a63409fc05d34dd7d929357b7a45e3a2c96f22b4225cd74becd2ba6c4cb/ujson-5.10.0-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:621e34b4632c740ecb491efc7f1fcb4f74b48ddb55e65221995e74e2d00bbff0", size = 1140694, upload-time = "2024-05-14T02:01:29.113Z" }, + { url = "https://files.pythonhosted.org/packages/45/ed/582c4daba0f3e1688d923b5cb914ada1f9defa702df38a1916c899f7c4d1/ujson-5.10.0-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:b9500e61fce0cfc86168b248104e954fead61f9be213087153d272e817ec7b4f", size = 1043580, upload-time = "2024-05-14T02:01:31.447Z" }, + { url = "https://files.pythonhosted.org/packages/d7/0c/9837fece153051e19c7bade9f88f9b409e026b9525927824cdf16293b43b/ujson-5.10.0-cp313-cp313-win32.whl", hash = "sha256:4c4fc16f11ac1612f05b6f5781b384716719547e142cfd67b65d035bd85af165", size = 38766, upload-time = "2024-05-14T02:01:32.856Z" }, + { url = "https://files.pythonhosted.org/packages/d7/72/6cb6728e2738c05bbe9bd522d6fc79f86b9a28402f38663e85a28fddd4a0/ujson-5.10.0-cp313-cp313-win_amd64.whl", hash = "sha256:4573fd1695932d4f619928fd09d5d03d917274381649ade4328091ceca175539", size = 42212, upload-time = "2024-05-14T02:01:33.97Z" }, +] + [[package]] name = "urllib3" version = "2.5.0" From cac56652a2f37824b2071a7ed8e1ad2c6186eb0c Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 19 Aug 2025 16:13:31 -0400 Subject: [PATCH 291/468] add first pass at registry api --- src/ssvc/api.py | 121 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+) create mode 100644 src/ssvc/api.py diff --git a/src/ssvc/api.py b/src/ssvc/api.py new file mode 100644 index 00000000..06b0970c --- /dev/null +++ b/src/ssvc/api.py @@ -0,0 +1,121 @@ +#!/usr/bin/env python +""" +API for SSVC +""" + + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from fastapi import FastAPI + +from ssvc.registry import get_registry +from ssvc.registry.base import ( + _Key, + _Namespace, + _NonValuedVersion, + _NsType, + _ValuedVersion, + lookup_key, + lookup_namespace, + lookup_objtype, + lookup_version, +) + +app = FastAPI() + +r = get_registry() + + +@app.get("/") +def read_root(): + return {"Hello": "World"} + + +@app.get("/decision_points") +async def get_decision_points() -> _NsType: + decision_points = lookup_objtype(objtype="DecisionPoint", registry=r) + return decision_points + + +@app.get("/decision_points/{namespace}") +async def get_decision_points(namespace: str) -> _Namespace: + decision_points = lookup_namespace( + objtype="DecisionPoint", namespace=namespace, registry=r + ) + return decision_points + + +@app.get("/decision_points/{namespace}/{key}") +async def get_decision_points(namespace: str, key: str) -> _Key: + decision_points = lookup_key( + objtype="DecisionPoint", namespace=namespace, key=key, registry=r + ) + return decision_points + + +@app.get("/decision_points/{namespace}/{key}/{version}") +async def get_decision_points( + namespace: str, key: str, version: str +) -> _ValuedVersion: + decision_points = lookup_version( + objtype="DecisionPoint", + namespace=namespace, + key=key, + version=version, + registry=r, + ) + return decision_points + + +@app.get("/decision_tables") +async def get_decision_tables() -> _NsType: + # load registry and return decision tables + decision_tables = lookup_objtype(objtype="DecisionTable", registry=r) + return decision_tables + + +@app.get("/decision_tables/{namespace}") +async def get_decision_tables_namespace(namespace: str) -> _Namespace: + decision_tables = lookup_namespace( + objtype="DecisionTable", namespace=namespace, registry=r + ) + return decision_tables + + +@app.get("/decision_tables/{namespace}/{key}") +async def get_decision_tables_key(namespace: str, key: str) -> _Key: + decision_tables = lookup_key( + objtype="DecisionTable", namespace=namespace, key=key, registry=r + ) + return decision_tables + + +@app.get("/decision_tables/{namespace}/{key}/{version}") +async def get_decision_tables_version( + namespace: str, key: str, version: str +) -> _NonValuedVersion: + decision_tables = lookup_version( + objtype="DecisionTable", + namespace=namespace, + key=key, + version=version, + registry=r, + ) + return decision_tables From ed27a966c005e655fe74c96d305fe6e355a962ec Mon Sep 17 00:00:00 2001 From: "Bernhard E. Reiter" Date: Tue, 19 Aug 2025 22:27:12 +0200 Subject: [PATCH 292/468] Update src/test/test_namespaces_pattern.py Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- src/test/test_namespaces_pattern.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index b4d95c43..e7d5530c 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -51,7 +51,7 @@ def setUp(self): "nist#800-30", # NIST's registered model regarding its publication 800-30 "x_gov.nist#800-30/de-DE", # NIST's official translation to German as used in Germany of its model (regarding its publication) 800-30 "x_gov.nist#800-30//.de.bund.bsi$de-DE", # BSI's translation to German as used in Germany of NIST's model (regarding its publication) 800-30 - "x_example.test.test#test/pl-PL/.example.test#test/.example.test#test/newfound", # valid BCP-47 tag and multiple segments + "x_example.test.test#test/pl-PL/.example.test#another-collection/.org.example#a-different-collection/en-CA-newfound", # valid BCP-47 tag and multiple segments "example.test", # valid namespace with dots following reverse domain notation "x_example.test#test", # valid namespace with x_ prefix and dots following reverse domain notation "au.com.example", # valid namespace with dots following reverse domain notation for 2-letter TLD From 74f5456b39d88cecee2426a9cb9ce58e5eab570b Mon Sep 17 00:00:00 2001 From: "Bernhard E. Reiter" Date: Tue, 19 Aug 2025 22:27:28 +0200 Subject: [PATCH 293/468] Update src/test/test_namespaces_pattern.py Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- src/test/test_namespaces_pattern.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index e7d5530c..d70cb120 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -54,7 +54,7 @@ def setUp(self): "x_example.test.test#test/pl-PL/.example.test#another-collection/.org.example#a-different-collection/en-CA-newfound", # valid BCP-47 tag and multiple segments "example.test", # valid namespace with dots following reverse domain notation "x_example.test#test", # valid namespace with x_ prefix and dots following reverse domain notation - "au.com.example", # valid namespace with dots following reverse domain notation for 2-letter TLD + "aa.example", # valid namespace with dots following reverse domain notation for 2-letter TLD based on private use of ISO-3166 "x_au.com.example#bar" # valid namespace with x_ prefix and dots following reverse domain notation "abc//.example.test#test", "abc//.com.au.example#test", From 6a0bc7e0eda2959a18cd77e5d3a11899b48909e2 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Tue, 19 Aug 2025 22:58:48 +0200 Subject: [PATCH 294/468] adjust documentation for new namespace rules remove old textual description in favor of a link to the ABNF, which is a more precise description. Avoid duplication this way. --- docs/reference/code/namespaces.md | 40 ++++--------------------------- src/ssvc/namespaces.py | 25 +++++++++---------- 2 files changed, 18 insertions(+), 47 deletions(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index dc382d39..00a9d1ca 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -362,44 +362,14 @@ segment of the extension. ## Technical requirements The following technical requirements are enforced for SSVC namespaces, -based on the implementation in `src/ssvc/namespaces.py` and the NS_PATTERN regular expression: - -!!! info "Namespace Pattern" - - The regular expression used to validate namespaces is: - - ```python exec="true" idprefix="" - - from ssvc.utils.patterns import NS_PATTERN - - print(f"`{NS_PATTERN.pattern}`") - ``` - -### Length Requirements +based on the implementation in `src/ssvc/namespaces.py` +and the ABNF specification in +[src/ssvc/utils/ssvc_namespace_pattern.abnf](src/ssvc/utils/ssvc_namespace_pattern.abnf): - Namespaces must be between 3 and 1000 characters long. -### Base Namespace Requirements - -- Must start with a lowercase letter -- Must contain at least 3 total characters in the base part (after the optional experimental/private prefix) -- Must contain only lowercase letters, numbers, dots (`.`), and hyphens (`-`) -- Must not contain consecutive dots or hyphens (no `..`, `--`, `.-`, `-.`, `---`, etc.) -- May optionally start with the experimental/private prefix `{X_PFX}`. - -### Extension Requirements (Optional) - -- Extensions are optional -- Extensions must be delineated by slashes (`/`) -- If any extension segments are present, the following rules apply: - - The first extension segment must be a valid BCP-47 language tag or empty (i.e., `//`). - - Subsequent extension segments: - - must start with a letter (upper or lowercase) - - may contain letters, numbers, dots (`.`), hyphens (`-`), and at most one hash (`#`) - - must not contain consecutive dots or hyphens (no `..`, `--`, `.-`, `-.`, `---`, etc.) - - if a hash is present, it separates the main part from an optional fragment part - - are separated by single forward slashes (`/`) -- Multiple extension segments are allowed +(The ABNF is used to generated the regular expressions in +`src/ssvc/utils/patterns.py`, see the comment in the source code there.) ## The `ssvc.namespaces` module diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 186583e4..271a8a80 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -30,25 +30,26 @@ class NameSpace(StrEnum): - f""" - Defines the official namespaces for SSVC. + f"""Define the official namespaces for SSVC. - The namespace value must be one of the members of this enum or start with the prefix specified in X_PFX. - Namespaces must be {MIN_NS_LENGTH}-{MAX_NS_LENGTH} lowercase characters long and must start with 3-4 - alphanumeric characters after the optional prefix. - Limited punctuation characters (#/.-) are allowed between alphanumeric characters, but only one at a time. + The namespace value must be one of the members of this enum or start with + the prefix specified in X_PFX. + + Namespaces must be {MIN_NS_LENGTH}-{MAX_NS_LENGTH} characters long. + + The accepted format is specified in ABNF, + see file `src/ssvc/utils/ssvc_namespace_pattern.abnf`. Example: Following are examples of valid and invalid namespace values: - `ssvc` is *valid* because it is present in the enum - `custom` is *invalid* because it does not start with the experimental prefix and is not in the enum - - `x_custom` is *valid* because it starts with the experimental prefix and meets the pattern requirements - - `x_custom/extension` is *valid* because it starts with the experimental prefix and meets the pattern requirements - - `x_custom/extension/with/multiple/segments` is *invalid* because it exceeds the maximum length - - `x_custom//extension` is *invalid* because it has multiple punctuation characters in a row - - `x_custom.extension.` is *invalid* because it does not end with an alphanumeric character - - `x_custom.extension.9` is *valid* because it meets the pattern requirements + - `x_example.test#test` is *valid* because it starts with the experimental prefix and meets the pattern requirements + - `x_example.test#test/en-US` is *valid* because it starts with the experimental prefix and meets the pattern requirements + - `x_example.test#te..st` is *invalid* because it has multiple punctuation characters in a row + - `x_example.test.#test` is *invalid* as the reverse dns does not match + - `x_example.test#test9` is *valid* because it meets the pattern requirements """ # auto() is used to automatically assign values to the members. From 026b84cbdd3677d32a6c8e82a24beee48f35a44f Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 20 Aug 2025 00:50:47 +0200 Subject: [PATCH 295/468] Namespace ABNF - addresses review comments of certcc/ssvc#882 - update a few examples - corrected "model" to "collection" --- docs/reference/code/namespaces.md | 8 +++++--- src/ssvc/namespaces.py | 2 ++ src/ssvc/utils/field_specs.py | 2 +- src/test/test_namespaces_pattern.py | 16 +++++++++------- 4 files changed, 17 insertions(+), 11 deletions(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index 00a9d1ca..2ed908cd 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -161,6 +161,8 @@ we expect that this will rarely lead to conflicts in practice. where a unregistered namespace is needed. The namespace `x_example.test#test` is recommended for use in testing of current or new SSVC related code. + The namespace `x_example.test#documentation` is recommended for use in documentation + or as examples. !!! tip "Test Namespace" @@ -222,8 +224,8 @@ Subsequently, a `$` followed by a valid BCP 47 language tag ends the string. Note: If the `translation` uses just the reverse domain name followed by the language tag, e.g. `.example.test$de-DE`, this implies an unofficial translation done by the entity in possession of that domain name. -A `translation` using an `x-name` indicates that the extension bases of a model that had a different language -and no formal translation was used to develop that model. +A `translation` using an `x-name` indicates that the extension bases of a collection that had a different language +and no formal translation was used to develop that collection. The following diagram illustrates the structure of namespace extensions: ```mermaid @@ -314,7 +316,7 @@ base_ns -->|/| first It is also different from `ssvc//.example.isao$pl-PL/example.isao#constituency` which denotes that the ISAO did a translation of the `ssvc` namespace to Polish and based - the model for their constituency on that translation. + the collection for their constituency on that translation. !!! example "Refinement of Concepts for a Specific Constituency" diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 271a8a80..9eecc653 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -58,6 +58,8 @@ class NameSpace(StrEnum): CVSS = auto() CISA = auto() BASIC = auto() + EXAMPLE = auto() + TEST = auto() @classmethod def validate(cls, value: str) -> str: diff --git a/src/ssvc/utils/field_specs.py b/src/ssvc/utils/field_specs.py index 85a7479e..28b7b53f 100644 --- a/src/ssvc/utils/field_specs.py +++ b/src/ssvc/utils/field_specs.py @@ -47,7 +47,7 @@ examples=[ "ssvc", "cisa", - "x_example.test#test//.example.test#test", + "x_example.test#test//.example.test#private-extension", "ssvc/de-DE/.example.organization#reference-arch-1", ], pattern=NS_PATTERN, diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index d70cb120..ff7b72d2 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -54,11 +54,11 @@ def setUp(self): "x_example.test.test#test/pl-PL/.example.test#another-collection/.org.example#a-different-collection/en-CA-newfound", # valid BCP-47 tag and multiple segments "example.test", # valid namespace with dots following reverse domain notation "x_example.test#test", # valid namespace with x_ prefix and dots following reverse domain notation - "aa.example", # valid namespace with dots following reverse domain notation for 2-letter TLD based on private use of ISO-3166 - "x_au.com.example#bar" # valid namespace with x_ prefix and dots following reverse domain notation - "abc//.example.test#test", - "abc//.com.au.example#test", - "abc//.example.test#test/.example.test#test", + "aa.example", # valid namespace with dots following reverse domain notation for 2-letter TLD based on private use of ISO-3166 + "x_aa.example#test" # valid namespace with x_ prefix and dots following reverse domain notation + "test//.example.test#test", + "test//.com.au.example#test", + "example//.example.test#test/.example.some-other-org#foo", "foo.bar//.baz.quux#foo", ] self.expect_fail = [ @@ -67,6 +67,7 @@ def setUp(self): "x__invalid", # invalid namespace, double underscore "x_-invalid", # invalid namespace, dash after x_ "x_.invalid", # invalid namespace, dash at end + "x_invalid-", # invalid namespace, dash at end "x_/foo", # invalid namespace, slash after x_, invalid BCP-47 tag "x_//foo", # invalid namespace, double slash after x_ "x_abc/invalid-bcp-47", # not a valid BCP-47 tag @@ -104,7 +105,7 @@ def test_base_pattern(self): "contains-dash", "contains-dash-and.dot", "com.example", # valid namespace with dots following reverse domain notation - "au.com.example", # valid namespace with dots following reverse domain notation + "aa.com.example", # valid namespace with dots following reverse domain notation ] x_fail = [ "a", # too short @@ -137,7 +138,8 @@ def test_base_ns_pattern(self): "9abc", # starts with a number "x__invalid", # double underscore "x_-invalid", # dash after x_ - "x_.invalid", # dash at end + "x_.invalid", # dot at start + "x_invalid-", # dash at end "x_9abc", # starts with a number after x_ "x_abc.", # ends with a dot "x_abc-", # ends with a dash From b81144f3fe28eecc8485ddda5cbe624b5a5f0be0 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Wed, 20 Aug 2025 10:39:58 +0200 Subject: [PATCH 296/468] fix relative link in namespaces.md documentation --- docs/reference/code/namespaces.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index 2ed908cd..ceceb045 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -366,7 +366,7 @@ segment of the extension. The following technical requirements are enforced for SSVC namespaces, based on the implementation in `src/ssvc/namespaces.py` and the ABNF specification in -[src/ssvc/utils/ssvc_namespace_pattern.abnf](src/ssvc/utils/ssvc_namespace_pattern.abnf): +[src/ssvc/utils/ssvc_namespace_pattern.abnf](../../../src/ssvc/utils/ssvc_namespace_pattern.abnf): - Namespaces must be between 3 and 1000 characters long. From dbb8c2f0c98494b7eec93d06bfb33335dc919d0c Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 20 Aug 2025 11:20:15 -0400 Subject: [PATCH 297/468] add docker ignore --- docker/.dockerignore | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 docker/.dockerignore diff --git a/docker/.dockerignore b/docker/.dockerignore new file mode 100644 index 00000000..0ca7d75e --- /dev/null +++ b/docker/.dockerignore @@ -0,0 +1,17 @@ +# Ignore unnecessary files +*.pyc +*.pyo +*.log +#.gitignore +.DS_Store +# ignore all files in the following directories +#**/.git/ +**/__pycache__/ +**/node_modules/ +**/dist/ +**/build/ +*.egg-info/ +**/site/ +**/.venv/ +**/.ipynb_checkpoints/ +**/obsolete/ From 86fd0ecdb86f6daf1b9b8bb900b59c53ce4aaa7e Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 20 Aug 2025 11:20:46 -0400 Subject: [PATCH 298/468] add api server to docker config --- docker/Dockerfile | 28 ++++++++++++++++------------ docker/docker-compose.yml | 11 +++++++++++ 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 14e5cf09..d08bed5a 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,26 +1,30 @@ FROM python:3.12-slim-bookworm AS base -RUN pip install --upgrade pip +RUN apt-get update && apt-get install -y --no-install-recommends git && rm -rf /var/lib/apt/lists/* +RUN pip install --upgrade pip uv WORKDIR /app FROM base AS dependencies -# install requirements -COPY ../requirements.txt . -RUN pip install --no-cache-dir --upgrade -r requirements.txt +ARG BASE_DIR=.. +ARG SRC_DIR=${BASE_DIR}/src + # Copy the files we need -COPY .. /app +COPY ${BASE_DIR}/ /app # Set the environment variable ENV PYTHONPATH=/app/src +# install requirements +RUN uv sync --project=/app/src --frozen FROM dependencies AS test -# install pytest -RUN pip install pytest -# run the unit tests \ -CMD ["pytest","src/test"] +ENV PYTHONPATH=/app/src +# Install pytest and dev dependencies +RUN uv sync --project=/app/src --frozen --dev +# Run the unit tests +CMD ["uv", "run", "--project=/app/src", "pytest"] FROM dependencies AS docs -CMD ["mkdocs", "serve", "--dev-addr", "0.0.0.0:8000"] +CMD ["uv", "run", "--project=/app/src", "mkdocs", "serve", "--dev-addr", "0.0.0.0:8000"] -FROM dependencies AS server -CMD ["uvicorn", "src.main:app", "--host", " \ No newline at end of file +FROM dependencies AS registry_api +CMD ["uv", "run", "--project=/app/src", "uvicorn", "ssvc.api:app", "--host", "0.0.0.0", "--port", "8000"] \ No newline at end of file diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 795eafb6..8f043fac 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -34,3 +34,14 @@ services: - dependencies ports: - "8000:8000" + + api: + build: + context: .. + dockerfile: docker/Dockerfile + target: registry_api + image: registry_api:latest + depends_on: + - dependencies + ports: + - "8001:8000" \ No newline at end of file From c9d3955eea95def8c3e45967504708194ef1fb52 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 20 Aug 2025 11:46:50 -0400 Subject: [PATCH 299/468] refactor --- Makefile | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index b87fdcd4..046efc7c 100644 --- a/Makefile +++ b/Makefile @@ -2,8 +2,12 @@ MKDOCS_PORT=8765 DOCKER_DIR=docker PROJECT_DIR = ./src +DOCKER_COMPOSE=docker-compose --project-directory $(DOCKER_DIR) +UV_RUN=uv run --project $(PROJECT_DIR) + # Targets -.PHONY: all test docs docker_test clean help mdlint_fix up down regenerate_json +.PHONY: all test docs api docker_test clean help mdlint_fix up down regenerate_json + all: help @@ -21,25 +25,32 @@ test: docker_test: @echo "Building the latest test image..." - pushd $(DOCKER_DIR) && docker-compose build test + $(DOCKER_COMPOSE) build test @echo "Running tests in Docker..." - pushd $(DOCKER_DIR) && docker-compose run --rm test + $(DOCKER_COMPOSE) run --rm test docs_local: @echo "Building and running docs locally..." - uv run --project $(PROJECT_DIR) mkdocs serve + $(UV_RUN) mkdocs serve docs: @echo "Building and running docs in Docker..." - pushd $(DOCKER_DIR) && docker-compose up docs + $(DOCKER_COMPOSE) up docs + +api: + @echo "Building and running API in Docker..." + $(DOCKER_COMPOSE) up api + +api_dev: + $(UV_RUN) uvicorn ssvc.api:app --reload up: @echo "Starting Docker services..." - pushd $(DOCKER_DIR) && docker-compose up -d + $(DOCKER_COMPOSE) up -d down: @echo "Stopping Docker services..." - pushd $(DOCKER_DIR) && docker-compose down + $(DOCKER_COMPOSE) down regenerate_json: @echo "Regenerating JSON files..." @@ -48,21 +59,30 @@ regenerate_json: clean: @echo "Cleaning up Docker resources..." - pushd $(DOCKER_DIR) && docker-compose down --rmi local || true + $(DOCKER_COMPOSE) down --rmi local || true rm -rf $(PROJECT_DIR)/.venv $(PROJECT_DIR)/uv.lock help: @echo "Usage: make [target]" @echo "" @echo "Targets:" @echo " all - Display this help message" + @echo " dev - Set up development environment" @echo " mdlint_fix - Run markdownlint with fix" @echo " test - Run tests locally" @echo " docker_test - Run tests in Docker" + @echo " docs - Build and run documentation in Docker" + @echo " docs_local - Build and run documentation locally" + + @echo " api - Build and run API in Docker" + @echo " api_dev - Run API locally with auto-reload" + @echo " up - Start Docker services" @echo " down - Stop Docker services" + @echo " regenerate_json - Regenerate JSON files from python modules" + @echo " clean - Clean up Docker resources" @echo " help - Display this help message" From 2bee84400dd1a451808e21ff043f324e152be2d9 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 20 Aug 2025 11:47:05 -0400 Subject: [PATCH 300/468] add some basic 404s --- src/ssvc/api.py | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/src/ssvc/api.py b/src/ssvc/api.py index 06b0970c..a5341c9c 100644 --- a/src/ssvc/api.py +++ b/src/ssvc/api.py @@ -23,7 +23,9 @@ # subject to its own license. # DM24-0278 -from fastapi import FastAPI +from typing import Any + +from fastapi import FastAPI, HTTPException from ssvc.registry import get_registry from ssvc.registry.base import ( @@ -45,12 +47,19 @@ @app.get("/") def read_root(): - return {"Hello": "World"} + return {"Hello": "SSVC World"} + + +def _404_on_none(obj: Any): + if obj is None: + raise HTTPException(status_code=404, detail=f"Item not found") + return obj @app.get("/decision_points") async def get_decision_points() -> _NsType: decision_points = lookup_objtype(objtype="DecisionPoint", registry=r) + _404_on_none(decision_points) return decision_points @@ -59,6 +68,7 @@ async def get_decision_points(namespace: str) -> _Namespace: decision_points = lookup_namespace( objtype="DecisionPoint", namespace=namespace, registry=r ) + _404_on_none(decision_points) return decision_points @@ -67,6 +77,7 @@ async def get_decision_points(namespace: str, key: str) -> _Key: decision_points = lookup_key( objtype="DecisionPoint", namespace=namespace, key=key, registry=r ) + _404_on_none(decision_points) return decision_points @@ -81,6 +92,7 @@ async def get_decision_points( version=version, registry=r, ) + _404_on_none(decision_points) return decision_points @@ -88,6 +100,7 @@ async def get_decision_points( async def get_decision_tables() -> _NsType: # load registry and return decision tables decision_tables = lookup_objtype(objtype="DecisionTable", registry=r) + _404_on_none(decision_tables) return decision_tables @@ -96,6 +109,7 @@ async def get_decision_tables_namespace(namespace: str) -> _Namespace: decision_tables = lookup_namespace( objtype="DecisionTable", namespace=namespace, registry=r ) + _404_on_none(decision_tables) return decision_tables @@ -104,6 +118,7 @@ async def get_decision_tables_key(namespace: str, key: str) -> _Key: decision_tables = lookup_key( objtype="DecisionTable", namespace=namespace, key=key, registry=r ) + _404_on_none(decision_tables) return decision_tables @@ -118,4 +133,5 @@ async def get_decision_tables_version( version=version, registry=r, ) + _404_on_none(decision_tables) return decision_tables From cd8e58476cc287215bf98d21874052b1f4a29205 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 20 Aug 2025 11:47:05 -0400 Subject: [PATCH 301/468] add some basic 404s --- src/ssvc/api.py | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/src/ssvc/api.py b/src/ssvc/api.py index 06b0970c..a5341c9c 100644 --- a/src/ssvc/api.py +++ b/src/ssvc/api.py @@ -23,7 +23,9 @@ # subject to its own license. # DM24-0278 -from fastapi import FastAPI +from typing import Any + +from fastapi import FastAPI, HTTPException from ssvc.registry import get_registry from ssvc.registry.base import ( @@ -45,12 +47,19 @@ @app.get("/") def read_root(): - return {"Hello": "World"} + return {"Hello": "SSVC World"} + + +def _404_on_none(obj: Any): + if obj is None: + raise HTTPException(status_code=404, detail=f"Item not found") + return obj @app.get("/decision_points") async def get_decision_points() -> _NsType: decision_points = lookup_objtype(objtype="DecisionPoint", registry=r) + _404_on_none(decision_points) return decision_points @@ -59,6 +68,7 @@ async def get_decision_points(namespace: str) -> _Namespace: decision_points = lookup_namespace( objtype="DecisionPoint", namespace=namespace, registry=r ) + _404_on_none(decision_points) return decision_points @@ -67,6 +77,7 @@ async def get_decision_points(namespace: str, key: str) -> _Key: decision_points = lookup_key( objtype="DecisionPoint", namespace=namespace, key=key, registry=r ) + _404_on_none(decision_points) return decision_points @@ -81,6 +92,7 @@ async def get_decision_points( version=version, registry=r, ) + _404_on_none(decision_points) return decision_points @@ -88,6 +100,7 @@ async def get_decision_points( async def get_decision_tables() -> _NsType: # load registry and return decision tables decision_tables = lookup_objtype(objtype="DecisionTable", registry=r) + _404_on_none(decision_tables) return decision_tables @@ -96,6 +109,7 @@ async def get_decision_tables_namespace(namespace: str) -> _Namespace: decision_tables = lookup_namespace( objtype="DecisionTable", namespace=namespace, registry=r ) + _404_on_none(decision_tables) return decision_tables @@ -104,6 +118,7 @@ async def get_decision_tables_key(namespace: str, key: str) -> _Key: decision_tables = lookup_key( objtype="DecisionTable", namespace=namespace, key=key, registry=r ) + _404_on_none(decision_tables) return decision_tables @@ -118,4 +133,5 @@ async def get_decision_tables_version( version=version, registry=r, ) + _404_on_none(decision_tables) return decision_tables From e74dcfcbab84f9c29646eff98930c2a7c54a79cc Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 20 Aug 2025 12:03:47 -0400 Subject: [PATCH 302/468] update requirements.txt --- requirements.txt | 389 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 383 insertions(+), 6 deletions(-) diff --git a/requirements.txt b/requirements.txt index 29499cc5..97bb77bb 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,10 +1,17 @@ # This file was autogenerated by uv via the following command: -# uv export -o ../requirements.txt +# uv export --project=src -o ./requirements.txt -e . annotated-types==0.7.0 \ --hash=sha256:1f02e8b43a8fbbc3f3e0d4f0f4bfc8131bcb4eebe8849b8e5c773f3a1c582a53 \ --hash=sha256:aff07c09a53a08bc8cfccb9c85b05f1aa9a2a6f23728d790723543408344ce89 # via pydantic +anyio==4.10.0 \ + --hash=sha256:3f3fae35c96039744587aa5b8371e7e8e603c0702999535961dd336026973ba6 \ + --hash=sha256:60e474ac86736bbfd6f210f7a61218939c318f43f9972497381f1c5e930ed3d1 + # via + # httpx + # starlette + # watchfiles attrs==25.3.0 \ --hash=sha256:427318ce031701fea540783410126f03899a97ffc6f61596ad581ac2e40e3bc3 \ --hash=sha256:75d7cefc7fb576747b2c81b4442d4d4a1ce0900973527c011d1030fd3bf4af1b @@ -31,7 +38,11 @@ bracex==2.6 \ certifi==2025.8.3 \ --hash=sha256:e564105f78ded564e3ae7c923924435e1daa7463faeab5bb932bc53ffae63407 \ --hash=sha256:f6c12493cfb1b06ba2ff328595af9350c65d6644968e5d3a2ffd78699af217a5 - # via requests + # via + # httpcore + # httpx + # requests + # sentry-sdk charset-normalizer==3.4.3 \ --hash=sha256:027b776c26d38b7f15b26a5da1044f376455fb3766df8fc38563b4efbc515154 \ --hash=sha256:0cacf8f7297b0c4fcb74227692ca46b4a5852f8f4f24b3c766dd94a1075c4884 \ @@ -72,7 +83,11 @@ charset-normalizer==3.4.3 \ click==8.2.1 \ --hash=sha256:27c491cc05d968d271d5a1db13e3b5a184636d9d930f148c50b038f0d0646202 \ --hash=sha256:61a3265b914e850b85317d0b3109c7f8cd35a670f963866005d6ef1d5175a12b - # via mkdocs + # via + # mkdocs + # rich-toolkit + # typer + # uvicorn colorama==0.4.6 \ --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \ --hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6 @@ -82,6 +97,29 @@ colorama==0.4.6 \ # mkdocs # mkdocs-material # pytest + # uvicorn +dnspython==2.7.0 \ + --hash=sha256:b4c34b7d10b51bcc3a5071e7b8dee77939f1e878477eeecc965e9835f63c6c86 \ + --hash=sha256:ce9c432eda0dc91cf618a5cedf1a4e142651196bbcd2c80e89ed5a907e5cfaf1 + # via email-validator +email-validator==2.2.0 \ + --hash=sha256:561977c2d73ce3611850a06fa56b414621e0c8faa9d66f2611407d87465da631 \ + --hash=sha256:cb690f344c617a714f22e66ae771445a1ceb46821152df8e165c5f9a364582b7 + # via + # fastapi + # pydantic +fastapi==0.116.1 \ + --hash=sha256:c46ac7c312df840f0c9e220f7964bada936781bc4e2e6eb71f1c4d7553786565 \ + --hash=sha256:ed52cbf946abfd70c5a0dccb24673f0670deeb517a88b3544d03c2a6bf283143 + # via ssvc +fastapi-cli==0.0.8 \ + --hash=sha256:0ea95d882c85b9219a75a65ab27e8da17dac02873e456850fa0a726e96e985eb \ + --hash=sha256:2360f2989b1ab4a3d7fc8b3a0b20e8288680d8af2e31de7c38309934d7f8a0ee + # via fastapi +fastapi-cloud-cli==0.1.5 \ + --hash=sha256:341ee585eb731a6d3c3656cb91ad38e5f39809bf1a16d41de1333e38635a7937 \ + --hash=sha256:d80525fb9c0e8af122370891f9fa83cf5d496e4ad47a8dd26c0496a6c85a012a + # via fastapi-cli ghp-import==2.1.0 \ --hash=sha256:8337dd7b50877f163d4c0289bc1f1c7f127550241988d568c1db512c4324a619 \ --hash=sha256:9c535c4c61193c2df8871222567d7fd7e5014d835f97dc7b7439069e2413d343 @@ -90,18 +128,60 @@ griffe==1.12.1 \ --hash=sha256:29f5a6114c0aeda7d9c86a570f736883f8a2c5b38b57323d56b3d1c000565567 \ --hash=sha256:2d7c12334de00089c31905424a00abcfd931b45b8b516967f224133903d302cc # via mkdocstrings-python +h11==0.16.0 \ + --hash=sha256:4e35b956cf45792e4caa5885e69fba00bdbc6ffafbfa020300e549b208ee5ff1 \ + --hash=sha256:63cf8bbe7522de3bf65932fda1d9c2772064ffb3dae62d55932da54b31cb6c86 + # via + # httpcore + # uvicorn +httpcore==1.0.9 \ + --hash=sha256:2d400746a40668fc9dec9810239072b40b4484b640a8c38fd654a024c7a1bf55 \ + --hash=sha256:6e34463af53fd2ab5d807f399a9b45ea31c3dfa2276f15a2c3f00afff6e176e8 + # via httpx +httptools==0.6.4 \ + --hash=sha256:16e603a3bff50db08cd578d54f07032ca1631450ceb972c2f834c2b860c28ea2 \ + --hash=sha256:28908df1b9bb8187393d5b5db91435ccc9c8e891657f9cbb42a2541b44c82fc8 \ + --hash=sha256:322d20ea9cdd1fa98bd6a74b77e2ec5b818abdc3d36695ab402a0de8ef2865a3 \ + --hash=sha256:342dd6946aa6bda4b8f18c734576106b8a31f2fe31492881a9a160ec84ff4bd5 \ + --hash=sha256:4b36913ba52008249223042dca46e69967985fb4051951f94357ea681e1f5dc0 \ + --hash=sha256:4d87b29bd4486c0093fc64dea80231f7c7f7eb4dc70ae394d70a495ab8436071 \ + --hash=sha256:4e93eee4add6493b59a5c514da98c939b244fce4a0d8879cd3f466562f4b7d5c \ + --hash=sha256:69422b7f458c5af875922cdb5bd586cc1f1033295aa9ff63ee196a87519ac8e1 \ + --hash=sha256:85071a1e8c2d051b507161f6c3e26155b5c790e4e28d7f236422dbacc2a9cc44 \ + --hash=sha256:856f4bc0478ae143bad54a4242fccb1f3f86a6e1be5548fecfd4102061b3a083 \ + --hash=sha256:ade273d7e767d5fae13fa637f4d53b6e961fb7fd93c7797562663f0171c26660 \ + --hash=sha256:db78cb9ca56b59b016e64b6031eda5653be0589dba2b1b43453f6e8b405a0970 \ + --hash=sha256:df017d6c780287d5c80601dafa31f17bddb170232d85c066604d8558683711a2 \ + --hash=sha256:ec4f178901fa1834d4a060320d2f3abc5c9e39766953d038f1458cb885f47e81 \ + --hash=sha256:f9eb89ecf8b290f2e293325c646a211ff1c2493222798bb80a530c5e7502494f + # via uvicorn +httpx==0.28.1 \ + --hash=sha256:75e98c5f16b0f35b567856f597f06ff2270a374470a5c2392242528e3e3e42fc \ + --hash=sha256:d909fcccc110f8c7faf814ca82a9a4d816bc5a6dbfea25d6591d6985b8ba59ad + # via + # fastapi + # fastapi-cloud-cli idna==3.10 \ --hash=sha256:12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9 \ --hash=sha256:946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3 - # via requests + # via + # anyio + # email-validator + # httpx + # requests iniconfig==2.1.0 \ --hash=sha256:3abbd2e30b36733fee78f9c7f7308f2d0050e88f0087fd25c2645f63c773e1c7 \ --hash=sha256:9deba5723312380e77435581c6bf4935c94cbfab9b1ed33ef8d238ea168eb760 # via pytest +itsdangerous==2.2.0 \ + --hash=sha256:c6242fc49e35958c8b15141343aa660db5fc54d4f13a1db01a3f5891b98700ef \ + --hash=sha256:e0050c0b7da1eea53ffaf149c0cfbb5c6e2e2b69c4bef22c81fa6eb73e5f6173 + # via fastapi jinja2==3.1.6 \ --hash=sha256:0137fb05990d35f1275a587e9aee6d56da821fc83491a0fb838183be43f66d6d \ --hash=sha256:85ece4451f492d0c13c5dd7c13a64681a86afae63a5f347908daf103ce6d2f67 # via + # fastapi # mkdocs # mkdocs-material # mkdocstrings @@ -134,6 +214,10 @@ markdown-exec==1.11.0 \ --hash=sha256:0526957984980f55c02b425d32e8ac8bb21090c109c7012ff905d3ddcc468ceb \ --hash=sha256:e0313a0dff715869a311d24853b3a7ecbbaa12e74eb0f3cf7d91401a7d8f0082 # via ssvc +markdown-it-py==4.0.0 \ + --hash=sha256:87327c59b172c5011896038353a81343b6754500a08cd7a4973bb48c6d578147 \ + --hash=sha256:cb0a2b4aa34f932c007117b194e945bd74e0ec24133ceb5bac59009cda1cb9f3 + # via rich markupsafe==3.0.2 \ --hash=sha256:0f4ca02bea9a23221c0182836703cbf8930c5e9454bacce27e767509fa286a30 \ --hash=sha256:131a3c7689c85f5ad20f9f6fb1b866f402c445b220c19fe4308c0b147ccd2ad9 \ @@ -171,6 +255,10 @@ markupsafe==3.0.2 \ # mkdocs # mkdocs-autorefs # mkdocstrings +mdurl==0.1.2 \ + --hash=sha256:84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8 \ + --hash=sha256:bb413d29f5eea38f31dd4754dd7377d4465116fb207585f97bf925588687c1ba + # via markdown-it-py mergedeep==1.3.4 \ --hash=sha256:0096d52e9dad9939c3d975a774666af186eda617e6ca84df4c94dec30004f2a8 \ --hash=sha256:70775750742b25c0d8f36c55aed03d24c3384d17c951b3175d898bd778ef0307 @@ -301,6 +389,50 @@ numpy==2.3.2 \ # pandas # scikit-learn # scipy +orjson==3.11.2 \ + --hash=sha256:07349e88025b9b5c783077bf7a9f401ffbfb07fd20e86ec6fc5b7432c28c2c5e \ + --hash=sha256:0afb89f16f07220183fd00f5f297328ed0a68d8722ad1b0c8dcd95b12bc82804 \ + --hash=sha256:13d8d8db6cd8d89d4d4e0f4161acbbb373a4d2a4929e862d1d2119de4aa324ac \ + --hash=sha256:15d17bdb76a142e1f55d91913e012e6e6769659daa6bfef3ef93f11083137e81 \ + --hash=sha256:191ed27a1dddb305083d8716af413d7219f40ec1d4c9b0e977453b4db0d6fb6c \ + --hash=sha256:21cf261e8e79284242e4cb1e5924df16ae28255184aafeff19be1405f6d33f67 \ + --hash=sha256:24e32a558ebed73a6a71c8f1cbc163a7dd5132da5270ff3d8eeb727f4b6d1bc7 \ + --hash=sha256:26693dde66910078229a943e80eeb99fdce6cd2c26277dc80ead9f3ab97d2131 \ + --hash=sha256:29d91d74942b7436f29b5d1ed9bcfc3f6ef2d4f7c4997616509004679936650d \ + --hash=sha256:2cc42960515076eb639b705f105712b658c525863d89a1704d984b929b0577d1 \ + --hash=sha256:3dcba7101ea6a8d4ef060746c0f2e7aa8e2453a1012083e1ecce9726d7554cb7 \ + --hash=sha256:40193ada63fab25e35703454d65b6afc71dbc65f20041cb46c6d91709141ef7f \ + --hash=sha256:45841fbb79c96441a8c58aa29ffef570c5df9af91f0f7a9572e5505e12412f15 \ + --hash=sha256:4ad4c8acb50a28211c33fc7ef85ddf5cb18d4636a5205fd3fa2dce0411a0e30c \ + --hash=sha256:4ca4fb5ac21cd1e48028d4f708b1bb13e39c42d45614befd2ead004a8bba8535 \ + --hash=sha256:50995bbeb5d41a32ad15e023305807f561ac5dcd9bd41a12c8d8d1d2c83e44e6 \ + --hash=sha256:51da1ee2178ed09c00d09c1b953e45846bbc16b6420965eb7a913ba209f606d8 \ + --hash=sha256:51dc033df2e4a4c91c0ba4f43247de99b3cbf42ee7a42ee2b2b2f76c8b2f2cb5 \ + --hash=sha256:53c9e81768c69d4b66b8876ec3c8e431c6e13477186d0db1089d82622bccd19f \ + --hash=sha256:59f8d5ad08602711af9589375be98477d70e1d102645430b5a7985fdbf613b36 \ + --hash=sha256:6a5f62ebbc530bb8bb4b1ead103647b395ba523559149b91a6c545f7cd4110ad \ + --hash=sha256:6ab6e6b4e93b1573a026b6ec16fca9541354dd58e514b62c558b58554ae04307 \ + --hash=sha256:6f59dfea7da1fced6e782bb3699718088b1036cb361f36c6e4dd843c5111aefe \ + --hash=sha256:7c8ac5f6b682d3494217085cf04dadae66efee45349ad4ee2a1da3c97e2305a8 \ + --hash=sha256:901d80d349d8452162b3aa1afb82cec5bee79a10550660bc21311cc61a4c5486 \ + --hash=sha256:91bdcf5e69a8fd8e8bdb3de32b31ff01d2bd60c1e8d5fe7d5afabdcf19920309 \ + --hash=sha256:994181e7f1725bb5f2d481d7d228738e0743b16bf319ca85c29369c65913df14 \ + --hash=sha256:9cb23527efb61fb75527df55d20ee47989c4ee34e01a9c98ee9ede232abf6219 \ + --hash=sha256:a079fdba7062ab396380eeedb589afb81dc6683f07f528a03b6f7aae420a0219 \ + --hash=sha256:a4dd1268e4035af21b8a09e4adf2e61f87ee7bf63b86d7bb0a237ac03fad5b45 \ + --hash=sha256:ae3bb10279d57872f9aba68c9931aa71ed3b295fa880f25e68da79e79453f46e \ + --hash=sha256:b5ca86300aeb383c8fa759566aca065878d3d98c3389d769b43f0a2e84d52c5f \ + --hash=sha256:bde64aa469b5ee46cc960ed241fae3721d6a8801dacb2ca3466547a2535951e4 \ + --hash=sha256:c56777cab2a7b2a8ea687fedafb84b3d7fdafae382165c31a2adf88634c432fa \ + --hash=sha256:cf3bd3967a360e87ee14ed82cb258b7f18c710dacf3822fb0042a14313a673a1 \ + --hash=sha256:d026e1967239ec11a2559b4146a61d13914504b396f74510a1c4d6b19dfd8732 \ + --hash=sha256:d4f13af59a7b84c1ca6b8a7ab70d608f61f7c44f9740cd42409e6ae7b6c8d8b7 \ + --hash=sha256:d7df6c7b8b0931feb3420b72838c3e2ba98c228f7aa60d461bc050cf4ca5f7b2 \ + --hash=sha256:dbb79a0476393c07656b69c8e763c3cc925fa8e1d9e9b7d1f626901bb5025448 \ + --hash=sha256:e36319a5d15b97e4344110517450396845cc6789aed712b1fbf83c1bd95792f6 \ + --hash=sha256:edf49146520fef308c31aa4c45b9925fd9c7584645caca7c0c4217d7900214ae \ + --hash=sha256:ff8b155b145eaf5a9d94d2c476fbe18d6021de93cf36c2ae2c8c5b775763f14e + # via fastapi packaging==25.0 \ --hash=sha256:29572ef2b1f17581046b3a2227d5c611fb25ec70ca1ba8554b24b0e69331a484 \ --hash=sha256:d443872c98d677bf60f6a1f2f8c1cb748e8fe762d2bf9d3148b5599295b0fc4f @@ -355,7 +487,12 @@ pybtex==0.25.1 \ pydantic==2.11.7 \ --hash=sha256:d989c3c6cb79469287b1569f7447a17848c998458d49ebe294e975b9baf0f0db \ --hash=sha256:dde5df002701f6de26248661f6835bbe296a47bf73990135c7d07ce741b9623b - # via ssvc + # via + # fastapi + # fastapi-cloud-cli + # pydantic-extra-types + # pydantic-settings + # ssvc pydantic-core==2.33.2 \ --hash=sha256:04a1a413977ab517154eebb2d326da71638271477d6ad87a769102f7c2488c56 \ --hash=sha256:0a9f2c9dd19656823cb8250b0724ee9c60a82f3cdf68a080979d13092a3b0fef \ @@ -390,12 +527,26 @@ pydantic-core==2.33.2 \ --hash=sha256:f941635f2a3d96b2973e867144fde513665c87f13fe0e193c158ac51bfaaa7b2 \ --hash=sha256:fa854f5cf7e33842a892e5c73f45327760bc7bc516339fda888c75ae60edaeb6 # via pydantic +pydantic-extra-types==2.10.5 \ + --hash=sha256:1dcfa2c0cf741a422f088e0dbb4690e7bfadaaf050da3d6f80d6c3cf58a2bad8 \ + --hash=sha256:b60c4e23d573a69a4f1a16dd92888ecc0ef34fb0e655b4f305530377fa70e7a8 + # via fastapi +pydantic-settings==2.10.1 \ + --hash=sha256:06f0062169818d0f5524420a360d632d5857b83cffd4d42fe29597807a1614ee \ + --hash=sha256:a60952460b99cf661dc25c29c0ef171721f98bfcb52ef8d9ea4c943d7c8cc796 + # via fastapi pygments==2.19.2 \ --hash=sha256:636cb2477cec7f8952536970bc533bc43743542f70392ae026374600add5b887 \ --hash=sha256:86540386c03d588bb81d44bc3928634ff26449851e99741617ecb9037ee5ec0b # via # mkdocs-material + # pygments-ansi-color # pytest + # rich +pygments-ansi-color==0.3.0 \ + --hash=sha256:7018954cf5b11d1e734383a1bafab5af613213f246109417fee3f76da26d5431 \ + --hash=sha256:7eb063feaecadad9d4d1fd3474cbfeadf3486b64f760a8f2a00fc25392180aba + # via markdown-exec pymdown-extensions==10.16.1 \ --hash=sha256:aace82bcccba3efc03e25d584e6a22d27a8e17caa3f4dd9f207e49b787aa9a91 \ --hash=sha256:d6ba157a6c03146a7fb122b2b9a121300056384eafeec9c9f9e584adfdb2a32d @@ -416,6 +567,16 @@ python-dateutil==2.9.0.post0 \ # via # ghp-import # pandas +python-dotenv==1.1.1 \ + --hash=sha256:31f23644fe2602f88ff55e1f5c79ba497e01224ee7737937930c448e4d0e24dc \ + --hash=sha256:a8a6399716257f45be6a007360200409fce5cda2661e3dec71d23dc15f6189ab + # via + # pydantic-settings + # uvicorn +python-multipart==0.0.20 \ + --hash=sha256:8a62d3a8335e06589fe01f2a3e178cdcc632f3fbe0d492ad9ee0ec35aab1f104 \ + --hash=sha256:8dd0cab45b8e23064ae09147625994d090fa46f5b0d1e13af944c331a7fa9d13 + # via fastapi pytz==2025.2 \ --hash=sha256:360b9e3dbb49a209c21ad61809c7fb453643e048b38924c765813546746e81c3 \ --hash=sha256:5ddf76296dd8c44c26eb8f4b6f35488f3ccbf6fbbd7adee0b7262d43f0ec2f00 @@ -441,6 +602,7 @@ pyyaml==6.0.2 \ --hash=sha256:ef6107725bd54b262d6dedcc2af448a266975032bc85ef0172c5f059da6325b4 \ --hash=sha256:efdca5630322a10774e8e98e1af481aad470dd62c3170801852d752aa7a783ba # via + # fastapi # mkdocs # mkdocs-get-deps # mkdocs-table-reader-plugin @@ -448,6 +610,7 @@ pyyaml==6.0.2 \ # pymdown-extensions # pyyaml-env-tag # responses + # uvicorn pyyaml-env-tag==1.1 \ --hash=sha256:17109e1a528561e32f026364712fee1264bc2ea6715120891174ed1b980d2e04 \ --hash=sha256:2eb38b75a2d21ee0475d6d97ec19c63287a7e140231e4214969d0eac923cd7ff @@ -502,6 +665,59 @@ responses==0.25.8 \ --hash=sha256:0c710af92def29c8352ceadff0c3fe340ace27cf5af1bbe46fb71275bcd2831c \ --hash=sha256:9374d047a575c8f781b94454db5cab590b6029505f488d12899ddb10a4af1cf4 # via mkdocs-bibtex +rich==14.1.0 \ + --hash=sha256:536f5f1785986d6dbdea3c75205c473f970777b4a0d6c6dd1b696aa05a3fa04f \ + --hash=sha256:e497a48b844b0320d45007cdebfeaeed8db2a4f4bcf49f15e455cfc4af11eaa8 + # via + # rich-toolkit + # typer +rich-toolkit==0.15.0 \ + --hash=sha256:3f5730e9f2d36d0bfe01cf723948b7ecf4cc355d2b71e2c00e094f7963128c09 \ + --hash=sha256:ddb91008283d4a7989fd8ff0324a48773a7a2276229c6a3070755645538ef1bb + # via + # fastapi-cli + # fastapi-cloud-cli +rignore==0.6.4 \ + --hash=sha256:0a8184fcf567bd6b6d7b85a0c138d98dd40f63054141c96b175844414c5530d7 \ + --hash=sha256:0cc35773a8a9c119359ef974d0856988d4601d4daa6f532c05f66b4587cf35bc \ + --hash=sha256:145177f0e32716dc2f220b07b3cde2385b994b7ea28d5c96fbec32639e9eac6f \ + --hash=sha256:240777332b859dc89dcba59ab6e3f1e062bc8e862ffa3e5f456e93f7fd5cb415 \ + --hash=sha256:2521f7bf3ee1f2ab22a100a3a4eed39a97b025804e5afe4323528e9ce8f084a5 \ + --hash=sha256:2b3b1e266ce45189240d14dfa1057f8013ea34b9bc8b3b44125ec8d25fdb3985 \ + --hash=sha256:456456802b1e77d1e2d149320ee32505b8183e309e228129950b807d204ddd17 \ + --hash=sha256:45fe803628cc14714df10e8d6cdc23950a47eb9eb37dfea9a4779f4c672d2aa0 \ + --hash=sha256:465179bc30beb1f7a3439e428739a2b5777ed26660712b8c4e351b15a7c04483 \ + --hash=sha256:4a4877b4dca9cf31a4d09845b300c677c86267657540d0b4d3e6d0ce3110e6e9 \ + --hash=sha256:4c1ff2fc223f1d9473d36923160af37bf765548578eb9d47a2f52e90da8ae408 \ + --hash=sha256:4d1918221a249e5342b60fd5fa513bf3d6bf272a8738e66023799f0c82ecd788 \ + --hash=sha256:50359e0d5287b5e2743bd2f2fbf05df619c8282fd3af12f6628ff97b9675551d \ + --hash=sha256:52b0957b585ab48a445cf8ac1dbc33a272ab060835e583b4f95aa8c67c23fb2b \ + --hash=sha256:536392c5ec91755db48389546c833c4ab1426fe03e5a8522992b54ef8a244e7e \ + --hash=sha256:66b0e548753e55cc648f1e7b02d9f74285fe48bb49cec93643d31e563773ab3f \ + --hash=sha256:6971ac9fdd5a0bd299a181096f091c4f3fd286643adceba98eccc03c688a6637 \ + --hash=sha256:74720d074b79f32449d5d212ce732e0144a294a184246d1f1e7bcc1fc5c83b69 \ + --hash=sha256:7a6ccc0ea83d2c0c6df6b166f2acacedcc220a516436490f41e99a5ae73b6019 \ + --hash=sha256:84b5121650ae24621154c7bdba8b8970b0739d8146505c9f38e0cda9385d1004 \ + --hash=sha256:91dc94b1cc5af8d6d25ce6edd29e7351830f19b0a03b75cb3adf1f76d00f3007 \ + --hash=sha256:a63f5720dffc8d8fb0a4d02fafb8370a4031ebf3f99a4e79f334a91e905b7349 \ + --hash=sha256:b665b1ea14457d7b49e834baabc635a3b8c10cfb5cca5c21161fabdbfc2b850e \ + --hash=sha256:b79c212d9990a273ad91e8d9765e1766ef6ecedd3be65375d786a252762ba385 \ + --hash=sha256:bcb0d7d7ecc3fbccf6477bb187c04a091579ea139f15f139abe0b3b48bdfef69 \ + --hash=sha256:c6ffa7f2a8894c65aa5dc4e8ac8bbdf39a326c0c6589efd27686cfbb48f0197d \ + --hash=sha256:c7fd339f344a8548724f289495b835bed7b81174a0bc1c28c6497854bd8855db \ + --hash=sha256:ce33982da47ac5dc09d19b04fa8d7c9aa6292fc0bd1ecf33076989faa8886094 \ + --hash=sha256:d0615a6bf4890ec5a90b5fb83666822088fbd4e8fcd740c386fcce51e2f6feea \ + --hash=sha256:d899621867aa266824fbd9150e298f19d25b93903ef0133c09f70c65a3416eca \ + --hash=sha256:e02eecb9e1b9f9bf7c9030ae73308a777bed3b2486204cc74dfcfbe699ab1497 \ + --hash=sha256:e07d9c5270fc869bc431aadcfb6ed0447f89b8aafaa666914c077435dc76a123 \ + --hash=sha256:e439f034277a947a4126e2da79dbb43e33d73d7c09d3d72a927e02f8a16f59aa \ + --hash=sha256:e445fbc214ae18e0e644a78086ea5d0f579e210229a4fbe86367d11a4cd03c11 \ + --hash=sha256:e55bf8f9bbd186f58ab646b4a08718c77131d28a9004e477612b0cbbd5202db2 \ + --hash=sha256:e893fdd2d7fdcfa9407d0b7600ef2c2e2df97f55e1c45d4a8f54364829ddb0ab \ + --hash=sha256:efe18096dcb1596757dfe0b412aab6d32564473ae7ee58dea0a8b4be5b1a2e3b \ + --hash=sha256:f5f9dca46fc41c0a1e236767f68be9d63bdd2726db13a0ae3a30f68414472969 \ + --hash=sha256:feac73377a156fb77b3df626c76f7e5893d9b4e9e886ac8c0f9d44f1206a2a91 + # via fastapi-cloud-cli rpds-py==0.27.0 \ --hash=sha256:010c4843a3b92b54373e3d2291a7447d6c3fc29f591772cc2ea0e9f5c1da434b \ --hash=sha256:0665be515767dc727ffa5f74bd2ef60b0ff85dad6bb8f50d91eaa6b5fb226f51 \ @@ -651,14 +867,30 @@ semver==3.0.4 \ --hash=sha256:9c824d87ba7f7ab4a1890799cec8596f15c1241cb473404ea1cb0c55e4b04746 \ --hash=sha256:afc7d8c584a5ed0a11033af086e8af226a9c0b206f313e0301f8dd7b6b589602 # via ssvc +sentry-sdk==2.35.0 \ + --hash=sha256:5ea58d352779ce45d17bc2fa71ec7185205295b83a9dbb5707273deb64720092 \ + --hash=sha256:6e0c29b9a5d34de8575ffb04d289a987ff3053cf2c98ede445bea995e3830263 + # via fastapi-cloud-cli setuptools==80.9.0 \ --hash=sha256:062d34222ad13e0cc312a4c02d73f059e86a4acbfbdea8f8f76b28c99f306922 \ --hash=sha256:f36b47402ecde768dbfafc46e8e4207b4360c654f1f3bb84475f0a28628fb19c # via mkdocs-bibtex +shellingham==1.5.4 \ + --hash=sha256:7ecfff8f2fd72616f7481040475a65b2bf8af90a56c89140852d1120324e8686 \ + --hash=sha256:8dbca0739d487e5bd35ab3ca4b36e11c4078f3a234bfce294b0a0291363404de + # via typer six==1.17.0 \ --hash=sha256:4721f391ed90541fddacab5acf947aa0d3dc7d27b2e1e8eda2be8970586c3274 \ --hash=sha256:ff70335d468e7eb6ec65b95b99d3a2836546063f63acc5171de367e834932a81 # via python-dateutil +sniffio==1.3.1 \ + --hash=sha256:2f6da418d1f1e0fddd844478f41680e794e6051915791a034ff65e5f100525a2 \ + --hash=sha256:f4324edc670a0f49750a81b895f35c3adb843cca46f0530f79fc1babb23789dc + # via anyio +starlette==0.47.2 \ + --hash=sha256:6ae9aa5db235e4846decc1e7b79c4f346adf41e9777aebeb49dfd09bbd7023d8 \ + --hash=sha256:c5847e96134e5c5371ee9fac6fdf1a67336d5815e09eb2a01fdb57a351ef915b + # via fastapi tabulate==0.9.0 \ --hash=sha256:0095b12bf5966de529c0feb1fa08671671b3368eec77d7ef7ab114be2c068b3c \ --hash=sha256:024ca478df22e9340661486f85298cff5f6dcdba14f3813e8830015b9ed1948f @@ -671,28 +903,88 @@ threadpoolctl==3.6.0 \ --hash=sha256:43a0b8fd5a2928500110039e43a5eed8480b918967083ea48dc3ab9f13c4a7fb \ --hash=sha256:8ab8b4aa3491d812b623328249fab5302a68d2d71745c8a4c719a2fcaba9f44e # via scikit-learn +typer==0.16.1 \ + --hash=sha256:90ee01cb02d9b8395ae21ee3368421faf21fa138cb2a541ed369c08cec5237c9 \ + --hash=sha256:d358c65a464a7a90f338e3bb7ff0c74ac081449e53884b12ba658cbd72990614 + # via + # fastapi-cli + # fastapi-cloud-cli typing-extensions==4.14.1 \ --hash=sha256:38b39f4aeeab64884ce9f74c94263ef78f3c22467c8724005483154c26648d36 \ --hash=sha256:d1e1e3b58374dc93031d6eda2420a48ea44a36c2b4766a4fdeb3710755731d76 # via + # anyio + # fastapi # pydantic # pydantic-core + # pydantic-extra-types # referencing + # rich-toolkit + # starlette + # typer # typing-inspection typing-inspection==0.4.1 \ --hash=sha256:389055682238f53b04f7badcb49b989835495a96700ced5dab2d8feae4b26f51 \ --hash=sha256:6ae134cc0203c33377d43188d4064e9b357dba58cff3185f22924610e70a9d28 - # via pydantic + # via + # pydantic + # pydantic-settings tzdata==2025.2 \ --hash=sha256:1a403fada01ff9221ca8044d701868fa132215d84beb92242d9acd2147f667a8 \ --hash=sha256:b60a638fcc0daffadf82fe0f57e53d06bdec2f36c4df66280ae79bce6bd6f2b9 # via pandas +ujson==5.10.0 \ + --hash=sha256:2a890b706b64e0065f02577bf6d8ca3b66c11a5e81fb75d757233a38c07a1f20 \ + --hash=sha256:38665e7d8290188b1e0d57d584eb8110951a9591363316dd41cf8686ab1d0abc \ + --hash=sha256:38d5d36b4aedfe81dfe251f76c0467399d575d1395a1755de391e58985ab1c2e \ + --hash=sha256:4573fd1695932d4f619928fd09d5d03d917274381649ade4328091ceca175539 \ + --hash=sha256:4c4fc16f11ac1612f05b6f5781b384716719547e142cfd67b65d035bd85af165 \ + --hash=sha256:59e02cd37bc7c44d587a0ba45347cc815fb7a5fe48de16bf05caa5f7d0d2e816 \ + --hash=sha256:604a046d966457b6cdcacc5aa2ec5314f0e8c42bae52842c1e6fa02ea4bda42e \ + --hash=sha256:618efd84dc1acbd6bff8eaa736bb6c074bfa8b8a98f55b61c38d4ca2c1f7f287 \ + --hash=sha256:621e34b4632c740ecb491efc7f1fcb4f74b48ddb55e65221995e74e2d00bbff0 \ + --hash=sha256:6627029ae4f52d0e1a2451768c2c37c0c814ffc04f796eb36244cf16b8e57043 \ + --hash=sha256:67079b1f9fb29ed9a2914acf4ef6c02844b3153913eb735d4bf287ee1db6e557 \ + --hash=sha256:6dea1c8b4fc921bf78a8ff00bbd2bfe166345f5536c510671bccececb187c80e \ + --hash=sha256:6e32abdce572e3a8c3d02c886c704a38a1b015a1fb858004e03d20ca7cecbb21 \ + --hash=sha256:98ba15d8cbc481ce55695beee9f063189dce91a4b08bc1d03e7f0152cd4bbdd5 \ + --hash=sha256:a65b6af4d903103ee7b6f4f5b85f1bfd0c90ba4eeac6421aae436c9988aa64a2 \ + --hash=sha256:a9d2edbf1556e4f56e50fab7d8ff993dbad7f54bac68eacdd27a8f55f433578e \ + --hash=sha256:b3cd8f3c5d8c7738257f1018880444f7b7d9b66232c64649f562d7ba86ad4bc1 \ + --hash=sha256:b9500e61fce0cfc86168b248104e954fead61f9be213087153d272e817ec7b4f \ + --hash=sha256:d7d0e0ceeb8fe2468c70ec0c37b439dd554e2aa539a8a56365fd761edb418988 \ + --hash=sha256:f3caf9cd64abfeb11a3b661329085c5e167abbe15256b3b68cb5d914ba7396f3 \ + --hash=sha256:f8ccb77b3e40b151e20519c6ae6d89bfe3f4c14e8e210d910287f778368bb3d1 + # via fastapi urllib3==2.5.0 \ --hash=sha256:3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760 \ --hash=sha256:e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc # via # requests # responses + # sentry-sdk +uvicorn==0.35.0 \ + --hash=sha256:197535216b25ff9b785e29a0b79199f55222193d47f820816e7da751e9bc8d4a \ + --hash=sha256:bc662f087f7cf2ce11a1d7fd70b90c9f98ef2e2831556dd078d131b96cc94a01 + # via + # fastapi + # fastapi-cli + # fastapi-cloud-cli +uvloop==0.21.0 ; platform_python_implementation != 'PyPy' and sys_platform != 'cygwin' and sys_platform != 'win32' \ + --hash=sha256:183aef7c8730e54c9a3ee3227464daed66e37ba13040bb3f350bc2ddc040f22f \ + --hash=sha256:359ec2c888397b9e592a889c4d72ba3d6befba8b2bb01743f72fffbde663b59c \ + --hash=sha256:3bf12b0fda68447806a7ad847bfa591613177275d35b6724b1ee573faa3704e3 \ + --hash=sha256:461d9ae6660fbbafedd07559c6a2e57cd553b34b0065b6550685f6653a98c1cb \ + --hash=sha256:5ee4d4ef48036ff6e5cfffb09dd192c7a5027153948d85b8da7ff705065bacc6 \ + --hash=sha256:787ae31ad8a2856fc4e7c095341cccc7209bd657d0e71ad0dc2ea83c4a6fa8af \ + --hash=sha256:86975dca1c773a2c9864f4c52c5a55631038e387b47eaf56210f873887b6c8dc \ + --hash=sha256:a5c39f217ab3c663dc699c04cbd50c13813e31d917642d459fdcec07555cc553 \ + --hash=sha256:baa4dcdbd9ae0a372f2167a207cd98c9f9a1ea1188a8a526431eef2f8116cc8d \ + --hash=sha256:bd53ecc9a0f3d87ab847503c2e1552b690362e005ab54e8a48ba97da3924c0dc \ + --hash=sha256:bfd55dfcc2a512316e65f16e503e9e450cab148ef11df4e4e679b5e8253a5281 \ + --hash=sha256:f3df876acd7ec037a3d005b3ab85a7e4110422e4d9c1571d4fc89b0fc41b6816 \ + --hash=sha256:f7089d2dc73179ce5ac255bdf37c236a9f914b264825fdaacaded6990a7fb4c2 + # via uvicorn validators==0.35.0 \ --hash=sha256:992d6c48a4e77c81f1b4daba10d16c3a9bb0dbb79b3a19ea847ff0928e70497a \ --hash=sha256:e8c947097eae7892cb3d26868d637f79f47b4a0554bc6b80065dfe5aac3705dd @@ -716,7 +1008,92 @@ watchdog==6.0.0 \ --hash=sha256:cbafb470cf848d93b5d013e2ecb245d4aa1c8fd0504e863ccefa32445359d680 \ --hash=sha256:e3df4cbb9a450c6d49318f6d14f4bbc80d763fa587ba46ec86f99f9e6876bb26 # via mkdocs +watchfiles==1.1.0 \ + --hash=sha256:0a7d40b77f07be87c6faa93d0951a0fcd8cbca1ddff60a1b65d741bac6f3a9f6 \ + --hash=sha256:12b0a02a91762c08f7264e2e79542f76870c3040bbc847fb67410ab81474932a \ + --hash=sha256:12fe8eaffaf0faa7906895b4f8bb88264035b3f0243275e0bf24af0436b27259 \ + --hash=sha256:130fc497b8ee68dce163e4254d9b0356411d1490e868bd8790028bc46c5cc297 \ + --hash=sha256:17ab167cca6339c2b830b744eaf10803d2a5b6683be4d79d8475d88b4a8a4be1 \ + --hash=sha256:20ecc8abbd957046f1fe9562757903f5eaf57c3bce70929fda6c7711bb58074a \ + --hash=sha256:239736577e848678e13b201bba14e89718f5c2133dfd6b1f7846fa1b58a8532b \ + --hash=sha256:249590eb75ccc117f488e2fabd1bfa33c580e24b96f00658ad88e38844a040bb \ + --hash=sha256:29e7bc2eee15cbb339c68445959108803dc14ee0c7b4eea556400131a8de462b \ + --hash=sha256:328dbc9bff7205c215a7807da7c18dce37da7da718e798356212d22696404339 \ + --hash=sha256:32d6d4e583593cb8576e129879ea0991660b935177c0f93c6681359b3654bfa9 \ + --hash=sha256:3434e401f3ce0ed6b42569128b3d1e3af773d7ec18751b918b89cd49c14eaafb \ + --hash=sha256:37d3d3f7defb13f62ece99e9be912afe9dd8a0077b7c45ee5a57c74811d581a4 \ + --hash=sha256:4281cd9fce9fc0a9dbf0fc1217f39bf9cf2b4d315d9626ef1d4e87b84699e7e8 \ + --hash=sha256:5007f860c7f1f8df471e4e04aaa8c43673429047d63205d1630880f7637bca30 \ + --hash=sha256:50a51a90610d0845a5931a780d8e51d7bd7f309ebc25132ba975aca016b576a0 \ + --hash=sha256:5366164391873ed76bfdf618818c82084c9db7fac82b64a20c44d335eec9ced5 \ + --hash=sha256:60022527e71d1d1fda67a33150ee42869042bce3d0fcc9cc49be009a9cded3fb \ + --hash=sha256:62cc7a30eeb0e20ecc5f4bd113cd69dcdb745a07c68c0370cea919f373f65d9e \ + --hash=sha256:693ed7ec72cbfcee399e92c895362b6e66d63dac6b91e2c11ae03d10d503e575 \ + --hash=sha256:6d2404af8db1329f9a3c9b79ff63e0ae7131986446901582067d9304ae8aaf7f \ + --hash=sha256:7080c4bb3efd70a07b1cc2df99a7aa51d98685be56be6038c3169199d0a1c69f \ + --hash=sha256:7fd1b3879a578a8ec2076c7961076df540b9af317123f84569f5a9ddee64ce92 \ + --hash=sha256:80f811146831c8c86ab17b640801c25dc0a88c630e855e2bef3568f30434d52b \ + --hash=sha256:891c69e027748b4a73847335d208e374ce54ca3c335907d381fde4e41661b13b \ + --hash=sha256:8ac164e20d17cc285f2b94dc31c384bc3aa3dd5e7490473b3db043dd70fbccfd \ + --hash=sha256:8c5701dc474b041e2934a26d31d39f90fac8a3dee2322b39f7729867f932b1d4 \ + --hash=sha256:95ab1594377effac17110e1352989bdd7bdfca9ff0e5eeccd8c69c5389b826d0 \ + --hash=sha256:9974d2f7dc561cce3bb88dfa8eb309dab64c729de85fba32e98d75cf24b66297 \ + --hash=sha256:9c733cda03b6d636b4219625a4acb5c6ffb10803338e437fb614fef9516825ef \ + --hash=sha256:9dc001c3e10de4725c749d4c2f2bdc6ae24de5a88a339c4bce32300a31ede179 \ + --hash=sha256:a543492513a93b001975ae283a51f4b67973662a375a403ae82f420d2c7205ee \ + --hash=sha256:a8f6f72974a19efead54195bc9bed4d850fc047bb7aa971268fd9a8387c89011 \ + --hash=sha256:a9ccbf1f129480ed3044f540c0fdbc4ee556f7175e5ab40fe077ff6baf286d4e \ + --hash=sha256:adb4167043d3a78280d5d05ce0ba22055c266cf8655ce942f2fb881262ff3cdf \ + --hash=sha256:af06c863f152005c7592df1d6a7009c836a247c9d8adb78fef8575a5a98699db \ + --hash=sha256:b067915e3c3936966a8607f6fe5487df0c9c4afb85226613b520890049deea20 \ + --hash=sha256:ba0e3255b0396cac3cc7bbace76404dd72b5438bf0d8e7cefa2f79a7f3649caa \ + --hash=sha256:bfe3c517c283e484843cb2e357dd57ba009cff351edf45fb455b5fbd1f45b15f \ + --hash=sha256:c68e9f1fcb4d43798ad8814c4c1b61547b014b667216cb754e606bfade587018 \ + --hash=sha256:cbcf8630ef4afb05dc30107bfa17f16c0896bb30ee48fc24bf64c1f970f3b1fd \ + --hash=sha256:cbd949bdd87567b0ad183d7676feb98136cde5bb9025403794a4c0db28ed3a47 \ + --hash=sha256:cc08ef8b90d78bfac66f0def80240b0197008e4852c9f285907377b2947ffdcb \ + --hash=sha256:d05686b5487cfa2e2c28ff1aa370ea3e6c5accfe6435944ddea1e10d93872147 \ + --hash=sha256:d0e10e6f8f6dc5762adee7dece33b722282e1f59aa6a55da5d493a97282fedd8 \ + --hash=sha256:d181ef50923c29cf0450c3cd47e2f0557b62218c50b2ab8ce2ecaa02bd97e670 \ + --hash=sha256:d9481174d3ed982e269c090f780122fb59cee6c3796f74efe74e70f7780ed94c \ + --hash=sha256:d9ba68ec283153dead62cbe81872d28e053745f12335d037de9cbd14bd1877f5 \ + --hash=sha256:dc44678a72ac0910bac46fa6a0de6af9ba1355669b3dfaf1ce5f05ca7a74364e \ + --hash=sha256:e78b6ed8165996013165eeabd875c5dfc19d41b54f94b40e9fff0eb3193e5e8e \ + --hash=sha256:eff4b8d89f444f7e49136dc695599a591ff769300734446c0a86cba2eb2f9895 \ + --hash=sha256:f21af781a4a6fbad54f03c598ab620e3a77032c5878f3d780448421a6e1818c7 \ + --hash=sha256:f2f0498b7d2a3c072766dba3274fe22a183dbea1f99d188f1c6c72209a1063dc \ + --hash=sha256:f7208ab6e009c627b7557ce55c465c98967e8caa8b11833531fdf95799372633 \ + --hash=sha256:f7590d5a455321e53857892ab8879dce62d1f4b04748769f5adf2e707afb9d4f \ + --hash=sha256:fa257a4d0d21fcbca5b5fcba9dca5a78011cb93c0323fb8855c6d2dfbc76eb77 \ + --hash=sha256:fba9b62da882c1be1280a7584ec4515d0a6006a94d6e5819730ec2eab60ffe12 + # via uvicorn wcmatch==10.1 \ --hash=sha256:5848ace7dbb0476e5e55ab63c6bbd529745089343427caa5537f230cc01beb8a \ --hash=sha256:f11f94208c8c8484a16f4f48638a85d771d9513f4ab3f37595978801cb9465af # via mkdocs-include-markdown-plugin +websockets==15.0.1 \ + --hash=sha256:0701bc3cfcb9164d04a14b149fd74be7347a530ad3bbf15ab2c678a2cd3dd9a2 \ + --hash=sha256:0af68c55afbd5f07986df82831c7bff04846928ea8d1fd7f30052638788bc9b5 \ + --hash=sha256:0f3c1e2ab208db911594ae5b4f79addeb3501604a165019dd221c0bdcabe4db8 \ + --hash=sha256:229cf1d3ca6c1804400b0a9790dc66528e08a6a1feec0d5040e8b9eb14422375 \ + --hash=sha256:3be571a8b5afed347da347bfcf27ba12b069d9d7f42cb8c7028b5e98bbb12597 \ + --hash=sha256:3c714d2fc58b5ca3e285461a4cc0c9a66bd0e24c5da9911e30158286c9b5be7f \ + --hash=sha256:3e90baa811a5d73f3ca0bcbf32064d663ed81318ab225ee4f427ad4e26e5aff3 \ + --hash=sha256:558d023b3df0bffe50a04e710bc87742de35060580a293c2a984299ed83bc4e4 \ + --hash=sha256:592f1a9fe869c778694f0aa806ba0374e97648ab57936f092fd9d87f8bc03665 \ + --hash=sha256:595b6c3969023ecf9041b2936ac3827e4623bfa3ccf007575f04c5a6aa318c22 \ + --hash=sha256:5a939de6b7b4e18ca683218320fc67ea886038265fd1ed30173f5ce3f8e85675 \ + --hash=sha256:5d54b09eba2bada6011aea5375542a157637b91029687eb4fdb2dab11059c1b4 \ + --hash=sha256:64dee438fed052b52e4f98f76c5790513235efaa1ef7f3f2192c392cd7c91b65 \ + --hash=sha256:746ee8dba912cd6fc889a8147168991d50ed70447bf18bcda7039f7d2e3d9151 \ + --hash=sha256:756c56e867a90fb00177d530dca4b097dd753cde348448a1012ed6c5131f8b7d \ + --hash=sha256:82544de02076bafba038ce055ee6412d68da13ab47f0c60cab827346de828dee \ + --hash=sha256:ba9e56e8ceeeedb2e080147ba85ffcd5cd0711b89576b83784d8605a7df455fa \ + --hash=sha256:c338ffa0520bdb12fbc527265235639fb76e7bc7faafbb93f6ba80d9c06578a9 \ + --hash=sha256:d5f6b181bb38171a8ad1d6aa58a67a6aa9d4b38d0f8c5f496b9e42561dfc62fe \ + --hash=sha256:e09473f095a819042ecb2ab9465aee615bd9c2028e4ef7d933600a8401c79561 \ + --hash=sha256:e8b56bdcdb4505c8078cb6c7157d9811a85790f2f2b3632c7d1462ab5783d215 \ + --hash=sha256:ee443ef070bb3b6ed74514f5efaa37a252af57c90eb33b956d35c8e9c10a1931 \ + --hash=sha256:f7a866fbc1e97b5c617ee4116daaa09b722101d4a3c170c787450ba409f9736f \ + --hash=sha256:fcd5cf9e305d7b8338754470cf69cf81f420459dbae8a3b40cee57417f4614a7 + # via uvicorn From eec60b8526c90ed11d985ad3a741199d7fdf302b Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 20 Aug 2025 12:16:53 -0400 Subject: [PATCH 303/468] fix python-app.yml for uv --- .github/workflows/python-app.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index e9142cb3..30475627 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -27,16 +27,17 @@ jobs: python-version: "3.12" - name: Install dependencies run: | - python -m pip install --upgrade pip - pip install pytest build - if [ -f requirements.txt ]; then pip install -r requirements.txt; fi + python -m pip install --upgrade pip uv + uv sync --project=src --dev --frozen +# pip install pytest build +# if [ -f requirements.txt ]; then pip install -r requirements.txt; fi # - uses: psf/black@stable - name: Test with pytest run: | - pytest + uv run --project=src pytest - name: Build run: | - python -m build src + uv build --project=src - name: Upload Artifacts uses: actions/upload-artifact@v4 with: From 1b27670a371f2deeb914d3af3fc7211403f8ec1b Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 20 Aug 2025 12:24:11 -0400 Subject: [PATCH 304/468] fix link_checker.yml for uv --- .github/workflows/link_checker.yml | 13 +++------ requirements.txt | 17 +++++++++++- src/pyproject.toml | 1 + src/uv.lock | 42 +++++++++++++++++++++++++++++- 4 files changed, 62 insertions(+), 11 deletions(-) diff --git a/.github/workflows/link_checker.yml b/.github/workflows/link_checker.yml index 9e73e866..7814efb9 100644 --- a/.github/workflows/link_checker.yml +++ b/.github/workflows/link_checker.yml @@ -29,19 +29,14 @@ jobs: - name: Install dependencies run: | - python -m pip install --upgrade pip - python -m pip install -r requirements.txt - python -m pip install linkchecker - - - name: Install our python stuff - run: | - python -m pip install -e src + python -m pip install --upgrade pip uv + uv sync --dev --project src - name: Build Site run: | - mkdocs build --verbose --clean --config-file mkdocs.yml + uv run --project=src mkdocs build --verbose --clean --config-file mkdocs.yml - name: Check links run: | - linkchecker site/index.html + uv run --project=src linkchecker site/index.html diff --git a/requirements.txt b/requirements.txt index 97bb77bb..7b61f1cb 100644 --- a/requirements.txt +++ b/requirements.txt @@ -31,6 +31,10 @@ backrefs==5.9 \ --hash=sha256:df5e169836cc8acb5e440ebae9aad4bf9d15e226d3bad049cf3f6a5c20cc8dc9 \ --hash=sha256:f48ee18f6252b8f5777a22a00a09a85de0ca931658f1dd96d4406a34f3748c60 # via mkdocs-material +beautifulsoup4==4.13.4 \ + --hash=sha256:9bbbb14bfde9d79f38b8cd5f8c7c85f4b8f2523190ebed90e950a8dea4cb1c4b \ + --hash=sha256:dbb3c4e1ceae6aefebdaf2423247260cd062430a410e38c66f2baa50a8437195 + # via linkchecker bracex==2.6 \ --hash=sha256:0b0049264e7340b3ec782b5cb99beb325f36c3782a32e36e876452fd49a09952 \ --hash=sha256:98f1347cd77e22ee8d967a30ad4e310b233f7754dbf31ff3fceb76145ba47dc7 @@ -101,7 +105,9 @@ colorama==0.4.6 \ dnspython==2.7.0 \ --hash=sha256:b4c34b7d10b51bcc3a5071e7b8dee77939f1e878477eeecc965e9835f63c6c86 \ --hash=sha256:ce9c432eda0dc91cf618a5cedf1a4e142651196bbcd2c80e89ed5a907e5cfaf1 - # via email-validator + # via + # email-validator + # linkchecker email-validator==2.2.0 \ --hash=sha256:561977c2d73ce3611850a06fa56b414621e0c8faa9d66f2611407d87465da631 \ --hash=sha256:cb690f344c617a714f22e66ae771445a1ceb46821152df8e165c5f9a364582b7 @@ -201,6 +207,9 @@ latexcodec==3.0.1 \ --hash=sha256:a9eb8200bff693f0437a69581f7579eb6bca25c4193515c09900ce76451e452e \ --hash=sha256:e78a6911cd72f9dec35031c6ec23584de6842bfbc4610a9678868d14cdfb0357 # via pybtex +linkchecker==10.6.0 \ + --hash=sha256:5268587ed0b0f7e7521b75905128c96856f30f67dad49f66e2c963bc174ca92d \ + --hash=sha256:fb7e8facda7749c2fa5fa5dc241c0adc302da3d31d588964a2570db501aa49e5 markdown==3.8.2 \ --hash=sha256:247b9a70dd12e27f67431ce62523e675b866d254f900c4fe75ce3dda62237c45 \ --hash=sha256:5c83764dbd4e00bdd94d85a19b8d55ccca20fe35b2e678a1422b380324dd5f24 @@ -658,6 +667,7 @@ requests==2.32.5 \ --hash=sha256:2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6 \ --hash=sha256:dbba0bac56e100853db0ea71b82b4dfd5fe2bf6d3754a8893c3af500cec7d7cf # via + # linkchecker # mkdocs-bibtex # mkdocs-material # responses @@ -887,6 +897,10 @@ sniffio==1.3.1 \ --hash=sha256:2f6da418d1f1e0fddd844478f41680e794e6051915791a034ff65e5f100525a2 \ --hash=sha256:f4324edc670a0f49750a81b895f35c3adb843cca46f0530f79fc1babb23789dc # via anyio +soupsieve==2.7 \ + --hash=sha256:6e60cc5c1ffaf1cebcc12e8188320b72071e922c2e897f737cadce79ad5d30c4 \ + --hash=sha256:ad282f9b6926286d2ead4750552c8a6142bc4c783fd66b0293547c8fe6ae126a + # via beautifulsoup4 starlette==0.47.2 \ --hash=sha256:6ae9aa5db235e4846decc1e7b79c4f346adf41e9777aebeb49dfd09bbd7023d8 \ --hash=sha256:c5847e96134e5c5371ee9fac6fdf1a67336d5815e09eb2a01fdb57a351ef915b @@ -914,6 +928,7 @@ typing-extensions==4.14.1 \ --hash=sha256:d1e1e3b58374dc93031d6eda2420a48ea44a36c2b4766a4fdeb3710755731d76 # via # anyio + # beautifulsoup4 # fastapi # pydantic # pydantic-core diff --git a/src/pyproject.toml b/src/pyproject.toml index 52551f9d..1e65aaac 100644 --- a/src/pyproject.toml +++ b/src/pyproject.toml @@ -88,5 +88,6 @@ testpaths = [ [dependency-groups] dev = [ + "linkchecker>=10.6.0", "pytest>=8.4.1", ] diff --git a/src/uv.lock b/src/uv.lock index 06c8d3db..e9faffa8 100644 --- a/src/uv.lock +++ b/src/uv.lock @@ -57,6 +57,19 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/41/ff/392bff89415399a979be4a65357a41d92729ae8580a66073d8ec8d810f98/backrefs-5.9-py39-none-any.whl", hash = "sha256:f48ee18f6252b8f5777a22a00a09a85de0ca931658f1dd96d4406a34f3748c60", size = 380265, upload-time = "2025-06-22T19:34:12.405Z" }, ] +[[package]] +name = "beautifulsoup4" +version = "4.13.4" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "soupsieve" }, + { name = "typing-extensions" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/d8/e4/0c4c39e18fd76d6a628d4dd8da40543d136ce2d1752bd6eeeab0791f4d6b/beautifulsoup4-4.13.4.tar.gz", hash = "sha256:dbb3c4e1ceae6aefebdaf2423247260cd062430a410e38c66f2baa50a8437195", size = 621067, upload-time = "2025-04-15T17:05:13.836Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/50/cd/30110dc0ffcf3b131156077b90e9f60ed75711223f306da4db08eff8403b/beautifulsoup4-4.13.4-py3-none-any.whl", hash = "sha256:9bbbb14bfde9d79f38b8cd5f8c7c85f4b8f2523190ebed90e950a8dea4cb1c4b", size = 187285, upload-time = "2025-04-15T17:05:12.221Z" }, +] + [[package]] name = "bracex" version = "2.6" @@ -403,6 +416,20 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/b5/40/23569737873cc9637fd488606347e9dd92b9fa37ba4fcda1f98ee5219a97/latexcodec-3.0.1-py3-none-any.whl", hash = "sha256:a9eb8200bff693f0437a69581f7579eb6bca25c4193515c09900ce76451e452e", size = 18532, upload-time = "2025-06-17T18:47:30.726Z" }, ] +[[package]] +name = "linkchecker" +version = "10.6.0" +source = { registry = "https://pypi.org/simple" } +dependencies = [ + { name = "beautifulsoup4" }, + { name = "dnspython" }, + { name = "requests" }, +] +sdist = { url = "https://files.pythonhosted.org/packages/6e/60/1ad47dd9db638546c4e70b49b5adfddfaadb2c6669a1a9b06a4dcf140d7b/LinkChecker-10.6.0.tar.gz", hash = "sha256:fb7e8facda7749c2fa5fa5dc241c0adc302da3d31d588964a2570db501aa49e5", size = 547746, upload-time = "2025-07-28T18:43:50.884Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/d2/07/ff8a29330fa35483a19221fd89e102e7ebf700acda8f0ba0b66ef14bcd48/LinkChecker-10.6.0-py3-none-any.whl", hash = "sha256:5268587ed0b0f7e7521b75905128c96856f30f67dad49f66e2c963bc174ca92d", size = 280937, upload-time = "2025-07-28T18:43:48.932Z" }, +] + [[package]] name = "markdown" version = "3.8.2" @@ -1484,6 +1511,15 @@ wheels = [ { url = "https://files.pythonhosted.org/packages/e9/44/75a9c9421471a6c4805dbf2356f7c181a29c1879239abab1ea2cc8f38b40/sniffio-1.3.1-py3-none-any.whl", hash = "sha256:2f6da418d1f1e0fddd844478f41680e794e6051915791a034ff65e5f100525a2", size = 10235, upload-time = "2024-02-25T23:20:01.196Z" }, ] +[[package]] +name = "soupsieve" +version = "2.7" +source = { registry = "https://pypi.org/simple" } +sdist = { url = "https://files.pythonhosted.org/packages/3f/f4/4a80cd6ef364b2e8b65b15816a843c0980f7a5a2b4dc701fc574952aa19f/soupsieve-2.7.tar.gz", hash = "sha256:ad282f9b6926286d2ead4750552c8a6142bc4c783fd66b0293547c8fe6ae126a", size = 103418, upload-time = "2025-04-20T18:50:08.518Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/e7/9c/0e6afc12c269578be5c0c1c9f4b49a8d32770a080260c333ac04cc1c832d/soupsieve-2.7-py3-none-any.whl", hash = "sha256:6e60cc5c1ffaf1cebcc12e8188320b72071e922c2e897f737cadce79ad5d30c4", size = 36677, upload-time = "2025-04-20T18:50:07.196Z" }, +] + [[package]] name = "ssvc" source = { editable = "." } @@ -1511,6 +1547,7 @@ dependencies = [ [package.dev-dependencies] dev = [ + { name = "linkchecker" }, { name = "pytest" }, ] @@ -1538,7 +1575,10 @@ requires-dist = [ ] [package.metadata.requires-dev] -dev = [{ name = "pytest", specifier = ">=8.4.1" }] +dev = [ + { name = "linkchecker", specifier = ">=10.6.0" }, + { name = "pytest", specifier = ">=8.4.1" }, +] [[package]] name = "starlette" From 85caa2588d6e394f9ef2a28afa5318b575f3e6d8 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 20 Aug 2025 15:15:19 -0400 Subject: [PATCH 305/468] refactor api and add more routes --- src/ssvc/api.py | 223 ++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 176 insertions(+), 47 deletions(-) diff --git a/src/ssvc/api.py b/src/ssvc/api.py index a5341c9c..8e28126d 100644 --- a/src/ssvc/api.py +++ b/src/ssvc/api.py @@ -23,17 +23,15 @@ # subject to its own license. # DM24-0278 -from typing import Any +from typing import Any, Dict from fastapi import FastAPI, HTTPException +from pydantic import RootModel +from ssvc.decision_points.base import DecisionPoint, DecisionPointValue +from ssvc.decision_tables.base import DecisionTable from ssvc.registry import get_registry from ssvc.registry.base import ( - _Key, - _Namespace, - _NonValuedVersion, - _NsType, - _ValuedVersion, lookup_key, lookup_namespace, lookup_objtype, @@ -45,6 +43,15 @@ r = get_registry() +# TODO: move convenience object models to a separate module +class DecisionPointDict(RootModel[Dict[str, DecisionPoint]]): + """A dictionary of DecisionPoint objects with keys as 'namespace:key:version'.""" + + +class DecisionTableDict(RootModel[Dict[str, DecisionTable]]): + """A dictionary of DecisionTable objects with keys as 'namespace:key:version'.""" + + @app.get("/") def read_root(): return {"Hello": "SSVC World"} @@ -53,85 +60,207 @@ def read_root(): def _404_on_none(obj: Any): if obj is None: raise HTTPException(status_code=404, detail=f"Item not found") - return obj -@app.get("/decision_points") -async def get_decision_points() -> _NsType: - decision_points = lookup_objtype(objtype="DecisionPoint", registry=r) - _404_on_none(decision_points) - return decision_points +@app.get("/decision_points", response_model=DecisionPointDict) +async def get_decision_points() -> DecisionPointDict: + result = lookup_objtype(objtype="DecisionPoint", registry=r) + _404_on_none(result) + + objs = {} + # result has namespaces, namespaces have keys, keys have versions. + for ns in result.namespaces: + for k in result.namespaces[ns].keys: + for ver in result.namespaces[ns].keys[k].versions: + obj = result.namespaces[ns].keys[k].versions[ver].obj + objs[obj.id] = obj + return DecisionPointDict(**objs) -@app.get("/decision_points/{namespace}") -async def get_decision_points(namespace: str) -> _Namespace: - decision_points = lookup_namespace( +@app.get("/decision_points/{namespace}", response_model=DecisionPointDict) +async def get_decision_points(namespace: str) -> DecisionPointDict: + result = lookup_namespace( objtype="DecisionPoint", namespace=namespace, registry=r ) - _404_on_none(decision_points) - return decision_points + _404_on_none(result) + objs = {} + # result has keys, keys have versions, versions have objs. + for k in result.keys: + for ver in result.keys[k].versions: + obj = result.keys[k].versions[ver].obj + objs[obj.id] = obj + return DecisionPointDict(**objs) -@app.get("/decision_points/{namespace}/{key}") -async def get_decision_points(namespace: str, key: str) -> _Key: - decision_points = lookup_key( + +@app.get( + "/decision_points/{namespace}/{key}", response_model=DecisionPointDict +) +async def get_decision_points(namespace: str, key: str) -> DecisionPointDict: + """Returns a dictionary of DecisionPoint objects for the given namespace and key. + Dictionary keys are namespace:key:version.""" + result = lookup_key( objtype="DecisionPoint", namespace=namespace, key=key, registry=r ) - _404_on_none(decision_points) - return decision_points + _404_on_none(result) + # result obj has versions. + objs = {} + for ver in result.versions: + obj = result.versions[ver].obj + objs[obj.id] = obj + return DecisionPointDict(**objs) -@app.get("/decision_points/{namespace}/{key}/{version}") +@app.get( + "/decision_points/{namespace}/{key}/{version}", + response_model=DecisionPoint, +) async def get_decision_points( namespace: str, key: str, version: str -) -> _ValuedVersion: - decision_points = lookup_version( +) -> DecisionPoint: + """Returns a single DecisionPoint object for the given namespace, key, and version.""" + result = lookup_version( objtype="DecisionPoint", namespace=namespace, key=key, version=version, registry=r, ) - _404_on_none(decision_points) - return decision_points + _404_on_none(result) + dp = result.obj + return dp -@app.get("/decision_tables") -async def get_decision_tables() -> _NsType: +@app.get( + "/decision_points/{namespace}/{key}/{version}/values", + response_model=list[DecisionPointValue], +) +async def get_decision_points( + namespace: str, key: str, version: str +) -> DecisionPoint: + """Returns a single DecisionPoint object for the given namespace, key, and version.""" + result = lookup_version( + objtype="DecisionPoint", + namespace=namespace, + key=key, + version=version, + registry=r, + ) + _404_on_none(result) + dp = result.obj + return list(dp.values) + + +@app.get("/decision_tables", response_model=DecisionTableDict) +async def get_decision_tables() -> DecisionTableDict: # load registry and return decision tables - decision_tables = lookup_objtype(objtype="DecisionTable", registry=r) - _404_on_none(decision_tables) - return decision_tables + result = lookup_objtype(objtype="DecisionTable", registry=r) + _404_on_none(result) + # result obj has namespaces, namespaces have keys, keys have versions. + objs = {} + for ns in result.namespaces: + for k in result.namespaces[ns].keys: + for ver in result.namespaces[ns].keys[k].versions: + obj = result.namespaces[ns].keys[k].versions[ver].obj + objs[obj.id] = obj + return DecisionTableDict(**objs) -@app.get("/decision_tables/{namespace}") -async def get_decision_tables_namespace(namespace: str) -> _Namespace: - decision_tables = lookup_namespace( +@app.get("/decision_tables/{namespace}", response_model=DecisionTableDict) +async def get_decision_tables_namespace( + namespace: str, +) -> DecisionTableDict: + + ns_obj = lookup_namespace( objtype="DecisionTable", namespace=namespace, registry=r ) - _404_on_none(decision_tables) - return decision_tables + _404_on_none(ns_obj) + # namespace obj has keys, keys have versions. + objs = {} + for k in ns_obj.keys: + for ver in ns_obj.keys[k].versions: + obj = ns_obj.keys[k].versions[ver].obj + objs[obj.id] = obj + return DecisionTableDict(**objs) -@app.get("/decision_tables/{namespace}/{key}") -async def get_decision_tables_key(namespace: str, key: str) -> _Key: - decision_tables = lookup_key( +@app.get( + "/decision_tables/{namespace}/{key}", response_model=DecisionTableDict +) +async def get_decision_tables_key( + namespace: str, key: str +) -> DecisionTableDict: + """Returns a dictionary of DecisionTable objects for the given namespace and key. + Dictionary keys are version strings.""" + results = lookup_key( objtype="DecisionTable", namespace=namespace, key=key, registry=r ) - _404_on_none(decision_tables) - return decision_tables + _404_on_none(results) + objs = {} + # results is a DecisionTableKey object with versions. + # versions is a dict of version strings to DecisionTableVersion objects. + # DecisionTableVersion objects have an obj attribute which is the DecisionTable. + for ver in results.versions.values(): + obj = ver.obj + objs[obj.id] = obj + return DecisionTableDict(**objs) -@app.get("/decision_tables/{namespace}/{key}/{version}") + +@app.get( + "/decision_tables/{namespace}/{key}/{version}", + response_model=DecisionTable, +) async def get_decision_tables_version( namespace: str, key: str, version: str -) -> _NonValuedVersion: - decision_tables = lookup_version( +) -> DecisionTable: + """Returns a single DecisionTable object for the given namespace, key, and version.""" + dt_version = lookup_version( objtype="DecisionTable", namespace=namespace, key=key, version=version, registry=r, ) - _404_on_none(decision_tables) - return decision_tables + _404_on_none(dt_version) + dt = dt_version.obj + return dt + + +@app.get("/namespaces", response_model=list[str]) +def get_namespaces() -> list[str]: + namespaces = set() + for objtype in r.types: + for namespace in r.types[objtype].namespaces: + namespaces.add(namespace) + return sorted(list(namespaces)) + + +@app.get("/types", response_model=list[str]) +def get_types() -> list[str]: + """Returns a list of all object types in the registry.""" + return sorted(list(r.types.keys())) + + +@app.get("/namespaces/{type}", response_model=list[str]) +def get_types_namespaces(type: str) -> list[str]: + """Returns a list of all namespaces for a given object type in the registry.""" + objtype = lookup_objtype(objtype=type, registry=r) + _404_on_none(objtype) + return sorted(list(objtype.namespaces.keys())) + + +@app.get("/keys/{type}/{namespace}", response_model=list[str]) +def get_keys(type: str, namespace: str) -> list[str]: + """Returns a list of all keys for a given object type and namespace in the registry.""" + ns = lookup_namespace(objtype=type, namespace=namespace, registry=r) + _404_on_none(ns) + return sorted(list(ns.keys.keys())) + + +@app.get("/versions/{type}/{namespace}/{key}", response_model=list[str]) +def get_versions(type: str, namespace: str, key: str) -> list[str]: + """Returns a list of all versions for a given object type, namespace, and key in the registry.""" + k = lookup_key(objtype=type, namespace=namespace, key=key, registry=r) + _404_on_none(k) + return sorted(list(k.versions.keys())) From 92b8cb986693e36d3b120508100817e3187a2391 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 20 Aug 2025 15:53:29 -0400 Subject: [PATCH 306/468] add __init__.py to ssvc/decision_tables/cisa to fix importer --- data/json/ssvc_object_registry.json | 15496 ++++++++++---------- src/ssvc/decision_tables/cisa/__init__.py | 20 + 2 files changed, 7768 insertions(+), 7748 deletions(-) create mode 100644 src/ssvc/decision_tables/cisa/__init__.py diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index 43d62cd8..b4f087ba 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -7136,1899 +7136,1478 @@ "DecisionTable": { "type": "DecisionTable", "namespaces": { - "cvss": { - "namespace": "cvss", + "cisa": { + "namespace": "cisa", "keys": { - "DT_CVSS_EQ5": { - "key": "DT_CVSS_EQ5", + "DT_CO": { + "key": "DT_CO", "versions": { - "1.0.0": { - "version": "1.0.0", + "2.0.3": { + "version": "2.0.3", "obj": { - "namespace": "cvss", - "key": "DT_CVSS_EQ5", - "version": "1.0.0", - "name": "CVSS v4 Equivalence Set 5", - "description": "CVSS Equivalence Set 5 Decision Table", + "namespace": "cisa", + "key": "DT_CO", + "version": "2.0.3", + "name": "CISA Coordinator", + "description": "CISA Coordinator decision table for SSVC", "schemaVersion": "2.0.0", "decision_points": { - "cvss:E_NoX:2.0.0": { - "namespace": "cvss", - "key": "E_NoX", - "version": "2.0.0", - "name": "Exploit Maturity (without Not Defined)", - "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation. This version does not include the Not Defined (X) option.", + "ssvc:E:1.1.0": { + "namespace": "ssvc", + "key": "E", + "version": "1.1.0", + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "U", - "name": "Unreported", - "description": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + "key": "N", + "name": "None", + "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, { "key": "P", - "name": "Proof-of-Concept", - "description": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + "name": "Public PoC", + "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." }, { "key": "A", - "name": "Attacked", - "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + "name": "Active", + "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } ] }, - "cvss:EQ5:1.0.0": { - "namespace": "cvss", - "key": "EQ5", - "version": "1.0.0", - "name": "Equivalence Set 5", - "description": "E with 3 levels specified in Table 28", + "ssvc:A:2.0.0": { + "namespace": "ssvc", + "key": "A", + "version": "2.0.0", + "name": "Automatable", + "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "description": "2: E:U" - }, - { - "key": "M", - "name": "Medium", - "description": "1: E:P" + "key": "N", + "name": "No", + "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." }, { - "key": "H", - "name": "High", - "description": "0: E:A" + "key": "Y", + "name": "Yes", + "description": "Attackers can reliably automate steps 1-4 of the kill chain." } ] - } - }, - "outcome": "cvss:EQ5:1.0.0", - "mapping": [ - { - "cvss:E_NoX:2.0.0": "U", - "cvss:EQ5:1.0.0": "L" - }, - { - "cvss:E_NoX:2.0.0": "P", - "cvss:EQ5:1.0.0": "M" }, - { - "cvss:E_NoX:2.0.0": "A", - "cvss:EQ5:1.0.0": "H" - } - ] - } - } - } - }, - "DT_CVSS4_EQ4": { - "key": "DT_CVSS4_EQ4", - "versions": { - "1.0.0": { - "version": "1.0.0", - "obj": { - "namespace": "cvss", - "key": "DT_CVSS4_EQ4", - "version": "1.0.0", - "name": "CVSS v4 Equivalence Set 4", - "description": "This decision table models equivalence set 4 from CVSS v4.", - "schemaVersion": "2.0.0", - "decision_points": { - "cvss:SC:1.0.0": { - "namespace": "cvss", - "key": "SC", + "ssvc:TI:1.0.0": { + "namespace": "ssvc", + "key": "TI", "version": "1.0.0", - "name": "Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "name": "Technical Impact", + "description": "The technical impact of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "Negligible", - "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." - }, - { - "key": "L", - "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "key": "P", + "name": "Partial", + "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." }, { - "key": "H", - "name": "High", - "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "key": "T", + "name": "Total", + "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." } ] }, - "cvss:MSI_NoX:1.0.1": { - "namespace": "cvss", - "key": "MSI_NoX", - "version": "1.0.1", - "name": "Modified Integrity Impact to the Subsequent System (without Not Defined)", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest. This version does not include the Not Defined (X) option.", + "ssvc:MWI:1.0.0": { + "namespace": "ssvc", + "key": "MWI", + "version": "1.0.0", + "name": "Mission and Well-Being Impact", + "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", "schemaVersion": "2.0.0", "values": [ - { - "key": "N", - "name": "Negligible", - "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." - }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." - }, - { - "key": "H", - "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." - }, - { - "key": "S", - "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." - } - ] - }, - "cvss:MSA_NoX:1.0.1": { - "namespace": "cvss", - "key": "MSA_NoX", - "version": "1.0.1", - "name": "Modified Availability Impact to the Subsequent System (without Not Defined)", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System. This version does not include the Not Defined (X) option.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "N", - "name": "Negligible", - "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "description": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" }, { - "key": "L", - "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "key": "M", + "name": "Medium", + "description": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" }, { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." - }, - { - "key": "S", - "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "description": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" } ] }, - "cvss:EQ4:1.0.0": { - "namespace": "cvss", - "key": "EQ4", - "version": "1.0.0", - "name": "Equivalence Set 4", - "description": "SC/SI/SA with 3 levels specified in Table 27", + "cisa:CISA:1.1.0": { + "namespace": "cisa", + "key": "CISA", + "version": "1.1.0", + "name": "CISA Levels", + "description": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "description": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" + "key": "T", + "name": "Track", + "description": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." }, { - "key": "M", - "name": "Medium", - "description": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" + "key": "T*", + "name": "Track*", + "description": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." }, { - "key": "H", - "name": "High", - "description": "0: MSI:S or MSA:S" + "key": "AT", + "name": "Attend", + "description": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." + }, + { + "key": "AC", + "name": "Act", + "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." } ] } }, - "outcome": "cvss:EQ4:1.0.0", + "outcome": "cisa:CISA:1.1.0", "mapping": [ { - "cvss:SC:1.0.0": "N", - "cvss:MSI_NoX:1.0.1": "N", - "cvss:MSA_NoX:1.0.1": "N", - "cvss:EQ4:1.0.0": "L" - }, - { - "cvss:SC:1.0.0": "L", - "cvss:MSI_NoX:1.0.1": "N", - "cvss:MSA_NoX:1.0.1": "N", - "cvss:EQ4:1.0.0": "L" + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:MWI:1.0.0": "L", + "cisa:CISA:1.1.0": "T" }, { - "cvss:SC:1.0.0": "N", - "cvss:MSI_NoX:1.0.1": "L", - "cvss:MSA_NoX:1.0.1": "N", - "cvss:EQ4:1.0.0": "L" + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:MWI:1.0.0": "M", + "cisa:CISA:1.1.0": "T" }, { - "cvss:SC:1.0.0": "N", - "cvss:MSI_NoX:1.0.1": "N", - "cvss:MSA_NoX:1.0.1": "L", - "cvss:EQ4:1.0.0": "L" + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:MWI:1.0.0": "H", + "cisa:CISA:1.1.0": "T" }, { - "cvss:SC:1.0.0": "H", - "cvss:MSI_NoX:1.0.1": "N", - "cvss:MSA_NoX:1.0.1": "N", - "cvss:EQ4:1.0.0": "M" + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:MWI:1.0.0": "L", + "cisa:CISA:1.1.0": "T" }, { - "cvss:SC:1.0.0": "L", - "cvss:MSI_NoX:1.0.1": "L", - "cvss:MSA_NoX:1.0.1": "N", - "cvss:EQ4:1.0.0": "L" + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:MWI:1.0.0": "M", + "cisa:CISA:1.1.0": "T" }, { - "cvss:SC:1.0.0": "N", - "cvss:MSI_NoX:1.0.1": "H", - "cvss:MSA_NoX:1.0.1": "N", - "cvss:EQ4:1.0.0": "M" + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:MWI:1.0.0": "H", + "cisa:CISA:1.1.0": "T*" }, { - "cvss:SC:1.0.0": "L", - "cvss:MSI_NoX:1.0.1": "N", - "cvss:MSA_NoX:1.0.1": "L", - "cvss:EQ4:1.0.0": "L" + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:MWI:1.0.0": "L", + "cisa:CISA:1.1.0": "T" }, { - "cvss:SC:1.0.0": "N", - "cvss:MSI_NoX:1.0.1": "L", - "cvss:MSA_NoX:1.0.1": "L", - "cvss:EQ4:1.0.0": "L" + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:MWI:1.0.0": "M", + "cisa:CISA:1.1.0": "T" }, { - "cvss:SC:1.0.0": "N", - "cvss:MSI_NoX:1.0.1": "N", - "cvss:MSA_NoX:1.0.1": "H", - "cvss:EQ4:1.0.0": "M" + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:MWI:1.0.0": "H", + "cisa:CISA:1.1.0": "AT" }, { - "cvss:SC:1.0.0": "H", - "cvss:MSI_NoX:1.0.1": "L", - "cvss:MSA_NoX:1.0.1": "N", - "cvss:EQ4:1.0.0": "M" + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:MWI:1.0.0": "L", + "cisa:CISA:1.1.0": "T" }, { - "cvss:SC:1.0.0": "L", - "cvss:MSI_NoX:1.0.1": "H", - "cvss:MSA_NoX:1.0.1": "N", - "cvss:EQ4:1.0.0": "M" + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:MWI:1.0.0": "M", + "cisa:CISA:1.1.0": "T" }, { - "cvss:SC:1.0.0": "N", - "cvss:MSI_NoX:1.0.1": "S", - "cvss:MSA_NoX:1.0.1": "N", - "cvss:EQ4:1.0.0": "H" + "ssvc:E:1.1.0": "N", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:MWI:1.0.0": "H", + "cisa:CISA:1.1.0": "AT" }, { - "cvss:SC:1.0.0": "H", - "cvss:MSI_NoX:1.0.1": "N", - "cvss:MSA_NoX:1.0.1": "L", - "cvss:EQ4:1.0.0": "M" + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:MWI:1.0.0": "L", + "cisa:CISA:1.1.0": "T" }, { - "cvss:SC:1.0.0": "L", - "cvss:MSI_NoX:1.0.1": "L", - "cvss:MSA_NoX:1.0.1": "L", - "cvss:EQ4:1.0.0": "L" + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:MWI:1.0.0": "M", + "cisa:CISA:1.1.0": "T" }, { - "cvss:SC:1.0.0": "N", - "cvss:MSI_NoX:1.0.1": "H", - "cvss:MSA_NoX:1.0.1": "L", - "cvss:EQ4:1.0.0": "M" + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:MWI:1.0.0": "H", + "cisa:CISA:1.1.0": "T*" }, { - "cvss:SC:1.0.0": "L", - "cvss:MSI_NoX:1.0.1": "N", - "cvss:MSA_NoX:1.0.1": "H", - "cvss:EQ4:1.0.0": "M" + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:MWI:1.0.0": "L", + "cisa:CISA:1.1.0": "T" }, { - "cvss:SC:1.0.0": "N", - "cvss:MSI_NoX:1.0.1": "L", - "cvss:MSA_NoX:1.0.1": "H", - "cvss:EQ4:1.0.0": "M" + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:MWI:1.0.0": "M", + "cisa:CISA:1.1.0": "T*" }, { - "cvss:SC:1.0.0": "N", - "cvss:MSI_NoX:1.0.1": "N", - "cvss:MSA_NoX:1.0.1": "S", - "cvss:EQ4:1.0.0": "H" + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:MWI:1.0.0": "H", + "cisa:CISA:1.1.0": "AT" }, { - "cvss:SC:1.0.0": "H", - "cvss:MSI_NoX:1.0.1": "H", - "cvss:MSA_NoX:1.0.1": "N", - "cvss:EQ4:1.0.0": "M" + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:MWI:1.0.0": "L", + "cisa:CISA:1.1.0": "T" }, { - "cvss:SC:1.0.0": "L", - "cvss:MSI_NoX:1.0.1": "S", - "cvss:MSA_NoX:1.0.1": "N", - "cvss:EQ4:1.0.0": "H" + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:MWI:1.0.0": "M", + "cisa:CISA:1.1.0": "T" }, { - "cvss:SC:1.0.0": "H", - "cvss:MSI_NoX:1.0.1": "L", - "cvss:MSA_NoX:1.0.1": "L", - "cvss:EQ4:1.0.0": "M" + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:MWI:1.0.0": "H", + "cisa:CISA:1.1.0": "AT" }, { - "cvss:SC:1.0.0": "L", - "cvss:MSI_NoX:1.0.1": "H", - "cvss:MSA_NoX:1.0.1": "L", - "cvss:EQ4:1.0.0": "M" + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:MWI:1.0.0": "L", + "cisa:CISA:1.1.0": "T" }, { - "cvss:SC:1.0.0": "N", - "cvss:MSI_NoX:1.0.1": "S", - "cvss:MSA_NoX:1.0.1": "L", - "cvss:EQ4:1.0.0": "H" + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:MWI:1.0.0": "M", + "cisa:CISA:1.1.0": "T*" }, { - "cvss:SC:1.0.0": "H", - "cvss:MSI_NoX:1.0.1": "N", - "cvss:MSA_NoX:1.0.1": "H", - "cvss:EQ4:1.0.0": "M" + "ssvc:E:1.1.0": "P", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:MWI:1.0.0": "H", + "cisa:CISA:1.1.0": "AT" }, { - "cvss:SC:1.0.0": "L", - "cvss:MSI_NoX:1.0.1": "L", - "cvss:MSA_NoX:1.0.1": "H", - "cvss:EQ4:1.0.0": "M" + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:MWI:1.0.0": "L", + "cisa:CISA:1.1.0": "T" }, { - "cvss:SC:1.0.0": "N", - "cvss:MSI_NoX:1.0.1": "H", - "cvss:MSA_NoX:1.0.1": "H", - "cvss:EQ4:1.0.0": "M" + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:MWI:1.0.0": "M", + "cisa:CISA:1.1.0": "T" }, { - "cvss:SC:1.0.0": "L", - "cvss:MSI_NoX:1.0.1": "N", - "cvss:MSA_NoX:1.0.1": "S", - "cvss:EQ4:1.0.0": "H" + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "P", + "ssvc:MWI:1.0.0": "H", + "cisa:CISA:1.1.0": "AT" }, { - "cvss:SC:1.0.0": "N", - "cvss:MSI_NoX:1.0.1": "L", - "cvss:MSA_NoX:1.0.1": "S", - "cvss:EQ4:1.0.0": "H" + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:MWI:1.0.0": "L", + "cisa:CISA:1.1.0": "T" }, { - "cvss:SC:1.0.0": "H", - "cvss:MSI_NoX:1.0.1": "S", - "cvss:MSA_NoX:1.0.1": "N", - "cvss:EQ4:1.0.0": "H" + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:MWI:1.0.0": "M", + "cisa:CISA:1.1.0": "AT" }, { - "cvss:SC:1.0.0": "H", - "cvss:MSI_NoX:1.0.1": "H", - "cvss:MSA_NoX:1.0.1": "L", - "cvss:EQ4:1.0.0": "M" + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "N", + "ssvc:TI:1.0.0": "T", + "ssvc:MWI:1.0.0": "H", + "cisa:CISA:1.1.0": "AC" }, { - "cvss:SC:1.0.0": "L", - "cvss:MSI_NoX:1.0.1": "S", - "cvss:MSA_NoX:1.0.1": "L", - "cvss:EQ4:1.0.0": "H" - }, - { - "cvss:SC:1.0.0": "H", - "cvss:MSI_NoX:1.0.1": "L", - "cvss:MSA_NoX:1.0.1": "H", - "cvss:EQ4:1.0.0": "M" - }, - { - "cvss:SC:1.0.0": "L", - "cvss:MSI_NoX:1.0.1": "H", - "cvss:MSA_NoX:1.0.1": "H", - "cvss:EQ4:1.0.0": "M" - }, - { - "cvss:SC:1.0.0": "N", - "cvss:MSI_NoX:1.0.1": "S", - "cvss:MSA_NoX:1.0.1": "H", - "cvss:EQ4:1.0.0": "H" - }, - { - "cvss:SC:1.0.0": "H", - "cvss:MSI_NoX:1.0.1": "N", - "cvss:MSA_NoX:1.0.1": "S", - "cvss:EQ4:1.0.0": "H" - }, - { - "cvss:SC:1.0.0": "L", - "cvss:MSI_NoX:1.0.1": "L", - "cvss:MSA_NoX:1.0.1": "S", - "cvss:EQ4:1.0.0": "H" - }, - { - "cvss:SC:1.0.0": "N", - "cvss:MSI_NoX:1.0.1": "H", - "cvss:MSA_NoX:1.0.1": "S", - "cvss:EQ4:1.0.0": "H" - }, - { - "cvss:SC:1.0.0": "H", - "cvss:MSI_NoX:1.0.1": "S", - "cvss:MSA_NoX:1.0.1": "L", - "cvss:EQ4:1.0.0": "H" - }, - { - "cvss:SC:1.0.0": "H", - "cvss:MSI_NoX:1.0.1": "H", - "cvss:MSA_NoX:1.0.1": "H", - "cvss:EQ4:1.0.0": "M" - }, - { - "cvss:SC:1.0.0": "L", - "cvss:MSI_NoX:1.0.1": "S", - "cvss:MSA_NoX:1.0.1": "H", - "cvss:EQ4:1.0.0": "H" - }, - { - "cvss:SC:1.0.0": "H", - "cvss:MSI_NoX:1.0.1": "L", - "cvss:MSA_NoX:1.0.1": "S", - "cvss:EQ4:1.0.0": "H" - }, - { - "cvss:SC:1.0.0": "L", - "cvss:MSI_NoX:1.0.1": "H", - "cvss:MSA_NoX:1.0.1": "S", - "cvss:EQ4:1.0.0": "H" + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:MWI:1.0.0": "L", + "cisa:CISA:1.1.0": "AT" }, { - "cvss:SC:1.0.0": "N", - "cvss:MSI_NoX:1.0.1": "S", - "cvss:MSA_NoX:1.0.1": "S", - "cvss:EQ4:1.0.0": "H" + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:MWI:1.0.0": "M", + "cisa:CISA:1.1.0": "AT" }, { - "cvss:SC:1.0.0": "H", - "cvss:MSI_NoX:1.0.1": "S", - "cvss:MSA_NoX:1.0.1": "H", - "cvss:EQ4:1.0.0": "H" + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "P", + "ssvc:MWI:1.0.0": "H", + "cisa:CISA:1.1.0": "AC" }, { - "cvss:SC:1.0.0": "H", - "cvss:MSI_NoX:1.0.1": "H", - "cvss:MSA_NoX:1.0.1": "S", - "cvss:EQ4:1.0.0": "H" + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:MWI:1.0.0": "L", + "cisa:CISA:1.1.0": "AT" }, { - "cvss:SC:1.0.0": "L", - "cvss:MSI_NoX:1.0.1": "S", - "cvss:MSA_NoX:1.0.1": "S", - "cvss:EQ4:1.0.0": "H" + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:MWI:1.0.0": "M", + "cisa:CISA:1.1.0": "AC" }, { - "cvss:SC:1.0.0": "H", - "cvss:MSI_NoX:1.0.1": "S", - "cvss:MSA_NoX:1.0.1": "S", - "cvss:EQ4:1.0.0": "H" + "ssvc:E:1.1.0": "A", + "ssvc:A:2.0.0": "Y", + "ssvc:TI:1.0.0": "T", + "ssvc:MWI:1.0.0": "H", + "cisa:CISA:1.1.0": "AC" } ] } } } - }, - "DT_CVSS4_EQ1": { - "key": "DT_CVSS4_EQ1", + } + } + }, + "cvss": { + "namespace": "cvss", + "keys": { + "DT_CVSS_EQ5": { + "key": "DT_CVSS_EQ5", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "DT_CVSS4_EQ1", + "key": "DT_CVSS_EQ5", "version": "1.0.0", - "name": "CVSS v4 Equivalence Set 1", - "description": "This decision table models equivalence set 1 from CVSS v4. Factors include Attack Vector (AV), Privileges Required (PR), and User Interaction (UI).", + "name": "CVSS v4 Equivalence Set 5", + "description": "CVSS Equivalence Set 5 Decision Table", "schemaVersion": "2.0.0", "decision_points": { - "cvss:AV:3.0.1": { - "namespace": "cvss", - "key": "AV", - "version": "3.0.1", - "name": "Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "P", - "name": "Physical", - "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." - }, - { - "key": "L", - "name": "Local", - "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." - }, - { - "key": "A", - "name": "Adjacent", - "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." - }, - { - "key": "N", - "name": "Network", - "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." - } - ] - }, - "cvss:PR:1.0.1": { - "namespace": "cvss", - "key": "PR", - "version": "1.0.1", - "name": "Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "H", - "name": "High", - "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." - }, - { - "key": "L", - "name": "Low", - "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." - }, - { - "key": "N", - "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." - } - ] - }, - "cvss:UI:2.0.0": { + "cvss:E_NoX:2.0.0": { "namespace": "cvss", - "key": "UI", + "key": "E_NoX", "version": "2.0.0", - "name": "User Interaction", - "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", + "name": "Exploit Maturity (without Not Defined)", + "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { - "key": "A", - "name": "Active", - "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + "key": "U", + "name": "Unreported", + "description": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" }, { "key": "P", - "name": "Passive", - "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + "name": "Proof-of-Concept", + "description": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" }, { - "key": "N", - "name": "None", - "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + "key": "A", + "name": "Attacked", + "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" } ] }, - "cvss:EQ1:1.0.0": { + "cvss:EQ5:1.0.0": { "namespace": "cvss", - "key": "EQ1", + "key": "EQ5", "version": "1.0.0", - "name": "Equivalence Set 1", - "description": "AV/PR/UI with 3 levels specified in Table 24", + "name": "Equivalence Set 5", + "description": "E with 3 levels specified in Table 28", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: AV:P or not(AV:N or PR:N or UI:N)" + "description": "2: E:U" }, { "key": "M", "name": "Medium", - "description": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" + "description": "1: E:P" }, { "key": "H", "name": "High", - "description": "0: AV:N and PR:N and UI:N" + "description": "0: E:A" } ] } }, - "outcome": "cvss:EQ1:1.0.0", + "outcome": "cvss:EQ5:1.0.0", "mapping": [ { - "cvss:AV:3.0.1": "P", - "cvss:PR:1.0.1": "H", - "cvss:UI:2.0.0": "A", - "cvss:EQ1:1.0.0": "L" - }, - { - "cvss:AV:3.0.1": "L", - "cvss:PR:1.0.1": "H", - "cvss:UI:2.0.0": "A", - "cvss:EQ1:1.0.0": "L" - }, - { - "cvss:AV:3.0.1": "P", - "cvss:PR:1.0.1": "L", - "cvss:UI:2.0.0": "A", - "cvss:EQ1:1.0.0": "L" + "cvss:E_NoX:2.0.0": "U", + "cvss:EQ5:1.0.0": "L" }, { - "cvss:AV:3.0.1": "P", - "cvss:PR:1.0.1": "H", - "cvss:UI:2.0.0": "P", - "cvss:EQ1:1.0.0": "L" + "cvss:E_NoX:2.0.0": "P", + "cvss:EQ5:1.0.0": "M" }, { - "cvss:AV:3.0.1": "A", - "cvss:PR:1.0.1": "H", - "cvss:UI:2.0.0": "A", - "cvss:EQ1:1.0.0": "L" - }, - { - "cvss:AV:3.0.1": "L", - "cvss:PR:1.0.1": "L", - "cvss:UI:2.0.0": "A", - "cvss:EQ1:1.0.0": "L" - }, - { - "cvss:AV:3.0.1": "P", - "cvss:PR:1.0.1": "N", - "cvss:UI:2.0.0": "A", - "cvss:EQ1:1.0.0": "L" - }, - { - "cvss:AV:3.0.1": "L", - "cvss:PR:1.0.1": "H", - "cvss:UI:2.0.0": "P", - "cvss:EQ1:1.0.0": "L" - }, - { - "cvss:AV:3.0.1": "P", - "cvss:PR:1.0.1": "L", - "cvss:UI:2.0.0": "P", - "cvss:EQ1:1.0.0": "L" - }, - { - "cvss:AV:3.0.1": "P", - "cvss:PR:1.0.1": "H", - "cvss:UI:2.0.0": "N", - "cvss:EQ1:1.0.0": "L" - }, - { - "cvss:AV:3.0.1": "N", - "cvss:PR:1.0.1": "H", - "cvss:UI:2.0.0": "A", - "cvss:EQ1:1.0.0": "M" - }, - { - "cvss:AV:3.0.1": "A", - "cvss:PR:1.0.1": "L", - "cvss:UI:2.0.0": "A", - "cvss:EQ1:1.0.0": "L" - }, - { - "cvss:AV:3.0.1": "L", - "cvss:PR:1.0.1": "N", - "cvss:UI:2.0.0": "A", - "cvss:EQ1:1.0.0": "M" - }, - { - "cvss:AV:3.0.1": "A", - "cvss:PR:1.0.1": "H", - "cvss:UI:2.0.0": "P", - "cvss:EQ1:1.0.0": "L" - }, - { - "cvss:AV:3.0.1": "L", - "cvss:PR:1.0.1": "L", - "cvss:UI:2.0.0": "P", - "cvss:EQ1:1.0.0": "L" - }, - { - "cvss:AV:3.0.1": "P", - "cvss:PR:1.0.1": "N", - "cvss:UI:2.0.0": "P", - "cvss:EQ1:1.0.0": "L" - }, - { - "cvss:AV:3.0.1": "L", - "cvss:PR:1.0.1": "H", - "cvss:UI:2.0.0": "N", - "cvss:EQ1:1.0.0": "M" - }, - { - "cvss:AV:3.0.1": "P", - "cvss:PR:1.0.1": "L", - "cvss:UI:2.0.0": "N", - "cvss:EQ1:1.0.0": "L" - }, - { - "cvss:AV:3.0.1": "N", - "cvss:PR:1.0.1": "L", - "cvss:UI:2.0.0": "A", - "cvss:EQ1:1.0.0": "M" - }, - { - "cvss:AV:3.0.1": "A", - "cvss:PR:1.0.1": "N", - "cvss:UI:2.0.0": "A", - "cvss:EQ1:1.0.0": "M" - }, - { - "cvss:AV:3.0.1": "N", - "cvss:PR:1.0.1": "H", - "cvss:UI:2.0.0": "P", - "cvss:EQ1:1.0.0": "M" - }, - { - "cvss:AV:3.0.1": "A", - "cvss:PR:1.0.1": "L", - "cvss:UI:2.0.0": "P", - "cvss:EQ1:1.0.0": "L" - }, - { - "cvss:AV:3.0.1": "L", - "cvss:PR:1.0.1": "N", - "cvss:UI:2.0.0": "P", - "cvss:EQ1:1.0.0": "M" - }, - { - "cvss:AV:3.0.1": "A", - "cvss:PR:1.0.1": "H", - "cvss:UI:2.0.0": "N", - "cvss:EQ1:1.0.0": "M" - }, - { - "cvss:AV:3.0.1": "L", - "cvss:PR:1.0.1": "L", - "cvss:UI:2.0.0": "N", - "cvss:EQ1:1.0.0": "M" - }, - { - "cvss:AV:3.0.1": "P", - "cvss:PR:1.0.1": "N", - "cvss:UI:2.0.0": "N", - "cvss:EQ1:1.0.0": "L" - }, - { - "cvss:AV:3.0.1": "N", - "cvss:PR:1.0.1": "N", - "cvss:UI:2.0.0": "A", - "cvss:EQ1:1.0.0": "M" - }, - { - "cvss:AV:3.0.1": "N", - "cvss:PR:1.0.1": "L", - "cvss:UI:2.0.0": "P", - "cvss:EQ1:1.0.0": "M" - }, - { - "cvss:AV:3.0.1": "A", - "cvss:PR:1.0.1": "N", - "cvss:UI:2.0.0": "P", - "cvss:EQ1:1.0.0": "M" - }, - { - "cvss:AV:3.0.1": "N", - "cvss:PR:1.0.1": "H", - "cvss:UI:2.0.0": "N", - "cvss:EQ1:1.0.0": "M" - }, - { - "cvss:AV:3.0.1": "A", - "cvss:PR:1.0.1": "L", - "cvss:UI:2.0.0": "N", - "cvss:EQ1:1.0.0": "M" - }, - { - "cvss:AV:3.0.1": "L", - "cvss:PR:1.0.1": "N", - "cvss:UI:2.0.0": "N", - "cvss:EQ1:1.0.0": "M" - }, - { - "cvss:AV:3.0.1": "N", - "cvss:PR:1.0.1": "N", - "cvss:UI:2.0.0": "P", - "cvss:EQ1:1.0.0": "M" - }, - { - "cvss:AV:3.0.1": "N", - "cvss:PR:1.0.1": "L", - "cvss:UI:2.0.0": "N", - "cvss:EQ1:1.0.0": "M" - }, - { - "cvss:AV:3.0.1": "A", - "cvss:PR:1.0.1": "N", - "cvss:UI:2.0.0": "N", - "cvss:EQ1:1.0.0": "M" - }, - { - "cvss:AV:3.0.1": "N", - "cvss:PR:1.0.1": "N", - "cvss:UI:2.0.0": "N", - "cvss:EQ1:1.0.0": "H" + "cvss:E_NoX:2.0.0": "A", + "cvss:EQ5:1.0.0": "H" } ] } } } }, - "DT_CVSS4_EQ6": { - "key": "DT_CVSS4_EQ6", + "DT_CVSS4_EQ4": { + "key": "DT_CVSS4_EQ4", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "DT_CVSS4_EQ6", + "key": "DT_CVSS4_EQ4", "version": "1.0.0", - "name": "CVSS v4 Equivalence Set 6", - "description": "This decision table models equivalence set 6 from CVSS v4.", + "name": "CVSS v4 Equivalence Set 4", + "description": "This decision table models equivalence set 4 from CVSS v4.", "schemaVersion": "2.0.0", "decision_points": { - "cvss:CR_NoX:1.1.1": { + "cvss:SC:1.0.0": { "namespace": "cvss", - "key": "CR_NoX", - "version": "1.1.1", - "name": "Confidentiality Requirement (without Not Defined)", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "key": "SC", + "version": "1.0.0", + "name": "Confidentiality Impact to the Subsequent System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "key": "N", + "name": "Negligible", + "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, { - "key": "M", - "name": "Medium", - "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, { "key": "H", "name": "High", - "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." } ] }, - "cvss:VC:3.0.0": { + "cvss:MSI_NoX:1.0.1": { "namespace": "cvss", - "key": "VC", - "version": "3.0.0", - "name": "Confidentiality Impact to the Vulnerable System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "key": "MSI_NoX", + "version": "1.0.1", + "name": "Modified Integrity Impact to the Subsequent System (without Not Defined)", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "name": "Negligible", + "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + }, + { + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] }, - "cvss:IR_NoX:1.1.1": { + "cvss:MSA_NoX:1.0.1": { "namespace": "cvss", - "key": "IR_NoX", - "version": "1.1.1", - "name": "Integrity Requirement (without Not Defined)", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "L", - "name": "Low", - "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - { - "key": "M", - "name": "Medium", - "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - { - "key": "H", - "name": "High", - "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - } - ] - }, - "cvss:VI:3.0.0": { - "namespace": "cvss", - "key": "VI", - "version": "3.0.0", - "name": "Integrity Impact to the Vulnerable System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "key": "MSA_NoX", + "version": "1.0.1", + "name": "Modified Availability Impact to the Subsequent System (without Not Defined)", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "None", - "description": "There is no loss of integrity within the Vulnerable System." + "name": "Negligible", + "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." - } - ] - }, - "cvss:AR_NoX:1.1.1": { - "namespace": "cvss", - "key": "AR_NoX", - "version": "1.1.1", - "name": "Availability Requirement (without Not Defined)", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability. This version does not include the Not Defined (X) option.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "L", - "name": "Low", - "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - { - "key": "M", - "name": "Medium", - "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, { - "key": "H", - "name": "High", - "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "key": "S", + "name": "Safety", + "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] }, - "cvss:VA:3.0.0": { + "cvss:EQ4:1.0.0": { "namespace": "cvss", - "key": "VA", - "version": "3.0.0", - "name": "Availability Impact to the Vulnerable System", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "key": "EQ4", + "version": "1.0.0", + "name": "Equivalence Set 4", + "description": "SC/SI/SA with 3 levels specified in Table 27", "schemaVersion": "2.0.0", "values": [ - { - "key": "N", - "name": "None", - "description": "There is no impact to availability within the Vulnerable System." - }, { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + "description": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" }, { - "key": "H", - "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." - } - ] - }, - "cvss:EQ6:1.0.0": { - "namespace": "cvss", - "key": "EQ6", - "version": "1.0.0", - "name": "Equivalence Set 6", - "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "L", - "name": "Low", - "description": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" + "key": "M", + "name": "Medium", + "description": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" }, { "key": "H", "name": "High", - "description": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" + "description": "0: MSI:S or MSA:S" } ] } }, - "outcome": "cvss:EQ6:1.0.0", + "outcome": "cvss:EQ4:1.0.0", "mapping": [ { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "N", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "N", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "L", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "L", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "N", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "H", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "H", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "L", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:SC:1.0.0": "H", + "cvss:MSI_NoX:1.0.1": "S", + "cvss:MSA_NoX:1.0.1": "S", + "cvss:EQ4:1.0.0": "H" + } + ] + } + } + } + }, + "DT_CVSS4_EQ1": { + "key": "DT_CVSS4_EQ1", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "DT_CVSS4_EQ1", + "version": "1.0.0", + "name": "CVSS v4 Equivalence Set 1", + "description": "This decision table models equivalence set 1 from CVSS v4. Factors include Attack Vector (AV), Privileges Required (PR), and User Interaction (UI).", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:AV:3.0.1": { + "namespace": "cvss", + "key": "AV", + "version": "3.0.1", + "name": "Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "P", + "name": "Physical", + "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + }, + { + "key": "L", + "name": "Local", + "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + }, + { + "key": "A", + "name": "Adjacent", + "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + }, + { + "key": "N", + "name": "Network", + "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + } + ] }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:PR:1.0.1": { + "namespace": "cvss", + "key": "PR", + "version": "1.0.1", + "name": "Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "H", + "name": "High", + "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + }, + { + "key": "L", + "name": "Low", + "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + }, + { + "key": "N", + "name": "None", + "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + } + ] }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:UI:2.0.0": { + "namespace": "cvss", + "key": "UI", + "version": "2.0.0", + "name": "User Interaction", + "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "A", + "name": "Active", + "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + }, + { + "key": "P", + "name": "Passive", + "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + }, + { + "key": "N", + "name": "None", + "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + } + ] }, + "cvss:EQ1:1.0.0": { + "namespace": "cvss", + "key": "EQ1", + "version": "1.0.0", + "name": "Equivalence Set 1", + "description": "AV/PR/UI with 3 levels specified in Table 24", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: AV:P or not(AV:N or PR:N or UI:N)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" + }, + { + "key": "H", + "name": "High", + "description": "0: AV:N and PR:N and UI:N" + } + ] + } + }, + "outcome": "cvss:EQ1:1.0.0", + "mapping": [ { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "P", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "A", + "cvss:EQ1:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "H", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "L", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "P", + "cvss:EQ1:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "L", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "A", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "M" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:AV:3.0.1": "N", + "cvss:PR:1.0.1": "N", + "cvss:UI:2.0.0": "N", + "cvss:EQ1:1.0.0": "H" + } + ] + } + } + } + }, + "DT_CVSS4_EQ6": { + "key": "DT_CVSS4_EQ6", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "DT_CVSS4_EQ6", + "version": "1.0.0", + "name": "CVSS v4 Equivalence Set 6", + "description": "This decision table models equivalence set 6 from CVSS v4.", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:CR_NoX:1.1.1": { + "namespace": "cvss", + "key": "CR_NoX", + "version": "1.1.1", + "name": "Confidentiality Requirement (without Not Defined)", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + } + ] }, - { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:VC:3.0.0": { + "namespace": "cvss", + "key": "VC", + "version": "3.0.0", + "name": "Confidentiality Impact to the Vulnerable System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of confidentiality within the impacted component." + }, + { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + } + ] }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:IR_NoX:1.1.1": { + "namespace": "cvss", + "key": "IR_NoX", + "version": "1.1.1", + "name": "Integrity Requirement (without Not Defined)", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + } + ] }, - { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:VI:3.0.0": { + "namespace": "cvss", + "key": "VI", + "version": "3.0.0", + "name": "Integrity Impact to the Vulnerable System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of integrity within the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection." + } + ] }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:AR_NoX:1.1.1": { + "namespace": "cvss", + "key": "AR_NoX", + "version": "1.1.1", + "name": "Availability Requirement (without Not Defined)", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability. This version does not include the Not Defined (X) option.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "H", + "name": "High", + "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + } + ] + }, + "cvss:VA:3.0.0": { + "namespace": "cvss", + "key": "VA", + "version": "3.0.0", + "name": "Availability Impact to the Vulnerable System", + "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no impact to availability within the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + } + ] }, + "cvss:EQ6:1.0.0": { + "namespace": "cvss", + "key": "EQ6", + "version": "1.0.0", + "name": "Equivalence Set 6", + "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" + } + ] + } + }, + "outcome": "cvss:EQ6:1.0.0", + "mapping": [ { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9036,15 +8615,6 @@ { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", @@ -9052,110 +8622,101 @@ "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, @@ -9163,7 +8724,7 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9172,7 +8733,7 @@ "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9181,32 +8742,23 @@ "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", @@ -9216,64 +8768,55 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -9282,7 +8825,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9291,7 +8834,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9300,7 +8843,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9309,7 +8852,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9318,7 +8861,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9327,7 +8870,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9336,7 +8879,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9345,7 +8888,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9354,7 +8897,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9363,7 +8906,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9372,7 +8915,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9381,7 +8924,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9390,7 +8933,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9399,7 +8942,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9408,7 +8951,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9417,7 +8960,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9426,7 +8969,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9435,7 +8978,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9444,7 +8987,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9453,7 +8996,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9462,7 +9005,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9471,7 +9014,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9480,7 +9023,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9489,7 +9032,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9498,7 +9041,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9507,7 +9050,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9516,7 +9059,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9525,7 +9068,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9534,7 +9077,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9543,7 +9086,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -9552,7 +9095,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -9561,7 +9104,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -9570,7 +9113,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -9579,7 +9122,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -9588,7 +9131,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -9597,7 +9140,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -9606,7 +9149,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -9615,7 +9158,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -9624,7 +9167,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -9633,7 +9176,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -9642,7 +9185,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -9651,7 +9194,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -9660,7 +9203,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -9669,7 +9212,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -9678,41 +9221,59 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" @@ -9721,7 +9282,7 @@ "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9730,7 +9291,7 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9739,7 +9300,7 @@ "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9748,7 +9309,7 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9757,7 +9318,7 @@ "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9766,7 +9327,7 @@ "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9775,7 +9336,7 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9784,7 +9345,7 @@ "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9793,7 +9354,7 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9802,7 +9363,7 @@ "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9811,79 +9372,79 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" + "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9892,7 +9453,7 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9901,7 +9462,7 @@ "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9910,7 +9471,7 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9919,7 +9480,7 @@ "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9928,7 +9489,7 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9937,7 +9498,7 @@ "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9946,7 +9507,7 @@ "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9955,7 +9516,7 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9964,7 +9525,7 @@ "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9973,7 +9534,7 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9982,7 +9543,7 @@ "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -9991,71 +9552,35 @@ "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, @@ -10063,7 +9588,7 @@ "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -10072,7 +9597,7 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -10081,7 +9606,7 @@ "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -10090,7 +9615,7 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -10099,7 +9624,7 @@ "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -10108,7 +9633,7 @@ "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -10117,7 +9642,7 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -10126,7 +9651,7 @@ "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" @@ -10135,24 +9660,24 @@ "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "L", @@ -10161,7 +9686,7 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "L", @@ -10170,7 +9695,7 @@ { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "L", @@ -10179,7 +9704,7 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "L", @@ -10188,26 +9713,26 @@ { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" @@ -10215,7 +9740,7 @@ { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "L", @@ -10224,7 +9749,7 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "L", @@ -10233,7 +9758,7 @@ { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "L", @@ -10242,7 +9767,7 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "L", @@ -10251,24 +9776,24 @@ { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", @@ -10277,43 +9802,25 @@ }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, - { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" - }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, { "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", @@ -10322,7 +9829,7 @@ }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", @@ -10330,9 +9837,9 @@ "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", @@ -10340,7 +9847,7 @@ }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", @@ -10349,25 +9856,16 @@ }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, - { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" - }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", @@ -10375,7 +9873,7 @@ "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", @@ -10384,7 +9882,7 @@ "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", @@ -10394,15 +9892,6 @@ }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", @@ -10410,20 +9899,11 @@ "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" - }, { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" @@ -10432,8 +9912,8 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, @@ -10441,8 +9921,8 @@ "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, @@ -10450,27 +9930,36 @@ "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -10478,8 +9967,8 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -10487,8 +9976,8 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -10496,8 +9985,8 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -10505,8 +9994,8 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -10514,8 +10003,8 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -10523,17 +10012,17 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -10541,521 +10030,521 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "N", + "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", + "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", + "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", + "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", + "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", + "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", + "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, - { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" - }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { @@ -11063,8 +10552,8 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -11072,8 +10561,8 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -11081,8 +10570,8 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -11090,8 +10579,8 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -11099,8 +10588,8 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -11108,8 +10597,8 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -11117,8 +10606,8 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -11126,8 +10615,8 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -11135,8 +10624,8 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -11144,8 +10633,8 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -11153,8 +10642,8 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -11162,8 +10651,8 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -11171,8 +10660,8 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -11180,8 +10669,8 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -11189,8 +10678,8 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -11198,8 +10687,8 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -11207,8 +10696,8 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -11216,15 +10705,6 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" @@ -11232,161 +10712,143 @@ { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", + "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", + "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" @@ -11394,154 +10856,100 @@ { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -11549,8 +10957,8 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -11558,8 +10966,8 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -11567,8 +10975,8 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -11576,8 +10984,8 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -11585,8 +10993,8 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -11594,8 +11002,8 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -11603,8 +11011,8 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -11612,8 +11020,8 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -11621,8 +11029,8 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -11630,8 +11038,8 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -11639,8 +11047,8 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -11648,8 +11056,8 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -11657,8 +11065,8 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -11666,8 +11074,8 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { @@ -11675,538 +11083,538 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" + "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "N", + "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", + "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "N", + "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", + "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, @@ -12215,8 +11623,8 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { @@ -12224,8 +11632,8 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -12233,8 +11641,8 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -12242,8 +11650,8 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { @@ -12251,8 +11659,8 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -12260,8 +11668,8 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -12269,8 +11677,8 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -12278,8 +11686,8 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -12287,8 +11695,8 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -12296,8 +11704,8 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -12305,8 +11713,8 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -12314,8 +11722,8 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -12323,8 +11731,8 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -12332,8 +11740,8 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -12341,8 +11749,8 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { @@ -12350,52 +11758,16 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" - }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, @@ -12403,8 +11775,8 @@ "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, @@ -12412,8 +11784,8 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, @@ -12421,43 +11793,34 @@ "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" @@ -12465,24 +11828,15 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", @@ -12491,7 +11845,7 @@ }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", @@ -12499,9 +11853,9 @@ "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", @@ -12509,7 +11863,7 @@ }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", @@ -12518,7 +11872,7 @@ }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", @@ -12527,7 +11881,7 @@ }, { "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", @@ -12536,7 +11890,7 @@ }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", @@ -12544,9 +11898,9 @@ "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", @@ -12554,7 +11908,7 @@ }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", @@ -12563,44 +11917,26 @@ }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, - { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", @@ -12609,7 +11945,7 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", @@ -12618,7 +11954,7 @@ { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", @@ -12627,7 +11963,7 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", @@ -12636,26 +11972,26 @@ { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" @@ -12663,7 +11999,7 @@ { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", @@ -12672,7 +12008,7 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", @@ -12681,7 +12017,7 @@ { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", @@ -12690,7 +12026,7 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", @@ -12699,24 +12035,24 @@ { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", @@ -12725,7 +12061,7 @@ }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", @@ -12733,7 +12069,7 @@ "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", @@ -12742,35 +12078,35 @@ "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", @@ -12779,7 +12115,7 @@ }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", @@ -12787,18 +12123,18 @@ "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", @@ -12807,7 +12143,7 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", @@ -12816,7 +12152,7 @@ { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", @@ -12825,7 +12161,7 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", @@ -12834,26 +12170,26 @@ { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" @@ -12861,7 +12197,7 @@ { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", @@ -12870,7 +12206,7 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", @@ -12879,7 +12215,7 @@ { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", @@ -12888,34 +12224,34 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", @@ -12924,7 +12260,7 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", @@ -12933,7 +12269,7 @@ { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", @@ -12942,7 +12278,7 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", @@ -12951,26 +12287,26 @@ { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" @@ -12978,7 +12314,7 @@ { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", @@ -12987,7 +12323,7 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", @@ -12996,7 +12332,7 @@ { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", @@ -13005,7 +12341,7 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", @@ -13014,24 +12350,24 @@ { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", @@ -13040,43 +12376,25 @@ }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, - { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "L" - }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" - }, { "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", @@ -13085,7 +12403,7 @@ }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", @@ -13093,9 +12411,9 @@ "cvss:EQ6:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "H", @@ -13103,7 +12421,7 @@ }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", @@ -13112,25 +12430,16 @@ }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" }, - { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" - }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", @@ -13138,7 +12447,7 @@ "cvss:EQ6:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", @@ -13147,7 +12456,7 @@ "cvss:EQ6:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", @@ -13157,15 +12466,6 @@ }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", @@ -13175,24 +12475,6 @@ }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", @@ -13200,39 +12482,12 @@ "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" - }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, @@ -13241,7 +12496,7 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, @@ -13250,7 +12505,7 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, @@ -13259,7 +12514,7 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, @@ -13268,7 +12523,7 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, @@ -13277,7 +12532,7 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, @@ -13286,7 +12541,7 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, @@ -13295,7 +12550,7 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, @@ -13304,7 +12559,7 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, @@ -13313,7 +12568,7 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, @@ -13322,7 +12577,7 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, @@ -13331,7 +12586,7 @@ "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, @@ -13340,7 +12595,7 @@ "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, @@ -13349,162 +12604,36 @@ "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" - }, - { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "L" + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", @@ -13512,7 +12641,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, { @@ -13521,7 +12650,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -13530,7 +12659,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -13539,7 +12668,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -13548,7 +12677,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -13557,7 +12686,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -13566,7 +12695,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -13575,7 +12704,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -13584,7 +12713,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -13593,7 +12722,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -13602,7 +12731,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "L" }, { @@ -13611,7 +12740,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, { @@ -13620,7 +12749,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, { @@ -13629,7 +12758,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { @@ -13638,7 +12767,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { @@ -13647,7 +12776,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -13656,7 +12785,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -13665,7 +12794,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { @@ -13674,7 +12803,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -13683,7 +12812,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -13692,7 +12821,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { @@ -13701,7 +12830,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { @@ -13710,7 +12839,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { @@ -13719,7 +12848,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { @@ -13728,7 +12857,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -13737,7 +12866,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -13746,7 +12875,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { @@ -13755,7 +12884,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -13764,7 +12893,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -13773,7 +12902,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -13782,7 +12911,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -13791,7 +12920,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -13800,7 +12929,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -13809,7 +12938,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -13818,7 +12947,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -13827,7 +12956,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -13836,7 +12965,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "L" }, { @@ -13845,7 +12974,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { @@ -13854,7 +12983,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { @@ -13863,7 +12992,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { @@ -13872,8 +13001,8 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", @@ -13881,8 +13010,8 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", @@ -13890,8 +13019,8 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", @@ -13899,8 +13028,8 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", @@ -13908,8 +13037,8 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", @@ -13917,8 +13046,8 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", @@ -13926,8 +13055,8 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", @@ -13935,8 +13064,8 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", @@ -13944,8 +13073,8 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", @@ -13953,8 +13082,8 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", @@ -13962,8 +13091,8 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", @@ -13971,8 +13100,8 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", @@ -13980,8 +13109,8 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", @@ -13989,8 +13118,8 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", @@ -13998,8 +13127,8 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", @@ -14007,8 +13136,8 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", @@ -14016,8 +13145,8 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", @@ -14025,210 +13154,138 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", @@ -14236,8 +13293,8 @@ "cvss:EQ6:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", @@ -14247,7 +13304,7 @@ { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", @@ -14255,45 +13312,54 @@ }, { "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" @@ -14301,8 +13367,8 @@ { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "L" @@ -14310,108 +13376,99 @@ { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" - }, - { - "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "N", - "cvss:AR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:CR_NoX:1.1.1": "M", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "L", - "cvss:VC:3.0.0": "H", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" }, @@ -14419,7 +13476,7 @@ "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" @@ -14428,7 +13485,7 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "L", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" @@ -14437,7 +13494,7 @@ "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" @@ -14446,7 +13503,7 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" @@ -14455,7 +13512,7 @@ "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" @@ -14464,7 +13521,7 @@ "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" @@ -14473,63 +13530,90 @@ "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "N", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "L", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "H", - "cvss:VC:3.0.0": "H", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" }, { - "cvss:CR_NoX:1.1.1": "H", + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", + "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "M", - "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", "cvss:EQ6:1.0.0": "H" }, { @@ -14538,7 +13622,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "L", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, { @@ -14547,7 +13631,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, { @@ -14556,7 +13640,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, { @@ -14565,7 +13649,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, { @@ -14574,7 +13658,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, { @@ -14583,7 +13667,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, { @@ -14592,7 +13676,7 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, { @@ -14601,8 +13685,8 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", @@ -14610,8 +13694,8 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", @@ -14619,7 +13703,7 @@ "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, { @@ -14628,8 +13712,8 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", @@ -14637,8 +13721,8 @@ "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", @@ -14646,7 +13730,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, { @@ -14655,7 +13739,7 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, { @@ -14664,1565 +13748,2024 @@ "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", + "cvss:VA:3.0.0": "N", "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "M", - "cvss:VA:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "L", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "M", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", "cvss:IR_NoX:1.1.1": "H", - "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", - "cvss:EQ6:1.0.0": "H" + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "H", - "cvss:IR_NoX:1.1.1": "H", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:AR_NoX:1.1.1": "H", - "cvss:VA:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", "cvss:EQ6:1.0.0": "H" - } - ] - } - } - } - }, - "DT_CVSS4_EQ3": { - "key": "DT_CVSS4_EQ3", - "versions": { - "1.0.0": { - "version": "1.0.0", - "obj": { - "namespace": "cvss", - "key": "DT_CVSS4_EQ3", - "version": "1.0.0", - "name": "CVSS v4 Equivalence Set 3", - "description": "This decision table models equivalence set 3 from CVSS v4.", - "schemaVersion": "2.0.0", - "decision_points": { - "cvss:VC:3.0.0": { - "namespace": "cvss", - "key": "VC", - "version": "3.0.0", - "name": "Confidentiality Impact to the Vulnerable System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "N", - "name": "None", - "description": "There is no loss of confidentiality within the impacted component." - }, - { - "key": "L", - "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." - }, - { - "key": "H", - "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." - } - ] - }, - "cvss:VI:3.0.0": { - "namespace": "cvss", - "key": "VI", - "version": "3.0.0", - "name": "Integrity Impact to the Vulnerable System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "N", - "name": "None", - "description": "There is no loss of integrity within the Vulnerable System." - }, - { - "key": "L", - "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." - }, - { - "key": "H", - "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." - } - ] - }, - "cvss:VA:3.0.0": { - "namespace": "cvss", - "key": "VA", - "version": "3.0.0", - "name": "Availability Impact to the Vulnerable System", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "N", - "name": "None", - "description": "There is no impact to availability within the Vulnerable System." - }, - { - "key": "L", - "name": "Low", - "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." - }, - { - "key": "H", - "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." - } - ] - }, - "cvss:EQ3:1.0.0": { - "namespace": "cvss", - "key": "EQ3", - "version": "1.0.0", - "name": "Equivalence Set 3", - "description": "VC/VI/VA with 3 levels specified in Table 26", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "L", - "name": "Low", - "description": "2: not (VC:H or VI:H or VA:H)" - }, - { - "key": "M", - "name": "Medium", - "description": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" - }, - { - "key": "H", - "name": "High", - "description": "0: VC:H and VI:H" - } - ] - } - }, - "outcome": "cvss:EQ3:1.0.0", - "mapping": [ - { - "cvss:VC:3.0.0": "N", - "cvss:VI:3.0.0": "N", - "cvss:VA:3.0.0": "N", - "cvss:EQ3:1.0.0": "L" }, { + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", - "cvss:VI:3.0.0": "N", - "cvss:VA:3.0.0": "N", - "cvss:EQ3:1.0.0": "L" + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { - "cvss:VC:3.0.0": "N", - "cvss:VI:3.0.0": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ3:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:VI:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", "cvss:VA:3.0.0": "L", - "cvss:EQ3:1.0.0": "L" - }, - { - "cvss:VC:3.0.0": "H", - "cvss:VI:3.0.0": "N", - "cvss:VA:3.0.0": "N", - "cvss:EQ3:1.0.0": "M" + "cvss:EQ6:1.0.0": "H" }, { + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:VI:3.0.0": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ3:1.0.0": "L" + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:VC:3.0.0": "N", + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", - "cvss:VA:3.0.0": "N", - "cvss:EQ3:1.0.0": "M" + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:VC:3.0.0": "L", + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", - "cvss:EQ3:1.0.0": "L" + "cvss:EQ6:1.0.0": "H" }, { - "cvss:VC:3.0.0": "N", - "cvss:VI:3.0.0": "L", + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", - "cvss:EQ3:1.0.0": "L" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:VC:3.0.0": "N", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", - "cvss:VA:3.0.0": "H", - "cvss:EQ3:1.0.0": "M" + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "L", - "cvss:VA:3.0.0": "N", - "cvss:EQ3:1.0.0": "M" + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" }, { + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", - "cvss:VI:3.0.0": "H", - "cvss:VA:3.0.0": "N", - "cvss:EQ3:1.0.0": "M" - }, - { - "cvss:VC:3.0.0": "H", - "cvss:VI:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", - "cvss:EQ3:1.0.0": "M" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:VC:3.0.0": "L", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", - "cvss:EQ3:1.0.0": "L" + "cvss:EQ6:1.0.0": "L" }, { + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "N", - "cvss:VI:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", - "cvss:EQ3:1.0.0": "M" + "cvss:EQ6:1.0.0": "L" }, { + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", - "cvss:VI:3.0.0": "N", - "cvss:VA:3.0.0": "H", - "cvss:EQ3:1.0.0": "M" - }, - { - "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", - "cvss:VA:3.0.0": "H", - "cvss:EQ3:1.0.0": "M" - }, - { - "cvss:VC:3.0.0": "H", - "cvss:VI:3.0.0": "H", - "cvss:VA:3.0.0": "N", - "cvss:EQ3:1.0.0": "H" + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, { + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", - "cvss:EQ3:1.0.0": "M" + "cvss:EQ6:1.0.0": "L" }, { + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", "cvss:VA:3.0.0": "L", - "cvss:EQ3:1.0.0": "M" + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" }, { + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", - "cvss:EQ3:1.0.0": "M" + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", - "cvss:EQ3:1.0.0": "M" + "cvss:EQ6:1.0.0": "L" }, { - "cvss:VC:3.0.0": "N", - "cvss:VI:3.0.0": "H", + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", - "cvss:EQ3:1.0.0": "M" + "cvss:EQ6:1.0.0": "L" }, { + "cvss:CR_NoX:1.1.1": "H", "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", "cvss:VI:3.0.0": "H", - "cvss:VA:3.0.0": "L", - "cvss:EQ3:1.0.0": "H" + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" }, { + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "H", - "cvss:VI:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", - "cvss:EQ3:1.0.0": "M" + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { + "cvss:CR_NoX:1.1.1": "M", "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", - "cvss:EQ3:1.0.0": "M" + "cvss:EQ6:1.0.0": "H" }, { + "cvss:CR_NoX:1.1.1": "L", "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", "cvss:VA:3.0.0": "H", - "cvss:EQ3:1.0.0": "H" - } - ] - } - } - } - }, - "DT_CVSS4_EQ2": { - "key": "DT_CVSS4_EQ2", - "versions": { - "1.0.0": { - "version": "1.0.0", - "obj": { - "namespace": "cvss", - "key": "DT_CVSS4_EQ2", - "version": "1.0.0", - "name": "CVSS v4 Equivalence Set 2", - "description": "This decision table models equivalence set 2 from CVSS v4. Factors include Attack Complexity (AC) and Attack Requirements (AT).", - "schemaVersion": "2.0.0", - "decision_points": { - "cvss:AC:3.0.1": { - "namespace": "cvss", - "key": "AC", - "version": "3.0.1", - "name": "Attack Complexity", - "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "H", - "name": "High", - "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." - }, - { - "key": "L", - "name": "Low", - "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " - } - ] + "cvss:EQ6:1.0.0": "H" }, - "cvss:AT:1.0.0": { - "namespace": "cvss", - "key": "AT", - "version": "1.0.0", - "name": "Attack Requirements", - "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "P", - "name": "Present", - "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." - }, - { - "key": "N", - "name": "None", - "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." - } - ] + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, - "cvss:EQ2:1.0.0": { - "namespace": "cvss", - "key": "EQ2", - "version": "1.0.0", - "name": "Equivalence Set 2", - "description": "AC/AT with 2 levels specified in Table 25", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "L", - "name": "Low", - "description": "1: not (AC:L and AT:N)" - }, - { - "key": "H", - "name": "High", - "description": "0: AC:L and AT:N" - } - ] - } - }, - "outcome": "cvss:EQ2:1.0.0", - "mapping": [ { - "cvss:AC:3.0.1": "H", - "cvss:AT:1.0.0": "P", - "cvss:EQ2:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" }, { - "cvss:AC:3.0.1": "L", - "cvss:AT:1.0.0": "P", - "cvss:EQ2:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" }, { - "cvss:AC:3.0.1": "H", - "cvss:AT:1.0.0": "N", - "cvss:EQ2:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:AC:3.0.1": "L", - "cvss:AT:1.0.0": "N", - "cvss:EQ2:1.0.0": "H" - } - ] - } - } - } - }, - "DT_CVSS_QSR": { - "key": "DT_CVSS_QSR", - "versions": { - "4.0.0": { - "version": "4.0.0", - "obj": { - "namespace": "cvss", - "key": "DT_CVSS_QSR", - "version": "4.0.0", - "name": "CVSS v4.0 Qualitative Severity Ratings", - "description": "CVSS v4.0 using MacroVectors and Interpolation. See https://www.first.org/cvss/specification-document#New-Scoring-System-Development for details", - "schemaVersion": "2.0.0", - "decision_points": { - "cvss:EQ1:1.0.0": { - "namespace": "cvss", - "key": "EQ1", - "version": "1.0.0", - "name": "Equivalence Set 1", - "description": "AV/PR/UI with 3 levels specified in Table 24", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "L", - "name": "Low", - "description": "2: AV:P or not(AV:N or PR:N or UI:N)" - }, - { - "key": "M", - "name": "Medium", - "description": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" - }, - { - "key": "H", - "name": "High", - "description": "0: AV:N and PR:N and UI:N" - } - ] + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" }, - "cvss:EQ2:1.0.0": { - "namespace": "cvss", - "key": "EQ2", - "version": "1.0.0", - "name": "Equivalence Set 2", - "description": "AC/AT with 2 levels specified in Table 25", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "L", - "name": "Low", - "description": "1: not (AC:L and AT:N)" - }, - { - "key": "H", - "name": "High", - "description": "0: AC:L and AT:N" - } - ] + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" }, - "cvss:EQ3:1.0.0": { - "namespace": "cvss", - "key": "EQ3", - "version": "1.0.0", - "name": "Equivalence Set 3", - "description": "VC/VI/VA with 3 levels specified in Table 26", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "L", - "name": "Low", - "description": "2: not (VC:H or VI:H or VA:H)" - }, - { - "key": "M", - "name": "Medium", - "description": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" - }, - { - "key": "H", - "name": "High", - "description": "0: VC:H and VI:H" - } - ] + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" }, - "cvss:EQ4:1.0.0": { - "namespace": "cvss", - "key": "EQ4", - "version": "1.0.0", - "name": "Equivalence Set 4", - "description": "SC/SI/SA with 3 levels specified in Table 27", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "L", - "name": "Low", - "description": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" - }, - { - "key": "M", - "name": "Medium", - "description": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" - }, - { - "key": "H", - "name": "High", - "description": "0: MSI:S or MSA:S" - } - ] + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" }, - "cvss:EQ5:1.0.0": { - "namespace": "cvss", - "key": "EQ5", - "version": "1.0.0", - "name": "Equivalence Set 5", - "description": "E with 3 levels specified in Table 28", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "L", - "name": "Low", - "description": "2: E:U" - }, - { - "key": "M", - "name": "Medium", - "description": "1: E:P" - }, - { - "key": "H", - "name": "High", - "description": "0: E:A" - } - ] + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" }, - "cvss:EQ6:1.0.0": { - "namespace": "cvss", - "key": "EQ6", - "version": "1.0.0", - "name": "Equivalence Set 6", - "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "L", - "name": "Low", - "description": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" - }, - { - "key": "H", - "name": "High", - "description": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" - } - ] + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "L" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, - "cvss:CVSS:1.0.0": { - "namespace": "cvss", - "key": "CVSS", - "version": "1.0.0", - "name": "CVSS Qualitative Severity Rating Scale", - "description": "The CVSS Qualitative Severity Rating Scale group.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "N", - "name": "None", - "description": "None (0.0)" - }, - { - "key": "L", - "name": "Low", - "description": "Low (0.1-3.9)" - }, - { - "key": "M", - "name": "Medium", - "description": "Medium (4.0-6.9)" - }, - { - "key": "H", - "name": "High", - "description": "High (7.0-8.9)" - }, - { - "key": "C", - "name": "Critical", - "description": "Critical (9.0-10.0)" - } - ] - } - }, - "outcome": "cvss:CVSS:1.0.0", - "mapping": [ { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + }, + { + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "N", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "L", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "N", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "L", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "M", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "L", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "M", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "L", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "M", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:CR_NoX:1.1.1": "H", + "cvss:VC:3.0.0": "H", + "cvss:IR_NoX:1.1.1": "H", + "cvss:VI:3.0.0": "H", + "cvss:AR_NoX:1.1.1": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ6:1.0.0": "H" + } + ] + } + } + } + }, + "DT_CVSS4_EQ3": { + "key": "DT_CVSS4_EQ3", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "DT_CVSS4_EQ3", + "version": "1.0.0", + "name": "CVSS v4 Equivalence Set 3", + "description": "This decision table models equivalence set 3 from CVSS v4.", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:VC:3.0.0": { + "namespace": "cvss", + "key": "VC", + "version": "3.0.0", + "name": "Confidentiality Impact to the Vulnerable System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of confidentiality within the impacted component." + }, + { + "key": "L", + "name": "Low", + "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + } + ] }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:VI:3.0.0": { + "namespace": "cvss", + "key": "VI", + "version": "3.0.0", + "name": "Integrity Impact to the Vulnerable System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no loss of integrity within the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + }, + { + "key": "H", + "name": "High", + "description": "There is a total loss of integrity, or a complete loss of protection." + } + ] + }, + "cvss:VA:3.0.0": { + "namespace": "cvss", + "key": "VA", + "version": "3.0.0", + "name": "Availability Impact to the Vulnerable System", + "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no impact to availability within the Vulnerable System." + }, + { + "key": "L", + "name": "Low", + "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + }, + { + "key": "H", + "name": "High", + "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + } + ] }, + "cvss:EQ3:1.0.0": { + "namespace": "cvss", + "key": "EQ3", + "version": "1.0.0", + "name": "Equivalence Set 3", + "description": "VC/VI/VA with 3 levels specified in Table 26", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: not (VC:H or VI:H or VA:H)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: VC:H and VI:H" + } + ] + } + }, + "outcome": "cvss:EQ3:1.0.0", + "mapping": [ { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "L" + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" + }, + { + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "N", + "cvss:EQ3:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "L" + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "N", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:VC:3.0.0": "N", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "L", + "cvss:EQ3:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "L", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:VC:3.0.0": "L", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:VC:3.0.0": "H", + "cvss:VI:3.0.0": "H", + "cvss:VA:3.0.0": "H", + "cvss:EQ3:1.0.0": "H" + } + ] + } + } + } + }, + "DT_CVSS4_EQ2": { + "key": "DT_CVSS4_EQ2", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "DT_CVSS4_EQ2", + "version": "1.0.0", + "name": "CVSS v4 Equivalence Set 2", + "description": "This decision table models equivalence set 2 from CVSS v4. Factors include Attack Complexity (AC) and Attack Requirements (AT).", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:AC:3.0.1": { + "namespace": "cvss", + "key": "AC", + "version": "3.0.1", + "name": "Attack Complexity", + "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "H", + "name": "High", + "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + }, + { + "key": "L", + "name": "Low", + "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + } + ] + }, + "cvss:AT:1.0.0": { + "namespace": "cvss", + "key": "AT", + "version": "1.0.0", + "name": "Attack Requirements", + "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "P", + "name": "Present", + "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + }, + { + "key": "N", + "name": "None", + "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + } + ] }, + "cvss:EQ2:1.0.0": { + "namespace": "cvss", + "key": "EQ2", + "version": "1.0.0", + "name": "Equivalence Set 2", + "description": "AC/AT with 2 levels specified in Table 25", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "1: not (AC:L and AT:N)" + }, + { + "key": "H", + "name": "High", + "description": "0: AC:L and AT:N" + } + ] + } + }, + "outcome": "cvss:EQ2:1.0.0", + "mapping": [ { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:AC:3.0.1": "H", + "cvss:AT:1.0.0": "P", + "cvss:EQ2:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:AC:3.0.1": "L", + "cvss:AT:1.0.0": "P", + "cvss:EQ2:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:AC:3.0.1": "H", + "cvss:AT:1.0.0": "N", + "cvss:EQ2:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:AC:3.0.1": "L", + "cvss:AT:1.0.0": "N", + "cvss:EQ2:1.0.0": "H" + } + ] + } + } + } + }, + "DT_CVSS_QSR": { + "key": "DT_CVSS_QSR", + "versions": { + "4.0.0": { + "version": "4.0.0", + "obj": { + "namespace": "cvss", + "key": "DT_CVSS_QSR", + "version": "4.0.0", + "name": "CVSS v4.0 Qualitative Severity Ratings", + "description": "CVSS v4.0 using MacroVectors and Interpolation. See https://www.first.org/cvss/specification-document#New-Scoring-System-Development for details", + "schemaVersion": "2.0.0", + "decision_points": { + "cvss:EQ1:1.0.0": { + "namespace": "cvss", + "key": "EQ1", + "version": "1.0.0", + "name": "Equivalence Set 1", + "description": "AV/PR/UI with 3 levels specified in Table 24", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: AV:P or not(AV:N or PR:N or UI:N)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" + }, + { + "key": "H", + "name": "High", + "description": "0: AV:N and PR:N and UI:N" + } + ] }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ2:1.0.0": { + "namespace": "cvss", + "key": "EQ2", + "version": "1.0.0", + "name": "Equivalence Set 2", + "description": "AC/AT with 2 levels specified in Table 25", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "1: not (AC:L and AT:N)" + }, + { + "key": "H", + "name": "High", + "description": "0: AC:L and AT:N" + } + ] }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ3:1.0.0": { + "namespace": "cvss", + "key": "EQ3", + "version": "1.0.0", + "name": "Equivalence Set 3", + "description": "VC/VI/VA with 3 levels specified in Table 26", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: not (VC:H or VI:H or VA:H)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: VC:H and VI:H" + } + ] }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ4:1.0.0": { + "namespace": "cvss", + "key": "EQ4", + "version": "1.0.0", + "name": "Equivalence Set 4", + "description": "SC/SI/SA with 3 levels specified in Table 27", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" + }, + { + "key": "M", + "name": "Medium", + "description": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: MSI:S or MSA:S" + } + ] }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ5:1.0.0": { + "namespace": "cvss", + "key": "EQ5", + "version": "1.0.0", + "name": "Equivalence Set 5", + "description": "E with 3 levels specified in Table 28", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "2: E:U" + }, + { + "key": "M", + "name": "Medium", + "description": "1: E:P" + }, + { + "key": "H", + "name": "High", + "description": "0: E:A" + } + ] }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ6:1.0.0": { + "namespace": "cvss", + "key": "EQ6", + "version": "1.0.0", + "name": "Equivalence Set 6", + "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "description": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" + }, + { + "key": "H", + "name": "High", + "description": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" + } + ] }, + "cvss:CVSS:1.0.0": { + "namespace": "cvss", + "key": "CVSS", + "version": "1.0.0", + "name": "CVSS Qualitative Severity Rating Scale", + "description": "The CVSS Qualitative Severity Rating Scale group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "None (0.0)" + }, + { + "key": "L", + "name": "Low", + "description": "Low (0.1-3.9)" + }, + { + "key": "M", + "name": "Medium", + "description": "Medium (4.0-6.9)" + }, + { + "key": "H", + "name": "High", + "description": "High (7.0-8.9)" + }, + { + "key": "C", + "name": "Critical", + "description": "Critical (9.0-10.0)" + } + ] + } + }, + "outcome": "cvss:CVSS:1.0.0", + "mapping": [ { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "H", @@ -16231,162 +15774,135 @@ { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "L" }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "M", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "M", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "H", "cvss:CVSS:1.0.0": "L" }, @@ -16394,8 +15910,8 @@ "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "H", "cvss:CVSS:1.0.0": "L" }, @@ -16403,370 +15919,388 @@ "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "H", "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "M", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "H", "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "L", + "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "L", + "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "H", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "H", @@ -16774,7 +16308,7 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16783,8 +16317,8 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "M", @@ -16792,7 +16326,7 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16801,7 +16335,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16810,8 +16344,8 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "M", @@ -16819,7 +16353,7 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16828,7 +16362,7 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16837,8 +16371,8 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "H", @@ -16846,7 +16380,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16855,7 +16389,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16864,7 +16398,7 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16873,7 +16407,7 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16882,7 +16416,7 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16891,7 +16425,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16900,8 +16434,8 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "M", @@ -16909,7 +16443,7 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16918,7 +16452,7 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16927,7 +16461,7 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16936,7 +16470,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16945,7 +16479,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16954,7 +16488,7 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16963,7 +16497,7 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16972,7 +16506,7 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16981,7 +16515,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16990,7 +16524,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -16999,7 +16533,7 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -17008,7 +16542,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -17017,7 +16551,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -17026,7 +16560,7 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -17035,8 +16569,8 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", @@ -17044,7 +16578,7 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -17053,7 +16587,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -17062,7 +16596,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -17071,7 +16605,7 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -17080,242 +16614,242 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "M", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "L" }, { "cvss:EQ1:1.0.0": "H", @@ -17323,8 +16857,8 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", @@ -17332,8 +16866,8 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", @@ -17341,7 +16875,7 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "H" }, { @@ -17350,8 +16884,8 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", @@ -17359,7 +16893,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "H" }, { @@ -17368,7 +16902,7 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "H" }, { @@ -17377,8 +16911,8 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "M", @@ -17386,7 +16920,7 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "H" }, { @@ -17395,8 +16929,8 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", @@ -17404,7 +16938,7 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "H" }, { @@ -17413,7 +16947,7 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "H" }, { @@ -17422,8 +16956,8 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", @@ -17431,7 +16965,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -17440,7 +16974,7 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "H" }, { @@ -17449,8 +16983,8 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "M", @@ -17458,8 +16992,8 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "L", @@ -17467,8 +17001,8 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", @@ -17476,7 +17010,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "H" }, { @@ -17485,7 +17019,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "H" }, { @@ -17494,8 +17028,8 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "L", @@ -17503,8 +17037,8 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "L", @@ -17512,8 +17046,8 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", @@ -17521,7 +17055,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -17530,7 +17064,7 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "H" }, { @@ -17539,8 +17073,8 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "M", @@ -17548,8 +17082,8 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "L", @@ -17557,8 +17091,8 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", @@ -17566,7 +17100,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "H" }, { @@ -17575,7 +17109,7 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "M" }, { @@ -17584,8 +17118,8 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "L", @@ -17593,8 +17127,8 @@ "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "L", @@ -17602,8 +17136,8 @@ "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "M", @@ -17611,2151 +17145,2035 @@ "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "M" - }, - { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "M", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "H", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "H" + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "M", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "H", "cvss:CVSS:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:CVSS:1.0.0": "M" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "L", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "H", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "L", + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "H", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "H", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "H" + "cvss:CVSS:1.0.0": "M" }, { - "cvss:EQ1:1.0.0": "M", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", - "cvss:EQ3:1.0.0": "M", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "H", "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", + "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "L", + "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", "cvss:CVSS:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" + "cvss:CVSS:1.0.0": "H" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", - "cvss:EQ5:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" + "cvss:CVSS:1.0.0": "H" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" + "cvss:CVSS:1.0.0": "H" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" + "cvss:CVSS:1.0.0": "H" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" + "cvss:CVSS:1.0.0": "H" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "L", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "M", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - }, - { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "L", - "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "L", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "M", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "H", "cvss:EQ6:1.0.0": "L", - "cvss:CVSS:1.0.0": "C" + "cvss:CVSS:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "M", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "M", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "H", - "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "M", + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "M", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "H", + "cvss:EQ1:1.0.0": "L", "cvss:EQ2:1.0.0": "L", "cvss:EQ3:1.0.0": "H", "cvss:EQ4:1.0.0": "H", "cvss:EQ5:1.0.0": "H", - "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { - "cvss:EQ1:1.0.0": "M", + "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "H", "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" + "cvss:CVSS:1.0.0": "H" }, { "cvss:EQ1:1.0.0": "H", "cvss:EQ2:1.0.0": "H", - "cvss:EQ3:1.0.0": "H", - "cvss:EQ4:1.0.0": "H", - "cvss:EQ5:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", "cvss:EQ6:1.0.0": "H", - "cvss:CVSS:1.0.0": "C" - } - ] - } - } - } - } - } - }, - "ssvc": { - "namespace": "ssvc", - "keys": { - "DT_COORD_PUBLISH": { - "key": "DT_COORD_PUBLISH", - "versions": { - "1.0.0": { - "version": "1.0.0", - "obj": { - "namespace": "ssvc", - "key": "DT_COORD_PUBLISH", - "version": "1.0.0", - "name": "Coordinator Publish Decision Table", - "description": "This decision table is used to determine the priority of a coordinator publish.", - "schemaVersion": "2.0.0", - "decision_points": { - "ssvc:SINV:1.0.0": { - "namespace": "ssvc", - "key": "SINV", - "version": "1.0.0", - "name": "Supplier Involvement", - "description": "What is the state of the supplier’s work on addressing the vulnerability?", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "FR", - "name": "Fix Ready", - "description": "The supplier has provided a patch or fix." - }, - { - "key": "C", - "name": "Cooperative", - "description": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." - }, - { - "key": "UU", - "name": "Uncooperative/Unresponsive", - "description": "The supplier has not responded, declined to generate a remediation, or no longer exists." - } - ] + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, - "ssvc:E:1.1.0": { - "namespace": "ssvc", - "key": "E", - "version": "1.1.0", - "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "N", - "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." - }, - { - "key": "P", - "name": "Public PoC", - "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." - }, - { - "key": "A", - "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." - } - ] + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, - "ssvc:PVA:1.0.0": { - "namespace": "ssvc", - "key": "PVA", - "version": "1.0.0", - "name": "Public Value Added", - "description": "How much value would a publication from the coordinator benefit the broader community?", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "L", - "name": "Limited", - "description": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." - }, - { - "key": "A", - "name": "Ampliative", - "description": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." - }, - { - "key": "P", - "name": "Precedence", - "description": "The publication would be the first publicly available, or be coincident with the first publicly available." - } - ] + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, - "ssvc:PUBLISH:1.0.0": { - "namespace": "ssvc", - "key": "PUBLISH", - "version": "1.0.0", - "name": "Publish, Do Not Publish", - "description": "The publish outcome group.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "N", - "name": "Do Not Publish", - "description": "Do Not Publish" - }, - { - "key": "P", - "name": "Publish", - "description": "Publish" - } - ] - } - }, - "outcome": "ssvc:PUBLISH:1.0.0", - "mapping": [ { - "ssvc:SINV:1.0.0": "FR", - "ssvc:E:1.1.0": "N", - "ssvc:PVA:1.0.0": "L", - "ssvc:PUBLISH:1.0.0": "N" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "C", - "ssvc:E:1.1.0": "N", - "ssvc:PVA:1.0.0": "L", - "ssvc:PUBLISH:1.0.0": "N" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "FR", - "ssvc:E:1.1.0": "P", - "ssvc:PVA:1.0.0": "L", - "ssvc:PUBLISH:1.0.0": "N" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "FR", - "ssvc:E:1.1.0": "N", - "ssvc:PVA:1.0.0": "A", - "ssvc:PUBLISH:1.0.0": "N" + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "UU", - "ssvc:E:1.1.0": "N", - "ssvc:PVA:1.0.0": "L", - "ssvc:PUBLISH:1.0.0": "N" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "C", - "ssvc:E:1.1.0": "P", - "ssvc:PVA:1.0.0": "L", - "ssvc:PUBLISH:1.0.0": "N" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "FR", - "ssvc:E:1.1.0": "A", - "ssvc:PVA:1.0.0": "L", - "ssvc:PUBLISH:1.0.0": "N" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "C", - "ssvc:E:1.1.0": "N", - "ssvc:PVA:1.0.0": "A", - "ssvc:PUBLISH:1.0.0": "N" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { - "ssvc:SINV:1.0.0": "FR", - "ssvc:E:1.1.0": "P", - "ssvc:PVA:1.0.0": "A", - "ssvc:PUBLISH:1.0.0": "N" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "FR", - "ssvc:E:1.1.0": "N", - "ssvc:PVA:1.0.0": "P", - "ssvc:PUBLISH:1.0.0": "P" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "UU", - "ssvc:E:1.1.0": "P", - "ssvc:PVA:1.0.0": "L", - "ssvc:PUBLISH:1.0.0": "N" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "C", - "ssvc:E:1.1.0": "A", - "ssvc:PVA:1.0.0": "L", - "ssvc:PUBLISH:1.0.0": "N" + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "UU", - "ssvc:E:1.1.0": "N", - "ssvc:PVA:1.0.0": "A", - "ssvc:PUBLISH:1.0.0": "N" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "C", - "ssvc:E:1.1.0": "P", - "ssvc:PVA:1.0.0": "A", - "ssvc:PUBLISH:1.0.0": "N" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "FR", - "ssvc:E:1.1.0": "A", - "ssvc:PVA:1.0.0": "A", - "ssvc:PUBLISH:1.0.0": "P" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "C", - "ssvc:E:1.1.0": "N", - "ssvc:PVA:1.0.0": "P", - "ssvc:PUBLISH:1.0.0": "P" + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "FR", - "ssvc:E:1.1.0": "P", - "ssvc:PVA:1.0.0": "P", - "ssvc:PUBLISH:1.0.0": "P" + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "UU", - "ssvc:E:1.1.0": "A", - "ssvc:PVA:1.0.0": "L", - "ssvc:PUBLISH:1.0.0": "P" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { - "ssvc:SINV:1.0.0": "UU", - "ssvc:E:1.1.0": "P", - "ssvc:PVA:1.0.0": "A", - "ssvc:PUBLISH:1.0.0": "P" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "C", - "ssvc:E:1.1.0": "A", - "ssvc:PVA:1.0.0": "A", - "ssvc:PUBLISH:1.0.0": "P" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "UU", - "ssvc:E:1.1.0": "N", - "ssvc:PVA:1.0.0": "P", - "ssvc:PUBLISH:1.0.0": "P" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "C", - "ssvc:E:1.1.0": "P", - "ssvc:PVA:1.0.0": "P", - "ssvc:PUBLISH:1.0.0": "P" + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "FR", - "ssvc:E:1.1.0": "A", - "ssvc:PVA:1.0.0": "P", - "ssvc:PUBLISH:1.0.0": "P" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "UU", - "ssvc:E:1.1.0": "A", - "ssvc:PVA:1.0.0": "A", - "ssvc:PUBLISH:1.0.0": "P" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, { - "ssvc:SINV:1.0.0": "UU", - "ssvc:E:1.1.0": "P", - "ssvc:PVA:1.0.0": "P", - "ssvc:PUBLISH:1.0.0": "P" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "C", - "ssvc:E:1.1.0": "A", - "ssvc:PVA:1.0.0": "P", - "ssvc:PUBLISH:1.0.0": "P" + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:SINV:1.0.0": "UU", - "ssvc:E:1.1.0": "A", - "ssvc:PVA:1.0.0": "P", - "ssvc:PUBLISH:1.0.0": "P" - } - ] - } - } - } - }, - "DT_COORD_TRIAGE": { - "key": "DT_COORD_TRIAGE", - "versions": { - "1.0.0": { - "version": "1.0.0", - "obj": { - "namespace": "ssvc", - "key": "DT_COORD_TRIAGE", - "version": "1.0.0", - "name": "Coordinator Triage", - "description": "Decision table for coordinator triage", - "schemaVersion": "2.0.0", - "decision_points": { - "ssvc:RP:1.0.0": { - "namespace": "ssvc", - "key": "RP", - "version": "1.0.0", - "name": "Report Public", - "description": "Is a viable report of the details of the vulnerability already publicly available?", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "Y", - "name": "Yes", - "description": "A public report of the vulnerability exists." - }, - { - "key": "N", - "name": "No", - "description": "No public report of the vulnerability exists." - } - ] - }, - "ssvc:SCON:1.0.0": { - "namespace": "ssvc", - "key": "SCON", - "version": "1.0.0", - "name": "Supplier Contacted", - "description": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "N", - "name": "No", - "description": "The supplier has not been contacted." - }, - { - "key": "Y", - "name": "Yes", - "description": "The supplier has been contacted." - } - ] - }, - "ssvc:RC:1.0.0": { - "namespace": "ssvc", - "key": "RC", - "version": "1.0.0", - "name": "Report Credibility", - "description": "Is the report credible?", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "NC", - "name": "Not Credible", - "description": "The report is not credible." - }, - { - "key": "C", - "name": "Credible", - "description": "The report is credible." - } - ] + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, - "ssvc:SC:1.0.0": { - "namespace": "ssvc", - "key": "SC", - "version": "1.0.0", - "name": "Supplier Cardinality", - "description": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "O", - "name": "One", - "description": "There is only one supplier of the vulnerable component." - }, - { - "key": "M", - "name": "Multiple", - "description": "There are multiple suppliers of the vulnerable component." - } - ] + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, - "ssvc:SE:1.0.0": { - "namespace": "ssvc", - "key": "SE", - "version": "1.0.0", - "name": "Supplier Engagement", - "description": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "A", - "name": "Active", - "description": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." - }, - { - "key": "U", - "name": "Unresponsive", - "description": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." - } - ] + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "M" }, - "ssvc:U:1.0.1": { - "namespace": "ssvc", - "key": "U", - "version": "1.0.1", - "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "L", - "name": "Laborious", - "description": "Automatable:No AND Value Density:Diffuse" - }, - { - "key": "E", - "name": "Efficient", - "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" - }, - { - "key": "S", - "name": "Super Effective", - "description": "Automatable:Yes AND Value Density:Concentrated" - } - ] + { + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, - "ssvc:PSI:2.0.1": { - "namespace": "ssvc", - "key": "PSI", - "version": "2.0.1", - "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "M", - "name": "Minimal", - "description": "Safety Impact:Negligible" - }, - { - "key": "S", - "name": "Significant", - "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" - } - ] + { + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" }, - "ssvc:COORDINATE:1.0.1": { - "namespace": "ssvc", - "key": "COORDINATE", - "version": "1.0.1", - "name": "Decline, Track, Coordinate", - "description": "The coordinate outcome group.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "D", - "name": "Decline", - "description": "Do not act on the report." - }, - { - "key": "T", - "name": "Track", - "description": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." - }, - { - "key": "C", - "name": "Coordinate", - "description": "Take action on the report." - } - ] - } - }, - "outcome": "ssvc:COORDINATE:1.0.1", - "mapping": [ { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" + }, + { + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "H" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "L", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "L", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "L", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "L", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "L", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "M", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "M", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "M", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "L", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "M", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "cvss:EQ1:1.0.0": "H", + "cvss:EQ2:1.0.0": "H", + "cvss:EQ3:1.0.0": "H", + "cvss:EQ4:1.0.0": "H", + "cvss:EQ5:1.0.0": "H", + "cvss:EQ6:1.0.0": "H", + "cvss:CVSS:1.0.0": "C" + } + ] + } + } + } + } + } + }, + "ssvc": { + "namespace": "ssvc", + "keys": { + "DT_COORD_PUBLISH": { + "key": "DT_COORD_PUBLISH", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "DT_COORD_PUBLISH", + "version": "1.0.0", + "name": "Coordinator Publish Decision Table", + "description": "This decision table is used to determine the priority of a coordinator publish.", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:SINV:1.0.0": { + "namespace": "ssvc", + "key": "SINV", + "version": "1.0.0", + "name": "Supplier Involvement", + "description": "What is the state of the supplier’s work on addressing the vulnerability?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "FR", + "name": "Fix Ready", + "description": "The supplier has provided a patch or fix." + }, + { + "key": "C", + "name": "Cooperative", + "description": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." + }, + { + "key": "UU", + "name": "Uncooperative/Unresponsive", + "description": "The supplier has not responded, declined to generate a remediation, or no longer exists." + } + ] }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": { + "namespace": "ssvc", + "key": "E", + "version": "1.1.0", + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + }, + { + "key": "P", + "name": "Public PoC", + "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + }, + { + "key": "A", + "name": "Active", + "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + } + ] + }, + "ssvc:PVA:1.0.0": { + "namespace": "ssvc", + "key": "PVA", + "version": "1.0.0", + "name": "Public Value Added", + "description": "How much value would a publication from the coordinator benefit the broader community?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Limited", + "description": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." + }, + { + "key": "A", + "name": "Ampliative", + "description": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." + }, + { + "key": "P", + "name": "Precedence", + "description": "The publication would be the first publicly available, or be coincident with the first publicly available." + } + ] }, + "ssvc:PUBLISH:1.0.0": { + "namespace": "ssvc", + "key": "PUBLISH", + "version": "1.0.0", + "name": "Publish, Do Not Publish", + "description": "The publish outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Do Not Publish", + "description": "Do Not Publish" + }, + { + "key": "P", + "name": "Publish", + "description": "Publish" + } + ] + } + }, + "outcome": "ssvc:PUBLISH:1.0.0", + "mapping": [ { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "P" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + } + ] + } + } + } + }, + "DT_COORD_TRIAGE": { + "key": "DT_COORD_TRIAGE", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "DT_COORD_TRIAGE", + "version": "1.0.0", + "name": "Coordinator Triage", + "description": "Decision table for coordinator triage", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:RP:1.0.0": { + "namespace": "ssvc", + "key": "RP", + "version": "1.0.0", + "name": "Report Public", + "description": "Is a viable report of the details of the vulnerability already publicly available?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "Y", + "name": "Yes", + "description": "A public report of the vulnerability exists." + }, + { + "key": "N", + "name": "No", + "description": "No public report of the vulnerability exists." + } + ] }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SCON:1.0.0": { + "namespace": "ssvc", + "key": "SCON", + "version": "1.0.0", + "name": "Supplier Contacted", + "description": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "The supplier has not been contacted." + }, + { + "key": "Y", + "name": "Yes", + "description": "The supplier has been contacted." + } + ] }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:RC:1.0.0": { + "namespace": "ssvc", + "key": "RC", + "version": "1.0.0", + "name": "Report Credibility", + "description": "Is the report credible?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "NC", + "name": "Not Credible", + "description": "The report is not credible." + }, + { + "key": "C", + "name": "Credible", + "description": "The report is credible." + } + ] }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SC:1.0.0": { + "namespace": "ssvc", + "key": "SC", + "version": "1.0.0", + "name": "Supplier Cardinality", + "description": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "O", + "name": "One", + "description": "There is only one supplier of the vulnerable component." + }, + { + "key": "M", + "name": "Multiple", + "description": "There are multiple suppliers of the vulnerable component." + } + ] }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SE:1.0.0": { + "namespace": "ssvc", + "key": "SE", + "version": "1.0.0", + "name": "Supplier Engagement", + "description": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "A", + "name": "Active", + "description": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." + }, + { + "key": "U", + "name": "Unresponsive", + "description": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." + } + ] }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:U:1.0.1": { + "namespace": "ssvc", + "key": "U", + "version": "1.0.1", + "name": "Utility", + "description": "The Usefulness of the Exploit to the Adversary", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Laborious", + "description": "Automatable:No AND Value Density:Diffuse" + }, + { + "key": "E", + "name": "Efficient", + "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + }, + { + "key": "S", + "name": "Super Effective", + "description": "Automatable:Yes AND Value Density:Concentrated" + } + ] + }, + "ssvc:PSI:2.0.1": { + "namespace": "ssvc", + "key": "PSI", + "version": "2.0.1", + "name": "Public Safety Impact", + "description": "A coarse-grained representation of impact to public safety.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "M", + "name": "Minimal", + "description": "Safety Impact:Negligible" + }, + { + "key": "S", + "name": "Significant", + "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + } + ] }, + "ssvc:COORDINATE:1.0.1": { + "namespace": "ssvc", + "key": "COORDINATE", + "version": "1.0.1", + "name": "Decline, Track, Coordinate", + "description": "The coordinate outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Decline", + "description": "Do not act on the report." + }, + { + "key": "T", + "name": "Track", + "description": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." + }, + { + "key": "C", + "name": "Coordinate", + "description": "Take action on the report." + } + ] + } + }, + "outcome": "ssvc:COORDINATE:1.0.1", + "mapping": [ { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" - }, { "ssvc:RP:1.0.0": "N", "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" @@ -19766,9 +19184,9 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19776,8 +19194,8 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -19786,8 +19204,8 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -19796,8 +19214,8 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -19806,8 +19224,8 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -19816,8 +19234,8 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -19826,8 +19244,8 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -19836,8 +19254,8 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -19846,8 +19264,8 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -19856,8 +19274,8 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -19866,8 +19284,8 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -19876,8 +19294,8 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -19886,8 +19304,8 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -19896,9 +19314,9 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -19906,68 +19324,78 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -19976,7 +19404,7 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, @@ -19986,9 +19414,9 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -19996,7 +19424,7 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, @@ -20006,7 +19434,7 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, @@ -20016,7 +19444,7 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, @@ -20026,7 +19454,7 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, @@ -20036,7 +19464,7 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, @@ -20046,7 +19474,7 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, @@ -20056,7 +19484,7 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, @@ -20066,158 +19494,158 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" - }, { "ssvc:RP:1.0.0": "N", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20226,9 +19654,9 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -20236,7 +19664,7 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, @@ -20246,7 +19674,7 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, @@ -20256,9 +19684,9 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -20266,9 +19694,9 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -20276,9 +19704,9 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -20286,7 +19714,7 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, @@ -20296,7 +19724,7 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, @@ -20306,7 +19734,7 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, @@ -20316,19 +19744,69 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -20336,9 +19814,9 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -20346,9 +19824,9 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -20356,9 +19834,9 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -20366,7 +19844,7 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, @@ -20376,7 +19854,7 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, @@ -20384,120 +19862,120 @@ "ssvc:RP:1.0.0": "N", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20505,9 +19983,9 @@ "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20515,973 +19993,1047 @@ "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" - }, - { - "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" - } - ] - } - } - } - }, - "DT_DP": { - "key": "DT_DP", - "versions": { - "1.0.0": { - "version": "1.0.0", - "obj": { - "namespace": "ssvc", - "key": "DT_DP", - "version": "1.0.0", - "name": "Deployer Patch Application Priority", - "description": "Decision table for evaluating deployer's patch application priority in SSVC", - "schemaVersion": "2.0.0", - "decision_points": { - "ssvc:E:1.1.0": { - "namespace": "ssvc", - "key": "E", - "version": "1.1.0", - "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "N", - "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." - }, - { - "key": "P", - "name": "Public PoC", - "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." - }, - { - "key": "A", - "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." - } - ] - }, - "ssvc:EXP:1.0.1": { - "namespace": "ssvc", - "key": "EXP", - "version": "1.0.1", - "name": "System Exposure", - "description": "The Accessible Attack Surface of the Affected System or Service", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "S", - "name": "Small", - "description": "Local service or program; highly controlled network" - }, - { - "key": "C", - "name": "Controlled", - "description": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." - }, - { - "key": "O", - "name": "Open", - "description": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" - } - ] - }, - "ssvc:A:2.0.0": { - "namespace": "ssvc", - "key": "A", - "version": "2.0.0", - "name": "Automatable", - "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "N", - "name": "No", - "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." - }, - { - "key": "Y", - "name": "Yes", - "description": "Attackers can reliably automate steps 1-4 of the kill chain." - } - ] - }, - "ssvc:HI:2.0.2": { - "namespace": "ssvc", - "key": "HI", - "version": "2.0.2", - "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "L", - "name": "Low", - "description": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" - }, - { - "key": "M", - "name": "Medium", - "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" - }, - { - "key": "H", - "name": "High", - "description": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" - }, - { - "key": "VH", - "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" - } - ] - }, - "ssvc:DSOI:1.0.0": { - "namespace": "ssvc", - "key": "DSOI", - "version": "1.0.0", - "name": "Defer, Scheduled, Out-of-Cycle, Immediate", - "description": "The original SSVC outcome group.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "D", - "name": "Defer", - "description": "Defer" - }, - { - "key": "S", - "name": "Scheduled", - "description": "Scheduled" - }, - { - "key": "O", - "name": "Out-of-Cycle", - "description": "Out-of-Cycle" - }, - { - "key": "I", - "name": "Immediate", - "description": "Immediate" - } - ] - } - }, - "outcome": "ssvc:DSOI:1.0.0", - "mapping": [ + "ssvc:COORDINATE:1.0.1": "T" + }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "D" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "D" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "D" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "D" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "D" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "D" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "D" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "I" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "I" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "I" - } - ] - } - } - } - }, - "DT_HI": { - "key": "DT_HI", - "versions": { - "1.0.0": { - "version": "1.0.0", - "obj": { - "namespace": "ssvc", - "key": "DT_HI", - "version": "1.0.0", - "name": "Human Impact", - "description": "Human Impact decision table for SSVC", - "schemaVersion": "2.0.0", - "decision_points": { - "ssvc:SI:2.0.0": { - "namespace": "ssvc", - "key": "SI", - "version": "2.0.0", - "name": "Safety Impact", - "description": "The safety impact of the vulnerability. (based on IEC 61508)", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "N", - "name": "Negligible", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." - }, - { - "key": "M", - "name": "Marginal", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." - }, - { - "key": "R", - "name": "Critical", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." - }, - { - "key": "C", - "name": "Catastrophic", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." - } - ] + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, - "ssvc:MI:2.0.0": { - "namespace": "ssvc", - "key": "MI", - "version": "2.0.0", - "name": "Mission Impact", - "description": "Impact on Mission Essential Functions of the Organization", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "D", - "name": "Degraded", - "description": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" - }, - { - "key": "MSC", - "name": "MEF Support Crippled", - "description": "Activities that directly support essential functions are crippled; essential functions continue for a time" - }, - { - "key": "MEF", - "name": "MEF Failure", - "description": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" - }, - { - "key": "MF", - "name": "Mission Failure", - "description": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" - } - ] + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, - "ssvc:HI:2.0.2": { - "namespace": "ssvc", - "key": "HI", - "version": "2.0.2", - "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "L", - "name": "Low", - "description": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" - }, - { - "key": "M", - "name": "Medium", - "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" - }, - { - "key": "H", - "name": "High", - "description": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" - }, - { - "key": "VH", - "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" - } - ] - } - }, - "outcome": "ssvc:HI:2.0.2", - "mapping": [ { - "ssvc:SI:2.0.0": "N", - "ssvc:MI:2.0.0": "D", - "ssvc:HI:2.0.2": "L" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:SI:2.0.0": "N", - "ssvc:MI:2.0.0": "MSC", - "ssvc:HI:2.0.2": "L" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:SI:2.0.0": "N", - "ssvc:MI:2.0.0": "MEF", - "ssvc:HI:2.0.2": "M" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:SI:2.0.0": "N", - "ssvc:MI:2.0.0": "MF", - "ssvc:HI:2.0.2": "VH" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:SI:2.0.0": "M", - "ssvc:MI:2.0.0": "D", - "ssvc:HI:2.0.2": "L" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:SI:2.0.0": "M", - "ssvc:MI:2.0.0": "MSC", - "ssvc:HI:2.0.2": "L" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:SI:2.0.0": "M", - "ssvc:MI:2.0.0": "MEF", - "ssvc:HI:2.0.2": "M" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:SI:2.0.0": "M", - "ssvc:MI:2.0.0": "MF", - "ssvc:HI:2.0.2": "VH" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:SI:2.0.0": "R", - "ssvc:MI:2.0.0": "D", - "ssvc:HI:2.0.2": "M" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:SI:2.0.0": "R", - "ssvc:MI:2.0.0": "MSC", - "ssvc:HI:2.0.2": "H" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:SI:2.0.0": "R", - "ssvc:MI:2.0.0": "MEF", - "ssvc:HI:2.0.2": "H" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:SI:2.0.0": "R", - "ssvc:MI:2.0.0": "MF", - "ssvc:HI:2.0.2": "VH" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:SI:2.0.0": "C", - "ssvc:MI:2.0.0": "D", - "ssvc:HI:2.0.2": "VH" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:SI:2.0.0": "C", - "ssvc:MI:2.0.0": "MSC", - "ssvc:HI:2.0.2": "VH" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:SI:2.0.0": "C", - "ssvc:MI:2.0.0": "MEF", - "ssvc:HI:2.0.2": "VH" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:SI:2.0.0": "C", - "ssvc:MI:2.0.0": "MF", - "ssvc:HI:2.0.2": "VH" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" } ] } } } }, - "DT_SP": { - "key": "DT_SP", + "DT_DP": { + "key": "DT_DP", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "DT_SP", + "key": "DT_DP", "version": "1.0.0", - "name": "Supplier Patch Development Priority", - "description": "Decision table for evaluating supplier patch development priority in SSVC", + "name": "Deployer Patch Application Priority", + "description": "Decision table for evaluating deployer's patch application priority in SSVC", "schemaVersion": "2.0.0", "decision_points": { "ssvc:E:1.1.0": { @@ -21509,68 +21061,78 @@ } ] }, - "ssvc:U:1.0.1": { + "ssvc:EXP:1.0.1": { "namespace": "ssvc", - "key": "U", + "key": "EXP", "version": "1.0.1", - "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", + "name": "System Exposure", + "description": "The Accessible Attack Surface of the Affected System or Service", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Laborious", - "description": "Automatable:No AND Value Density:Diffuse" + "key": "S", + "name": "Small", + "description": "Local service or program; highly controlled network" }, { - "key": "E", - "name": "Efficient", - "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + "key": "C", + "name": "Controlled", + "description": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." }, { - "key": "S", - "name": "Super Effective", - "description": "Automatable:Yes AND Value Density:Concentrated" + "key": "O", + "name": "Open", + "description": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" } ] }, - "ssvc:TI:1.0.0": { + "ssvc:A:2.0.0": { "namespace": "ssvc", - "key": "TI", - "version": "1.0.0", - "name": "Technical Impact", - "description": "The technical impact of the vulnerability.", + "key": "A", + "version": "2.0.0", + "name": "Automatable", + "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", "schemaVersion": "2.0.0", "values": [ { - "key": "P", - "name": "Partial", - "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." + "key": "N", + "name": "No", + "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." }, { - "key": "T", - "name": "Total", - "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." + "key": "Y", + "name": "Yes", + "description": "Attackers can reliably automate steps 1-4 of the kill chain." } ] }, - "ssvc:PSI:2.0.1": { + "ssvc:HI:2.0.2": { "namespace": "ssvc", - "key": "PSI", - "version": "2.0.1", - "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", + "key": "HI", + "version": "2.0.2", + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", "values": [ + { + "key": "L", + "name": "Low", + "description": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" + }, { "key": "M", - "name": "Minimal", - "description": "Safety Impact:Negligible" + "name": "Medium", + "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" }, { - "key": "S", - "name": "Significant", - "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + "key": "H", + "name": "High", + "description": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + { + "key": "VH", + "name": "Very High", + "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } ] }, @@ -21608,255 +21170,507 @@ "outcome": "ssvc:DSOI:1.0.0", "mapping": [ { - "ssvc:E:1.1.0": "N", - "ssvc:U:1.0.1": "L", - "ssvc:TI:1.0.0": "P", - "ssvc:PSI:2.0.1": "M", + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:U:1.0.1": "L", - "ssvc:TI:1.0.0": "P", - "ssvc:PSI:2.0.1": "S", + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:E:1.1.0": "N", - "ssvc:U:1.0.1": "L", - "ssvc:TI:1.0.0": "T", - "ssvc:PSI:2.0.1": "M", + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:E:1.1.0": "N", - "ssvc:U:1.0.1": "L", - "ssvc:TI:1.0.0": "T", - "ssvc:PSI:2.0.1": "S", - "ssvc:DSOI:1.0.0": "O" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:E:1.1.0": "N", - "ssvc:U:1.0.1": "E", - "ssvc:TI:1.0.0": "P", - "ssvc:PSI:2.0.1": "M", + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:E:1.1.0": "N", - "ssvc:U:1.0.1": "E", - "ssvc:TI:1.0.0": "P", - "ssvc:PSI:2.0.1": "S", - "ssvc:DSOI:1.0.0": "O" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:E:1.1.0": "N", - "ssvc:U:1.0.1": "E", - "ssvc:TI:1.0.0": "T", - "ssvc:PSI:2.0.1": "M", + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:E:1.1.0": "N", - "ssvc:U:1.0.1": "E", - "ssvc:TI:1.0.0": "T", - "ssvc:PSI:2.0.1": "S", - "ssvc:DSOI:1.0.0": "O" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:E:1.1.0": "N", - "ssvc:U:1.0.1": "S", - "ssvc:TI:1.0.0": "P", - "ssvc:PSI:2.0.1": "M", + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "D" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:E:1.1.0": "N", - "ssvc:U:1.0.1": "S", - "ssvc:TI:1.0.0": "P", - "ssvc:PSI:2.0.1": "S", - "ssvc:DSOI:1.0.0": "O" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:E:1.1.0": "N", - "ssvc:U:1.0.1": "S", - "ssvc:TI:1.0.0": "T", - "ssvc:PSI:2.0.1": "M", - "ssvc:DSOI:1.0.0": "O" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:E:1.1.0": "N", - "ssvc:U:1.0.1": "S", - "ssvc:TI:1.0.0": "T", - "ssvc:PSI:2.0.1": "S", - "ssvc:DSOI:1.0.0": "O" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", - "ssvc:U:1.0.1": "L", - "ssvc:TI:1.0.0": "P", - "ssvc:PSI:2.0.1": "M", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", - "ssvc:U:1.0.1": "L", - "ssvc:TI:1.0.0": "P", - "ssvc:PSI:2.0.1": "S", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "P", - "ssvc:U:1.0.1": "L", - "ssvc:TI:1.0.0": "T", - "ssvc:PSI:2.0.1": "M", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "L", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", - "ssvc:U:1.0.1": "L", - "ssvc:TI:1.0.0": "T", - "ssvc:PSI:2.0.1": "S", - "ssvc:DSOI:1.0.0": "I" + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", - "ssvc:U:1.0.1": "E", - "ssvc:TI:1.0.0": "P", - "ssvc:PSI:2.0.1": "M", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", - "ssvc:U:1.0.1": "E", - "ssvc:TI:1.0.0": "P", - "ssvc:PSI:2.0.1": "S", - "ssvc:DSOI:1.0.0": "I" + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "P", - "ssvc:U:1.0.1": "E", - "ssvc:TI:1.0.0": "T", - "ssvc:PSI:2.0.1": "M", - "ssvc:DSOI:1.0.0": "O" + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", - "ssvc:U:1.0.1": "E", - "ssvc:TI:1.0.0": "T", - "ssvc:PSI:2.0.1": "S", - "ssvc:DSOI:1.0.0": "I" + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", - "ssvc:U:1.0.1": "S", - "ssvc:TI:1.0.0": "P", - "ssvc:PSI:2.0.1": "M", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "P", - "ssvc:U:1.0.1": "S", - "ssvc:TI:1.0.0": "P", - "ssvc:PSI:2.0.1": "S", - "ssvc:DSOI:1.0.0": "I" + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "S" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:E:1.1.0": "P", - "ssvc:U:1.0.1": "S", - "ssvc:TI:1.0.0": "T", - "ssvc:PSI:2.0.1": "M", - "ssvc:DSOI:1.0.0": "O" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:E:1.1.0": "P", - "ssvc:U:1.0.1": "S", - "ssvc:TI:1.0.0": "T", - "ssvc:PSI:2.0.1": "S", - "ssvc:DSOI:1.0.0": "I" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:TI:1.0.0": "P", - "ssvc:PSI:2.0.1": "M", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:TI:1.0.0": "P", - "ssvc:PSI:2.0.1": "S", - "ssvc:DSOI:1.0.0": "I" + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:TI:1.0.0": "T", - "ssvc:PSI:2.0.1": "M", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:TI:1.0.0": "T", - "ssvc:PSI:2.0.1": "S", - "ssvc:DSOI:1.0.0": "I" + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:TI:1.0.0": "P", - "ssvc:PSI:2.0.1": "M", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:TI:1.0.0": "P", - "ssvc:PSI:2.0.1": "S", - "ssvc:DSOI:1.0.0": "I" + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:TI:1.0.0": "T", - "ssvc:PSI:2.0.1": "M", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "M", "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:TI:1.0.0": "T", - "ssvc:PSI:2.0.1": "S", - "ssvc:DSOI:1.0.0": "I" + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:TI:1.0.0": "P", - "ssvc:PSI:2.0.1": "M", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "I" }, { "ssvc:E:1.1.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:TI:1.0.0": "P", - "ssvc:PSI:2.0.1": "S", - "ssvc:DSOI:1.0.0": "I" + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:TI:1.0.0": "T", - "ssvc:PSI:2.0.1": "M", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "H", "ssvc:DSOI:1.0.0": "I" }, { "ssvc:E:1.1.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:TI:1.0.0": "T", - "ssvc:PSI:2.0.1": "S", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "VH", "ssvc:DSOI:1.0.0": "I" } ] @@ -21864,128 +21678,208 @@ } } }, - "DT_U": { - "key": "DT_U", + "DT_HI": { + "key": "DT_HI", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "DT_U", + "key": "DT_HI", "version": "1.0.0", - "name": "Utility", - "description": "Utility decision table for SSVC", + "name": "Human Impact", + "description": "Human Impact decision table for SSVC", "schemaVersion": "2.0.0", "decision_points": { - "ssvc:A:2.0.0": { + "ssvc:SI:2.0.0": { "namespace": "ssvc", - "key": "A", + "key": "SI", "version": "2.0.0", - "name": "Automatable", - "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "name": "Safety Impact", + "description": "The safety impact of the vulnerability. (based on IEC 61508)", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "No", - "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + "name": "Negligible", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." }, { - "key": "Y", - "name": "Yes", - "description": "Attackers can reliably automate steps 1-4 of the kill chain." + "key": "M", + "name": "Marginal", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + }, + { + "key": "R", + "name": "Critical", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." + }, + { + "key": "C", + "name": "Catastrophic", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." } ] }, - "ssvc:VD:1.0.0": { + "ssvc:MI:2.0.0": { "namespace": "ssvc", - "key": "VD", - "version": "1.0.0", - "name": "Value Density", - "description": "The concentration of value in the target", + "key": "MI", + "version": "2.0.0", + "name": "Mission Impact", + "description": "Impact on Mission Essential Functions of the Organization", "schemaVersion": "2.0.0", "values": [ { "key": "D", - "name": "Diffuse", - "description": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." + "name": "Degraded", + "description": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" }, { - "key": "C", - "name": "Concentrated", - "description": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." + "key": "MSC", + "name": "MEF Support Crippled", + "description": "Activities that directly support essential functions are crippled; essential functions continue for a time" + }, + { + "key": "MEF", + "name": "MEF Failure", + "description": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + }, + { + "key": "MF", + "name": "Mission Failure", + "description": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" } ] }, - "ssvc:U:1.0.1": { + "ssvc:HI:2.0.2": { "namespace": "ssvc", - "key": "U", - "version": "1.0.1", - "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", + "key": "HI", + "version": "2.0.2", + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", "values": [ { "key": "L", - "name": "Laborious", - "description": "Automatable:No AND Value Density:Diffuse" + "name": "Low", + "description": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" }, { - "key": "E", - "name": "Efficient", - "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + "key": "M", + "name": "Medium", + "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" }, { - "key": "S", - "name": "Super Effective", - "description": "Automatable:Yes AND Value Density:Concentrated" + "key": "H", + "name": "High", + "description": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + { + "key": "VH", + "name": "Very High", + "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } ] } }, - "outcome": "ssvc:U:1.0.1", + "outcome": "ssvc:HI:2.0.2", "mapping": [ { - "ssvc:A:2.0.0": "N", - "ssvc:VD:1.0.0": "D", - "ssvc:U:1.0.1": "L" + "ssvc:SI:2.0.0": "N", + "ssvc:MI:2.0.0": "D", + "ssvc:HI:2.0.2": "L" + }, + { + "ssvc:SI:2.0.0": "N", + "ssvc:MI:2.0.0": "MSC", + "ssvc:HI:2.0.2": "L" + }, + { + "ssvc:SI:2.0.0": "N", + "ssvc:MI:2.0.0": "MEF", + "ssvc:HI:2.0.2": "M" + }, + { + "ssvc:SI:2.0.0": "N", + "ssvc:MI:2.0.0": "MF", + "ssvc:HI:2.0.2": "VH" + }, + { + "ssvc:SI:2.0.0": "M", + "ssvc:MI:2.0.0": "D", + "ssvc:HI:2.0.2": "L" + }, + { + "ssvc:SI:2.0.0": "M", + "ssvc:MI:2.0.0": "MSC", + "ssvc:HI:2.0.2": "L" + }, + { + "ssvc:SI:2.0.0": "M", + "ssvc:MI:2.0.0": "MEF", + "ssvc:HI:2.0.2": "M" + }, + { + "ssvc:SI:2.0.0": "M", + "ssvc:MI:2.0.0": "MF", + "ssvc:HI:2.0.2": "VH" + }, + { + "ssvc:SI:2.0.0": "R", + "ssvc:MI:2.0.0": "D", + "ssvc:HI:2.0.2": "M" + }, + { + "ssvc:SI:2.0.0": "R", + "ssvc:MI:2.0.0": "MSC", + "ssvc:HI:2.0.2": "H" }, { - "ssvc:A:2.0.0": "N", - "ssvc:VD:1.0.0": "C", - "ssvc:U:1.0.1": "E" + "ssvc:SI:2.0.0": "R", + "ssvc:MI:2.0.0": "MEF", + "ssvc:HI:2.0.2": "H" }, { - "ssvc:A:2.0.0": "Y", - "ssvc:VD:1.0.0": "D", - "ssvc:U:1.0.1": "E" + "ssvc:SI:2.0.0": "R", + "ssvc:MI:2.0.0": "MF", + "ssvc:HI:2.0.2": "VH" }, { - "ssvc:A:2.0.0": "Y", - "ssvc:VD:1.0.0": "C", - "ssvc:U:1.0.1": "S" + "ssvc:SI:2.0.0": "C", + "ssvc:MI:2.0.0": "D", + "ssvc:HI:2.0.2": "VH" + }, + { + "ssvc:SI:2.0.0": "C", + "ssvc:MI:2.0.0": "MSC", + "ssvc:HI:2.0.2": "VH" + }, + { + "ssvc:SI:2.0.0": "C", + "ssvc:MI:2.0.0": "MEF", + "ssvc:HI:2.0.2": "VH" + }, + { + "ssvc:SI:2.0.0": "C", + "ssvc:MI:2.0.0": "MF", + "ssvc:HI:2.0.2": "VH" } ] } } } - } - } - }, - "cisa": { - "namespace": "cisa", - "keys": { - "DT_CO": { - "key": "DT_CO", + }, + "DT_SP": { + "key": "DT_SP", "versions": { - "2.0.3": { - "version": "2.0.3", + "1.0.0": { + "version": "1.0.0", "obj": { - "namespace": "cisa", - "key": "DT_CO", - "version": "2.0.3", - "name": "CISA Coordinator", - "description": "CISA Coordinator decision table for SSVC", + "namespace": "ssvc", + "key": "DT_SP", + "version": "1.0.0", + "name": "Supplier Patch Development Priority", + "description": "Decision table for evaluating supplier patch development priority in SSVC", "schemaVersion": "2.0.0", "decision_points": { "ssvc:E:1.1.0": { @@ -22013,23 +21907,28 @@ } ] }, - "ssvc:A:2.0.0": { + "ssvc:U:1.0.1": { "namespace": "ssvc", - "key": "A", - "version": "2.0.0", - "name": "Automatable", - "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "key": "U", + "version": "1.0.1", + "name": "Utility", + "description": "The Usefulness of the Exploit to the Adversary", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "No", - "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + "key": "L", + "name": "Laborious", + "description": "Automatable:No AND Value Density:Diffuse" }, { - "key": "Y", - "name": "Yes", - "description": "Attackers can reliably automate steps 1-4 of the kill chain." + "key": "E", + "name": "Efficient", + "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + }, + { + "key": "S", + "name": "Super Effective", + "description": "Automatable:Yes AND Value Density:Concentrated" } ] }, @@ -22053,315 +21952,416 @@ } ] }, - "ssvc:MWI:1.0.0": { + "ssvc:PSI:2.0.1": { "namespace": "ssvc", - "key": "MWI", - "version": "1.0.0", - "name": "Mission and Well-Being Impact", - "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", + "key": "PSI", + "version": "2.0.1", + "name": "Public Safety Impact", + "description": "A coarse-grained representation of impact to public safety.", "schemaVersion": "2.0.0", "values": [ - { - "key": "L", - "name": "Low", - "description": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" - }, { "key": "M", - "name": "Medium", - "description": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" + "name": "Minimal", + "description": "Safety Impact:Negligible" }, { - "key": "H", - "name": "High", - "description": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" + "key": "S", + "name": "Significant", + "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" } ] }, - "cisa:CISA:1.1.0": { - "namespace": "cisa", - "key": "CISA", - "version": "1.1.0", - "name": "CISA Levels", - "description": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", + "ssvc:DSOI:1.0.0": { + "namespace": "ssvc", + "key": "DSOI", + "version": "1.0.0", + "name": "Defer, Scheduled, Out-of-Cycle, Immediate", + "description": "The original SSVC outcome group.", "schemaVersion": "2.0.0", "values": [ { - "key": "T", - "name": "Track", - "description": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." + "key": "D", + "name": "Defer", + "description": "Defer" }, { - "key": "T*", - "name": "Track*", - "description": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." + "key": "S", + "name": "Scheduled", + "description": "Scheduled" }, { - "key": "AT", - "name": "Attend", - "description": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." + "key": "O", + "name": "Out-of-Cycle", + "description": "Out-of-Cycle" }, { - "key": "AC", - "name": "Act", - "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." + "key": "I", + "name": "Immediate", + "description": "Immediate" } ] } }, - "outcome": "cisa:CISA:1.1.0", + "outcome": "ssvc:DSOI:1.0.0", "mapping": [ { "ssvc:E:1.1.0": "N", - "ssvc:A:2.0.0": "N", + "ssvc:U:1.0.1": "L", "ssvc:TI:1.0.0": "P", - "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.1.0": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "D" }, { "ssvc:E:1.1.0": "N", - "ssvc:A:2.0.0": "N", + "ssvc:U:1.0.1": "L", "ssvc:TI:1.0.0": "P", - "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.1.0": "T" + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", - "ssvc:A:2.0.0": "N", - "ssvc:TI:1.0.0": "P", - "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.1.0": "T" + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", - "ssvc:A:2.0.0": "N", + "ssvc:U:1.0.1": "L", "ssvc:TI:1.0.0": "T", - "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.1.0": "T" + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "N", - "ssvc:A:2.0.0": "N", - "ssvc:TI:1.0.0": "T", - "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.1.0": "T" + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", - "ssvc:A:2.0.0": "N", + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "N", + "ssvc:U:1.0.1": "E", "ssvc:TI:1.0.0": "T", - "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.1.0": "T*" + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", - "ssvc:A:2.0.0": "Y", - "ssvc:TI:1.0.0": "P", - "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.1.0": "T" + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "N", - "ssvc:A:2.0.0": "Y", + "ssvc:U:1.0.1": "S", "ssvc:TI:1.0.0": "P", - "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.1.0": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "N", - "ssvc:A:2.0.0": "Y", + "ssvc:U:1.0.1": "S", "ssvc:TI:1.0.0": "P", - "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.1.0": "AT" + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "N", - "ssvc:A:2.0.0": "Y", + "ssvc:U:1.0.1": "S", "ssvc:TI:1.0.0": "T", - "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.1.0": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "N", - "ssvc:A:2.0.0": "Y", + "ssvc:U:1.0.1": "S", "ssvc:TI:1.0.0": "T", - "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.1.0": "T" + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:E:1.1.0": "N", - "ssvc:A:2.0.0": "Y", - "ssvc:TI:1.0.0": "T", - "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.1.0": "AT" + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", - "ssvc:A:2.0.0": "N", + "ssvc:U:1.0.1": "L", "ssvc:TI:1.0.0": "P", - "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.1.0": "T" + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "O" + }, + { + "ssvc:E:1.1.0": "P", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", - "ssvc:A:2.0.0": "N", - "ssvc:TI:1.0.0": "P", - "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.1.0": "T" + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" }, { "ssvc:E:1.1.0": "P", - "ssvc:A:2.0.0": "N", + "ssvc:U:1.0.1": "E", "ssvc:TI:1.0.0": "P", - "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.1.0": "T*" + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "S" }, { "ssvc:E:1.1.0": "P", - "ssvc:A:2.0.0": "N", - "ssvc:TI:1.0.0": "T", - "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.1.0": "T" + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" }, { "ssvc:E:1.1.0": "P", - "ssvc:A:2.0.0": "N", + "ssvc:U:1.0.1": "E", "ssvc:TI:1.0.0": "T", - "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.1.0": "T*" + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "P", - "ssvc:A:2.0.0": "N", + "ssvc:U:1.0.1": "E", "ssvc:TI:1.0.0": "T", - "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.1.0": "AT" - }, - { - "ssvc:E:1.1.0": "P", - "ssvc:A:2.0.0": "Y", - "ssvc:TI:1.0.0": "P", - "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.1.0": "T" + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" }, { "ssvc:E:1.1.0": "P", - "ssvc:A:2.0.0": "Y", + "ssvc:U:1.0.1": "S", "ssvc:TI:1.0.0": "P", - "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.1.0": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "P", - "ssvc:A:2.0.0": "Y", + "ssvc:U:1.0.1": "S", "ssvc:TI:1.0.0": "P", - "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.1.0": "AT" + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" }, { "ssvc:E:1.1.0": "P", - "ssvc:A:2.0.0": "Y", + "ssvc:U:1.0.1": "S", "ssvc:TI:1.0.0": "T", - "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.1.0": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "P", - "ssvc:A:2.0.0": "Y", + "ssvc:U:1.0.1": "S", "ssvc:TI:1.0.0": "T", - "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.1.0": "T*" + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" }, { - "ssvc:E:1.1.0": "P", - "ssvc:A:2.0.0": "Y", - "ssvc:TI:1.0.0": "T", - "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.1.0": "AT" + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", - "ssvc:A:2.0.0": "N", + "ssvc:U:1.0.1": "L", "ssvc:TI:1.0.0": "P", - "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.1.0": "T" + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" }, { "ssvc:E:1.1.0": "A", - "ssvc:A:2.0.0": "N", - "ssvc:TI:1.0.0": "P", - "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.1.0": "T" + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", - "ssvc:A:2.0.0": "N", + "ssvc:U:1.0.1": "L", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + }, + { + "ssvc:E:1.1.0": "A", + "ssvc:U:1.0.1": "E", "ssvc:TI:1.0.0": "P", - "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.1.0": "AT" + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", - "ssvc:A:2.0.0": "N", - "ssvc:TI:1.0.0": "T", - "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.1.0": "T" + "ssvc:U:1.0.1": "E", + "ssvc:TI:1.0.0": "P", + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" }, { "ssvc:E:1.1.0": "A", - "ssvc:A:2.0.0": "N", + "ssvc:U:1.0.1": "E", "ssvc:TI:1.0.0": "T", - "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.1.0": "AT" + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "O" }, { "ssvc:E:1.1.0": "A", - "ssvc:A:2.0.0": "N", + "ssvc:U:1.0.1": "E", "ssvc:TI:1.0.0": "T", - "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.1.0": "AC" + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" }, { "ssvc:E:1.1.0": "A", - "ssvc:A:2.0.0": "Y", + "ssvc:U:1.0.1": "S", "ssvc:TI:1.0.0": "P", - "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.1.0": "AT" + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "I" }, { "ssvc:E:1.1.0": "A", - "ssvc:A:2.0.0": "Y", + "ssvc:U:1.0.1": "S", "ssvc:TI:1.0.0": "P", - "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.1.0": "AT" + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" }, { "ssvc:E:1.1.0": "A", - "ssvc:A:2.0.0": "Y", - "ssvc:TI:1.0.0": "P", - "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.1.0": "AC" + "ssvc:U:1.0.1": "S", + "ssvc:TI:1.0.0": "T", + "ssvc:PSI:2.0.1": "M", + "ssvc:DSOI:1.0.0": "I" }, { "ssvc:E:1.1.0": "A", - "ssvc:A:2.0.0": "Y", + "ssvc:U:1.0.1": "S", "ssvc:TI:1.0.0": "T", - "ssvc:MWI:1.0.0": "L", - "cisa:CISA:1.1.0": "AT" + "ssvc:PSI:2.0.1": "S", + "ssvc:DSOI:1.0.0": "I" + } + ] + } + } + } + }, + "DT_U": { + "key": "DT_U", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "DT_U", + "version": "1.0.0", + "name": "Utility", + "description": "Utility decision table for SSVC", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:A:2.0.0": { + "namespace": "ssvc", + "key": "A", + "version": "2.0.0", + "name": "Automatable", + "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + }, + { + "key": "Y", + "name": "Yes", + "description": "Attackers can reliably automate steps 1-4 of the kill chain." + } + ] + }, + "ssvc:VD:1.0.0": { + "namespace": "ssvc", + "key": "VD", + "version": "1.0.0", + "name": "Value Density", + "description": "The concentration of value in the target", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Diffuse", + "description": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." + }, + { + "key": "C", + "name": "Concentrated", + "description": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." + } + ] + }, + "ssvc:U:1.0.1": { + "namespace": "ssvc", + "key": "U", + "version": "1.0.1", + "name": "Utility", + "description": "The Usefulness of the Exploit to the Adversary", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Laborious", + "description": "Automatable:No AND Value Density:Diffuse" + }, + { + "key": "E", + "name": "Efficient", + "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + }, + { + "key": "S", + "name": "Super Effective", + "description": "Automatable:Yes AND Value Density:Concentrated" + } + ] + } + }, + "outcome": "ssvc:U:1.0.1", + "mapping": [ + { + "ssvc:A:2.0.0": "N", + "ssvc:VD:1.0.0": "D", + "ssvc:U:1.0.1": "L" + }, + { + "ssvc:A:2.0.0": "N", + "ssvc:VD:1.0.0": "C", + "ssvc:U:1.0.1": "E" }, { - "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", - "ssvc:TI:1.0.0": "T", - "ssvc:MWI:1.0.0": "M", - "cisa:CISA:1.1.0": "AC" + "ssvc:VD:1.0.0": "D", + "ssvc:U:1.0.1": "E" }, { - "ssvc:E:1.1.0": "A", "ssvc:A:2.0.0": "Y", - "ssvc:TI:1.0.0": "T", - "ssvc:MWI:1.0.0": "H", - "cisa:CISA:1.1.0": "AC" + "ssvc:VD:1.0.0": "C", + "ssvc:U:1.0.1": "S" } ] } diff --git a/src/ssvc/decision_tables/cisa/__init__.py b/src/ssvc/decision_tables/cisa/__init__.py new file mode 100644 index 00000000..35435d58 --- /dev/null +++ b/src/ssvc/decision_tables/cisa/__init__.py @@ -0,0 +1,20 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +"""Decision tables for the CISA namespace""" From 253463396489b9a105ee42ea2b9db6ecaabe56ba Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 20 Aug 2025 15:54:07 -0400 Subject: [PATCH 307/468] refactor --- src/ssvc/api.py | 83 +++++++++++++++++++++++------------ src/ssvc/utils/api_helpers.py | 68 ++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+), 27 deletions(-) create mode 100644 src/ssvc/utils/api_helpers.py diff --git a/src/ssvc/api.py b/src/ssvc/api.py index 8e28126d..2c01085b 100644 --- a/src/ssvc/api.py +++ b/src/ssvc/api.py @@ -23,35 +23,28 @@ # subject to its own license. # DM24-0278 -from typing import Any, Dict +from typing import Any from fastapi import FastAPI, HTTPException -from pydantic import RootModel +import ssvc # noqa: F401 from ssvc.decision_points.base import DecisionPoint, DecisionPointValue from ssvc.decision_tables.base import DecisionTable from ssvc.registry import get_registry from ssvc.registry.base import ( lookup_key, + lookup_latest, lookup_namespace, lookup_objtype, lookup_version, ) +from ssvc.utils.api_helpers import DecisionPointDict, DecisionTableDict app = FastAPI() r = get_registry() -# TODO: move convenience object models to a separate module -class DecisionPointDict(RootModel[Dict[str, DecisionPoint]]): - """A dictionary of DecisionPoint objects with keys as 'namespace:key:version'.""" - - -class DecisionTableDict(RootModel[Dict[str, DecisionTable]]): - """A dictionary of DecisionTable objects with keys as 'namespace:key:version'.""" - - @app.get("/") def read_root(): return {"Hello": "SSVC World"} @@ -63,7 +56,7 @@ def _404_on_none(obj: Any): @app.get("/decision_points", response_model=DecisionPointDict) -async def get_decision_points() -> DecisionPointDict: +async def get_all_decision_points() -> DecisionPointDict: result = lookup_objtype(objtype="DecisionPoint", registry=r) _404_on_none(result) @@ -78,7 +71,9 @@ async def get_decision_points() -> DecisionPointDict: @app.get("/decision_points/{namespace}", response_model=DecisionPointDict) -async def get_decision_points(namespace: str) -> DecisionPointDict: +async def get_all_decision_points_for_namespace( + namespace: str, +) -> DecisionPointDict: result = lookup_namespace( objtype="DecisionPoint", namespace=namespace, registry=r ) @@ -96,7 +91,9 @@ async def get_decision_points(namespace: str) -> DecisionPointDict: @app.get( "/decision_points/{namespace}/{key}", response_model=DecisionPointDict ) -async def get_decision_points(namespace: str, key: str) -> DecisionPointDict: +async def get_all_versions_of_decision_points_for_key( + namespace: str, key: str +) -> DecisionPointDict: """Returns a dictionary of DecisionPoint objects for the given namespace and key. Dictionary keys are namespace:key:version.""" result = lookup_key( @@ -111,11 +108,27 @@ async def get_decision_points(namespace: str, key: str) -> DecisionPointDict: return DecisionPointDict(**objs) +@app.get( + "/decision_points/{namespace}/{key}/latest", + response_model=DecisionPoint, +) +async def get_latest_decision_point_for_key( + namespace: str, key: str +) -> DecisionPoint: + """Returns the latest DecisionPoint object for the given namespace and key.""" + result = lookup_latest( + objtype="DecisionPoint", namespace=namespace, key=key, registry=r + ) + _404_on_none(result) + dp = result + return dp + + @app.get( "/decision_points/{namespace}/{key}/{version}", response_model=DecisionPoint, ) -async def get_decision_points( +async def get_decision_point_version( namespace: str, key: str, version: str ) -> DecisionPoint: """Returns a single DecisionPoint object for the given namespace, key, and version.""" @@ -135,10 +148,10 @@ async def get_decision_points( "/decision_points/{namespace}/{key}/{version}/values", response_model=list[DecisionPointValue], ) -async def get_decision_points( +async def get_decision_point_values( namespace: str, key: str, version: str ) -> DecisionPoint: - """Returns a single DecisionPoint object for the given namespace, key, and version.""" + """Returns the values of a single DecisionPoint object for the given namespace, key, and version.""" result = lookup_version( objtype="DecisionPoint", namespace=namespace, @@ -167,7 +180,7 @@ async def get_decision_tables() -> DecisionTableDict: @app.get("/decision_tables/{namespace}", response_model=DecisionTableDict) -async def get_decision_tables_namespace( +async def get_decision_tables_for_namespace( namespace: str, ) -> DecisionTableDict: @@ -177,8 +190,8 @@ async def get_decision_tables_namespace( _404_on_none(ns_obj) # namespace obj has keys, keys have versions. objs = {} - for k in ns_obj.keys: - for ver in ns_obj.keys[k].versions: + for k in ns_obj.keys.keys(): + for ver in ns_obj.keys[k].versions.keys(): obj = ns_obj.keys[k].versions[ver].obj objs[obj.id] = obj return DecisionTableDict(**objs) @@ -187,7 +200,7 @@ async def get_decision_tables_namespace( @app.get( "/decision_tables/{namespace}/{key}", response_model=DecisionTableDict ) -async def get_decision_tables_key( +async def get_decision_tables_for_key( namespace: str, key: str ) -> DecisionTableDict: """Returns a dictionary of DecisionTable objects for the given namespace and key. @@ -207,11 +220,27 @@ async def get_decision_tables_key( return DecisionTableDict(**objs) +@app.get( + "/decision_tables/{namespace}/{key}/latest", + response_model=DecisionTable, +) +async def get_latest_decision_table_for_key( + namespace: str, key: str +) -> DecisionTable: + """Returns the latest DecisionPoint object for the given namespace and key.""" + result = lookup_latest( + objtype="DecisionTable", namespace=namespace, key=key, registry=r + ) + _404_on_none(result) + dt = result + return dt + + @app.get( "/decision_tables/{namespace}/{key}/{version}", response_model=DecisionTable, ) -async def get_decision_tables_version( +async def get_decision_table_version( namespace: str, key: str, version: str ) -> DecisionTable: """Returns a single DecisionTable object for the given namespace, key, and version.""" @@ -228,7 +257,7 @@ async def get_decision_tables_version( @app.get("/namespaces", response_model=list[str]) -def get_namespaces() -> list[str]: +def get_namespace_list() -> list[str]: namespaces = set() for objtype in r.types: for namespace in r.types[objtype].namespaces: @@ -237,13 +266,13 @@ def get_namespaces() -> list[str]: @app.get("/types", response_model=list[str]) -def get_types() -> list[str]: +def get_type_list() -> list[str]: """Returns a list of all object types in the registry.""" return sorted(list(r.types.keys())) @app.get("/namespaces/{type}", response_model=list[str]) -def get_types_namespaces(type: str) -> list[str]: +def get_namespace_list_for_type(type: str) -> list[str]: """Returns a list of all namespaces for a given object type in the registry.""" objtype = lookup_objtype(objtype=type, registry=r) _404_on_none(objtype) @@ -251,7 +280,7 @@ def get_types_namespaces(type: str) -> list[str]: @app.get("/keys/{type}/{namespace}", response_model=list[str]) -def get_keys(type: str, namespace: str) -> list[str]: +def get_key_list_for_namespace(type: str, namespace: str) -> list[str]: """Returns a list of all keys for a given object type and namespace in the registry.""" ns = lookup_namespace(objtype=type, namespace=namespace, registry=r) _404_on_none(ns) @@ -259,7 +288,7 @@ def get_keys(type: str, namespace: str) -> list[str]: @app.get("/versions/{type}/{namespace}/{key}", response_model=list[str]) -def get_versions(type: str, namespace: str, key: str) -> list[str]: +def get_version_list_for_key(type: str, namespace: str, key: str) -> list[str]: """Returns a list of all versions for a given object type, namespace, and key in the registry.""" k = lookup_key(objtype=type, namespace=namespace, key=key, registry=r) _404_on_none(k) diff --git a/src/ssvc/utils/api_helpers.py b/src/ssvc/utils/api_helpers.py new file mode 100644 index 00000000..3302b376 --- /dev/null +++ b/src/ssvc/utils/api_helpers.py @@ -0,0 +1,68 @@ +#!/usr/bin/env python +""" +file: api_helpers +author: adh +created_at: 8/20/25 3:22 PM +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from typing import Dict + +from pydantic import RootModel + +from ssvc.decision_points.base import DecisionPoint +from ssvc.decision_tables.base import DecisionTable + + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + + +def main(): + pass + + +if __name__ == "__main__": + main() + + +class DecisionPointDict(RootModel[Dict[str, DecisionPoint]]): + """A dictionary of DecisionPoint objects with keys as 'namespace:key:version'.""" + + +class DecisionTableDict(RootModel[Dict[str, DecisionTable]]): + """A dictionary of DecisionTable objects with keys as 'namespace:key:version'.""" From ef4a9b301cd3bcc95a4eb0897ff2f8c2768fd07a Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 20 Aug 2025 16:07:11 -0400 Subject: [PATCH 308/468] add lookup by id string --- src/ssvc/api.py | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/src/ssvc/api.py b/src/ssvc/api.py index 2c01085b..9786e027 100644 --- a/src/ssvc/api.py +++ b/src/ssvc/api.py @@ -55,6 +55,28 @@ def _404_on_none(obj: Any): raise HTTPException(status_code=404, detail=f"Item not found") +@app.get("/decision_point", response_model=DecisionPoint) +async def get_decision_point_by_id(id: str) -> DecisionPoint: + """Returns a single DecisionPoint object by its ID.""" + try: + (namespace, key, version) = id.split(":") + except ValueError: + raise HTTPException( + status_code=400, + detail="ID must be in the format 'namespace:key:version'", + ) + + version = lookup_version( + objtype="DecisionPoint", + namespace=namespace, + key=key, + version=version, + registry=r, + ) + _404_on_none(version) + return version.obj + + @app.get("/decision_points", response_model=DecisionPointDict) async def get_all_decision_points() -> DecisionPointDict: result = lookup_objtype(objtype="DecisionPoint", registry=r) @@ -164,6 +186,28 @@ async def get_decision_point_values( return list(dp.values) +@app.get("/decision_table", response_model=DecisionTable) +async def get_decision_table_by_id(id: str) -> DecisionTable: + """Returns a single DecisionTable object by its ID.""" + try: + (namespace, key, version) = id.split(":") + except ValueError: + raise HTTPException( + status_code=400, + detail="ID must be in the format 'namespace:key:version'", + ) + + version = lookup_version( + objtype="DecisionTable", + namespace=namespace, + key=key, + version=version, + registry=r, + ) + _404_on_none(version) + return version.obj + + @app.get("/decision_tables", response_model=DecisionTableDict) async def get_decision_tables() -> DecisionTableDict: # load registry and return decision tables @@ -293,3 +337,4 @@ def get_version_list_for_key(type: str, namespace: str, key: str) -> list[str]: k = lookup_key(objtype=type, namespace=namespace, key=key, registry=r) _404_on_none(k) return sorted(list(k.versions.keys())) + From 8a5788aa455426aab612e6ba801c40f1ff81bbf8 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 20 Aug 2025 16:23:32 -0400 Subject: [PATCH 309/468] move api.py to ssvc.api package --- Makefile | 2 +- docker/Dockerfile | 2 +- src/ssvc/api/__init__.py | 34 ++++++++++++++++++++++++++++++++ src/ssvc/{api.py => api/main.py} | 12 +++++++++-- 4 files changed, 46 insertions(+), 4 deletions(-) create mode 100644 src/ssvc/api/__init__.py rename src/ssvc/{api.py => api/main.py} (97%) diff --git a/Makefile b/Makefile index 046efc7c..a30b4f5f 100644 --- a/Makefile +++ b/Makefile @@ -42,7 +42,7 @@ api: $(DOCKER_COMPOSE) up api api_dev: - $(UV_RUN) uvicorn ssvc.api:app --reload + $(UV_RUN) uvicorn ssvc.api.main:app --reload up: @echo "Starting Docker services..." diff --git a/docker/Dockerfile b/docker/Dockerfile index d08bed5a..232732d5 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -27,4 +27,4 @@ FROM dependencies AS docs CMD ["uv", "run", "--project=/app/src", "mkdocs", "serve", "--dev-addr", "0.0.0.0:8000"] FROM dependencies AS registry_api -CMD ["uv", "run", "--project=/app/src", "uvicorn", "ssvc.api:app", "--host", "0.0.0.0", "--port", "8000"] \ No newline at end of file +CMD ["uv", "run", "--project=/app/src", "uvicorn", "ssvc.api.main:app", "--host", "0.0.0.0", "--port", "8000"] \ No newline at end of file diff --git a/src/ssvc/api/__init__.py b/src/ssvc/api/__init__.py new file mode 100644 index 00000000..4f8dbc82 --- /dev/null +++ b/src/ssvc/api/__init__.py @@ -0,0 +1,34 @@ +#!/usr/bin/env python +""" +file: __init__.py +author: adh +created_at: 8/20/25 4:20 PM +""" + + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + + +def main(): + pass + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/api.py b/src/ssvc/api/main.py similarity index 97% rename from src/ssvc/api.py rename to src/ssvc/api/main.py index 9786e027..aac428af 100644 --- a/src/ssvc/api.py +++ b/src/ssvc/api/main.py @@ -40,7 +40,16 @@ ) from ssvc.utils.api_helpers import DecisionPointDict, DecisionTableDict -app = FastAPI() +app = FastAPI( + title="SSVC Object Registry API", + description="An API for accessing SSVC decision points and decision tables.", + version="0.1.0", + contact={ + "name": "CERT/CC SSVC Team", + "url": "https://certcc.github.io/SSVC/", + "email": "cert@cert.org", + }, +) r = get_registry() @@ -337,4 +346,3 @@ def get_version_list_for_key(type: str, namespace: str, key: str) -> list[str]: k = lookup_key(objtype=type, namespace=namespace, key=key, registry=r) _404_on_none(k) return sorted(list(k.versions.keys())) - From 9db3aa610e2fb52558f436bc368c830b703ba6ad Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli Date: Wed, 20 Aug 2025 15:46:08 -0400 Subject: [PATCH 310/468] Removed old namespace test and link to abnf file in data folder --- data/abnf/ssvc_namespace_pattern.abnf | 1 + docs/reference/code/namespaces.md | 2 +- src/test/test_mixins.py | 13 ------------- 3 files changed, 2 insertions(+), 14 deletions(-) create mode 120000 data/abnf/ssvc_namespace_pattern.abnf diff --git a/data/abnf/ssvc_namespace_pattern.abnf b/data/abnf/ssvc_namespace_pattern.abnf new file mode 120000 index 00000000..460bbb0c --- /dev/null +++ b/data/abnf/ssvc_namespace_pattern.abnf @@ -0,0 +1 @@ +../../src/ssvc/utils/ssvc_namespace_pattern.abnf \ No newline at end of file diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index ceceb045..87397326 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -366,7 +366,7 @@ segment of the extension. The following technical requirements are enforced for SSVC namespaces, based on the implementation in `src/ssvc/namespaces.py` and the ABNF specification in -[src/ssvc/utils/ssvc_namespace_pattern.abnf](../../../src/ssvc/utils/ssvc_namespace_pattern.abnf): +[data/abnf/ssvc_namespace_pattern.abnf](../../../data/abnf/ssvc_namespace_pattern.abnf): - Namespaces must be between 3 and 1000 characters long. diff --git a/src/test/test_mixins.py b/src/test/test_mixins.py index 23b94a3c..e6db69fc 100644 --- a/src/test/test_mixins.py +++ b/src/test/test_mixins.py @@ -98,19 +98,6 @@ def test_namespaced_create_errors(self): with self.assertRaises(ValidationError): _Namespaced(namespace="x_") - # error if namespace starts with x_ but is too long - for i in range(MAX_NS_LENGTH + 50): - shortest = "x_aaa" - ns = shortest + "a" * i - with self.subTest(ns=ns): - # length limit set in the NS_PATTERN regex - if len(ns) <= MAX_NS_LENGTH: - # expect success on shorter than limit - _Namespaced(namespace=ns) - else: - # expect failure on longer than limit - with self.assertRaises(ValidationError): - _Namespaced(namespace=ns) def test_namespaced_create(self): # use the official namespace values From 8feaa47116f6a97c03cae416bb7ba7324bdb28a0 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 20 Aug 2025 16:44:22 -0400 Subject: [PATCH 311/468] refactor api into routers --- src/ssvc/api/__init__.py | 16 +- src/ssvc/api/helpers.py | 62 ++++++ src/ssvc/api/main.py | 273 ++---------------------- src/ssvc/api/routers/__init__.py | 20 ++ src/ssvc/api/routers/decision_point.py | 67 ++++++ src/ssvc/api/routers/decision_points.py | 144 +++++++++++++ src/ssvc/api/routers/decision_table.py | 51 +++++ src/ssvc/api/routers/decision_tables.py | 127 +++++++++++ 8 files changed, 484 insertions(+), 276 deletions(-) create mode 100644 src/ssvc/api/helpers.py create mode 100644 src/ssvc/api/routers/__init__.py create mode 100644 src/ssvc/api/routers/decision_point.py create mode 100644 src/ssvc/api/routers/decision_points.py create mode 100644 src/ssvc/api/routers/decision_table.py create mode 100644 src/ssvc/api/routers/decision_tables.py diff --git a/src/ssvc/api/__init__.py b/src/ssvc/api/__init__.py index 4f8dbc82..bf6fa6cc 100644 --- a/src/ssvc/api/__init__.py +++ b/src/ssvc/api/__init__.py @@ -1,11 +1,3 @@ -#!/usr/bin/env python -""" -file: __init__.py -author: adh -created_at: 8/20/25 4:20 PM -""" - - # Copyright (c) 2025 Carnegie Mellon University. # NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE # ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. @@ -25,10 +17,4 @@ # subject to its own license. # DM24-0278 - -def main(): - pass - - -if __name__ == "__main__": - main() +"""SSVC API module.""" diff --git a/src/ssvc/api/helpers.py b/src/ssvc/api/helpers.py new file mode 100644 index 00000000..7e319d50 --- /dev/null +++ b/src/ssvc/api/helpers.py @@ -0,0 +1,62 @@ +#!/usr/bin/env python +""" +file: helpers +author: adh +created_at: 8/20/25 4:35 PM +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from typing import Any + +from fastapi import HTTPException + + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + + +def main(): + pass + + +if __name__ == "__main__": + main() + + +def _404_on_none(obj: Any): + if obj is None: + raise HTTPException(status_code=404, detail=f"Item not found") diff --git a/src/ssvc/api/main.py b/src/ssvc/api/main.py index aac428af..f4518785 100644 --- a/src/ssvc/api/main.py +++ b/src/ssvc/api/main.py @@ -23,22 +23,21 @@ # subject to its own license. # DM24-0278 -from typing import Any - -from fastapi import FastAPI, HTTPException +from fastapi import FastAPI import ssvc # noqa: F401 -from ssvc.decision_points.base import DecisionPoint, DecisionPointValue -from ssvc.decision_tables.base import DecisionTable -from ssvc.registry import get_registry +from ssvc.api.helpers import _404_on_none +from ssvc.api.routers import ( + decision_point, + decision_points, + decision_table, + decision_tables, +) from ssvc.registry.base import ( lookup_key, - lookup_latest, lookup_namespace, lookup_objtype, - lookup_version, ) -from ssvc.utils.api_helpers import DecisionPointDict, DecisionTableDict app = FastAPI( title="SSVC Object Registry API", @@ -50,8 +49,10 @@ "email": "cert@cert.org", }, ) - -r = get_registry() +app.include_router(decision_point.router) +app.include_router(decision_points.router) +app.include_router(decision_table.router) +app.include_router(decision_tables.router) @app.get("/") @@ -59,256 +60,6 @@ def read_root(): return {"Hello": "SSVC World"} -def _404_on_none(obj: Any): - if obj is None: - raise HTTPException(status_code=404, detail=f"Item not found") - - -@app.get("/decision_point", response_model=DecisionPoint) -async def get_decision_point_by_id(id: str) -> DecisionPoint: - """Returns a single DecisionPoint object by its ID.""" - try: - (namespace, key, version) = id.split(":") - except ValueError: - raise HTTPException( - status_code=400, - detail="ID must be in the format 'namespace:key:version'", - ) - - version = lookup_version( - objtype="DecisionPoint", - namespace=namespace, - key=key, - version=version, - registry=r, - ) - _404_on_none(version) - return version.obj - - -@app.get("/decision_points", response_model=DecisionPointDict) -async def get_all_decision_points() -> DecisionPointDict: - result = lookup_objtype(objtype="DecisionPoint", registry=r) - _404_on_none(result) - - objs = {} - # result has namespaces, namespaces have keys, keys have versions. - for ns in result.namespaces: - for k in result.namespaces[ns].keys: - for ver in result.namespaces[ns].keys[k].versions: - obj = result.namespaces[ns].keys[k].versions[ver].obj - objs[obj.id] = obj - return DecisionPointDict(**objs) - - -@app.get("/decision_points/{namespace}", response_model=DecisionPointDict) -async def get_all_decision_points_for_namespace( - namespace: str, -) -> DecisionPointDict: - result = lookup_namespace( - objtype="DecisionPoint", namespace=namespace, registry=r - ) - _404_on_none(result) - - objs = {} - # result has keys, keys have versions, versions have objs. - for k in result.keys: - for ver in result.keys[k].versions: - obj = result.keys[k].versions[ver].obj - objs[obj.id] = obj - return DecisionPointDict(**objs) - - -@app.get( - "/decision_points/{namespace}/{key}", response_model=DecisionPointDict -) -async def get_all_versions_of_decision_points_for_key( - namespace: str, key: str -) -> DecisionPointDict: - """Returns a dictionary of DecisionPoint objects for the given namespace and key. - Dictionary keys are namespace:key:version.""" - result = lookup_key( - objtype="DecisionPoint", namespace=namespace, key=key, registry=r - ) - _404_on_none(result) - # result obj has versions. - objs = {} - for ver in result.versions: - obj = result.versions[ver].obj - objs[obj.id] = obj - return DecisionPointDict(**objs) - - -@app.get( - "/decision_points/{namespace}/{key}/latest", - response_model=DecisionPoint, -) -async def get_latest_decision_point_for_key( - namespace: str, key: str -) -> DecisionPoint: - """Returns the latest DecisionPoint object for the given namespace and key.""" - result = lookup_latest( - objtype="DecisionPoint", namespace=namespace, key=key, registry=r - ) - _404_on_none(result) - dp = result - return dp - - -@app.get( - "/decision_points/{namespace}/{key}/{version}", - response_model=DecisionPoint, -) -async def get_decision_point_version( - namespace: str, key: str, version: str -) -> DecisionPoint: - """Returns a single DecisionPoint object for the given namespace, key, and version.""" - result = lookup_version( - objtype="DecisionPoint", - namespace=namespace, - key=key, - version=version, - registry=r, - ) - _404_on_none(result) - dp = result.obj - return dp - - -@app.get( - "/decision_points/{namespace}/{key}/{version}/values", - response_model=list[DecisionPointValue], -) -async def get_decision_point_values( - namespace: str, key: str, version: str -) -> DecisionPoint: - """Returns the values of a single DecisionPoint object for the given namespace, key, and version.""" - result = lookup_version( - objtype="DecisionPoint", - namespace=namespace, - key=key, - version=version, - registry=r, - ) - _404_on_none(result) - dp = result.obj - return list(dp.values) - - -@app.get("/decision_table", response_model=DecisionTable) -async def get_decision_table_by_id(id: str) -> DecisionTable: - """Returns a single DecisionTable object by its ID.""" - try: - (namespace, key, version) = id.split(":") - except ValueError: - raise HTTPException( - status_code=400, - detail="ID must be in the format 'namespace:key:version'", - ) - - version = lookup_version( - objtype="DecisionTable", - namespace=namespace, - key=key, - version=version, - registry=r, - ) - _404_on_none(version) - return version.obj - - -@app.get("/decision_tables", response_model=DecisionTableDict) -async def get_decision_tables() -> DecisionTableDict: - # load registry and return decision tables - result = lookup_objtype(objtype="DecisionTable", registry=r) - _404_on_none(result) - # result obj has namespaces, namespaces have keys, keys have versions. - objs = {} - for ns in result.namespaces: - for k in result.namespaces[ns].keys: - for ver in result.namespaces[ns].keys[k].versions: - obj = result.namespaces[ns].keys[k].versions[ver].obj - objs[obj.id] = obj - return DecisionTableDict(**objs) - - -@app.get("/decision_tables/{namespace}", response_model=DecisionTableDict) -async def get_decision_tables_for_namespace( - namespace: str, -) -> DecisionTableDict: - - ns_obj = lookup_namespace( - objtype="DecisionTable", namespace=namespace, registry=r - ) - _404_on_none(ns_obj) - # namespace obj has keys, keys have versions. - objs = {} - for k in ns_obj.keys.keys(): - for ver in ns_obj.keys[k].versions.keys(): - obj = ns_obj.keys[k].versions[ver].obj - objs[obj.id] = obj - return DecisionTableDict(**objs) - - -@app.get( - "/decision_tables/{namespace}/{key}", response_model=DecisionTableDict -) -async def get_decision_tables_for_key( - namespace: str, key: str -) -> DecisionTableDict: - """Returns a dictionary of DecisionTable objects for the given namespace and key. - Dictionary keys are version strings.""" - results = lookup_key( - objtype="DecisionTable", namespace=namespace, key=key, registry=r - ) - _404_on_none(results) - - objs = {} - # results is a DecisionTableKey object with versions. - # versions is a dict of version strings to DecisionTableVersion objects. - # DecisionTableVersion objects have an obj attribute which is the DecisionTable. - for ver in results.versions.values(): - obj = ver.obj - objs[obj.id] = obj - return DecisionTableDict(**objs) - - -@app.get( - "/decision_tables/{namespace}/{key}/latest", - response_model=DecisionTable, -) -async def get_latest_decision_table_for_key( - namespace: str, key: str -) -> DecisionTable: - """Returns the latest DecisionPoint object for the given namespace and key.""" - result = lookup_latest( - objtype="DecisionTable", namespace=namespace, key=key, registry=r - ) - _404_on_none(result) - dt = result - return dt - - -@app.get( - "/decision_tables/{namespace}/{key}/{version}", - response_model=DecisionTable, -) -async def get_decision_table_version( - namespace: str, key: str, version: str -) -> DecisionTable: - """Returns a single DecisionTable object for the given namespace, key, and version.""" - dt_version = lookup_version( - objtype="DecisionTable", - namespace=namespace, - key=key, - version=version, - registry=r, - ) - _404_on_none(dt_version) - dt = dt_version.obj - return dt - - @app.get("/namespaces", response_model=list[str]) def get_namespace_list() -> list[str]: namespaces = set() diff --git a/src/ssvc/api/routers/__init__.py b/src/ssvc/api/routers/__init__.py new file mode 100644 index 00000000..e490931b --- /dev/null +++ b/src/ssvc/api/routers/__init__.py @@ -0,0 +1,20 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +"""SSVC API Routes""" diff --git a/src/ssvc/api/routers/decision_point.py b/src/ssvc/api/routers/decision_point.py new file mode 100644 index 00000000..87923887 --- /dev/null +++ b/src/ssvc/api/routers/decision_point.py @@ -0,0 +1,67 @@ +#!/usr/bin/env python +""" +API Routes for decision_point +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from fastapi import HTTPException + +from ssvc.api.helpers import _404_on_none +from ssvc.decision_points.base import DecisionPoint +from ssvc.registry.base import get_registry +from ssvc.registry.base import lookup_version + +r = get_registry() + +from fastapi import APIRouter + + +router = APIRouter(prefix="/decision_point", tags=["Decision Point"]) + + +@router.get("/", response_model=DecisionPoint) +async def get_decision_point_by_id(id: str) -> DecisionPoint: + """Returns a single DecisionPoint object by its ID.""" + try: + (namespace, key, version) = id.split(":") + except ValueError: + raise HTTPException( + status_code=400, + detail="ID must be in the format 'namespace:key:version'", + ) + + version = lookup_version( + objtype="DecisionPoint", + namespace=namespace, + key=key, + version=version, + registry=r, + ) + _404_on_none(version) + return version.obj + + +def main(): + pass + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/api/routers/decision_points.py b/src/ssvc/api/routers/decision_points.py new file mode 100644 index 00000000..4df1d61e --- /dev/null +++ b/src/ssvc/api/routers/decision_points.py @@ -0,0 +1,144 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +"""Decision Points API Router.""" +from fastapi import APIRouter + +from ssvc.api.helpers import _404_on_none +from ssvc.decision_points.base import DecisionPoint, DecisionPointValue +from ssvc.registry.base import get_registry +from ssvc.registry.base import ( + lookup_key, + lookup_latest, + lookup_namespace, + lookup_objtype, + lookup_version, +) +from ssvc.utils.api_helpers import DecisionPointDict + +r = get_registry() + +router = APIRouter(prefix="/decision_points", tags=["Decision Points"]) + + +@router.get("/", response_model=DecisionPointDict) +async def get_all_decision_points() -> DecisionPointDict: + result = lookup_objtype(objtype="DecisionPoint", registry=r) + _404_on_none(result) + + objs = {} + # result has namespaces, namespaces have keys, keys have versions. + for ns in result.namespaces: + for k in result.namespaces[ns].keys: + for ver in result.namespaces[ns].keys[k].versions: + obj = result.namespaces[ns].keys[k].versions[ver].obj + objs[obj.id] = obj + return DecisionPointDict(**objs) + + +@router.get("/{namespace}", response_model=DecisionPointDict) +async def get_all_decision_points_for_namespace( + namespace: str, +) -> DecisionPointDict: + result = lookup_namespace( + objtype="DecisionPoint", namespace=namespace, registry=r + ) + _404_on_none(result) + + objs = {} + # result has keys, keys have versions, versions have objs. + for k in result.keys: + for ver in result.keys[k].versions: + obj = result.keys[k].versions[ver].obj + objs[obj.id] = obj + return DecisionPointDict(**objs) + + +@router.get("/{namespace}/{key}", response_model=DecisionPointDict) +async def get_all_versions_of_decision_points_for_key( + namespace: str, key: str +) -> DecisionPointDict: + """Returns a dictionary of DecisionPoint objects for the given namespace and key. + Dictionary keys are namespace:key:version.""" + result = lookup_key( + objtype="DecisionPoint", namespace=namespace, key=key, registry=r + ) + _404_on_none(result) + # result obj has versions. + objs = {} + for ver in result.versions: + obj = result.versions[ver].obj + objs[obj.id] = obj + return DecisionPointDict(**objs) + + +@router.get( + "/{namespace}/{key}/latest", + response_model=DecisionPoint, +) +async def get_latest_decision_point_for_key( + namespace: str, key: str +) -> DecisionPoint: + """Returns the latest DecisionPoint object for the given namespace and key.""" + result = lookup_latest( + objtype="DecisionPoint", namespace=namespace, key=key, registry=r + ) + _404_on_none(result) + dp = result + return dp + + +@router.get( + "/decision_points/{namespace}/{key}/{version}", + response_model=DecisionPoint, +) +async def get_decision_point_version( + namespace: str, key: str, version: str +) -> DecisionPoint: + """Returns a single DecisionPoint object for the given namespace, key, and version.""" + result = lookup_version( + objtype="DecisionPoint", + namespace=namespace, + key=key, + version=version, + registry=r, + ) + _404_on_none(result) + dp = result.obj + return dp + + +@router.get( + "/decision_points/{namespace}/{key}/{version}/values", + response_model=list[DecisionPointValue], +) +async def get_decision_point_values( + namespace: str, key: str, version: str +) -> DecisionPoint: + """Returns the values of a single DecisionPoint object for the given namespace, key, and version.""" + result = lookup_version( + objtype="DecisionPoint", + namespace=namespace, + key=key, + version=version, + registry=r, + ) + _404_on_none(result) + dp = result.obj + return list(dp.values) diff --git a/src/ssvc/api/routers/decision_table.py b/src/ssvc/api/routers/decision_table.py new file mode 100644 index 00000000..7f3d7044 --- /dev/null +++ b/src/ssvc/api/routers/decision_table.py @@ -0,0 +1,51 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +"""Decision Table API Router.""" +from fastapi import APIRouter, HTTPException + +from ssvc.api.helpers import _404_on_none +from ssvc.decision_tables.base import DecisionTable +from ssvc.registry.base import get_registry +from ssvc.registry.base import lookup_version + +r = get_registry() +router = APIRouter(prefix="/decision_table", tags=["Decision Table"]) + + +@router.get("/", response_model=DecisionTable) +async def get_decision_table_by_id(id: str) -> DecisionTable: + """Returns a single DecisionTable object by its ID.""" + try: + (namespace, key, version) = id.split(":") + except ValueError: + raise HTTPException( + status_code=400, + detail="ID must be in the format 'namespace:key:version'", + ) + + version = lookup_version( + objtype="DecisionTable", + namespace=namespace, + key=key, + version=version, + registry=r, + ) + _404_on_none(version) + return version.obj diff --git a/src/ssvc/api/routers/decision_tables.py b/src/ssvc/api/routers/decision_tables.py new file mode 100644 index 00000000..e8e4b48b --- /dev/null +++ b/src/ssvc/api/routers/decision_tables.py @@ -0,0 +1,127 @@ +"""Decision Tables API Router.""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from fastapi import APIRouter + +from ssvc.api.helpers import _404_on_none +from ssvc.decision_tables.base import DecisionTable +from ssvc.registry.base import get_registry +from ssvc.registry.base import ( + lookup_key, + lookup_latest, + lookup_namespace, + lookup_objtype, + lookup_version, +) +from ssvc.utils.api_helpers import DecisionTableDict + +r = get_registry() +router = APIRouter(prefix="/decision_tables", tags=["Decision Tables"]) + + +@router.get("/", response_model=DecisionTableDict) +async def get_decision_tables() -> DecisionTableDict: + # load registry and return decision tables + result = lookup_objtype(objtype="DecisionTable", registry=r) + _404_on_none(result) + # result obj has namespaces, namespaces have keys, keys have versions. + objs = {} + for ns in result.namespaces: + for k in result.namespaces[ns].keys: + for ver in result.namespaces[ns].keys[k].versions: + obj = result.namespaces[ns].keys[k].versions[ver].obj + objs[obj.id] = obj + return DecisionTableDict(**objs) + + +@router.get("/{namespace}", response_model=DecisionTableDict) +async def get_decision_tables_for_namespace( + namespace: str, +) -> DecisionTableDict: + + ns_obj = lookup_namespace( + objtype="DecisionTable", namespace=namespace, registry=r + ) + _404_on_none(ns_obj) + # namespace obj has keys, keys have versions. + objs = {} + for k in ns_obj.keys.keys(): + for ver in ns_obj.keys[k].versions.keys(): + obj = ns_obj.keys[k].versions[ver].obj + objs[obj.id] = obj + return DecisionTableDict(**objs) + + +@router.get("/{namespace}/{key}", response_model=DecisionTableDict) +async def get_decision_tables_for_key( + namespace: str, key: str +) -> DecisionTableDict: + """Returns a dictionary of DecisionTable objects for the given namespace and key. + Dictionary keys are version strings.""" + results = lookup_key( + objtype="DecisionTable", namespace=namespace, key=key, registry=r + ) + _404_on_none(results) + + objs = {} + # results is a DecisionTableKey object with versions. + # versions is a dict of version strings to DecisionTableVersion objects. + # DecisionTableVersion objects have an obj attribute which is the DecisionTable. + for ver in results.versions.values(): + obj = ver.obj + objs[obj.id] = obj + return DecisionTableDict(**objs) + + +@router.get( + "/{namespace}/{key}/latest", + response_model=DecisionTable, +) +async def get_latest_decision_table_for_key( + namespace: str, key: str +) -> DecisionTable: + """Returns the latest DecisionPoint object for the given namespace and key.""" + result = lookup_latest( + objtype="DecisionTable", namespace=namespace, key=key, registry=r + ) + _404_on_none(result) + dt = result + return dt + + +@router.get( + "/{namespace}/{key}/{version}", + response_model=DecisionTable, +) +async def get_decision_table_version( + namespace: str, key: str, version: str +) -> DecisionTable: + """Returns a single DecisionTable object for the given namespace, key, and version.""" + dt_version = lookup_version( + objtype="DecisionTable", + namespace=namespace, + key=key, + version=version, + registry=r, + ) + _404_on_none(dt_version) + dt = dt_version.obj + return dt From 58814ad916cd9a8acb03b10721a9ff38f3a9bf46 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 20 Aug 2025 16:49:56 -0400 Subject: [PATCH 312/468] cleanup --- src/ssvc/api/main.py | 8 +++----- src/ssvc/api/routers/decision_points.py | 6 +++--- src/ssvc/api/routers/decision_tables.py | 6 +++--- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/src/ssvc/api/main.py b/src/ssvc/api/main.py index f4518785..573511eb 100644 --- a/src/ssvc/api/main.py +++ b/src/ssvc/api/main.py @@ -34,11 +34,14 @@ decision_tables, ) from ssvc.registry.base import ( + get_registry, lookup_key, lookup_namespace, lookup_objtype, ) +r = get_registry() + app = FastAPI( title="SSVC Object Registry API", description="An API for accessing SSVC decision points and decision tables.", @@ -55,11 +58,6 @@ app.include_router(decision_tables.router) -@app.get("/") -def read_root(): - return {"Hello": "SSVC World"} - - @app.get("/namespaces", response_model=list[str]) def get_namespace_list() -> list[str]: namespaces = set() diff --git a/src/ssvc/api/routers/decision_points.py b/src/ssvc/api/routers/decision_points.py index 4df1d61e..72e8ee68 100644 --- a/src/ssvc/api/routers/decision_points.py +++ b/src/ssvc/api/routers/decision_points.py @@ -49,7 +49,7 @@ async def get_all_decision_points() -> DecisionPointDict: for ver in result.namespaces[ns].keys[k].versions: obj = result.namespaces[ns].keys[k].versions[ver].obj objs[obj.id] = obj - return DecisionPointDict(**objs) + return objs @router.get("/{namespace}", response_model=DecisionPointDict) @@ -67,7 +67,7 @@ async def get_all_decision_points_for_namespace( for ver in result.keys[k].versions: obj = result.keys[k].versions[ver].obj objs[obj.id] = obj - return DecisionPointDict(**objs) + return objs @router.get("/{namespace}/{key}", response_model=DecisionPointDict) @@ -85,7 +85,7 @@ async def get_all_versions_of_decision_points_for_key( for ver in result.versions: obj = result.versions[ver].obj objs[obj.id] = obj - return DecisionPointDict(**objs) + return objs @router.get( diff --git a/src/ssvc/api/routers/decision_tables.py b/src/ssvc/api/routers/decision_tables.py index e8e4b48b..a88f6a1f 100644 --- a/src/ssvc/api/routers/decision_tables.py +++ b/src/ssvc/api/routers/decision_tables.py @@ -49,7 +49,7 @@ async def get_decision_tables() -> DecisionTableDict: for ver in result.namespaces[ns].keys[k].versions: obj = result.namespaces[ns].keys[k].versions[ver].obj objs[obj.id] = obj - return DecisionTableDict(**objs) + return objs @router.get("/{namespace}", response_model=DecisionTableDict) @@ -67,7 +67,7 @@ async def get_decision_tables_for_namespace( for ver in ns_obj.keys[k].versions.keys(): obj = ns_obj.keys[k].versions[ver].obj objs[obj.id] = obj - return DecisionTableDict(**objs) + return objs @router.get("/{namespace}/{key}", response_model=DecisionTableDict) @@ -88,7 +88,7 @@ async def get_decision_tables_for_key( for ver in results.versions.values(): obj = ver.obj objs[obj.id] = obj - return DecisionTableDict(**objs) + return objs @router.get( From e3b806dd41de505b09a137f285d54ba7747e5b80 Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli Date: Wed, 20 Aug 2025 17:01:40 -0400 Subject: [PATCH 313/468] Distinguish resource from references in Selections #833 --- src/ssvc/selection.py | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 7aeaac09..b7a36798 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -201,10 +201,10 @@ class SelectionList(_Timestamped, BaseModel): Optional fields include - `target_ids`: If present, a non-empty list of identifiers for the item or items being evaluated. - - `resources`: If present, a non-empty list of references to resources that provide additional context about the decision points + - `decision_point_resources`: If present, a non-empty list of resources that provide information related to the decision points found in this selection. Resources point to documentation, JSON files, or other relevant information that describe what the decision points are and how they should be interpreted. - - `references`: If present, a non-empty list of references to resources that provide additional context about the specific values selected. + - `references`: If present, a non-empty list of resources that provide additional context about the specific values selected. References point to reports, advisories, or other relevant information that describe why the selected values were chosen. """ @@ -237,10 +237,10 @@ class SelectionList(_Timestamped, BaseModel): description="Timestamp of the selections, in RFC 3339 format.", examples=["2025-01-01T12:00:00Z", "2025-01-02T15:30:45-04:00"], ) - resources: list[Reference] = Field( + decision_point_resources: list[Reference] = Field( default_factory=list, min_length=1, - description="A list of references to resources that provide additional context about the decision points found in this selection.", + description="A list of resources that provide additional context about the decision points found in this selection.", examples=[ [ { @@ -252,8 +252,8 @@ class SelectionList(_Timestamped, BaseModel): "summary": "JSON representation of decision point 2", }, { - "uri": "https://test.example/ssvc/x_example.test#test/decision_points.json", - "summary": "A JSON file containing extension decision points in the x_example.test#test namespace", + "uri": "https://example.com/ssvc/x_com.example/decision_points.json", + "summary": "A JSON file containing extension decision points in the x_com.example namespace", }, ], ], @@ -261,7 +261,7 @@ class SelectionList(_Timestamped, BaseModel): references: list[Reference] = Field( default_factory=list, min_length=1, - description="A list of references to resources that provide additional context about the specific values selected.", + description="A list of references that provide additional context about the specific values selected.", examples=[ [ { @@ -329,7 +329,7 @@ def model_json_schema(cls, **kwargs): "name", "description", "target_ids", - "resources", + "decision_point_resources", "references", ] @@ -377,7 +377,7 @@ def main() -> None: references=[ Reference( uri="https://example.com/report", - description="A report on which the selections were based", + summary="A report on which the selections were based", ) ], ) From 646b947969e8336159fcf0a96c50ea1612cb5413 Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli Date: Wed, 20 Aug 2025 17:07:43 -0400 Subject: [PATCH 314/468] Updated tests and selections schema --- .../Decision_Point_Value_Selection-2-0-0.schema.json | 12 ++++++------ src/test/test_selections.py | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index e91cbc38..685bbd8e 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -74,8 +74,8 @@ "examples": [ "ssvc", "cisa", - "x_com.example//com.example#private", - "ssvc/de-DE/example.organization#reference-arch-1" + "x_example.test#test//.example.test#private-extension", + "ssvc/de-DE/.example.organization#reference-arch-1" ], "maxLength": 1000, "minLength": 3, @@ -202,9 +202,9 @@ "minItems": 1, "type": "array" }, - "resources": { - "title": "Resources", - "description": "A list of references to resources that provide additional context about the decision points found in this selection.", + "decision_point_resources": { + "title": "Decision Point Resources", + "description": "A list of resources that provide additional context about the decision points found in this selection.", "examples": [ [ { @@ -229,7 +229,7 @@ }, "references": { "title": "References", - "description": "A list of references to resources that provide additional context about the specific values selected.", + "description": "A list of references that provide additional context about the specific values selected.", "examples": [ [ { diff --git a/src/test/test_selections.py b/src/test/test_selections.py index 6c9c3c34..429413cc 100644 --- a/src/test/test_selections.py +++ b/src/test/test_selections.py @@ -306,13 +306,13 @@ def test_selection_list_optional_fields(self): selections=[self.s1, self.s2], timestamp=datetime.now(), target_ids=["CVE-1900-0001"], - resources=[ref], + decision_point_resources=[ref], references=[ref], ) - self.assertEqual(len(sel_list.resources), 1) + self.assertEqual(len(sel_list.decision_point_resources), 1) self.assertEqual(len(sel_list.references), 1) - self.assertEqual(sel_list.resources[0].uri, ref.uri) + self.assertEqual(sel_list.decision_point_resources[0].uri, ref.uri) def test_model_json_schema_customization(self): """Test that JSON schema is properly customized.""" @@ -334,7 +334,7 @@ def test_model_json_schema_customization(self): "name", "description", "target_ids", - "resources", + "decision_point_resources", "references", ] for field in optional_fields: From c0f1bc971a64735475f1bc52f2191d2424df23ef Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 21 Aug 2025 10:00:20 -0400 Subject: [PATCH 315/468] since we decided to make `test` an officially registered namespace, we don't need the `x_example.test#test` namespace in our test cases anymore. --- src/test/decision_points/test_dp_base.py | 6 ++--- src/test/decision_points/test_dp_helpers.py | 2 +- src/test/decision_tables/test_base.py | 14 +++++------ src/test/dp_groups/test_dp_groups.py | 2 +- src/test/outcomes/test_outcomes.py | 2 +- src/test/registry/test_base.py | 28 ++++++++++----------- src/test/test_doc_helpers.py | 2 +- src/test/test_policy_generator.py | 4 +-- src/test/test_selections.py | 12 ++++----- src/test/utils/test_toposort.py | 4 +-- 10 files changed, 38 insertions(+), 38 deletions(-) diff --git a/src/test/decision_points/test_dp_base.py b/src/test/decision_points/test_dp_base.py index 99881127..20807d60 100644 --- a/src/test/decision_points/test_dp_base.py +++ b/src/test/decision_points/test_dp_base.py @@ -51,7 +51,7 @@ def setUp(self) -> None: key="bar", description="baz", version="1.0.0", - namespace="x_example.test#test", + namespace="test", values=tuple(self.values), ) @@ -85,7 +85,7 @@ def test_registry(self): key="asdfasdf", description="asdfasdf", version="1.33.1", - namespace="x_example.test#test", + namespace="test", values=tuple(self.values), ) @@ -117,7 +117,7 @@ def test_ssvc_decision_point(self): self.assertEqual(obj.key, "bar") self.assertEqual(obj.description, "baz") self.assertEqual(obj.version, "1.0.0") - self.assertEqual(obj.namespace, "x_example.test#test") + self.assertEqual(obj.namespace, "test") self.assertEqual(len(self.values), len(obj.values)) def test_ssvc_value_json_roundtrip(self): diff --git a/src/test/decision_points/test_dp_helpers.py b/src/test/decision_points/test_dp_helpers.py index 71744b7e..40b47276 100644 --- a/src/test/decision_points/test_dp_helpers.py +++ b/src/test/decision_points/test_dp_helpers.py @@ -31,7 +31,7 @@ def setUp(self) -> None: key="test_dp", description="This is a test decision point", version="1.0.0", - namespace="x_example.test#test", + namespace="test", values=( DecisionPointValue( name="Yes", diff --git a/src/test/decision_tables/test_base.py b/src/test/decision_tables/test_base.py index 5a93f0eb..d52172cb 100644 --- a/src/test/decision_tables/test_base.py +++ b/src/test/decision_tables/test_base.py @@ -67,7 +67,7 @@ def setUp(self): name="dp1", description="description for dp1", version="1.0.0", - namespace="x_example.test#test", + namespace="test", key="dp1", values=(self.dp1v1, self.dp1v2), ) @@ -75,7 +75,7 @@ def setUp(self): name="dp2", description="description for dp2", version="1.0.0", - namespace="x_example.test#test", + namespace="test", key="dp2", values=(self.dp2v1, self.dp2v2, self.dp2v3, self.dp2v4), ) @@ -94,7 +94,7 @@ def setUp(self): name="outcome", description="description for outcome", version="1.0.0", - namespace="x_example.test#test", + namespace="test", key="outcome", values=(self.ogv1, self.ogv2, self.ogv3), ) @@ -104,7 +104,7 @@ def setUp(self): self.dt = DecisionTable( key="TEST", - namespace="x_example.test#test", + namespace="test", name="Test Table", description="Describes the test table", decision_points=self.dpdict, @@ -357,13 +357,13 @@ def test_single_dp_dt(self): name="dp_in", description="A single decision point", version="1.0.0", - namespace="x_example.test#test", + namespace="test", key="dp", values=(self.dp1v1, self.dp1v2), registered=False, ) dp_out = DecisionPoint( - namespace="x_example.test#test", + namespace="test", key="outcome", name="Outcome", description="Outcome for single DP test", @@ -374,7 +374,7 @@ def test_single_dp_dt(self): single_dt = DecisionTable( key="SINGLE_TEST", - namespace="x_example.test#test", + namespace="test", name="Single DP Test Table", description="Describes the single DP test table", decision_points={dp.id: dp for dp in [dp_in, dp_out]}, diff --git a/src/test/dp_groups/test_dp_groups.py b/src/test/dp_groups/test_dp_groups.py index 01916983..0894609e 100644 --- a/src/test/dp_groups/test_dp_groups.py +++ b/src/test/dp_groups/test_dp_groups.py @@ -31,7 +31,7 @@ def setUp(self) -> None: dp = ssvc.decision_points.ssvc.base.DecisionPoint( name=f"Decision Point {i}", key=f"DP_{i}", - namespace="x_example.test#test", + namespace="test", description=f"Description of Decision Point {i}", version="1.0.0", values=( diff --git a/src/test/outcomes/test_outcomes.py b/src/test/outcomes/test_outcomes.py index 07bfe0f3..ee58e507 100644 --- a/src/test/outcomes/test_outcomes.py +++ b/src/test/outcomes/test_outcomes.py @@ -41,7 +41,7 @@ def test_outcome_group(self): name="Outcome Group", key="OGX", description="an outcome group", - namespace="x_example.test#test", + namespace="test", values=tuple(values), ) diff --git a/src/test/registry/test_base.py b/src/test/registry/test_base.py index 3098ae05..793a99fa 100644 --- a/src/test/registry/test_base.py +++ b/src/test/registry/test_base.py @@ -72,7 +72,7 @@ class Dummy: obj = DecisionPoint( name="TestDP", description="A test decision point", - namespace="x_example.test#test", + namespace="test", key="TEST", values=[ DecisionPointValue( @@ -92,7 +92,7 @@ class DpSubclass(DecisionPoint): obj2 = DpSubclass( name="TestDP2", description="Another test decision point", - namespace="x_example.test#test", + namespace="test", key="TEST2", values=[ DecisionPointValue( @@ -115,7 +115,7 @@ def test_valued_version(self): dp = DecisionPoint( name="TestDP", description="A test decision point", - namespace="x_example.test#test", + namespace="test", version="2.0.0", key="TEST", values=[ @@ -138,7 +138,7 @@ def test_nonvalued_version(self): # test with a known type dp1 = DecisionPoint( - namespace="x_example.test#test", + namespace="test", key="TEST", version="2.0.0", name="TestDP", @@ -163,7 +163,7 @@ def test_nonvalued_version(self): registered=False, ) dp2 = DecisionPoint( - namespace="x_example.test#test", + namespace="test", key="TEST2", version="2.0.0", name="TestDP", @@ -183,7 +183,7 @@ def test_nonvalued_version(self): ) dp3 = DecisionPoint( - namespace="x_example.test#test", + namespace="test", key="TEST3", version="2.0.0", name="TestDP2", @@ -196,7 +196,7 @@ def test_nonvalued_version(self): ) dt = DecisionTable( - namespace="x_example.test#test", + namespace="test", key="TEST_DT", version="2.0.0", name="TestDT", @@ -224,7 +224,7 @@ def test_key(self, mock_valued_version, mock_nonvalued_version): mockobj1 = Mock() mockobj1.schemaVersion = "2.0.0" mockobj1.key = "TEST" - mockobj1.namespace = "x_example.test#test" + mockobj1.namespace = "test" mockobj1.version = "1.0.0" mockobj1.name = "Test Object" mockobj1.description = "A test object" @@ -238,7 +238,7 @@ def test_key(self, mock_valued_version, mock_nonvalued_version): mockobj2.schemaVersion = "2.0.0" mockobj2.key = "TEST2" mockobj2.version = "2.0.0" - mockobj2.namespace = "x_example.test#test" + mockobj2.namespace = "test" mockobj2.name = "Test Object" mockobj2.description = "A test object" mockobj2.id = "test-id" @@ -269,7 +269,7 @@ def test__insert(self): dp = DecisionPoint( name="TestDP", description="A test decision point", - namespace="x_example.test#test", + namespace="test", key="TEST", values=[ DecisionPointValue( @@ -303,7 +303,7 @@ def test__compare(self): dp1 = DecisionPoint( name="TestDP", description="A test decision point", - namespace="x_example.test#test", + namespace="test", key="TEST", values=[ DecisionPointValue( @@ -319,7 +319,7 @@ def test__compare(self): dp2 = DecisionPoint( name="TestDP2", description="A test decision point", - namespace="x_example.test#test", + namespace="test", key="TEST", values=[ DecisionPointValue( @@ -357,7 +357,7 @@ def test_lookup_latest(self): dp = DecisionPoint( name="TestDP", description="A test decision point", - namespace="x_example.test#test", + namespace="test", key="TEST", version=version, values=[ @@ -385,7 +385,7 @@ def test_lookup_latest(self): latest = base.lookup_latest( objtype="DecisionPoint", - namespace="x_example.test#test", + namespace="test", key="TEST", registry=self.registry, ) diff --git a/src/test/test_doc_helpers.py b/src/test/test_doc_helpers.py index af43f9d2..08309a07 100644 --- a/src/test/test_doc_helpers.py +++ b/src/test/test_doc_helpers.py @@ -26,7 +26,7 @@ class MyTestCase(unittest.TestCase): def setUp(self): self.dp = DecisionPoint( - namespace="x_example.test#test", + namespace="test", name="test name", description="test description", key="TK", diff --git a/src/test/test_policy_generator.py b/src/test/test_policy_generator.py index c310556f..f4107456 100644 --- a/src/test/test_policy_generator.py +++ b/src/test/test_policy_generator.py @@ -39,7 +39,7 @@ def setUp(self) -> None: name="test", description="test", key="TEST", - namespace="x_example.test#test", + namespace="test", values=tuple( [ DecisionPointValue(key=c, name=c, description=c) @@ -56,7 +56,7 @@ def setUp(self) -> None: name=c, description=c, key=c, - namespace="x_example.test#test", + namespace="test", values=tuple( [ DecisionPointValue( diff --git a/src/test/test_selections.py b/src/test/test_selections.py index 429413cc..a029353d 100644 --- a/src/test/test_selections.py +++ b/src/test/test_selections.py @@ -29,13 +29,13 @@ class MyTestCase(unittest.TestCase): def setUp(self): self.s1 = selection.Selection( - namespace="x_example.test#test", + namespace="test", key="test_key_1", version="1.0.0", values=[{"key": "value11"}, {"key": "value12"}], ) self.s2 = selection.Selection( - namespace="x_example.test#test", + namespace="test", key="test_key_2", version="1.0.0", values=[{"key": "value21"}, {"key": "value22"}], @@ -142,7 +142,7 @@ def test_selection_validators(self): """Test the model validators for Selection.""" # Test with minimal data selection_minimal = selection.Selection( - namespace="x_example.test#test", + namespace="test", key="test_key", version="1.0.0", values=[{"key": "value1"}], @@ -152,7 +152,7 @@ def test_selection_validators(self): # Test with empty strings selection_empty = selection.Selection( - namespace="x_example.test#test", + namespace="test", key="test_key", version="1.0.0", values=[{"key": "value1"}], @@ -286,7 +286,7 @@ def test_add_selection_method(self): """Test the add_selection method.""" initial_count = len(self.selections.selections) new_selection = selection.Selection( - namespace="x_example.test#test", + namespace="test", key="new_key", version="1.0.0", values=[{"key": "new_value"}], @@ -344,7 +344,7 @@ def test_selection_values_validation(self): """Test that Selection requires at least one value.""" with self.assertRaises(ValueError): selection.Selection( - namespace="x_example.test#test", + namespace="test", key="test_key", version="1.0.0", values=[], # Empty values should raise error diff --git a/src/test/utils/test_toposort.py b/src/test/utils/test_toposort.py index eab7d7cc..8f665d4d 100644 --- a/src/test/utils/test_toposort.py +++ b/src/test/utils/test_toposort.py @@ -72,7 +72,7 @@ def setUp(self): from ssvc.decision_points.base import DecisionPoint, DecisionPointValue self.dp1 = DecisionPoint( - namespace="x_example.test#test", + namespace="test", name="Decision Point 1", key="DP1", version="1.0.0", @@ -87,7 +87,7 @@ def setUp(self): ], ) self.dp2 = DecisionPoint( - namespace="x_example.test#test", + namespace="test", name="Decision Point 2", key="DP2", version="1.0.0", From e0843e739b02e9545c1dbdc19276f3b3f3516100 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 21 Aug 2025 12:36:45 -0400 Subject: [PATCH 316/468] add namespaces router --- src/ssvc/api/main.py | 15 +++++------ src/ssvc/api/routers/namespaces.py | 40 ++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 7 deletions(-) create mode 100644 src/ssvc/api/routers/namespaces.py diff --git a/src/ssvc/api/main.py b/src/ssvc/api/main.py index 573511eb..67835ca7 100644 --- a/src/ssvc/api/main.py +++ b/src/ssvc/api/main.py @@ -24,6 +24,7 @@ # DM24-0278 from fastapi import FastAPI +from fastapi.responses import RedirectResponse import ssvc # noqa: F401 from ssvc.api.helpers import _404_on_none @@ -32,6 +33,7 @@ decision_points, decision_table, decision_tables, + namespaces, ) from ssvc.registry.base import ( get_registry, @@ -56,15 +58,14 @@ app.include_router(decision_points.router) app.include_router(decision_table.router) app.include_router(decision_tables.router) +app.include_router(namespaces.router) -@app.get("/namespaces", response_model=list[str]) -def get_namespace_list() -> list[str]: - namespaces = set() - for objtype in r.types: - for namespace in r.types[objtype].namespaces: - namespaces.add(namespace) - return sorted(list(namespaces)) +# root should redirect to docs +# at least until we have something better to show +@app.get("/", include_in_schema=False) +def root(): + return RedirectResponse(url="/docs") @app.get("/types", response_model=list[str]) diff --git a/src/ssvc/api/routers/namespaces.py b/src/ssvc/api/routers/namespaces.py new file mode 100644 index 00000000..41cc5751 --- /dev/null +++ b/src/ssvc/api/routers/namespaces.py @@ -0,0 +1,40 @@ +"""Namespace Router.""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from fastapi import APIRouter + +from ssvc.registry.base import get_registry + +router = APIRouter( + prefix="/namespaces", + tags=["SSVC Namespaces"], +) + +r = get_registry() + + +@router.get("/list", response_model=list[str]) +def get_namespace_list() -> list[str]: + namespaces = set() + for objtype in r.types: + for namespace in r.types[objtype].namespaces: + namespaces.add(namespace) + return sorted(list(namespaces)) From b735fc872bf2667c3569c0e3282cdcbc2681c80c Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 21 Aug 2025 12:38:21 -0400 Subject: [PATCH 317/468] update registered objects --- .../theparanoids_1_0_0.json | 40 +++++++++++++++++++ data/json/ssvc_object_registry.json | 6 +-- .../v2/Decision_Point-2-0-0.schema.json | 4 +- .../v2/Decision_Point_Group-2-0-0.schema.json | 4 +- .../v2/Decision_Table-2-0-0.schema.json | 8 ++-- .../v2/Ssvc_Object_Registry-2-0-0.schema.json | 8 ++-- 6 files changed, 55 insertions(+), 15 deletions(-) create mode 100644 data/json/decision_points/x_com_yahooinc_prioritized_risk_remediation/theparanoids_1_0_0.json diff --git a/data/json/decision_points/x_com_yahooinc_prioritized_risk_remediation/theparanoids_1_0_0.json b/data/json/decision_points/x_com_yahooinc_prioritized_risk_remediation/theparanoids_1_0_0.json new file mode 100644 index 00000000..40735809 --- /dev/null +++ b/data/json/decision_points/x_com_yahooinc_prioritized_risk_remediation/theparanoids_1_0_0.json @@ -0,0 +1,40 @@ +{ + "namespace": "x_com.yahooinc#prioritized-risk-remediation", + "key": "PARANOIDS", + "version": "1.0.0", + "name": "theParanoids", + "description": "PrioritizedRiskRemediation outcome group based on TheParanoids.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "5", + "name": "Track 5", + "description": "Track" + }, + { + "key": "4", + "name": "Track Closely 4", + "description": "Track Closely" + }, + { + "key": "3", + "name": "Attend 3", + "description": "Attend" + }, + { + "key": "2", + "name": "Attend 2", + "description": "Attend" + }, + { + "key": "1", + "name": "Act 1", + "description": "Act" + }, + { + "key": "0", + "name": "Act ASAP 0", + "description": "Act ASAP" + } + ] +} diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index b4f087ba..ed726596 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -7046,8 +7046,8 @@ } } }, - "x_com.yahooinc": { - "namespace": "x_com.yahooinc", + "x_com.yahooinc#prioritized-risk-remediation": { + "namespace": "x_com.yahooinc#prioritized-risk-remediation", "keys": { "PARANOIDS": { "key": "PARANOIDS", @@ -7055,7 +7055,7 @@ "1.0.0": { "version": "1.0.0", "obj": { - "namespace": "x_com.yahooinc", + "namespace": "x_com.yahooinc#prioritized-risk-remediation", "key": "PARANOIDS", "version": "1.0.0", "name": "theParanoids", diff --git a/data/schema/v2/Decision_Point-2-0-0.schema.json b/data/schema/v2/Decision_Point-2-0-0.schema.json index 326f98fe..c5bd948a 100644 --- a/data/schema/v2/Decision_Point-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point-2-0-0.schema.json @@ -48,8 +48,8 @@ "examples": [ "ssvc", "cisa", - "x_com.example//com.example#private", - "ssvc/de-DE/example.organization#reference-arch-1" + "x_example.test#test//.example.test#private-extension", + "ssvc/de-DE/.example.organization#reference-arch-1" ], "maxLength": 1000, "minLength": 3, diff --git a/data/schema/v2/Decision_Point_Group-2-0-0.schema.json b/data/schema/v2/Decision_Point_Group-2-0-0.schema.json index 6d068e4b..38bb0c0b 100644 --- a/data/schema/v2/Decision_Point_Group-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Group-2-0-0.schema.json @@ -13,8 +13,8 @@ "examples": [ "ssvc", "cisa", - "x_com.example//com.example#private", - "ssvc/de-DE/example.organization#reference-arch-1" + "x_example.test#test//.example.test#private-extension", + "ssvc/de-DE/.example.organization#reference-arch-1" ], "maxLength": 1000, "minLength": 3, diff --git a/data/schema/v2/Decision_Table-2-0-0.schema.json b/data/schema/v2/Decision_Table-2-0-0.schema.json index 7c4ece79..95870b27 100644 --- a/data/schema/v2/Decision_Table-2-0-0.schema.json +++ b/data/schema/v2/Decision_Table-2-0-0.schema.json @@ -13,8 +13,8 @@ "examples": [ "ssvc", "cisa", - "x_com.example//com.example#private", - "ssvc/de-DE/example.organization#reference-arch-1" + "x_example.test#test//.example.test#private-extension", + "ssvc/de-DE/.example.organization#reference-arch-1" ], "maxLength": 1000, "minLength": 3, @@ -126,8 +126,8 @@ "examples": [ "ssvc", "cisa", - "x_com.example//com.example#private", - "ssvc/de-DE/example.organization#reference-arch-1" + "x_example.test#test//.example.test#private-extension", + "ssvc/de-DE/.example.organization#reference-arch-1" ], "maxLength": 1000, "minLength": 3, diff --git a/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json b/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json index 011f78bd..0b00cf09 100644 --- a/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json +++ b/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json @@ -12,8 +12,8 @@ "examples": [ "ssvc", "cisa", - "x_com.example//com.example#private", - "ssvc/de-DE/example.organization#reference-arch-1" + "x_example.test#test//.example.test#private-extension", + "ssvc/de-DE/.example.organization#reference-arch-1" ], "maxLength": 1000, "minLength": 3, @@ -127,8 +127,8 @@ "examples": [ "ssvc", "cisa", - "x_com.example//com.example#private", - "ssvc/de-DE/example.organization#reference-arch-1" + "x_example.test#test//.example.test#private-extension", + "ssvc/de-DE/.example.organization#reference-arch-1" ], "maxLength": 1000, "minLength": 3, From 2627e57ec1680c2e83d69d8ef66d1b47b80c13c7 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 21 Aug 2025 12:40:41 -0400 Subject: [PATCH 318/468] move another route to namespaces router --- src/ssvc/api/main.py | 9 --------- src/ssvc/api/routers/namespaces.py | 12 +++++++++++- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/src/ssvc/api/main.py b/src/ssvc/api/main.py index 67835ca7..904855f7 100644 --- a/src/ssvc/api/main.py +++ b/src/ssvc/api/main.py @@ -39,7 +39,6 @@ get_registry, lookup_key, lookup_namespace, - lookup_objtype, ) r = get_registry() @@ -74,14 +73,6 @@ def get_type_list() -> list[str]: return sorted(list(r.types.keys())) -@app.get("/namespaces/{type}", response_model=list[str]) -def get_namespace_list_for_type(type: str) -> list[str]: - """Returns a list of all namespaces for a given object type in the registry.""" - objtype = lookup_objtype(objtype=type, registry=r) - _404_on_none(objtype) - return sorted(list(objtype.namespaces.keys())) - - @app.get("/keys/{type}/{namespace}", response_model=list[str]) def get_key_list_for_namespace(type: str, namespace: str) -> list[str]: """Returns a list of all keys for a given object type and namespace in the registry.""" diff --git a/src/ssvc/api/routers/namespaces.py b/src/ssvc/api/routers/namespaces.py index 41cc5751..cff9fecc 100644 --- a/src/ssvc/api/routers/namespaces.py +++ b/src/ssvc/api/routers/namespaces.py @@ -21,7 +21,8 @@ from fastapi import APIRouter -from ssvc.registry.base import get_registry +from ssvc.api.helpers import _404_on_none +from ssvc.registry.base import get_registry, lookup_objtype router = APIRouter( prefix="/namespaces", @@ -33,8 +34,17 @@ @router.get("/list", response_model=list[str]) def get_namespace_list() -> list[str]: + """Returns a list of all namespaces in the registry.""" namespaces = set() for objtype in r.types: for namespace in r.types[objtype].namespaces: namespaces.add(namespace) return sorted(list(namespaces)) + + +@router.get("/{type}", response_model=list[str]) +def get_namespace_list_for_type(type: str) -> list[str]: + """Returns a list of all namespaces for a given object type in the registry.""" + objtype = lookup_objtype(objtype=type, registry=r) + _404_on_none(objtype) + return sorted(list(objtype.namespaces.keys())) From 2194f71188ac8c4c61a80658d2de07691083973a Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 21 Aug 2025 13:05:30 -0400 Subject: [PATCH 319/468] add keys router --- src/ssvc/api/main.py | 19 ++------- src/ssvc/api/routers/keys.py | 73 +++++++++++++++++++++++++++++++++++ src/ssvc/api/routers/types.py | 34 ++++++++++++++++ 3 files changed, 111 insertions(+), 15 deletions(-) create mode 100644 src/ssvc/api/routers/keys.py create mode 100644 src/ssvc/api/routers/types.py diff --git a/src/ssvc/api/main.py b/src/ssvc/api/main.py index 904855f7..795e169a 100644 --- a/src/ssvc/api/main.py +++ b/src/ssvc/api/main.py @@ -33,12 +33,13 @@ decision_points, decision_table, decision_tables, + keys, namespaces, + types, ) from ssvc.registry.base import ( get_registry, lookup_key, - lookup_namespace, ) r = get_registry() @@ -57,7 +58,9 @@ app.include_router(decision_points.router) app.include_router(decision_table.router) app.include_router(decision_tables.router) +app.include_router(types.router) app.include_router(namespaces.router) +app.include_router(keys.router) # root should redirect to docs @@ -67,20 +70,6 @@ def root(): return RedirectResponse(url="/docs") -@app.get("/types", response_model=list[str]) -def get_type_list() -> list[str]: - """Returns a list of all object types in the registry.""" - return sorted(list(r.types.keys())) - - -@app.get("/keys/{type}/{namespace}", response_model=list[str]) -def get_key_list_for_namespace(type: str, namespace: str) -> list[str]: - """Returns a list of all keys for a given object type and namespace in the registry.""" - ns = lookup_namespace(objtype=type, namespace=namespace, registry=r) - _404_on_none(ns) - return sorted(list(ns.keys.keys())) - - @app.get("/versions/{type}/{namespace}/{key}", response_model=list[str]) def get_version_list_for_key(type: str, namespace: str, key: str) -> list[str]: """Returns a list of all versions for a given object type, namespace, and key in the registry.""" diff --git a/src/ssvc/api/routers/keys.py b/src/ssvc/api/routers/keys.py new file mode 100644 index 00000000..08987e33 --- /dev/null +++ b/src/ssvc/api/routers/keys.py @@ -0,0 +1,73 @@ +"""Keys API Router.""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from fastapi import APIRouter +from pydantic import RootModel + +from ssvc.api.helpers import _404_on_none +from ssvc.registry.base import get_registry, lookup_namespace + +router = APIRouter(prefix="/keys", tags=["SSVC Keys"]) +r = get_registry() + + +class KeyDictResponse(RootModel[dict[str, dict[str, list[str]]]]): + """Response model for key list grouped by object type and namespace.""" + + +@router.get("/", response_model=KeyDictResponse) +def get_key_list() -> dict: + """Returns a list of all keys in the registry, grouped by object type and namespace.""" + response = {} + for object_type in r.types.keys(): + response[object_type] = {} + + for namespace in r.types[object_type].namespaces.keys(): + ns = lookup_namespace( + objtype=object_type, namespace=namespace, registry=r + ) + if ns is not None: + response[object_type][namespace] = sorted(list(ns.keys.keys())) + return response + + +@router.get("/{objtype}", response_model=KeyDictResponse) +def get_key_list_for_type(objtype: str) -> dict: + """Returns a list of all keys for a given object type in the registry, grouped by namespace.""" + object_type = r.types.get(objtype) + _404_on_none(object_type) + + response = {objtype: {}} + for namespace in object_type.namespaces: + ns = lookup_namespace(objtype=objtype, namespace=namespace, registry=r) + if ns: + response[objtype][namespace] = sorted(list(ns.keys.keys())) + return response + + +@router.get("/{objtype}/{namespace}", response_model=KeyDictResponse) +def get_key_list_for_type_and_namespace(objtype: str, namespace: str) -> dict: + """Returns a list of all keys for a given object type and namespace in the registry.""" + ns = lookup_namespace(objtype=objtype, namespace=namespace, registry=r) + _404_on_none(ns) + + response = {objtype: {namespace: sorted(list(ns.keys.keys()))}} + return response diff --git a/src/ssvc/api/routers/types.py b/src/ssvc/api/routers/types.py new file mode 100644 index 00000000..709bfba4 --- /dev/null +++ b/src/ssvc/api/routers/types.py @@ -0,0 +1,34 @@ +"""Types Router.""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from fastapi import APIRouter + +from ssvc.registry.base import get_registry + +r = get_registry() + +router = APIRouter(prefix="/types", tags=["SSVC Object Types"]) + + +@router.get("/", response_model=list[str]) +def get_type_list() -> list[str]: + """Returns a list of all object types in the registry.""" + return sorted(list(r.types.keys())) From d5811880623d8b1697c76e54ec882c4ab6b10bc9 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 21 Aug 2025 14:54:48 -0400 Subject: [PATCH 320/468] add versions router, refactor types and response models --- src/ssvc/api/main.py | 14 +- src/ssvc/api/response_models/__init__.py | 313 +++++++++++++++++++++++ src/ssvc/api/routers/decision_points.py | 17 +- src/ssvc/api/routers/decision_tables.py | 17 +- src/ssvc/api/routers/keys.py | 60 +++-- src/ssvc/api/routers/namespaces.py | 47 +++- src/ssvc/api/routers/types.py | 7 +- src/ssvc/api/routers/versions.py | 67 +++++ src/ssvc/utils/api_helpers.py | 68 ----- 9 files changed, 491 insertions(+), 119 deletions(-) create mode 100644 src/ssvc/api/response_models/__init__.py create mode 100644 src/ssvc/api/routers/versions.py delete mode 100644 src/ssvc/utils/api_helpers.py diff --git a/src/ssvc/api/main.py b/src/ssvc/api/main.py index 795e169a..993c9cee 100644 --- a/src/ssvc/api/main.py +++ b/src/ssvc/api/main.py @@ -27,7 +27,6 @@ from fastapi.responses import RedirectResponse import ssvc # noqa: F401 -from ssvc.api.helpers import _404_on_none from ssvc.api.routers import ( decision_point, decision_points, @@ -36,10 +35,10 @@ keys, namespaces, types, + versions, ) from ssvc.registry.base import ( get_registry, - lookup_key, ) r = get_registry() @@ -61,18 +60,11 @@ app.include_router(types.router) app.include_router(namespaces.router) app.include_router(keys.router) +app.include_router(versions.router) # root should redirect to docs # at least until we have something better to show @app.get("/", include_in_schema=False) -def root(): +def redirect_root_to_docs(): return RedirectResponse(url="/docs") - - -@app.get("/versions/{type}/{namespace}/{key}", response_model=list[str]) -def get_version_list_for_key(type: str, namespace: str, key: str) -> list[str]: - """Returns a list of all versions for a given object type, namespace, and key in the registry.""" - k = lookup_key(objtype=type, namespace=namespace, key=key, registry=r) - _404_on_none(k) - return sorted(list(k.versions.keys())) diff --git a/src/ssvc/api/response_models/__init__.py b/src/ssvc/api/response_models/__init__.py new file mode 100644 index 00000000..51ec4e73 --- /dev/null +++ b/src/ssvc/api/response_models/__init__.py @@ -0,0 +1,313 @@ +"""Response Models for SSVC API.""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from pydantic import RootModel, model_validator + +from ssvc.decision_points.base import DecisionPoint +from ssvc.decision_tables.base import DecisionTable + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +# Type aliases for clarity +ListOfStringsType = list[str] +NamespaceDictType = dict[ + str, # "types" + dict[ + str, # specific type + dict[ + str, ListOfStringsType # "namespaces" # list of namespace strings + ], + ], +] + +KeyDictType = dict[ + str, # "types" + dict[ + str, # specific type + dict[ + str, # "namespaces" + dict[ + str, # specific namespace + dict[str, ListOfStringsType], # "keys" # list of keys + ], + ], + ], +] +VersionDictType = dict[ + # types type namespaces namespace keys + str, # "types" + dict[ + str, # specific type + dict[ + str, # "namespaces" + dict[ + str, # specific namespace + dict[ + str, # "keys" + dict[ + str, # specific key + dict[ + str, # "versions" + ListOfStringsType, # list of version strings + ], + ], + ], + ], + ], + ], +] + +DecisionPointDictType = dict[str, DecisionPoint] +DecisionTableDictType = dict[str, DecisionTable] + + +class DecisionPointDictResponse(RootModel[DecisionPointDictType]): + """A dictionary of DecisionPoint objects with keys as 'namespace:key:version'.""" + + +class DecisionTableDictResponse(RootModel[DecisionTableDictType]): + """A dictionary of DecisionTable objects with keys as 'namespace:key:version'.""" + + +class ListOfStringsResponse(RootModel[ListOfStringsType]): + """Response model for a list of strings.""" + + @model_validator(mode="before") + @classmethod + def model_validate(cls, value): + if not isinstance(value, list): + raise TypeError("Value must be a list") + + for item in value: + if not isinstance(item, str): + raise TypeError(f"Item '{item}' must be a string") + + return value + + +class NamespaceDictResponse(RootModel[NamespaceDictType]): + """Response model for the namespaces of object types.""" + + @model_validator(mode="before") + @classmethod + def model_validate(cls, value): + # validators: + # top key is "types" + # then the keys of that dict are object types + # then the keys of that dict is "namespaces" + # and the value of that is a list of strings + if not isinstance(value, dict): + raise TypeError("Value must be a dictionary") + + if "types" not in value: + raise ValueError('Top-level key must be "types"') + + if not isinstance(value["types"], dict): + raise TypeError('"types" must be a dictionary') + + for objtype, obj in value["types"].items(): + if not isinstance(obj, dict): + raise TypeError( + f'Value for object type "{objtype}" must be a dictionary' + ) + + if "namespaces" not in obj: + raise ValueError( + f'Key "namespaces" missing for object type "{objtype}"' + ) + + if not isinstance(obj["namespaces"], list): + raise TypeError( + f'"namespaces" for object type "{objtype}" must be a list' + ) + + for ns in obj["namespaces"]: + if not isinstance(ns, str): + raise TypeError( + f'Namespace "{ns}" for object type "{objtype}" must be a string' + ) + + return value + + +class KeyDictResponse( + RootModel[KeyDictType], +): + """Response model for key list grouped by object type and namespace.""" + + # validators: + # top key is "types" + # then the keys of that dict are object types + # then the keys of that dict is "namespaces" + # then the keys of that dict are namespace strings + # then the keys of that dict are "keys" + # and the value of that is a list of strings + @model_validator(mode="before") + @classmethod + def model_validate(cls, value): + if not isinstance(value, dict): + raise TypeError("Value must be a dictionary") + + if "types" not in value: + raise ValueError('Top-level key must be "types"') + + if not isinstance(value["types"], dict): + raise TypeError('"types" must be a dictionary') + + for objtype, obj in value["types"].items(): + if not isinstance(objtype, str): + raise TypeError(f'Object type "{objtype}" must be a string') + + if not isinstance(obj, dict): + raise TypeError( + f'Value for object type "{objtype}" must be a dictionary' + ) + + if "namespaces" not in obj: + raise ValueError( + f'Key "namespaces" missing for object type "{objtype}"' + ) + + if not isinstance(obj["namespaces"], dict): + raise TypeError( + f'"namespaces" for object type "{objtype}" must be a dictionary' + ) + + for namespace, ns in obj["namespaces"].items(): + if not isinstance(ns, dict): + raise TypeError( + f'Value for namespace "{namespace}" in object type "{objtype}" must be a dictionary' + ) + + if "keys" not in ns: + raise ValueError( + f'Key "keys" missing for namespace "{namespace}" in object type "{objtype}"' + ) + + if not isinstance(ns["keys"], list): + raise TypeError( + f'"keys" for namespace "{namespace}" in object type "{objtype}" must be a list' + ) + for key in ns["keys"]: + if not isinstance(key, str): + raise TypeError( + f'Key "{key}" in namespace "{namespace}" of object type "{objtype}" must be a string' + ) + + return value + + +class VersionDictResponse(RootModel[VersionDictType]): + """Response model for version list grouped by object type, namespace, and key.""" + + @model_validator(mode="before") + @classmethod + def model_validate(cls, value): + # validators: + # top key is "types" + # then the keys of that dict are object types + # then the keys of that dict is "namespaces" + # then the keys of that dict are namespace strings + # then the keys of that dict are "keys" + # then the keys of that dict are key strings + # then the keys of that dict are "versions" + # and the value of that is a list of strings + if not isinstance(value, dict): + raise TypeError("Value must be a dictionary") + + if "types" not in value: + raise ValueError('Top-level key must be "types"') + + if not isinstance(value["types"], dict): + raise TypeError('"types" must be a dictionary') + + for objtype, obj in value["types"].items(): + if not isinstance(objtype, str): + raise TypeError(f'Object type "{objtype}" must be a string') + + if not isinstance(obj, dict): + raise TypeError( + f'Value for object type "{objtype}" must be a dictionary' + ) + + if "namespaces" not in obj: + raise ValueError( + f'Key "namespaces" missing for object type "{objtype}"' + ) + + if not isinstance(obj["namespaces"], dict): + raise TypeError( + f'"namespaces" for object type "{objtype}" must be a dictionary' + ) + + for namespace, ns in obj["namespaces"].items(): + if not isinstance(ns, dict): + raise TypeError( + f'Value for namespace "{namespace}" in object type "{objtype}" must be a dictionary' + ) + + if "keys" not in ns: + raise ValueError( + f'Key "keys" missing for namespace "{namespace}" in object type "{objtype}"' + ) + + if not isinstance(ns["keys"], dict): + raise TypeError( + f'"keys" for namespace "{namespace}" in object type "{objtype}" must be a dictionary' + ) + + for key, k in ns["keys"].items(): + if not isinstance(k, dict): + raise TypeError( + f'Value for key "{key}" in namespace "{namespace}" of object type "{objtype}" must be a dictionary' + ) + if "versions" not in k: + raise ValueError( + f'Key "versions" missing for key "{key}" in namespace "{namespace}" of object type "{objtype}"' + ) + if not isinstance(k["versions"], list): + raise TypeError( + f'"versions" for key "{key}" in namespace "{namespace}" of object type "{objtype}" must be a list' + ) + for version in k["versions"]: + if not isinstance(version, str): + raise TypeError( + f'Version "{version}" in key "{key}" of namespace "{namespace}" in object type "{objtype}" must be a string' + ) + + return value diff --git a/src/ssvc/api/routers/decision_points.py b/src/ssvc/api/routers/decision_points.py index 72e8ee68..54794b03 100644 --- a/src/ssvc/api/routers/decision_points.py +++ b/src/ssvc/api/routers/decision_points.py @@ -21,6 +21,10 @@ from fastapi import APIRouter from ssvc.api.helpers import _404_on_none +from ssvc.api.response_models import ( + DecisionPointDictResponse, + DecisionPointDictType, +) from ssvc.decision_points.base import DecisionPoint, DecisionPointValue from ssvc.registry.base import get_registry from ssvc.registry.base import ( @@ -30,15 +34,14 @@ lookup_objtype, lookup_version, ) -from ssvc.utils.api_helpers import DecisionPointDict r = get_registry() router = APIRouter(prefix="/decision_points", tags=["Decision Points"]) -@router.get("/", response_model=DecisionPointDict) -async def get_all_decision_points() -> DecisionPointDict: +@router.get("/", response_model=DecisionPointDictResponse) +async def get_all_decision_points() -> DecisionPointDictType: result = lookup_objtype(objtype="DecisionPoint", registry=r) _404_on_none(result) @@ -52,10 +55,10 @@ async def get_all_decision_points() -> DecisionPointDict: return objs -@router.get("/{namespace}", response_model=DecisionPointDict) +@router.get("/{namespace}", response_model=DecisionPointDictResponse) async def get_all_decision_points_for_namespace( namespace: str, -) -> DecisionPointDict: +) -> DecisionPointDictType: result = lookup_namespace( objtype="DecisionPoint", namespace=namespace, registry=r ) @@ -70,10 +73,10 @@ async def get_all_decision_points_for_namespace( return objs -@router.get("/{namespace}/{key}", response_model=DecisionPointDict) +@router.get("/{namespace}/{key}", response_model=DecisionPointDictResponse) async def get_all_versions_of_decision_points_for_key( namespace: str, key: str -) -> DecisionPointDict: +) -> DecisionPointDictType: """Returns a dictionary of DecisionPoint objects for the given namespace and key. Dictionary keys are namespace:key:version.""" result = lookup_key( diff --git a/src/ssvc/api/routers/decision_tables.py b/src/ssvc/api/routers/decision_tables.py index a88f6a1f..67f37917 100644 --- a/src/ssvc/api/routers/decision_tables.py +++ b/src/ssvc/api/routers/decision_tables.py @@ -22,6 +22,10 @@ from fastapi import APIRouter from ssvc.api.helpers import _404_on_none +from ssvc.api.response_models import ( + DecisionTableDictResponse, + DecisionTableDictType, +) from ssvc.decision_tables.base import DecisionTable from ssvc.registry.base import get_registry from ssvc.registry.base import ( @@ -31,14 +35,13 @@ lookup_objtype, lookup_version, ) -from ssvc.utils.api_helpers import DecisionTableDict r = get_registry() router = APIRouter(prefix="/decision_tables", tags=["Decision Tables"]) -@router.get("/", response_model=DecisionTableDict) -async def get_decision_tables() -> DecisionTableDict: +@router.get("/", response_model=DecisionTableDictResponse) +async def get_decision_tables() -> DecisionTableDictType: # load registry and return decision tables result = lookup_objtype(objtype="DecisionTable", registry=r) _404_on_none(result) @@ -52,10 +55,10 @@ async def get_decision_tables() -> DecisionTableDict: return objs -@router.get("/{namespace}", response_model=DecisionTableDict) +@router.get("/{namespace}", response_model=DecisionTableDictResponse) async def get_decision_tables_for_namespace( namespace: str, -) -> DecisionTableDict: +) -> DecisionTableDictType: ns_obj = lookup_namespace( objtype="DecisionTable", namespace=namespace, registry=r @@ -70,10 +73,10 @@ async def get_decision_tables_for_namespace( return objs -@router.get("/{namespace}/{key}", response_model=DecisionTableDict) +@router.get("/{namespace}/{key}", response_model=DecisionTableDictResponse) async def get_decision_tables_for_key( namespace: str, key: str -) -> DecisionTableDict: +) -> DecisionTableDictType: """Returns a dictionary of DecisionTable objects for the given namespace and key. Dictionary keys are version strings.""" results = lookup_key( diff --git a/src/ssvc/api/routers/keys.py b/src/ssvc/api/routers/keys.py index 08987e33..95486336 100644 --- a/src/ssvc/api/routers/keys.py +++ b/src/ssvc/api/routers/keys.py @@ -20,54 +20,82 @@ # DM24-0278 from fastapi import APIRouter -from pydantic import RootModel from ssvc.api.helpers import _404_on_none +from ssvc.api.response_models import ( + KeyDictResponse, + ListOfStringsResponse, + ListOfStringsType, +) from ssvc.registry.base import get_registry, lookup_namespace router = APIRouter(prefix="/keys", tags=["SSVC Keys"]) r = get_registry() -class KeyDictResponse(RootModel[dict[str, dict[str, list[str]]]]): - """Response model for key list grouped by object type and namespace.""" - - @router.get("/", response_model=KeyDictResponse) -def get_key_list() -> dict: - """Returns a list of all keys in the registry, grouped by object type and namespace.""" +def get_key_dict() -> dict: + """Returns a dictionary of all keys in the registry, grouped by object type and namespace.""" response = {} + response["types"] = {} + for object_type in r.types.keys(): - response[object_type] = {} + response["types"][object_type] = {"namespaces": {}} for namespace in r.types[object_type].namespaces.keys(): ns = lookup_namespace( objtype=object_type, namespace=namespace, registry=r ) if ns is not None: - response[object_type][namespace] = sorted(list(ns.keys.keys())) + response["types"][object_type]["namespaces"][namespace] = {} + response["types"][object_type]["namespaces"][namespace][ + "keys" + ] = sorted(list(ns.keys.keys())) return response @router.get("/{objtype}", response_model=KeyDictResponse) -def get_key_list_for_type(objtype: str) -> dict: - """Returns a list of all keys for a given object type in the registry, grouped by namespace.""" +def get_key_dict_for_type(objtype: str) -> dict: + """Returns a dictionary of all keys for a given object type in the registry, grouped by object type and namespace.""" object_type = r.types.get(objtype) _404_on_none(object_type) - - response = {objtype: {}} + response = {"types": {objtype: {"namespaces": {}}}} for namespace in object_type.namespaces: ns = lookup_namespace(objtype=objtype, namespace=namespace, registry=r) if ns: - response[objtype][namespace] = sorted(list(ns.keys.keys())) + response["types"][objtype]["namespaces"][namespace] = { + "keys": (sorted(list(ns.keys.keys()))) + } return response @router.get("/{objtype}/{namespace}", response_model=KeyDictResponse) -def get_key_list_for_type_and_namespace(objtype: str, namespace: str) -> dict: +def get_key_dict_for_type_and_namespace(objtype: str, namespace: str) -> dict: + """Returns a dictionary of all keys for a given object type and namespace in the registry, grouped by object type and namespace.""" + ns = lookup_namespace(objtype=objtype, namespace=namespace, registry=r) + _404_on_none(ns) + + response = { + "types": { + objtype: { + "namespaces": { + namespace: {"keys": sorted(list(ns.keys.keys()))} + } + } + } + } + return response + + +@router.get( + "/{objtype}/{namespace}/list", response_model=ListOfStringsResponse +) +def get_key_list_for_type_and_namespace( + objtype: str, namespace: str +) -> ListOfStringsType: """Returns a list of all keys for a given object type and namespace in the registry.""" ns = lookup_namespace(objtype=objtype, namespace=namespace, registry=r) _404_on_none(ns) - response = {objtype: {namespace: sorted(list(ns.keys.keys()))}} + response = sorted(list(ns.keys.keys())) return response diff --git a/src/ssvc/api/routers/namespaces.py b/src/ssvc/api/routers/namespaces.py index cff9fecc..df716d8d 100644 --- a/src/ssvc/api/routers/namespaces.py +++ b/src/ssvc/api/routers/namespaces.py @@ -22,6 +22,12 @@ from fastapi import APIRouter from ssvc.api.helpers import _404_on_none +from ssvc.api.response_models import ( + ListOfStringsResponse, + ListOfStringsType, + NamespaceDictResponse, + NamespaceDictType, +) from ssvc.registry.base import get_registry, lookup_objtype router = APIRouter( @@ -32,8 +38,21 @@ r = get_registry() -@router.get("/list", response_model=list[str]) -def get_namespace_list() -> list[str]: +@router.get("/", response_model=NamespaceDictResponse) +def get_object_type_namespaces() -> dict[str, dict[str, dict[str, list[str]]]]: + """Returns a dictionary of object types and their namespaces.""" + response = {} + response["types"] = {} + for objtype in r.types: + response["types"][objtype] = {} + response["types"][objtype]["namespaces"] = sorted( + list(r.types[objtype].namespaces.keys()) + ) + return response + + +@router.get("/list", response_model=ListOfStringsResponse) +def get_namespace_list() -> ListOfStringsType: """Returns a list of all namespaces in the registry.""" namespaces = set() for objtype in r.types: @@ -42,9 +61,23 @@ def get_namespace_list() -> list[str]: return sorted(list(namespaces)) -@router.get("/{type}", response_model=list[str]) -def get_namespace_list_for_type(type: str) -> list[str]: +@router.get("/{objtype}", response_model=NamespaceDictResponse) +def get_namespace_list_for_type(objtype: str) -> NamespaceDictType: + """Returns a dict of all namespaces for a given object type in the registry.""" + result = lookup_objtype(objtype=objtype, registry=r) + _404_on_none(result) + response = {"types": {}} + response["types"][objtype] = {} + response["types"][objtype]["namespaces"] = sorted( + list(r.types[objtype].namespaces.keys()) + ) + + return response + + +@router.get("/{objtype}/list", response_model=ListOfStringsResponse) +def get_namespace_list_for_type(objtype: str) -> list[str]: """Returns a list of all namespaces for a given object type in the registry.""" - objtype = lookup_objtype(objtype=type, registry=r) - _404_on_none(objtype) - return sorted(list(objtype.namespaces.keys())) + result = lookup_objtype(objtype=objtype, registry=r) + _404_on_none(result) + return sorted(list(result.namespaces.keys())) diff --git a/src/ssvc/api/routers/types.py b/src/ssvc/api/routers/types.py index 709bfba4..2e01f8b2 100644 --- a/src/ssvc/api/routers/types.py +++ b/src/ssvc/api/routers/types.py @@ -21,14 +21,15 @@ from fastapi import APIRouter +from ssvc.api.response_models import ListOfStringsResponse, ListOfStringsType from ssvc.registry.base import get_registry r = get_registry() -router = APIRouter(prefix="/types", tags=["SSVC Object Types"]) +router = APIRouter(prefix="/objtypes", tags=["SSVC Object Types"]) -@router.get("/", response_model=list[str]) -def get_type_list() -> list[str]: +@router.get("/list", response_model=ListOfStringsResponse) +def get_object_type_list() -> ListOfStringsType: """Returns a list of all object types in the registry.""" return sorted(list(r.types.keys())) diff --git a/src/ssvc/api/routers/versions.py b/src/ssvc/api/routers/versions.py new file mode 100644 index 00000000..04404899 --- /dev/null +++ b/src/ssvc/api/routers/versions.py @@ -0,0 +1,67 @@ +"""Versions API Router.""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from fastapi import APIRouter + +from ssvc.api.helpers import _404_on_none +from ssvc.api.response_models import ( + ListOfStringsResponse, + ListOfStringsType, + VersionDictResponse, +) +from ssvc.registry.base import get_registry, lookup_key + +router = APIRouter(prefix="/versions", tags=["SSVC Versions"]) +r = get_registry() + + +@router.get( + "/{objtype}/{namespace}/{key}/list", + response_model=ListOfStringsResponse, +) +def get_version_list_for_key( + objtype: str, namespace: str, key: str +) -> ListOfStringsType: + """Returns a list of all versions for a given object type, namespace, and key in the registry.""" + k = lookup_key(objtype=objtype, namespace=namespace, key=key, registry=r) + _404_on_none(k) + return sorted(list(k.versions.keys())) + + +@router.get( + "/{objtype}/{namespace}/{key}", + response_model=VersionDictResponse, +) +def get_version_dict_for_key( + objtype: str, namespace: str, key: str +) -> VersionDictResponse: + """Returns a dictionary of all versions for a given object type, namespace, and key in the registry.""" + k = lookup_key(objtype=objtype, namespace=namespace, key=key, registry=r) + _404_on_none(k) + + response = { + "types": {objtype: {"namespaces": {namespace: {"keys": {key: {}}}}}} + } + response["types"][objtype]["namespaces"][namespace]["keys"][key][ + "versions" + ] = sorted(list(k.versions.keys())) + + return response diff --git a/src/ssvc/utils/api_helpers.py b/src/ssvc/utils/api_helpers.py deleted file mode 100644 index 3302b376..00000000 --- a/src/ssvc/utils/api_helpers.py +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/env python -""" -file: api_helpers -author: adh -created_at: 8/20/25 3:22 PM -""" - -# Copyright (c) 2025 Carnegie Mellon University. -# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE -# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. -# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, -# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT -# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR -# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE -# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE -# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM -# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. -# Licensed under a MIT (SEI)-style license, please see LICENSE or contact -# permission@sei.cmu.edu for full terms. -# [DISTRIBUTION STATEMENT A] This material has been approved for -# public release and unlimited distribution. Please see Copyright notice -# for non-US Government use and distribution. -# This Software includes and/or makes use of Third-Party Software each -# subject to its own license. -# DM24-0278 - -from typing import Dict - -from pydantic import RootModel - -from ssvc.decision_points.base import DecisionPoint -from ssvc.decision_tables.base import DecisionTable - - -# Copyright (c) 2025 Carnegie Mellon University. -# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE -# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. -# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, -# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT -# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR -# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE -# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE -# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM -# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. -# Licensed under a MIT (SEI)-style license, please see LICENSE or contact -# permission@sei.cmu.edu for full terms. -# [DISTRIBUTION STATEMENT A] This material has been approved for -# public release and unlimited distribution. Please see Copyright notice -# for non-US Government use and distribution. -# This Software includes and/or makes use of Third-Party Software each -# subject to its own license. -# DM24-0278 - - -def main(): - pass - - -if __name__ == "__main__": - main() - - -class DecisionPointDict(RootModel[Dict[str, DecisionPoint]]): - """A dictionary of DecisionPoint objects with keys as 'namespace:key:version'.""" - - -class DecisionTableDict(RootModel[Dict[str, DecisionTable]]): - """A dictionary of DecisionTable objects with keys as 'namespace:key:version'.""" From 31025abf54c6ee956c951c22296239fefe74f550 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 21 Aug 2025 15:04:13 -0400 Subject: [PATCH 321/468] refactoring --- src/ssvc/api/response_models/__init__.py | 81 +++------------------- src/ssvc/api/response_models/_type_defs.py | 71 +++++++++++++++++++ src/ssvc/api/routers/versions.py | 29 ++++---- 3 files changed, 94 insertions(+), 87 deletions(-) create mode 100644 src/ssvc/api/response_models/_type_defs.py diff --git a/src/ssvc/api/response_models/__init__.py b/src/ssvc/api/response_models/__init__.py index 51ec4e73..fd4c99fd 100644 --- a/src/ssvc/api/response_models/__init__.py +++ b/src/ssvc/api/response_models/__init__.py @@ -21,79 +21,14 @@ from pydantic import RootModel, model_validator -from ssvc.decision_points.base import DecisionPoint -from ssvc.decision_tables.base import DecisionTable - -# Copyright (c) 2025 Carnegie Mellon University. -# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE -# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. -# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, -# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT -# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR -# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE -# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE -# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM -# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. -# Licensed under a MIT (SEI)-style license, please see LICENSE or contact -# permission@sei.cmu.edu for full terms. -# [DISTRIBUTION STATEMENT A] This material has been approved for -# public release and unlimited distribution. Please see Copyright notice -# for non-US Government use and distribution. -# This Software includes and/or makes use of Third-Party Software each -# subject to its own license. -# DM24-0278 - -# Type aliases for clarity -ListOfStringsType = list[str] -NamespaceDictType = dict[ - str, # "types" - dict[ - str, # specific type - dict[ - str, ListOfStringsType # "namespaces" # list of namespace strings - ], - ], -] - -KeyDictType = dict[ - str, # "types" - dict[ - str, # specific type - dict[ - str, # "namespaces" - dict[ - str, # specific namespace - dict[str, ListOfStringsType], # "keys" # list of keys - ], - ], - ], -] -VersionDictType = dict[ - # types type namespaces namespace keys - str, # "types" - dict[ - str, # specific type - dict[ - str, # "namespaces" - dict[ - str, # specific namespace - dict[ - str, # "keys" - dict[ - str, # specific key - dict[ - str, # "versions" - ListOfStringsType, # list of version strings - ], - ], - ], - ], - ], - ], -] - -DecisionPointDictType = dict[str, DecisionPoint] -DecisionTableDictType = dict[str, DecisionTable] +from ssvc.api.response_models._type_defs import ( + DecisionPointDictType, + DecisionTableDictType, + KeyDictType, + ListOfStringsType, + NamespaceDictType, + VersionDictType, +) class DecisionPointDictResponse(RootModel[DecisionPointDictType]): diff --git a/src/ssvc/api/response_models/_type_defs.py b/src/ssvc/api/response_models/_type_defs.py new file mode 100644 index 00000000..4cc93e0b --- /dev/null +++ b/src/ssvc/api/response_models/_type_defs.py @@ -0,0 +1,71 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +"""Type definitions for use in response models and API endpoints.""" +from ssvc.decision_points.base import DecisionPoint +from ssvc.decision_tables.base import DecisionTable + +ListOfStringsType = list[str] +NamespaceDictType = dict[ + str, # "types" + dict[ + str, # specific type + dict[ + str, ListOfStringsType # "namespaces" # list of namespace strings + ], + ], +] +KeyDictType = dict[ + str, # "types" + dict[ + str, # specific type + dict[ + str, # "namespaces" + dict[ + str, # specific namespace + dict[str, ListOfStringsType], # "keys" # list of keys + ], + ], + ], +] +VersionDictType = dict[ + # types type namespaces namespace keys + str, # "types" + dict[ + str, # specific type + dict[ + str, # "namespaces" + dict[ + str, # specific namespace + dict[ + str, # "keys" + dict[ + str, # specific key + dict[ + str, # "versions" + ListOfStringsType, # list of version strings + ], + ], + ], + ], + ], + ], +] +DecisionPointDictType = dict[str, DecisionPoint] +DecisionTableDictType = dict[str, DecisionTable] diff --git a/src/ssvc/api/routers/versions.py b/src/ssvc/api/routers/versions.py index 04404899..f9e55eab 100644 --- a/src/ssvc/api/routers/versions.py +++ b/src/ssvc/api/routers/versions.py @@ -26,6 +26,7 @@ ListOfStringsResponse, ListOfStringsType, VersionDictResponse, + VersionDictType, ) from ssvc.registry.base import get_registry, lookup_key @@ -33,26 +34,13 @@ r = get_registry() -@router.get( - "/{objtype}/{namespace}/{key}/list", - response_model=ListOfStringsResponse, -) -def get_version_list_for_key( - objtype: str, namespace: str, key: str -) -> ListOfStringsType: - """Returns a list of all versions for a given object type, namespace, and key in the registry.""" - k = lookup_key(objtype=objtype, namespace=namespace, key=key, registry=r) - _404_on_none(k) - return sorted(list(k.versions.keys())) - - @router.get( "/{objtype}/{namespace}/{key}", response_model=VersionDictResponse, ) def get_version_dict_for_key( objtype: str, namespace: str, key: str -) -> VersionDictResponse: +) -> VersionDictType: """Returns a dictionary of all versions for a given object type, namespace, and key in the registry.""" k = lookup_key(objtype=objtype, namespace=namespace, key=key, registry=r) _404_on_none(k) @@ -65,3 +53,16 @@ def get_version_dict_for_key( ] = sorted(list(k.versions.keys())) return response + + +@router.get( + "/{objtype}/{namespace}/{key}/list", + response_model=ListOfStringsResponse, +) +def get_version_list_for_key( + objtype: str, namespace: str, key: str +) -> ListOfStringsType: + """Returns a list of all versions for a given object type, namespace, and key in the registry.""" + k = lookup_key(objtype=objtype, namespace=namespace, key=key, registry=r) + _404_on_none(k) + return sorted(list(k.versions.keys())) From f20823ea05951885b49ce2d72e0748a7bc6b15d8 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 21 Aug 2025 15:47:50 -0400 Subject: [PATCH 322/468] add objects router, add summaries and descriptions, use `async def` --- src/ssvc/api/main.py | 4 +- src/ssvc/api/routers/keys.py | 36 ++++++++++++---- src/ssvc/api/routers/namespaces.py | 38 +++++++++++++---- src/ssvc/api/routers/objects.py | 67 ++++++++++++++++++++++++++++++ src/ssvc/api/routers/types.py | 9 +++- src/ssvc/api/routers/versions.py | 8 +++- 6 files changed, 141 insertions(+), 21 deletions(-) create mode 100644 src/ssvc/api/routers/objects.py diff --git a/src/ssvc/api/main.py b/src/ssvc/api/main.py index 993c9cee..8f637c61 100644 --- a/src/ssvc/api/main.py +++ b/src/ssvc/api/main.py @@ -34,6 +34,7 @@ decision_tables, keys, namespaces, + objects, types, versions, ) @@ -61,10 +62,11 @@ app.include_router(namespaces.router) app.include_router(keys.router) app.include_router(versions.router) +app.include_router(objects.router) # root should redirect to docs # at least until we have something better to show @app.get("/", include_in_schema=False) -def redirect_root_to_docs(): +async def redirect_root_to_docs(): return RedirectResponse(url="/docs") diff --git a/src/ssvc/api/routers/keys.py b/src/ssvc/api/routers/keys.py index 95486336..5b71b858 100644 --- a/src/ssvc/api/routers/keys.py +++ b/src/ssvc/api/routers/keys.py @@ -33,8 +33,13 @@ r = get_registry() -@router.get("/", response_model=KeyDictResponse) -def get_key_dict() -> dict: +@router.get( + "/", + summary="Get Key Dictionary", + description="Returns a dictionary of all keys in the registry, grouped by object type and namespace", + response_model=KeyDictResponse, +) +async def get_key_dict() -> dict: """Returns a dictionary of all keys in the registry, grouped by object type and namespace.""" response = {} response["types"] = {} @@ -54,8 +59,13 @@ def get_key_dict() -> dict: return response -@router.get("/{objtype}", response_model=KeyDictResponse) -def get_key_dict_for_type(objtype: str) -> dict: +@router.get( + "/{objtype}", + summary="Get Key Dictionary for Type", + description="Returns a dictionary of all keys for a given object type in the registry, grouped by object type and namespace", + response_model=KeyDictResponse, +) +async def get_key_dict_for_type(objtype: str) -> dict: """Returns a dictionary of all keys for a given object type in the registry, grouped by object type and namespace.""" object_type = r.types.get(objtype) _404_on_none(object_type) @@ -69,8 +79,15 @@ def get_key_dict_for_type(objtype: str) -> dict: return response -@router.get("/{objtype}/{namespace}", response_model=KeyDictResponse) -def get_key_dict_for_type_and_namespace(objtype: str, namespace: str) -> dict: +@router.get( + "/{objtype}/{namespace}", + summary="Get Key Dictionary for Type and Namespace", + description="Returns a dictionary of all keys for a given object type and namespace in the registry, grouped by object type and namespace", + response_model=KeyDictResponse, +) +async def get_key_dict_for_type_and_namespace( + objtype: str, namespace: str +) -> dict: """Returns a dictionary of all keys for a given object type and namespace in the registry, grouped by object type and namespace.""" ns = lookup_namespace(objtype=objtype, namespace=namespace, registry=r) _404_on_none(ns) @@ -88,9 +105,12 @@ def get_key_dict_for_type_and_namespace(objtype: str, namespace: str) -> dict: @router.get( - "/{objtype}/{namespace}/list", response_model=ListOfStringsResponse + "/{objtype}/{namespace}/list", + summary="Get Key Dictionary for Type and Namespace", + description="Returns a list (without surrounding dict) of all keys for a given object type and namespace in the registry", + response_model=ListOfStringsResponse, ) -def get_key_list_for_type_and_namespace( +async def get_key_list_for_type_and_namespace( objtype: str, namespace: str ) -> ListOfStringsType: """Returns a list of all keys for a given object type and namespace in the registry.""" diff --git a/src/ssvc/api/routers/namespaces.py b/src/ssvc/api/routers/namespaces.py index df716d8d..dabe1840 100644 --- a/src/ssvc/api/routers/namespaces.py +++ b/src/ssvc/api/routers/namespaces.py @@ -38,8 +38,15 @@ r = get_registry() -@router.get("/", response_model=NamespaceDictResponse) -def get_object_type_namespaces() -> dict[str, dict[str, dict[str, list[str]]]]: +@router.get( + "/", + summary="Get all object types and their namespaces", + description="Returns a dictionary of namespaces organized by object type.", + response_model=NamespaceDictResponse, +) +async def get_object_type_namespaces() -> ( + dict[str, dict[str, dict[str, list[str]]]] +): """Returns a dictionary of object types and their namespaces.""" response = {} response["types"] = {} @@ -51,8 +58,13 @@ def get_object_type_namespaces() -> dict[str, dict[str, dict[str, list[str]]]]: return response -@router.get("/list", response_model=ListOfStringsResponse) -def get_namespace_list() -> ListOfStringsType: +@router.get( + "/list", + summary="Get a list (without surrounding dict) of all namespaces in the registry (regardless of object type)", + description="Returns a list of all namespaces in the registry.", + response_model=ListOfStringsResponse, +) +async def get_namespace_list() -> ListOfStringsType: """Returns a list of all namespaces in the registry.""" namespaces = set() for objtype in r.types: @@ -61,8 +73,13 @@ def get_namespace_list() -> ListOfStringsType: return sorted(list(namespaces)) -@router.get("/{objtype}", response_model=NamespaceDictResponse) -def get_namespace_list_for_type(objtype: str) -> NamespaceDictType: +@router.get( + "/{objtype}", + summary="Get the namespaces in the registry for a given object type", + description="Returns a dictionary containing a list of namespaces for a given object type in the registry, organized by object type.", + response_model=NamespaceDictResponse, +) +async def get_namespace_list_for_type(objtype: str) -> NamespaceDictType: """Returns a dict of all namespaces for a given object type in the registry.""" result = lookup_objtype(objtype=objtype, registry=r) _404_on_none(result) @@ -75,8 +92,13 @@ def get_namespace_list_for_type(objtype: str) -> NamespaceDictType: return response -@router.get("/{objtype}/list", response_model=ListOfStringsResponse) -def get_namespace_list_for_type(objtype: str) -> list[str]: +@router.get( + "/{objtype}/list", + summary="Get a list of namespaces for a given object type", + description="Returns a list of namespaces (without surrounding dict) for a given object type in the registry.", + response_model=ListOfStringsResponse, +) +async def get_namespace_list_for_type(objtype: str) -> list[str]: """Returns a list of all namespaces for a given object type in the registry.""" result = lookup_objtype(objtype=objtype, registry=r) _404_on_none(result) diff --git a/src/ssvc/api/routers/objects.py b/src/ssvc/api/routers/objects.py new file mode 100644 index 00000000..88a32e72 --- /dev/null +++ b/src/ssvc/api/routers/objects.py @@ -0,0 +1,67 @@ +"""Objects API Router.""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from fastapi import APIRouter + +from ssvc.api.helpers import _404_on_none +from ssvc.decision_points.base import DecisionPoint +from ssvc.decision_tables.base import DecisionTable +from ssvc.registry.base import get_registry, lookup_by_id + +router = APIRouter(prefix="/objects", tags=["SSVC Objects"]) +r = get_registry() + +# generate endpoints for each object type +object_types = [DecisionPoint, DecisionTable] + + +@router.get( + "/DecisionPoint/{namespace}/{key}/{version}", + summary="Get an object by objtype, namespace, key, and version", + response_model=DecisionPoint, +) +async def get_object(namespace: str, key: str, version: str) -> DecisionPoint: + """ + Get an object by its type, namespace, key, and version. + """ + obj_id = ":".join([namespace, key, version]) + ver_obj = lookup_by_id(objtype="DecisionPoint", objid=obj_id, registry=r) + + _404_on_none(ver_obj) + obj = ver_obj.obj + return obj + + +@router.get( + "/DecisionTable/{namespace}/{key}/{version}", + summary="Get an object by objtype, namespace, key, and version", + response_model=DecisionTable, +) +async def get_object(namespace: str, key: str, version: str) -> DecisionTable: + """ + Get an object by its type, namespace, key, and version. + """ + obj_id = ":".join([namespace, key, version]) + ver_obj = lookup_by_id(objtype="DecisionTable", objid=obj_id, registry=r) + + _404_on_none(ver_obj) + obj = ver_obj.obj + return obj diff --git a/src/ssvc/api/routers/types.py b/src/ssvc/api/routers/types.py index 2e01f8b2..0bf295b3 100644 --- a/src/ssvc/api/routers/types.py +++ b/src/ssvc/api/routers/types.py @@ -29,7 +29,12 @@ router = APIRouter(prefix="/objtypes", tags=["SSVC Object Types"]) -@router.get("/list", response_model=ListOfStringsResponse) -def get_object_type_list() -> ListOfStringsType: +@router.get( + "/list", + summary="Retrieve a list of available object types", + description="Returns a sorted list of all object types available in the SSVC registry.", + response_model=ListOfStringsResponse, +) +async def get_object_type_list() -> ListOfStringsType: """Returns a list of all object types in the registry.""" return sorted(list(r.types.keys())) diff --git a/src/ssvc/api/routers/versions.py b/src/ssvc/api/routers/versions.py index f9e55eab..77750e55 100644 --- a/src/ssvc/api/routers/versions.py +++ b/src/ssvc/api/routers/versions.py @@ -36,9 +36,11 @@ @router.get( "/{objtype}/{namespace}/{key}", + summary="Get the version strings for a given object type, namespace, and key.", + description="Returns a dict for a specific object type, namespace, and key in the SSVC registry containing a list of version strings available.", response_model=VersionDictResponse, ) -def get_version_dict_for_key( +async def get_version_dict_for_key( objtype: str, namespace: str, key: str ) -> VersionDictType: """Returns a dictionary of all versions for a given object type, namespace, and key in the registry.""" @@ -57,9 +59,11 @@ def get_version_dict_for_key( @router.get( "/{objtype}/{namespace}/{key}/list", + summary="Get the list (without the surrounding dict) of version strings for a given object type, namespace, and key.", + description="Returns a sorted list of version strings available for the specified object type, namespace, and key in the SSVC registry.", response_model=ListOfStringsResponse, ) -def get_version_list_for_key( +async def get_version_list_for_key( objtype: str, namespace: str, key: str ) -> ListOfStringsType: """Returns a list of all versions for a given object type, namespace, and key in the registry.""" From dc9c9541a6b4de8e5e05da12e1156d7bef3af4d3 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 21 Aug 2025 15:57:08 -0400 Subject: [PATCH 323/468] improve type defs --- src/ssvc/api/response_models/__init__.py | 67 ++++++++++++++++++++++ src/ssvc/api/response_models/_type_defs.py | 4 +- src/ssvc/api/routers/decision_points.py | 35 +++++++++-- src/ssvc/api/routers/decision_tables.py | 25 +++++++- 4 files changed, 121 insertions(+), 10 deletions(-) diff --git a/src/ssvc/api/response_models/__init__.py b/src/ssvc/api/response_models/__init__.py index fd4c99fd..edca6ea3 100644 --- a/src/ssvc/api/response_models/__init__.py +++ b/src/ssvc/api/response_models/__init__.py @@ -25,19 +25,86 @@ DecisionPointDictType, DecisionTableDictType, KeyDictType, + ListOfDecisionPointValuesType, ListOfStringsType, NamespaceDictType, VersionDictType, ) +from ssvc.decision_points.base import DecisionPoint, DecisionPointValue +from ssvc.decision_tables.base import DecisionTable + + +class DecisionPointListResponse(RootModel[list[DecisionPoint]]): + """Response model for a list of DecisionPoint objects.""" + + @model_validator(mode="before") + @classmethod + def model_validate(cls, value): + if not isinstance(value, list): + raise TypeError("Value must be a list") + + for item in value: + if not isinstance(item, DecisionPoint): + raise TypeError( + f"Item '{item}' must be a DecisionPoint object" + ) + + return value + + +class DecisionPointValueListResponse(RootModel[ListOfDecisionPointValuesType]): + """Response model for a list of DecisionPointValue objects.""" + + @model_validator(mode="before") + @classmethod + def model_validate(cls, value): + if not isinstance(value, list): + raise TypeError("Value must be a list") + + for item in value: + if not isinstance(item, DecisionPointValue): + raise TypeError( + f"Item '{item}' must be a DecisionPointValue object" + ) + + return value class DecisionPointDictResponse(RootModel[DecisionPointDictType]): """A dictionary of DecisionPoint objects with keys as 'namespace:key:version'.""" + @model_validator(mode="before") + @classmethod + def model_validate(cls, value): + if not isinstance(value, dict): + raise TypeError("Value must be a dictionary") + + for k, v in value.items(): + if not isinstance(k, str): + raise TypeError(f"Key '{k}' must be a string") + if not isinstance(v, DecisionPoint): + raise TypeError(f"Value for key '{k}' must be a DecisionPoint") + + return value + class DecisionTableDictResponse(RootModel[DecisionTableDictType]): """A dictionary of DecisionTable objects with keys as 'namespace:key:version'.""" + @model_validator(mode="before") + @classmethod + def model_validate(cls, value): + if not isinstance(value, dict): + raise TypeError("Value must be a dictionary") + + for k, v in value.items(): + if not isinstance(k, str): + raise TypeError(f"Key '{k}' must be a string") + if not isinstance(v, DecisionTable): + raise TypeError(f"Value for key '{k}' must be a DecisionTable") + + return value + class ListOfStringsResponse(RootModel[ListOfStringsType]): """Response model for a list of strings.""" diff --git a/src/ssvc/api/response_models/_type_defs.py b/src/ssvc/api/response_models/_type_defs.py index 4cc93e0b..a1fc893c 100644 --- a/src/ssvc/api/response_models/_type_defs.py +++ b/src/ssvc/api/response_models/_type_defs.py @@ -18,10 +18,12 @@ # DM24-0278 """Type definitions for use in response models and API endpoints.""" -from ssvc.decision_points.base import DecisionPoint +from ssvc.decision_points.base import DecisionPoint, DecisionPointValue from ssvc.decision_tables.base import DecisionTable ListOfStringsType = list[str] +ListOfDecisionPointValuesType = list[DecisionPointValue] + NamespaceDictType = dict[ str, # "types" dict[ diff --git a/src/ssvc/api/routers/decision_points.py b/src/ssvc/api/routers/decision_points.py index 54794b03..5413c985 100644 --- a/src/ssvc/api/routers/decision_points.py +++ b/src/ssvc/api/routers/decision_points.py @@ -24,8 +24,10 @@ from ssvc.api.response_models import ( DecisionPointDictResponse, DecisionPointDictType, + DecisionPointValueListResponse, + ListOfDecisionPointValuesType, ) -from ssvc.decision_points.base import DecisionPoint, DecisionPointValue +from ssvc.decision_points.base import DecisionPoint from ssvc.registry.base import get_registry from ssvc.registry.base import ( lookup_key, @@ -40,7 +42,12 @@ router = APIRouter(prefix="/decision_points", tags=["Decision Points"]) -@router.get("/", response_model=DecisionPointDictResponse) +@router.get( + "/", + summary="Get all decision points", + description="Returns a dictionary of all DecisionPoint objects organized by their object id.", + response_model=DecisionPointDictResponse, +) async def get_all_decision_points() -> DecisionPointDictType: result = lookup_objtype(objtype="DecisionPoint", registry=r) _404_on_none(result) @@ -55,7 +62,12 @@ async def get_all_decision_points() -> DecisionPointDictType: return objs -@router.get("/{namespace}", response_model=DecisionPointDictResponse) +@router.get( + "/{namespace}", + summary="Get all decision points for a namespace", + description="Returns a dictionary of DecisionPoint objects for the given namespace organized by their object id.", + response_model=DecisionPointDictResponse, +) async def get_all_decision_points_for_namespace( namespace: str, ) -> DecisionPointDictType: @@ -73,7 +85,12 @@ async def get_all_decision_points_for_namespace( return objs -@router.get("/{namespace}/{key}", response_model=DecisionPointDictResponse) +@router.get( + "/{namespace}/{key}", + summary="Get all versions of a decision point for a key in a namespace", + description="Returns a dictionary of DecisionPoint objects for the given namespace and key organized by their object id.", + response_model=DecisionPointDictResponse, +) async def get_all_versions_of_decision_points_for_key( namespace: str, key: str ) -> DecisionPointDictType: @@ -93,6 +110,8 @@ async def get_all_versions_of_decision_points_for_key( @router.get( "/{namespace}/{key}/latest", + summary="Get the latest decision point for a key in a namespace", + description="Returns the latest DecisionPoint object for the given namespace and key.", response_model=DecisionPoint, ) async def get_latest_decision_point_for_key( @@ -109,6 +128,8 @@ async def get_latest_decision_point_for_key( @router.get( "/decision_points/{namespace}/{key}/{version}", + summary="Get a specific version of a decision point", + description="Returns a single DecisionPoint object for the given namespace, key, and version.", response_model=DecisionPoint, ) async def get_decision_point_version( @@ -129,11 +150,13 @@ async def get_decision_point_version( @router.get( "/decision_points/{namespace}/{key}/{version}/values", - response_model=list[DecisionPointValue], + summary="Get the values of a decision point", + description="Returns the list of values of a single DecisionPoint object for the given namespace, key, and version.", + response_model=DecisionPointValueListResponse, ) async def get_decision_point_values( namespace: str, key: str, version: str -) -> DecisionPoint: +) -> ListOfDecisionPointValuesType: """Returns the values of a single DecisionPoint object for the given namespace, key, and version.""" result = lookup_version( objtype="DecisionPoint", diff --git a/src/ssvc/api/routers/decision_tables.py b/src/ssvc/api/routers/decision_tables.py index 67f37917..58083ce4 100644 --- a/src/ssvc/api/routers/decision_tables.py +++ b/src/ssvc/api/routers/decision_tables.py @@ -40,7 +40,12 @@ router = APIRouter(prefix="/decision_tables", tags=["Decision Tables"]) -@router.get("/", response_model=DecisionTableDictResponse) +@router.get( + "/", + summary="Get all decision tables", + description="Returns a dictionary of all decision tables in the registry organized by their object id.", + response_model=DecisionTableDictResponse, +) async def get_decision_tables() -> DecisionTableDictType: # load registry and return decision tables result = lookup_objtype(objtype="DecisionTable", registry=r) @@ -55,7 +60,12 @@ async def get_decision_tables() -> DecisionTableDictType: return objs -@router.get("/{namespace}", response_model=DecisionTableDictResponse) +@router.get( + "/{namespace}", + summary="Get decision tables for a namespace", + description="Returns a dictionary of DecisionTable objects for the given namespace organized by their object id.", + response_model=DecisionTableDictResponse, +) async def get_decision_tables_for_namespace( namespace: str, ) -> DecisionTableDictType: @@ -73,7 +83,12 @@ async def get_decision_tables_for_namespace( return objs -@router.get("/{namespace}/{key}", response_model=DecisionTableDictResponse) +@router.get( + "/{namespace}/{key}", + summary="Get decision tables for namespace and key", + description="Returns a dictionary of DecisionTable objects for the given namespace and key organized by their object id.", + response_model=DecisionTableDictResponse, +) async def get_decision_tables_for_key( namespace: str, key: str ) -> DecisionTableDictType: @@ -96,6 +111,8 @@ async def get_decision_tables_for_key( @router.get( "/{namespace}/{key}/latest", + summary="Get the latest decision table for a namespace and key", + description="Returns the latest DecisionTable object for the given namespace and key.", response_model=DecisionTable, ) async def get_latest_decision_table_for_key( @@ -112,6 +129,8 @@ async def get_latest_decision_table_for_key( @router.get( "/{namespace}/{key}/{version}", + summary="Get a specific version of a decision table", + description="Returns a specific version of a DecisionTable object for the given namespace, key, and version.", response_model=DecisionTable, ) async def get_decision_table_version( From a031e48a76953bf6c1b0a820022d11aaf91e65c0 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 21 Aug 2025 16:00:36 -0400 Subject: [PATCH 324/468] validate expected dictionary keys --- src/ssvc/api/response_models/__init__.py | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/src/ssvc/api/response_models/__init__.py b/src/ssvc/api/response_models/__init__.py index edca6ea3..94e0cf63 100644 --- a/src/ssvc/api/response_models/__init__.py +++ b/src/ssvc/api/response_models/__init__.py @@ -79,12 +79,18 @@ def model_validate(cls, value): if not isinstance(value, dict): raise TypeError("Value must be a dictionary") - for k, v in value.items(): + for k, obj in value.items(): if not isinstance(k, str): raise TypeError(f"Key '{k}' must be a string") - if not isinstance(v, DecisionPoint): + if not isinstance(obj, DecisionPoint): raise TypeError(f"Value for key '{k}' must be a DecisionPoint") + # key must be the value.id + if k != obj.id: + raise ValueError( + f"Key '{k}' does not match DecisionPoint id '{obj.id}'" + ) + return value @@ -97,12 +103,18 @@ def model_validate(cls, value): if not isinstance(value, dict): raise TypeError("Value must be a dictionary") - for k, v in value.items(): + for k, obj in value.items(): if not isinstance(k, str): raise TypeError(f"Key '{k}' must be a string") - if not isinstance(v, DecisionTable): + if not isinstance(obj, DecisionTable): raise TypeError(f"Value for key '{k}' must be a DecisionTable") + # key must be the value.id + if k != obj.id: + raise ValueError( + f"Key '{k}' does not match DecisionPoint id '{obj.id}'" + ) + return value From a99e4c7fd42c5e50fb1a857671478a2ef7863421 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 21 Aug 2025 16:06:38 -0400 Subject: [PATCH 325/468] add decision_points/namespace/key/latest/values route --- src/ssvc/api/response_models/__init__.py | 4 ++-- src/ssvc/api/response_models/_type_defs.py | 2 +- src/ssvc/api/routers/decision_points.py | 26 ++++++++++++++++++---- 3 files changed, 25 insertions(+), 7 deletions(-) diff --git a/src/ssvc/api/response_models/__init__.py b/src/ssvc/api/response_models/__init__.py index 94e0cf63..202098c2 100644 --- a/src/ssvc/api/response_models/__init__.py +++ b/src/ssvc/api/response_models/__init__.py @@ -23,9 +23,9 @@ from ssvc.api.response_models._type_defs import ( DecisionPointDictType, + DecisionPointValuesListType, DecisionTableDictType, KeyDictType, - ListOfDecisionPointValuesType, ListOfStringsType, NamespaceDictType, VersionDictType, @@ -52,7 +52,7 @@ def model_validate(cls, value): return value -class DecisionPointValueListResponse(RootModel[ListOfDecisionPointValuesType]): +class DecisionPointValueListResponse(RootModel[DecisionPointValuesListType]): """Response model for a list of DecisionPointValue objects.""" @model_validator(mode="before") diff --git a/src/ssvc/api/response_models/_type_defs.py b/src/ssvc/api/response_models/_type_defs.py index a1fc893c..c21ff657 100644 --- a/src/ssvc/api/response_models/_type_defs.py +++ b/src/ssvc/api/response_models/_type_defs.py @@ -22,7 +22,7 @@ from ssvc.decision_tables.base import DecisionTable ListOfStringsType = list[str] -ListOfDecisionPointValuesType = list[DecisionPointValue] +DecisionPointValuesListType = list[DecisionPointValue] NamespaceDictType = dict[ str, # "types" diff --git a/src/ssvc/api/routers/decision_points.py b/src/ssvc/api/routers/decision_points.py index 5413c985..1259303b 100644 --- a/src/ssvc/api/routers/decision_points.py +++ b/src/ssvc/api/routers/decision_points.py @@ -25,7 +25,7 @@ DecisionPointDictResponse, DecisionPointDictType, DecisionPointValueListResponse, - ListOfDecisionPointValuesType, + DecisionPointValuesListType, ) from ssvc.decision_points.base import DecisionPoint from ssvc.registry.base import get_registry @@ -127,7 +127,7 @@ async def get_latest_decision_point_for_key( @router.get( - "/decision_points/{namespace}/{key}/{version}", + "/{namespace}/{key}/{version}", summary="Get a specific version of a decision point", description="Returns a single DecisionPoint object for the given namespace, key, and version.", response_model=DecisionPoint, @@ -149,14 +149,32 @@ async def get_decision_point_version( @router.get( - "/decision_points/{namespace}/{key}/{version}/values", + "/{namespace}/{key}/latest/values", + summary="Get the latest decision point for a key in a namespace", + description="Returns the latest DecisionPoint object for the given namespace and key.", + response_model=DecisionPointValueListResponse, +) +async def get_latest_decision_point_for_key( + namespace: str, key: str +) -> DecisionPointValuesListType: + """Returns the latest DecisionPoint object for the given namespace and key.""" + result = lookup_latest( + objtype="DecisionPoint", namespace=namespace, key=key, registry=r + ) + _404_on_none(result) + dp = result + return list(dp.values) + + +@router.get( + "/{namespace}/{key}/{version}/values", summary="Get the values of a decision point", description="Returns the list of values of a single DecisionPoint object for the given namespace, key, and version.", response_model=DecisionPointValueListResponse, ) async def get_decision_point_values( namespace: str, key: str, version: str -) -> ListOfDecisionPointValuesType: +) -> DecisionPointValuesListType: """Returns the values of a single DecisionPoint object for the given namespace, key, and version.""" result = lookup_version( objtype="DecisionPoint", From c0d6956e436358bf66a3cecf15ae1bbcd2736e2d Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 21 Aug 2025 16:08:42 -0400 Subject: [PATCH 326/468] reorganize type defs --- src/ssvc/api/response_models/_type_defs.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/ssvc/api/response_models/_type_defs.py b/src/ssvc/api/response_models/_type_defs.py index c21ff657..e6218297 100644 --- a/src/ssvc/api/response_models/_type_defs.py +++ b/src/ssvc/api/response_models/_type_defs.py @@ -21,9 +21,14 @@ from ssvc.decision_points.base import DecisionPoint, DecisionPointValue from ssvc.decision_tables.base import DecisionTable +# simple stuff first ListOfStringsType = list[str] DecisionPointValuesListType = list[DecisionPointValue] +DecisionPointDictType = dict[str, DecisionPoint] +DecisionTableDictType = dict[str, DecisionTable] + +# more complex types NamespaceDictType = dict[ str, # "types" dict[ @@ -69,5 +74,3 @@ ], ], ] -DecisionPointDictType = dict[str, DecisionPoint] -DecisionTableDictType = dict[str, DecisionTable] From 45062110aa5d5e2fbe37114e5e951f27f9063dc8 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 21 Aug 2025 16:15:31 -0400 Subject: [PATCH 327/468] add TypesDictType definition and update descriptions for clarity --- src/ssvc/api/response_models/_type_defs.py | 5 +++++ src/ssvc/api/routers/keys.py | 2 +- src/ssvc/api/routers/namespaces.py | 4 ++-- src/ssvc/api/routers/types.py | 15 ++++++++++++++- src/ssvc/api/routers/versions.py | 2 +- 5 files changed, 23 insertions(+), 5 deletions(-) diff --git a/src/ssvc/api/response_models/_type_defs.py b/src/ssvc/api/response_models/_type_defs.py index e6218297..050ead61 100644 --- a/src/ssvc/api/response_models/_type_defs.py +++ b/src/ssvc/api/response_models/_type_defs.py @@ -29,6 +29,11 @@ # more complex types +TypesDictType = dict[ + str, # "types" + list[str], # list of object types +] + NamespaceDictType = dict[ str, # "types" dict[ diff --git a/src/ssvc/api/routers/keys.py b/src/ssvc/api/routers/keys.py index 5b71b858..894ea188 100644 --- a/src/ssvc/api/routers/keys.py +++ b/src/ssvc/api/routers/keys.py @@ -107,7 +107,7 @@ async def get_key_dict_for_type_and_namespace( @router.get( "/{objtype}/{namespace}/list", summary="Get Key Dictionary for Type and Namespace", - description="Returns a list (without surrounding dict) of all keys for a given object type and namespace in the registry", + description="Returns a list (without the enclosing dict) of all keys for a given object type and namespace in the registry", response_model=ListOfStringsResponse, ) async def get_key_list_for_type_and_namespace( diff --git a/src/ssvc/api/routers/namespaces.py b/src/ssvc/api/routers/namespaces.py index dabe1840..28398501 100644 --- a/src/ssvc/api/routers/namespaces.py +++ b/src/ssvc/api/routers/namespaces.py @@ -60,7 +60,7 @@ async def get_object_type_namespaces() -> ( @router.get( "/list", - summary="Get a list (without surrounding dict) of all namespaces in the registry (regardless of object type)", + summary="Get a list (without the enclosing dict) of all namespaces in the registry (regardless of object type)", description="Returns a list of all namespaces in the registry.", response_model=ListOfStringsResponse, ) @@ -95,7 +95,7 @@ async def get_namespace_list_for_type(objtype: str) -> NamespaceDictType: @router.get( "/{objtype}/list", summary="Get a list of namespaces for a given object type", - description="Returns a list of namespaces (without surrounding dict) for a given object type in the registry.", + description="Returns a list of namespaces (without the enclosing dict) for a given object type in the registry.", response_model=ListOfStringsResponse, ) async def get_namespace_list_for_type(objtype: str) -> list[str]: diff --git a/src/ssvc/api/routers/types.py b/src/ssvc/api/routers/types.py index 0bf295b3..5401c78a 100644 --- a/src/ssvc/api/routers/types.py +++ b/src/ssvc/api/routers/types.py @@ -22,6 +22,7 @@ from fastapi import APIRouter from ssvc.api.response_models import ListOfStringsResponse, ListOfStringsType +from ssvc.api.response_models._type_defs import TypesDictType from ssvc.registry.base import get_registry r = get_registry() @@ -29,10 +30,22 @@ router = APIRouter(prefix="/objtypes", tags=["SSVC Object Types"]) +@router.get( + "/", + summary="Get all object types", + description="Returns a dictionary containing a list of all object types available in the SSVC registry.", + response_model=TypesDictType, +) +async def get_object_types() -> TypesDictType: + """Returns a dictionary of all object types in the registry.""" + response = {"types": sorted(list(r.types.keys()))} + return response + + @router.get( "/list", summary="Retrieve a list of available object types", - description="Returns a sorted list of all object types available in the SSVC registry.", + description="Returns a sorted list (without the enclosing dict) of all object types available in the SSVC registry.", response_model=ListOfStringsResponse, ) async def get_object_type_list() -> ListOfStringsType: diff --git a/src/ssvc/api/routers/versions.py b/src/ssvc/api/routers/versions.py index 77750e55..66b73b5d 100644 --- a/src/ssvc/api/routers/versions.py +++ b/src/ssvc/api/routers/versions.py @@ -59,7 +59,7 @@ async def get_version_dict_for_key( @router.get( "/{objtype}/{namespace}/{key}/list", - summary="Get the list (without the surrounding dict) of version strings for a given object type, namespace, and key.", + summary="Get the list (without the enclosing dict) of version strings for a given object type, namespace, and key.", description="Returns a sorted list of version strings available for the specified object type, namespace, and key in the SSVC registry.", response_model=ListOfStringsResponse, ) From 1062ba9e075991c5b826703f14d43758542edbc5 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 21 Aug 2025 16:25:57 -0400 Subject: [PATCH 328/468] add TypesDictResponse model and update response handling for object types --- src/ssvc/api/main.py | 21 +++++++++++++++++++++ src/ssvc/api/response_models/__init__.py | 23 +++++++++++++++++++++++ src/ssvc/api/routers/types.py | 8 ++++++-- 3 files changed, 50 insertions(+), 2 deletions(-) diff --git a/src/ssvc/api/main.py b/src/ssvc/api/main.py index 8f637c61..be460440 100644 --- a/src/ssvc/api/main.py +++ b/src/ssvc/api/main.py @@ -70,3 +70,24 @@ @app.get("/", include_in_schema=False) async def redirect_root_to_docs(): return RedirectResponse(url="/docs") + + +if __name__ == "__main__": + from tabulate import tabulate + + rows = [] + for route in app.routes: + methods = ",".join(sorted(route.methods - {"HEAD", "OPTIONS"})) + response_model = getattr(route, "response_model", None) + response_model_name = response_model.__name__ if response_model else "" + description = getattr(route, "summary", "") or getattr( + route, "description", "" + ) + rows.append([route.path, methods, response_model_name, description]) + + table = tabulate( + rows, + headers=["Path", "Methods", "Response Model", "Description"], + tablefmt="github", + ) + print(table) diff --git a/src/ssvc/api/response_models/__init__.py b/src/ssvc/api/response_models/__init__.py index 202098c2..acfe92e1 100644 --- a/src/ssvc/api/response_models/__init__.py +++ b/src/ssvc/api/response_models/__init__.py @@ -28,6 +28,7 @@ KeyDictType, ListOfStringsType, NamespaceDictType, + TypesDictType, VersionDictType, ) from ssvc.decision_points.base import DecisionPoint, DecisionPointValue @@ -134,6 +135,28 @@ def model_validate(cls, value): return value +class TypesDictResponse(RootModel[TypesDictType]): + """Response model for the list of object types.""" + + @model_validator(mode="before") + @classmethod + def model_validate(cls, value): + if not isinstance(value, dict): + raise TypeError("Value must be a dictionary") + + if "types" not in value: + raise ValueError('Top-level key must be "types"') + + if not isinstance(value["types"], list): + raise TypeError('"types" must be a list') + + for item in value["types"]: + if not isinstance(item, str): + raise TypeError(f'Object type "{item}" must be a string') + + return value + + class NamespaceDictResponse(RootModel[NamespaceDictType]): """Response model for the namespaces of object types.""" diff --git a/src/ssvc/api/routers/types.py b/src/ssvc/api/routers/types.py index 5401c78a..1f55acf3 100644 --- a/src/ssvc/api/routers/types.py +++ b/src/ssvc/api/routers/types.py @@ -21,7 +21,11 @@ from fastapi import APIRouter -from ssvc.api.response_models import ListOfStringsResponse, ListOfStringsType +from ssvc.api.response_models import ( + ListOfStringsResponse, + ListOfStringsType, + TypesDictResponse, +) from ssvc.api.response_models._type_defs import TypesDictType from ssvc.registry.base import get_registry @@ -34,7 +38,7 @@ "/", summary="Get all object types", description="Returns a dictionary containing a list of all object types available in the SSVC registry.", - response_model=TypesDictType, + response_model=TypesDictResponse, ) async def get_object_types() -> TypesDictType: """Returns a dictionary of all object types in the registry.""" From 141339c088c4d75b5affe12d4e93ca160b9a28ec Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 21 Aug 2025 16:45:30 -0400 Subject: [PATCH 329/468] add unit tests for Decision Points and Decision Tables APIs (+11 squashed commits) Squashed commits: [15dd288] add unit tests for Objects API in test_objects.py [b9f2d70] add unit tests for Versions API in test_versions.py [ca2a5b0] rename test files for Keys and Namespaces APIs [4b78a6f] add unit tests for Keys API in test_keys.py [8963982] add unit tests for Namespaces API in test_namespaces.py [7fb49a3] add unit tests for Types API in test_types.py [a34e48a] add unit tests for Decision Point API in test_decision_table.py [7fc227b] refactor test setup for Decision Point API and improve registry handling [d69e29c] add unit tests for Decision Point API endpoints [8770218] rename ListOfStringsType to StringsListType for consistency across response models [7eb02a9] add _404_on_none helper function and corresponding tests --- src/ssvc/api/helpers.py | 34 +--- src/ssvc/api/response_models/__init__.py | 15 +- src/ssvc/api/response_models/_type_defs.py | 21 ++- src/ssvc/api/routers/keys.py | 4 +- src/ssvc/api/routers/namespaces.py | 9 +- src/ssvc/api/routers/types.py | 4 +- src/ssvc/api/routers/versions.py | 4 +- src/test/api/__init__.py | 34 ++++ src/test/api/response_models/__init__.py | 33 ++++ src/test/api/routers/__init__.py | 34 ++++ src/test/api/routers/test_decision_point.py | 94 +++++++++++ src/test/api/routers/test_decision_points.py | 134 +++++++++++++++ src/test/api/routers/test_decision_table.py | 118 +++++++++++++ src/test/api/routers/test_decision_tables.py | 166 +++++++++++++++++++ src/test/api/routers/test_keys.py | 116 +++++++++++++ src/test/api/routers/test_namespaces.py | 87 ++++++++++ src/test/api/routers/test_objects.py | 159 ++++++++++++++++++ src/test/api/routers/test_types.py | 54 ++++++ src/test/api/routers/test_versions.py | 111 +++++++++++++ src/test/api/test_helpers.py | 44 +++++ src/test/api/test_main.py | 63 +++++++ 21 files changed, 1282 insertions(+), 56 deletions(-) create mode 100644 src/test/api/__init__.py create mode 100644 src/test/api/response_models/__init__.py create mode 100644 src/test/api/routers/__init__.py create mode 100644 src/test/api/routers/test_decision_point.py create mode 100644 src/test/api/routers/test_decision_points.py create mode 100644 src/test/api/routers/test_decision_table.py create mode 100644 src/test/api/routers/test_decision_tables.py create mode 100644 src/test/api/routers/test_keys.py create mode 100644 src/test/api/routers/test_namespaces.py create mode 100644 src/test/api/routers/test_objects.py create mode 100644 src/test/api/routers/test_types.py create mode 100644 src/test/api/routers/test_versions.py create mode 100644 src/test/api/test_helpers.py create mode 100644 src/test/api/test_main.py diff --git a/src/ssvc/api/helpers.py b/src/ssvc/api/helpers.py index 7e319d50..c9b5ce78 100644 --- a/src/ssvc/api/helpers.py +++ b/src/ssvc/api/helpers.py @@ -29,34 +29,12 @@ from fastapi import HTTPException -# Copyright (c) 2025 Carnegie Mellon University. -# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE -# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. -# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, -# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT -# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR -# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE -# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE -# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM -# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. -# Licensed under a MIT (SEI)-style license, please see LICENSE or contact -# permission@sei.cmu.edu for full terms. -# [DISTRIBUTION STATEMENT A] This material has been approved for -# public release and unlimited distribution. Please see Copyright notice -# for non-US Government use and distribution. -# This Software includes and/or makes use of Third-Party Software each -# subject to its own license. -# DM24-0278 - - -def main(): - pass - - -if __name__ == "__main__": - main() - +def _404_on_none(obj: Any) -> None: + """ + API helper function to raise a 404 HTTPException if the passed object is None. -def _404_on_none(obj: Any): + Args: + obj: The object to check. If it is None, a 404 error will be raised. + """ if obj is None: raise HTTPException(status_code=404, detail=f"Item not found") diff --git a/src/ssvc/api/response_models/__init__.py b/src/ssvc/api/response_models/__init__.py index acfe92e1..d6de6b3f 100644 --- a/src/ssvc/api/response_models/__init__.py +++ b/src/ssvc/api/response_models/__init__.py @@ -21,16 +21,9 @@ from pydantic import RootModel, model_validator -from ssvc.api.response_models._type_defs import ( - DecisionPointDictType, - DecisionPointValuesListType, - DecisionTableDictType, - KeyDictType, - ListOfStringsType, - NamespaceDictType, - TypesDictType, - VersionDictType, -) +from ssvc.api.response_models._type_defs import (DecisionPointDictType, DecisionPointValuesListType, + DecisionTableDictType, KeyDictType, NamespaceDictType, StringsListType, + TypesDictType, VersionDictType) from ssvc.decision_points.base import DecisionPoint, DecisionPointValue from ssvc.decision_tables.base import DecisionTable @@ -119,7 +112,7 @@ def model_validate(cls, value): return value -class ListOfStringsResponse(RootModel[ListOfStringsType]): +class ListOfStringsResponse(RootModel[StringsListType]): """Response model for a list of strings.""" @model_validator(mode="before") diff --git a/src/ssvc/api/response_models/_type_defs.py b/src/ssvc/api/response_models/_type_defs.py index 050ead61..394cff87 100644 --- a/src/ssvc/api/response_models/_type_defs.py +++ b/src/ssvc/api/response_models/_type_defs.py @@ -22,10 +22,17 @@ from ssvc.decision_tables.base import DecisionTable # simple stuff first -ListOfStringsType = list[str] +StringsListType = list[str] +"""A list of strings, used for various purposes in the API.""" + DecisionPointValuesListType = list[DecisionPointValue] +"""A list of decision point values.""" + DecisionPointDictType = dict[str, DecisionPoint] +"""A dictionary mapping decision point IDs to their corresponding DecisionPoint objects.""" + DecisionTableDictType = dict[str, DecisionTable] +"""A dictionary mapping decision table IDs to their corresponding DecisionTable objects.""" # more complex types @@ -33,16 +40,19 @@ str, # "types" list[str], # list of object types ] +"""A dictionary containing a list of object types.""" NamespaceDictType = dict[ str, # "types" dict[ str, # specific type dict[ - str, ListOfStringsType # "namespaces" # list of namespace strings + str, StringsListType # "namespaces" # list of namespace strings ], ], ] +"""A nested dictionary mapping object types to lists of namespaces for each type.""" + KeyDictType = dict[ str, # "types" dict[ @@ -51,11 +61,13 @@ str, # "namespaces" dict[ str, # specific namespace - dict[str, ListOfStringsType], # "keys" # list of keys + dict[str, StringsListType], # "keys" # list of keys ], ], ], ] +"""A nested dictionary mapping object types to namespaces and keys for each type.""" + VersionDictType = dict[ # types type namespaces namespace keys str, # "types" @@ -71,7 +83,7 @@ str, # specific key dict[ str, # "versions" - ListOfStringsType, # list of version strings + StringsListType, # list of version strings ], ], ], @@ -79,3 +91,4 @@ ], ], ] +"""A nested dictionary mapping object types to namespaces, keys, and versions for each type.""" diff --git a/src/ssvc/api/routers/keys.py b/src/ssvc/api/routers/keys.py index 894ea188..03d343b3 100644 --- a/src/ssvc/api/routers/keys.py +++ b/src/ssvc/api/routers/keys.py @@ -25,7 +25,7 @@ from ssvc.api.response_models import ( KeyDictResponse, ListOfStringsResponse, - ListOfStringsType, + StringsListType, ) from ssvc.registry.base import get_registry, lookup_namespace @@ -112,7 +112,7 @@ async def get_key_dict_for_type_and_namespace( ) async def get_key_list_for_type_and_namespace( objtype: str, namespace: str -) -> ListOfStringsType: +) -> StringsListType: """Returns a list of all keys for a given object type and namespace in the registry.""" ns = lookup_namespace(objtype=objtype, namespace=namespace, registry=r) _404_on_none(ns) diff --git a/src/ssvc/api/routers/namespaces.py b/src/ssvc/api/routers/namespaces.py index 28398501..59eb40a5 100644 --- a/src/ssvc/api/routers/namespaces.py +++ b/src/ssvc/api/routers/namespaces.py @@ -22,12 +22,7 @@ from fastapi import APIRouter from ssvc.api.helpers import _404_on_none -from ssvc.api.response_models import ( - ListOfStringsResponse, - ListOfStringsType, - NamespaceDictResponse, - NamespaceDictType, -) +from ssvc.api.response_models import (ListOfStringsResponse, NamespaceDictResponse, NamespaceDictType, StringsListType) from ssvc.registry.base import get_registry, lookup_objtype router = APIRouter( @@ -64,7 +59,7 @@ async def get_object_type_namespaces() -> ( description="Returns a list of all namespaces in the registry.", response_model=ListOfStringsResponse, ) -async def get_namespace_list() -> ListOfStringsType: +async def get_namespace_list() -> StringsListType: """Returns a list of all namespaces in the registry.""" namespaces = set() for objtype in r.types: diff --git a/src/ssvc/api/routers/types.py b/src/ssvc/api/routers/types.py index 1f55acf3..3af3e80b 100644 --- a/src/ssvc/api/routers/types.py +++ b/src/ssvc/api/routers/types.py @@ -23,7 +23,7 @@ from ssvc.api.response_models import ( ListOfStringsResponse, - ListOfStringsType, + StringsListType, TypesDictResponse, ) from ssvc.api.response_models._type_defs import TypesDictType @@ -52,6 +52,6 @@ async def get_object_types() -> TypesDictType: description="Returns a sorted list (without the enclosing dict) of all object types available in the SSVC registry.", response_model=ListOfStringsResponse, ) -async def get_object_type_list() -> ListOfStringsType: +async def get_object_type_list() -> StringsListType: """Returns a list of all object types in the registry.""" return sorted(list(r.types.keys())) diff --git a/src/ssvc/api/routers/versions.py b/src/ssvc/api/routers/versions.py index 66b73b5d..b0e5bc6e 100644 --- a/src/ssvc/api/routers/versions.py +++ b/src/ssvc/api/routers/versions.py @@ -24,7 +24,7 @@ from ssvc.api.helpers import _404_on_none from ssvc.api.response_models import ( ListOfStringsResponse, - ListOfStringsType, + StringsListType, VersionDictResponse, VersionDictType, ) @@ -65,7 +65,7 @@ async def get_version_dict_for_key( ) async def get_version_list_for_key( objtype: str, namespace: str, key: str -) -> ListOfStringsType: +) -> StringsListType: """Returns a list of all versions for a given object type, namespace, and key in the registry.""" k = lookup_key(objtype=objtype, namespace=namespace, key=key, registry=r) _404_on_none(k) diff --git a/src/test/api/__init__.py b/src/test/api/__init__.py new file mode 100644 index 00000000..f704113b --- /dev/null +++ b/src/test/api/__init__.py @@ -0,0 +1,34 @@ +#!/usr/bin/env python +""" +file: __init__.py +author: adh +created_at: 8/21/25 4:33 PM +""" + + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + + +def main(): + pass + + +if __name__ == "__main__": + main() diff --git a/src/test/api/response_models/__init__.py b/src/test/api/response_models/__init__.py new file mode 100644 index 00000000..f18e5308 --- /dev/null +++ b/src/test/api/response_models/__init__.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python +""" +file: __init__.py +author: adh +created_at: 8/21/25 4:35 PM +""" + + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +def main(): + pass + + +if __name__ == '__main__': + main() diff --git a/src/test/api/routers/__init__.py b/src/test/api/routers/__init__.py new file mode 100644 index 00000000..49ba3463 --- /dev/null +++ b/src/test/api/routers/__init__.py @@ -0,0 +1,34 @@ +#!/usr/bin/env python +""" +file: __init__.py +author: adh +created_at: 8/21/25 4:35 PM +""" + + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + + +def main(): + pass + + +if __name__ == "__main__": + main() diff --git a/src/test/api/routers/test_decision_point.py b/src/test/api/routers/test_decision_point.py new file mode 100644 index 00000000..efbdc7a1 --- /dev/null +++ b/src/test/api/routers/test_decision_point.py @@ -0,0 +1,94 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +import json +import unittest + +from fastapi import HTTPException +from fastapi.testclient import TestClient + +from ssvc.api.routers import decision_point +from ssvc.decision_points.base import DecisionPoint, DecisionPointValue +from ssvc.registry.base import SsvcObjectRegistry + + +class TestDecisionPointAPI(unittest.TestCase): + def setUp(self): + self.client = TestClient(decision_point.router) + + # create a new registry for testing + self.r = SsvcObjectRegistry( + name="test registry", description="test registry" + ) + self.r.reset(force=True) + # make sure it's empty + self.assertEqual(0, len(self.r.types)) + + decision_point.r = self.r + + # now add a decision point + self.dp = DecisionPoint( + namespace="test", + key="A", + version="1.0.0", + name="Test Decision Point", + description="This is a test decision point.", + values=( + DecisionPointValue(name="value1", description=".", key="K1"), + DecisionPointValue(name="value2", description=".", key="K2"), + ), + registered=False, + ) + + def test_get_decision_point_by_id_success(self): + r = self.r + response = self.client.get("/decision_point/test:A:1.0.0") + # should 404 because we have no registry entries + self.assertEqual( + 404, + response.status_code, + ) + + r.register(self.dp) + # ensure it's added to the registry + + self.assertEqual(1, len(r.types)) + self.assertEqual( + self.dp, + r.types["DecisionPoint"] + .namespaces["test"] + .keys["A"] + .versions["1.0.0"] + .obj, + ) + response = self.client.get("/decision_point?id=test:A:1.0.0") + self.assertEqual( + 200, + response.status_code, + ) + # we need to do this because JSON doesn't do tuples + expected = json.loads(self.dp.model_dump_json()) + self.assertEqual(expected, response.json()) + + def test_get_decision_point_by_id_bad_id(self): + with self.assertRaises(HTTPException): + self.client.get("/decision_point?id=bad_id_format") + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/api/routers/test_decision_points.py b/src/test/api/routers/test_decision_points.py new file mode 100644 index 00000000..843fd95e --- /dev/null +++ b/src/test/api/routers/test_decision_points.py @@ -0,0 +1,134 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest +from unittest.mock import MagicMock, patch + +from fastapi import FastAPI +from fastapi.testclient import TestClient + +from ssvc.api.routers import decision_points +from ssvc.decision_points.base import DecisionPoint, DecisionPointValue + + +class TestDecisionPointsRouter(unittest.TestCase): + def setUp(self): + self.app = FastAPI() + self.app.include_router(decision_points.router) + self.client = TestClient(self.app) + self.dp = DecisionPoint( + namespace="test", + key="key1", + version="1.0.0", + name="Test DP", + description="desc", + values=( + DecisionPointValue( + key="value1", + name="Value 1", + description="Description for value 1", + ), + DecisionPointValue( + key="value2", + name="Value 2", + description="Description for value 2", + ), + ), + ) + + @patch("ssvc.api.routers.decision_points.lookup_objtype") + def test_get_all_decision_points_success(self, mock_lookup): + dp = self.dp + result_mock = MagicMock() + result_mock.namespaces = { + "ns1": MagicMock( + keys={"key1": MagicMock(versions={"1.0.0": MagicMock(obj=dp)})} + ) + } + mock_lookup.return_value = result_mock + response = self.client.get("/decision_points/") + self.assertEqual(response.status_code, 200) + self.assertIn(dp.id, response.json()) + + @patch("ssvc.api.routers.decision_points.lookup_objtype") + def test_get_all_decision_points_not_found(self, mock_lookup): + mock_lookup.return_value = None + response = self.client.get("/decision_points/") + self.assertEqual(response.status_code, 404) + + @patch("ssvc.api.routers.decision_points.lookup_namespace") + def test_get_all_decision_points_for_namespace_success(self, mock_lookup): + dp = self.dp + result_mock = MagicMock() + result_mock.keys = { + "key1": MagicMock(versions={"1.0.0": MagicMock(obj=dp)}) + } + mock_lookup.return_value = result_mock + response = self.client.get("/decision_points/ns1") + self.assertEqual(response.status_code, 200) + self.assertIn(dp.id, response.json()) + + @patch("ssvc.api.routers.decision_points.lookup_namespace") + def test_get_all_decision_points_for_namespace_not_found( + self, mock_lookup + ): + mock_lookup.return_value = None + response = self.client.get("/decision_points/ns1") + self.assertEqual(response.status_code, 404) + + @patch("ssvc.api.routers.decision_points.lookup_key") + def test_get_all_versions_of_decision_points_for_key_success( + self, mock_lookup + ): + dp = self.dp + result_mock = MagicMock() + result_mock.versions = {"1.0.0": MagicMock(obj=dp)} + mock_lookup.return_value = result_mock + response = self.client.get("/decision_points/ns1/key1") + self.assertEqual(response.status_code, 200) + self.assertIn(dp.id, response.json()) + + @patch("ssvc.api.routers.decision_points.lookup_key") + def test_get_all_versions_of_decision_points_for_key_not_found( + self, mock_lookup + ): + mock_lookup.return_value = None + response = self.client.get("/decision_points/ns1/key1") + self.assertEqual(response.status_code, 404) + + @patch("ssvc.api.routers.decision_points.lookup_latest") + def test_get_latest_decision_point_for_key_success(self, mock_lookup): + dp = self.dp + mock_lookup.return_value = dp + response = self.client.get("/decision_points/test/key1/latest") + self.assertEqual(response.status_code, 200) + self.assertEqual(response.json()["namespace"], dp.namespace) + self.assertEqual(response.json()["key"], dp.key) + self.assertEqual(response.json()["version"], dp.version) + self.assertEqual(response.json()["name"], dp.name) + + @patch("ssvc.api.routers.decision_points.lookup_latest") + def test_get_latest_decision_point_for_key_not_found(self, mock_lookup): + mock_lookup.return_value = None + response = self.client.get("/decision_points/ns1/key1/latest") + self.assertEqual(response.status_code, 404) + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/api/routers/test_decision_table.py b/src/test/api/routers/test_decision_table.py new file mode 100644 index 00000000..b605120f --- /dev/null +++ b/src/test/api/routers/test_decision_table.py @@ -0,0 +1,118 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +import json +import unittest + +from fastapi import HTTPException +from fastapi.testclient import TestClient + +from ssvc.api.routers import decision_table +from ssvc.decision_points.base import DecisionPoint, DecisionPointValue +from ssvc.decision_tables.base import DecisionTable +from ssvc.registry.base import SsvcObjectRegistry + + +class TestDecisionPointAPI(unittest.TestCase): + def setUp(self): + self.client = TestClient(decision_table.router) + + # create a new registry for testing + self.r = SsvcObjectRegistry( + name="test registry", description="test registry" + ) + self.r.reset(force=True) + # make sure it's empty + self.assertEqual(0, len(self.r.types)) + + decision_table.r = self.r + + # now add a decision table + self.dp1 = DecisionPoint( + namespace="test", + key="A", + version="1.0.0", + name="Test Decision Point", + description="This is a test decision point.", + values=( + DecisionPointValue(name="value1", description=".", key="K1"), + DecisionPointValue(name="value2", description=".", key="K2"), + DecisionPointValue(name="value3", description=".", key="K3"), + ), + registered=False, + ) + self.dp2 = DecisionPoint( + namespace="test", + key="B", + version="1.0.0", + name="Test Decision Point", + description="This is a test decision point.", + values=( + DecisionPointValue(name="value1", description=".", key="K1"), + DecisionPointValue(name="value2", description=".", key="K2"), + ), + registered=False, + ) + self.dt = DecisionTable( + namespace="test", + key="DT_1", + version="1.0.0", + name="Test Decision Table", + description="This is a test decision table.", + decision_points={dp.id: dp for dp in (self.dp1, self.dp2)}, + outcome=self.dp2.id, + registered=False, + ) + + def test_get_decision_point_by_id_success(self): + r = self.r + response = self.client.get("/decision_point/test:A:1.0.0") + # should 404 because we have no registry entries + self.assertEqual( + 404, + response.status_code, + ) + + r.register(self.dt) + # ensure it's added to the registry + + self.assertEqual(1, len(r.types)) + self.assertEqual( + self.dt, + r.types["DecisionTable"] + .namespaces["test"] + .keys["DT_1"] + .versions["1.0.0"] + .obj, + ) + response = self.client.get("/decision_table?id=test:DT_1:1.0.0") + self.assertEqual( + 200, + response.status_code, + ) + # we need to do this because JSON doesn't do tuples + expected = json.loads(self.dt.model_dump_json()) + self.assertEqual(expected, response.json()) + + def test_get_decision_point_by_id_bad_id(self): + with self.assertRaises(HTTPException): + self.client.get("/decision_table?id=bad_id_format") + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/api/routers/test_decision_tables.py b/src/test/api/routers/test_decision_tables.py new file mode 100644 index 00000000..46159b5b --- /dev/null +++ b/src/test/api/routers/test_decision_tables.py @@ -0,0 +1,166 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest +from unittest.mock import MagicMock, patch + +from fastapi import FastAPI +from fastapi.testclient import TestClient + +from ssvc.api.routers import decision_tables +from ssvc.decision_points.base import DecisionPoint, DecisionPointValue +from ssvc.decision_tables.base import DecisionTable +from ssvc.registry.base import SsvcObjectRegistry + + +class TestDecisionTablesRouter(unittest.TestCase): + def setUp(self): + self.app = FastAPI() + self.app.include_router(decision_tables.router) + self.client = TestClient(self.app) + + # create a new registry for testing + self.r = SsvcObjectRegistry( + name="test registry", description="test registry" + ) + self.r.reset(force=True) + # make sure it's empty + self.assertEqual(0, len(self.r.types)) + + decision_tables.r = self.r + + self.dp1 = DecisionPoint( + namespace="test", + key="A", + version="1.0.0", + name="Test Decision Point", + description="This is a test decision point.", + values=( + DecisionPointValue(name="value1", description=".", key="K1"), + DecisionPointValue(name="value2", description=".", key="K2"), + DecisionPointValue(name="value3", description=".", key="K3"), + ), + registered=False, + ) + self.dp2 = DecisionPoint( + namespace="test", + key="B", + version="1.0.0", + name="Test Decision Point", + description="This is a test decision point.", + values=( + DecisionPointValue(name="value1", description=".", key="K1"), + DecisionPointValue(name="value2", description=".", key="K2"), + ), + registered=False, + ) + self.dt = DecisionTable( + namespace="test", + key="DT_1", + version="1.0.0", + name="Test Decision Table", + description="This is a test decision table.", + decision_points={dp.id: dp for dp in (self.dp1, self.dp2)}, + outcome=self.dp2.id, + registered=False, + ) + + @patch("ssvc.api.routers.decision_tables.lookup_objtype") + def test_get_all_decision_tables_success(self, mock_lookup): + result_mock = MagicMock() + result_mock.namespaces = { + self.dt.namespace: MagicMock( + keys={ + self.dt.key: MagicMock( + versions={self.dt.version: MagicMock(obj=self.dt)} + ) + } + ) + } + mock_lookup.return_value = result_mock + response = self.client.get("/decision_tables/") + self.assertEqual(response.status_code, 200) + self.assertIn(self.dt.id, response.json()) + + @patch("ssvc.api.routers.decision_tables.lookup_objtype") + def test_get_all_decision_tables_not_found(self, mock_lookup): + mock_lookup.return_value = None + response = self.client.get("/decision_tables/") + self.assertEqual(response.status_code, 404) + + @patch("ssvc.api.routers.decision_tables.lookup_namespace") + def test_get_decision_tables_for_namespace_success(self, mock_lookup): + ns_mock = MagicMock() + ns_mock.keys = { + self.dt.key: MagicMock( + versions={self.dt.version: MagicMock(obj=self.dt)} + ) + } + mock_lookup.return_value = ns_mock + response = self.client.get(f"/decision_tables/{self.dt.namespace}") + self.assertEqual(response.status_code, 200) + self.assertIn(self.dt.id, response.json()) + + @patch("ssvc.api.routers.decision_tables.lookup_namespace") + def test_get_decision_tables_for_namespace_not_found(self, mock_lookup): + mock_lookup.return_value = None + response = self.client.get(f"/decision_tables/{self.dt.namespace}") + self.assertEqual(response.status_code, 404) + + @patch("ssvc.api.routers.decision_tables.lookup_key") + def test_get_decision_tables_for_key_success(self, mock_lookup): + key_mock = MagicMock() + key_mock.versions = {self.dt.version: MagicMock(obj=self.dt)} + mock_lookup.return_value = key_mock + response = self.client.get( + f"/decision_tables/{self.dt.namespace}/{self.dt.key}" + ) + self.assertEqual(response.status_code, 200) + self.assertIn(self.dt.id, response.json()) + + @patch("ssvc.api.routers.decision_tables.lookup_key") + def test_get_decision_tables_for_key_not_found(self, mock_lookup): + mock_lookup.return_value = None + response = self.client.get( + f"/decision_tables/{self.dt.namespace}/{self.dt.key}" + ) + self.assertEqual(response.status_code, 404) + + @patch("ssvc.api.routers.decision_tables.lookup_latest") + def test_get_latest_decision_table_for_key_success(self, mock_lookup): + latest_dt = self.dt + mock_lookup.return_value = latest_dt + response = self.client.get( + f"/decision_tables/{latest_dt.namespace}/{latest_dt.key}/latest" + ) + self.assertEqual(response.status_code, 200) + self.assertEqual(response.json()["namespace"], latest_dt.namespace) + self.assertEqual(response.json()["key"], latest_dt.key) + self.assertEqual(response.json()["version"], latest_dt.version) + self.assertEqual(response.json()["name"], latest_dt.name) + + @patch("ssvc.api.routers.decision_tables.lookup_latest") + def test_get_latest_decision_table_for_key_not_found(self, mock_lookup): + mock_lookup.return_value = None + response = self.client.get(f"/decision_tables/test/key1/latest") + self.assertEqual(response.status_code, 404) + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/api/routers/test_keys.py b/src/test/api/routers/test_keys.py new file mode 100644 index 00000000..c001c445 --- /dev/null +++ b/src/test/api/routers/test_keys.py @@ -0,0 +1,116 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest +from unittest.mock import MagicMock, patch + +from fastapi import FastAPI +from fastapi.testclient import TestClient + +from ssvc.api.routers import keys + + +class TestKeysRouter(unittest.TestCase): + def setUp(self): + self.app = FastAPI() + self.app.include_router(keys.router) + self.client = TestClient(self.app) + self.registry_patch = patch.object(keys, "r", autospec=True) + self.mock_registry = self.registry_patch.start() + self.addCleanup(self.registry_patch.stop) + + def test_get_key_dict(self): + # Setup mock registry + ns_mock1 = MagicMock(keys={"k1": None, "k2": None}) + ns_mock2 = MagicMock(keys={"k3": None}) + type_mock = MagicMock(namespaces={"ns1": ns_mock1, "ns2": ns_mock2}) + self.mock_registry.types = {"TypeA": type_mock} + response = self.client.get("/keys/") + self.assertEqual(response.status_code, 200) + self.assertEqual( + response.json(), + { + "types": { + "TypeA": { + "namespaces": { + "ns1": {"keys": ["k1", "k2"]}, + "ns2": {"keys": ["k3"]}, + } + } + } + }, + ) + + @patch("ssvc.api.routers.keys._404_on_none") + def test_get_key_dict_for_type(self, mock_404): + ns_mock1 = MagicMock(keys={"k1": None}) + type_mock = MagicMock(namespaces={"ns1": ns_mock1}) + self.mock_registry.types = {"TypeA": type_mock} + response = self.client.get("/keys/TypeA") + self.assertEqual(response.status_code, 200) + self.assertEqual( + response.json(), + {"types": {"TypeA": {"namespaces": {"ns1": {"keys": ["k1"]}}}}}, + ) + mock_404.assert_called_once() + + @patch("ssvc.api.routers.keys.lookup_namespace") + @patch("ssvc.api.routers.keys._404_on_none") + def test_get_key_dict_for_type_and_namespace(self, mock_404, mock_lookup): + ns_mock = MagicMock(keys={"k1": None, "k2": None}) + mock_lookup.return_value = ns_mock + mock_404.return_value = None + response = self.client.get("/keys/TypeA/ns1") + self.assertEqual(response.status_code, 200) + self.assertEqual( + response.json(), + { + "types": { + "TypeA": {"namespaces": {"ns1": {"keys": ["k1", "k2"]}}} + } + }, + ) + mock_lookup.assert_called_once_with( + objtype="TypeA", namespace="ns1", registry=self.mock_registry + ) + mock_404.assert_called_once() + + @patch("ssvc.api.routers.keys.lookup_namespace") + @patch("ssvc.api.routers.keys._404_on_none") + def test_get_key_list_for_type_and_namespace(self, mock_404, mock_lookup): + ns_mock = MagicMock(keys={"k1": None, "k2": None}) + mock_lookup.return_value = ns_mock + mock_404.return_value = None + response = self.client.get("/keys/TypeA/ns1/list") + self.assertEqual(response.status_code, 200) + self.assertEqual(sorted(response.json()), ["k1", "k2"]) + mock_lookup.assert_called_once_with( + objtype="TypeA", namespace="ns1", registry=self.mock_registry + ) + mock_404.assert_called_once() + + def test_get_key_dict_for_type_not_found(self): + self.mock_registry.types = {} + + response = self.client.get("/keys/TypeA") + self.assertEqual(response.status_code, 404) # Exception raised + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/api/routers/test_namespaces.py b/src/test/api/routers/test_namespaces.py new file mode 100644 index 00000000..8922aa46 --- /dev/null +++ b/src/test/api/routers/test_namespaces.py @@ -0,0 +1,87 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest +from unittest.mock import MagicMock, patch + +from fastapi import FastAPI +from fastapi.testclient import TestClient + +from ssvc.api.routers import namespaces + + +class TestNamespacesRouter(unittest.TestCase): + def setUp(self): + self.app = FastAPI() + self.app.include_router(namespaces.router) + self.client = TestClient(self.app) + self.registry_patch = patch.object(namespaces, "r", autospec=True) + self.mock_registry = self.registry_patch.start() + self.addCleanup(self.registry_patch.stop) + + def test_get_object_type_namespaces(self): + # Setup mock registry + self.mock_registry.types = { + "TypeA": MagicMock(namespaces={"ns1": None, "ns2": None}), + "TypeB": MagicMock(namespaces={"ns3": None}), + } + response = self.client.get("/namespaces/") + self.assertEqual(response.status_code, 200) + self.assertEqual( + response.json(), + { + "types": { + "TypeA": {"namespaces": ["ns1", "ns2"]}, + "TypeB": {"namespaces": ["ns3"]}, + } + }, + ) + + def test_get_namespace_list(self): + self.mock_registry.types = { + "TypeA": MagicMock(namespaces={"ns1": None, "ns2": None}), + "TypeB": MagicMock(namespaces={"ns3": None}), + } + response = self.client.get("/namespaces/list") + self.assertEqual(response.status_code, 200) + self.assertEqual(sorted(response.json()), ["ns1", "ns2", "ns3"]) + + @patch("ssvc.api.routers.namespaces.lookup_objtype") + @patch("ssvc.api.routers.namespaces._404_on_none") + def test_get_namespace_list_for_type(self, mock_404, mock_lookup): + + self.mock_registry.types = { + "TypeA": MagicMock(namespaces={"ns1": None, "ns2": None}), + "TypeB": MagicMock(namespaces={"ns3": None}), + } + mock_404.return_value = None + response = self.client.get("/namespaces/TypeA") + self.assertEqual(response.status_code, 200) + self.assertEqual( + response.json(), + {"types": {"TypeA": {"namespaces": ["ns1", "ns2"]}}}, + ) + mock_lookup.assert_called_once_with( + objtype="TypeA", registry=self.mock_registry + ) + mock_404.assert_called_once() + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/api/routers/test_objects.py b/src/test/api/routers/test_objects.py new file mode 100644 index 00000000..5f6e2035 --- /dev/null +++ b/src/test/api/routers/test_objects.py @@ -0,0 +1,159 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest +from unittest.mock import MagicMock, patch + +from fastapi import FastAPI +from fastapi.testclient import TestClient + +from ssvc.api.routers import objects +from ssvc.decision_points.base import DecisionPoint, DecisionPointValue +from ssvc.decision_tables.base import DecisionTable + + +class TestObjectsRouter(unittest.TestCase): + def setUp(self): + self.app = FastAPI() + self.app.include_router(objects.router) + self.client = TestClient(self.app) + + objects.r.reset(force=True) + + self.dp1 = DecisionPoint( + namespace="test", + key="key1", + version="1.0.0", + name="Test DP 1", + description="desc1", + values=( + DecisionPointValue( + key="value1", + name="Value 1", + description="Description for value 1", + ), + DecisionPointValue( + key="value2", + name="Value 2", + description="Description for value 2", + ), + ), + ) + self.dp2 = DecisionPoint( + namespace="test", + key="key2", + version="1.0.0", + name="Test DP 2", + description="desc2", + values=( + DecisionPointValue( + key="value1", + name="Value 1", + description="Description for value 1", + ), + DecisionPointValue( + key="value2", + name="Value 2", + description="Description for value 2", + ), + ), + ) + self.dp3 = DecisionPoint( + namespace="test", + key="key3", + version="1.0.0", + name="Test DP 3", + description="desc3", + values=( + DecisionPointValue( + key="value1", + name="Value 1", + description="Description for value 1", + ), + DecisionPointValue( + key="value2", + name="Value 2", + description="Description for value 2", + ), + DecisionPointValue( + key="value3", + name="Value 3", + description="Description for value 3", + ), + ), + ) + self.dt = DecisionTable( + namespace="test", + key="key2", + version="2.0.0", + name="Test DT", + description="desc", + decision_points={ + dp.id: dp for dp in (self.dp1, self.dp2, self.dp3) + }, + outcome=self.dp3.id, + ) + + @patch("ssvc.api.routers.objects.lookup_by_id") + def test_get_decision_point_success(self, mock_lookup): + dp = self.dp1 + ver_obj = MagicMock(obj=dp) + mock_lookup.return_value = ver_obj + response = self.client.get("/objects/DecisionPoint/ns1/key1/1.0.0") + self.assertEqual(response.status_code, 200) + self.assertEqual(response.json()["namespace"], dp.namespace) + self.assertEqual(response.json()["key"], dp.key) + self.assertEqual(response.json()["version"], dp.version) + self.assertEqual(response.json()["name"], dp.name) + + @patch("ssvc.api.routers.objects.lookup_by_id") + def test_get_decision_point_not_found(self, mock_lookup): + mock_lookup.return_value = None + response = self.client.get("/objects/DecisionPoint/ns1/key1/1.0.0") + self.assertEqual(response.status_code, 404) + + @patch("ssvc.api.routers.objects.lookup_by_id") + def test_get_decision_table_success(self, mock_lookup): + dt = self.dt + ver_obj = MagicMock(obj=dt) + mock_lookup.return_value = ver_obj + response = self.client.get("/objects/DecisionTable/ns2/key2/2.0.0") + self.assertEqual(response.status_code, 200) + self.assertEqual(response.json()["namespace"], dt.namespace) + self.assertEqual(response.json()["key"], dt.key) + self.assertEqual(response.json()["version"], dt.version) + self.assertEqual(response.json()["name"], dt.name) + self.assertEqual(response.json()["description"], dt.description) + + @patch("ssvc.api.routers.objects.lookup_by_id") + def test_get_decision_table_not_found(self, mock_lookup): + mock_lookup.return_value = None + response = self.client.get("/objects/DecisionTable/ns2/key2/2.0.0") + self.assertEqual(response.status_code, 404) + + def test_get_object_invalid_params(self): + # Missing version param + response = self.client.get("/objects/DecisionPoint/ns1/key1/") + self.assertEqual( + response.status_code, 404 + ) # FastAPI returns 404 for missing path param + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/api/routers/test_types.py b/src/test/api/routers/test_types.py new file mode 100644 index 00000000..b3be9071 --- /dev/null +++ b/src/test/api/routers/test_types.py @@ -0,0 +1,54 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest +from unittest.mock import patch + +from fastapi import FastAPI +from fastapi.testclient import TestClient + +from ssvc.api.routers import types + + +class TestTypesRouter(unittest.TestCase): + def setUp(self): + # Create FastAPI app and include the router + self.app = FastAPI() + self.app.include_router(types.router) + self.client = TestClient(self.app) + # Patch the registry + self.registry_patch = patch.object(types, "r", autospec=True) + self.mock_registry = self.registry_patch.start() + self.addCleanup(self.registry_patch.stop) + + def test_get_object_types(self): + self.mock_registry.types = {"A": None, "B": None} + response = self.client.get("/objtypes/") + self.assertEqual(response.status_code, 200) + self.assertEqual(response.json(), {"types": ["A", "B"]}) + + def test_get_object_type_list(self): + self.mock_registry.types = {"X": None, "Y": None} + response = self.client.get("/objtypes/list") + self.assertEqual(response.status_code, 200) + self.assertEqual(response.json(), ["X", "Y"]) + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/api/routers/test_versions.py b/src/test/api/routers/test_versions.py new file mode 100644 index 00000000..492f7f88 --- /dev/null +++ b/src/test/api/routers/test_versions.py @@ -0,0 +1,111 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest +from unittest.mock import MagicMock, patch + +from fastapi import FastAPI +from fastapi.testclient import TestClient + +from ssvc.api.routers import versions + + +class TestVersionsRouter(unittest.TestCase): + def setUp(self): + self.app = FastAPI() + self.app.include_router(versions.router) + self.client = TestClient(self.app) + + @patch("ssvc.api.routers.versions.lookup_key") + def test_get_version_dict_for_key_success(self, mock_lookup): + key_mock = MagicMock() + key_mock.versions = {"1.0.0": None, "2.0.0": None} + mock_lookup.return_value = key_mock + response = self.client.get("/versions/TypeA/ns1/key1") + self.assertEqual(response.status_code, 200) + self.assertEqual( + response.json(), + { + "types": { + "TypeA": { + "namespaces": { + "ns1": { + "keys": { + "key1": {"versions": ["1.0.0", "2.0.0"]} + } + } + } + } + } + }, + ) + + @patch("ssvc.api.routers.versions.lookup_key") + def test_get_version_dict_for_key_not_found(self, mock_lookup): + mock_lookup.return_value = None + response = self.client.get("/versions/TypeA/ns1/key1") + self.assertEqual(response.status_code, 404) + + @patch("ssvc.api.routers.versions.lookup_key") + def test_get_version_dict_for_key_empty_versions(self, mock_lookup): + key_mock = MagicMock() + key_mock.versions = {} + mock_lookup.return_value = key_mock + response = self.client.get("/versions/TypeA/ns1/key1") + self.assertEqual(response.status_code, 200) + self.assertEqual( + response.json(), + { + "types": { + "TypeA": { + "namespaces": { + "ns1": {"keys": {"key1": {"versions": []}}} + } + } + } + }, + ) + + @patch("ssvc.api.routers.versions.lookup_key") + def test_get_version_list_for_key_success(self, mock_lookup): + key_mock = MagicMock() + key_mock.versions = {"1.0.0": None, "2.0.0": None} + mock_lookup.return_value = key_mock + response = self.client.get("/versions/TypeA/ns1/key1/list") + self.assertEqual(response.status_code, 200) + self.assertEqual(sorted(response.json()), ["1.0.0", "2.0.0"]) + + @patch("ssvc.api.routers.versions.lookup_key") + def test_get_version_list_for_key_not_found(self, mock_lookup): + mock_lookup.return_value = None + response = self.client.get("/versions/TypeA/ns1/key1/list") + self.assertEqual(response.status_code, 404) + + @patch("ssvc.api.routers.versions.lookup_key") + def test_get_version_list_for_key_empty_versions(self, mock_lookup): + key_mock = MagicMock() + key_mock.versions = {} + mock_lookup.return_value = key_mock + response = self.client.get("/versions/TypeA/ns1/key1/list") + self.assertEqual(response.status_code, 200) + self.assertEqual(response.json(), []) + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/api/test_helpers.py b/src/test/api/test_helpers.py new file mode 100644 index 00000000..997d5a5e --- /dev/null +++ b/src/test/api/test_helpers.py @@ -0,0 +1,44 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest + +from fastapi import HTTPException + +from src.ssvc.api.helpers import _404_on_none + + +class Test404OnNone(unittest.TestCase): + def test_raises_404_on_none(self): + with self.assertRaises(HTTPException) as context: + _404_on_none(None) + self.assertEqual(context.exception.status_code, 404) + self.assertEqual(context.exception.detail, "Item not found") + + def test_does_not_raise_on_not_none(self): + try: + _404_on_none("not none") + except HTTPException: + self.fail( + "HTTPException should not be raised when obj is not None" + ) + + +if __name__ == "__main__": + unittest.main() diff --git a/src/test/api/test_main.py b/src/test/api/test_main.py new file mode 100644 index 00000000..be81a600 --- /dev/null +++ b/src/test/api/test_main.py @@ -0,0 +1,63 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +import unittest + +from fastapi.testclient import TestClient + +from ssvc.api.main import app + + +class MyTestCase(unittest.TestCase): + def setUp(self): + self.client = TestClient(app) + + def tearDown(self): + pass + + def test_expected_routers(self): + # Check if the expected routers are included in the app + expected_routers = [ + "decision_point", + "decision_points", + "decision_table", + "decision_tables", + "types", + "namespaces", + "keys", + "versions", + ] + routes = [r.path for r in app.routes] + for expected in expected_routers: + self.assertTrue( + any([expected in route for route in routes]), + "Expected router '{}' not found in app routes.".format( + expected + ), + ) + + def test_root_redirects_to_docs(self): + # disable redirect + response = self.client.get("/", follow_redirects=False) + self.assertIn(response.status_code, [302, 307]) + self.assertEqual("/docs", response.headers["location"]) + + +if __name__ == "__main__": + unittest.main() From 72f2c26896e8199800b1bdb06a6125ea9760e801 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 22 Aug 2025 12:00:57 -0400 Subject: [PATCH 330/468] fix import path for _404_on_none helper in test_helpers.py --- src/test/api/test_helpers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/api/test_helpers.py b/src/test/api/test_helpers.py index 997d5a5e..c30f8b81 100644 --- a/src/test/api/test_helpers.py +++ b/src/test/api/test_helpers.py @@ -21,7 +21,7 @@ from fastapi import HTTPException -from src.ssvc.api.helpers import _404_on_none +from ssvc.api.helpers import _404_on_none class Test404OnNone(unittest.TestCase): From 6cc7e021cc1b5e005669af1ba1cd79aa9cea184e Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 22 Aug 2025 12:54:52 -0400 Subject: [PATCH 331/468] add documentation for Decision Point and Decision Table objects --- docs/reference/code/decision_points.md | 7 +++++++ docs/reference/code/decision_tables.md | 7 +++++++ 2 files changed, 14 insertions(+) create mode 100644 docs/reference/code/decision_points.md create mode 100644 docs/reference/code/decision_tables.md diff --git a/docs/reference/code/decision_points.md b/docs/reference/code/decision_points.md new file mode 100644 index 00000000..914ac5ac --- /dev/null +++ b/docs/reference/code/decision_points.md @@ -0,0 +1,7 @@ +# Decision Point Objects + +::: ssvc.decision_points + +::: ssvc.decision_points.base + +::: ssvc.decision_points.helpers \ No newline at end of file diff --git a/docs/reference/code/decision_tables.md b/docs/reference/code/decision_tables.md new file mode 100644 index 00000000..66ab6abb --- /dev/null +++ b/docs/reference/code/decision_tables.md @@ -0,0 +1,7 @@ +# Decision Tables + +::: ssvc.decision_tables + +::: ssvc.decision_tables.base + +::: ssvc.decision_tables.helpers \ No newline at end of file From 414bd208d2531058b1219a0e07345df490e55603 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 22 Aug 2025 12:55:14 -0400 Subject: [PATCH 332/468] add documentation for Human Impact and update navigation in mkdocs --- docs/reference/code/index.md | 3 +- .../reference/decision_points/human_impact.md | 41 +++++++++++++++---- mkdocs.yml | 4 +- 3 files changed, 38 insertions(+), 10 deletions(-) diff --git a/docs/reference/code/index.md b/docs/reference/code/index.md index 0d36bea8..a3498ba0 100644 --- a/docs/reference/code/index.md +++ b/docs/reference/code/index.md @@ -3,8 +3,9 @@ This section provides documentation for the SSVC Python modules. These include: +- [Decision Points](decision_points.md) and [Outcomes](outcomes.md) +- [Decision Tables](decision_tables.md) - [CSV Analyzer](analyze_csv.md) - [Policy Generator](policy_generator.md) -- [Outcomes](outcomes.md) - [Namespaces](namespaces.md) - [Doctools](doctools.md) diff --git a/docs/reference/decision_points/human_impact.md b/docs/reference/decision_points/human_impact.md index 339cdceb..33eabd78 100644 --- a/docs/reference/decision_points/human_impact.md +++ b/docs/reference/decision_points/human_impact.md @@ -7,13 +7,6 @@ from ssvc.doc_helpers import example_block print(example_block(LATEST)) ``` -!!! tip "See also" - - *Human Impact* is a combination of [Safety Impact](./safety_impact.md) and - [Mission Impact](./mission_impact.md) - -Note: This is a compound decision point[^1], therefore it is a notational convenience. - *Human Impact* is a combination of how a vulnerability can affect an organization's mission essential functions as well as safety considerations, whether for the organization's personnel or the public at large. We observe that the day-to-day operations of an organization often have already built in a degree of tolerance to small-scale variance in mission impacts. @@ -25,7 +18,39 @@ Even small deviations in safety are unlikely to go unnoticed or unaddressed. We suspect that the presence of regulatory oversight for safety issues and its absence at the lower end of the mission impact scale influences this behavior. Because of this higher sensitivity to safety concerns, we chose to retain a four-level resolution for the safety dimension. We then combine Mission Impact with Situated Safety impact and map them onto a 4-tiered scale (Low, Medium, High, Very High). -The mapping is shown in the table above. + +!!! tip "See also" + + *Human Impact* is a combination of [Safety Impact](./safety_impact.md) and + [Mission Impact](./mission_impact.md) + + ```python exec="true" idprefix="" + from ssvc.decision_tables.ssvc.human_impact import LATEST as DT + from ssvc.doc_helpers import example_block + + for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: + print(example_block(dp)) + ``` + +The mapping is shown in the diagram and table below. + +```python exec="true" idprefix="" +from ssvc.decision_tables.ssvc.human_impact import LATEST as DT +from ssvc.decision_tables.helpers import mapping2mermaid, mermaid_title_from_dt + +rows = DT.mapping +title = mermaid_title_from_dt(DT) +print(mapping2mermaid(rows, title=title)) +``` + +```python exec="true" idprefix="" + +from ssvc.decision_tables.ssvc.human_impact import LATEST as DT +from ssvc.decision_tables.helpers import dt2df_md + +print(dt2df_md(DT)) +``` + [^1]: In pilot implementations of SSVC, we received feedback that organizations tend to think of mission and safety impacts as if they were combined into a single factor: in other words, the priority increases regardless which of the two impact factors was increased. diff --git a/mkdocs.yml b/mkdocs.yml index 56f2c7c7..7d34fa5c 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -115,11 +115,13 @@ nav: - Target Distribution: 'reference/decision_points/cvss/target_distribution.md' - Code: - Intro: 'reference/code/index.md' + - Decision Points: 'reference/code/decision_points.md' + - Decision Tables: 'reference/code/decision_tables.md' + - Outcomes: 'reference/code/outcomes.md' - Namespaces: 'reference/code/namespaces.md' - Selections: 'reference/code/selection.md' - CSV Analyzer: 'reference/code/analyze_csv.md' - Policy Generator: 'reference/code/policy_generator.md' - - Outcomes: 'reference/code/outcomes.md' - Doctools: 'reference/code/doctools.md' - Learning SSVC: - Tutorials: 'tutorials/index.md' From c43d1fbba26ed99af7c1eb227b99e9bc64770d90 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 22 Aug 2025 15:27:48 -0400 Subject: [PATCH 333/468] add Dockerfile and docker-compose updates for improved environment setup --- docker/Dockerfile | 7 +++++++ docker/docker-compose.yml | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/docker/Dockerfile b/docker/Dockerfile index 232732d5..df7f668b 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -3,6 +3,10 @@ RUN apt-get update && apt-get install -y --no-install-recommends git && rm -rf / RUN pip install --upgrade pip uv WORKDIR /app +ENV VIRTUAL_ENV=/app/.venv +ENV PATH="${VIRTUAL_ENV}/bin:${PATH}" + +RUN python -m venv "${VIRTUAL_ENV}" FROM base AS dependencies ARG BASE_DIR=.. @@ -12,6 +16,9 @@ ARG SRC_DIR=${BASE_DIR}/src COPY ${BASE_DIR}/ /app # Set the environment variable ENV PYTHONPATH=/app/src +COPY ${SRC_DIR}/pyproject.toml /app/src/pyproject.toml +COPY ${SRC_DIR}/uv.lock /app/src/uv.lock + # install requirements RUN uv sync --project=/app/src --frozen diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 8f043fac..111d8937 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -32,6 +32,8 @@ services: image: docs:latest depends_on: - dependencies + volumes: + - ..:/app ports: - "8000:8000" @@ -43,5 +45,7 @@ services: image: registry_api:latest depends_on: - dependencies + volumes: + - ..:/app ports: - "8001:8000" \ No newline at end of file From b400eaef28112871514bf786a6a6b0c293e9cafd Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 22 Aug 2025 15:29:15 -0400 Subject: [PATCH 334/468] add SSVC Docker Containers documentation and update mkdocs.yml --- docs/howto/tools/containers.md | 53 ++++++++++++++++++++++++++++++++++ mkdocs.yml | 2 ++ 2 files changed, 55 insertions(+) create mode 100644 docs/howto/tools/containers.md diff --git a/docs/howto/tools/containers.md b/docs/howto/tools/containers.md new file mode 100644 index 00000000..dc274daf --- /dev/null +++ b/docs/howto/tools/containers.md @@ -0,0 +1,53 @@ +# SSVC Docker Containers + +## Prerequisites + +Before you begin, ensure you have the following installed: + +- Docker +- Docker Compose + +Then clone the repository: + +```shell +git clone https://github.com/CERTCC/SSVC.git +cd SSVC +``` + +!!! tip "Quick Start" + + To quickly start all the containers, run: + + ```shell + docker-compose --project-directory=docker up + ``` + +## Test + +We provide a containerized environment to run the SSVC test suite. + +```shell +docker-compose --project-directory=docker up test +``` + +## Docs + +We provide a containerized environment to build and serve the SSVC documentation (this website). + +```shell +docker-compose --project-directory=docker up docs +``` + +Then browse to `http://localhost:8000/docs` to access the docs site. + +## SSVC Object Registry API Container + +We provide containerized FastAPI server that allows you to run a local instance +of the SSVC Object Registry API. + +```shell +docker-compose --project-directory=docker up api +``` + +Then browse to `http://localhost:8001/docs` to access the API documentation. + diff --git a/mkdocs.yml b/mkdocs.yml index 56f2c7c7..559a4559 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -32,6 +32,8 @@ nav: - Qualitative Severity: 'howto/cvss_v4/qualitative.md' - Customizing SSVC: 'howto/tree_customization.md' - Acuity Ramp: 'howto/acuity_ramp.md' + - SSVC Tools: + - Docker Containers: 'howto/tools/containers.md' - Understanding SSVC: - Intro: 'topics/index.md' - State of Practice: 'topics/state_of_practice.md' From 7badc29c17c0617ceaee1036ecf48c12ef8edefb Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 22 Aug 2025 15:40:57 -0400 Subject: [PATCH 335/468] add Public Safety Impact decision table, documentation, and related JSON object --- .../ssvc/public_safety_impact_1_0_0.json | 79 +++++++++++++++++ data/json/ssvc_object_registry.json | 87 +++++++++++++++++++ .../decision_points/public_safety_impact.md | 21 ++++- .../ssvc/public_safety_impact.py | 78 +++++++++++++++++ 4 files changed, 264 insertions(+), 1 deletion(-) create mode 100644 data/json/decision_tables/ssvc/public_safety_impact_1_0_0.json create mode 100644 src/ssvc/decision_tables/ssvc/public_safety_impact.py diff --git a/data/json/decision_tables/ssvc/public_safety_impact_1_0_0.json b/data/json/decision_tables/ssvc/public_safety_impact_1_0_0.json new file mode 100644 index 00000000..5f55ff27 --- /dev/null +++ b/data/json/decision_tables/ssvc/public_safety_impact_1_0_0.json @@ -0,0 +1,79 @@ +{ + "namespace": "ssvc", + "key": "DT_PSI", + "version": "1.0.0", + "name": "Public Safety Impact", + "description": "Public Safety Impact Decision Table", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:SI:2.0.0": { + "namespace": "ssvc", + "key": "SI", + "version": "2.0.0", + "name": "Safety Impact", + "description": "The safety impact of the vulnerability. (based on IEC 61508)", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + }, + { + "key": "M", + "name": "Marginal", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + }, + { + "key": "R", + "name": "Critical", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." + }, + { + "key": "C", + "name": "Catastrophic", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." + } + ] + }, + "ssvc:PSI:2.0.1": { + "namespace": "ssvc", + "key": "PSI", + "version": "2.0.1", + "name": "Public Safety Impact", + "description": "A coarse-grained representation of impact to public safety.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "M", + "name": "Minimal", + "description": "Safety Impact:Negligible" + }, + { + "key": "S", + "name": "Significant", + "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + } + ] + } + }, + "outcome": "ssvc:PSI:2.0.1", + "mapping": [ + { + "ssvc:SI:2.0.0": "N", + "ssvc:PSI:2.0.1": "M" + }, + { + "ssvc:SI:2.0.0": "M", + "ssvc:PSI:2.0.1": "S" + }, + { + "ssvc:SI:2.0.0": "R", + "ssvc:PSI:2.0.1": "S" + }, + { + "ssvc:SI:2.0.0": "C", + "ssvc:PSI:2.0.1": "S" + } + ] +} diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index ed726596..ce84bb7d 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -21869,6 +21869,93 @@ } } }, + "DT_PSI": { + "key": "DT_PSI", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "DT_PSI", + "version": "1.0.0", + "name": "Public Safety Impact", + "description": "Public Safety Impact Decision Table", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:SI:2.0.0": { + "namespace": "ssvc", + "key": "SI", + "version": "2.0.0", + "name": "Safety Impact", + "description": "The safety impact of the vulnerability. (based on IEC 61508)", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Negligible", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + }, + { + "key": "M", + "name": "Marginal", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + }, + { + "key": "R", + "name": "Critical", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." + }, + { + "key": "C", + "name": "Catastrophic", + "description": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." + } + ] + }, + "ssvc:PSI:2.0.1": { + "namespace": "ssvc", + "key": "PSI", + "version": "2.0.1", + "name": "Public Safety Impact", + "description": "A coarse-grained representation of impact to public safety.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "M", + "name": "Minimal", + "description": "Safety Impact:Negligible" + }, + { + "key": "S", + "name": "Significant", + "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + } + ] + } + }, + "outcome": "ssvc:PSI:2.0.1", + "mapping": [ + { + "ssvc:SI:2.0.0": "N", + "ssvc:PSI:2.0.1": "M" + }, + { + "ssvc:SI:2.0.0": "M", + "ssvc:PSI:2.0.1": "S" + }, + { + "ssvc:SI:2.0.0": "R", + "ssvc:PSI:2.0.1": "S" + }, + { + "ssvc:SI:2.0.0": "C", + "ssvc:PSI:2.0.1": "S" + } + ] + } + } + } + }, "DT_SP": { "key": "DT_SP", "versions": { diff --git a/docs/reference/decision_points/public_safety_impact.md b/docs/reference/decision_points/public_safety_impact.md index 15960fa5..0710afac 100644 --- a/docs/reference/decision_points/public_safety_impact.md +++ b/docs/reference/decision_points/public_safety_impact.md @@ -9,7 +9,6 @@ print(example_block(LATEST)) {% include-markdown "../../_includes/safety_cvss_ssvc.md" %} -This is a compound decision point, therefore it is a notational convenience. Suppliers necessarily have a rather coarse-grained perspective on the broadly defined [Safety Impact](safety_impact.md) Decision Point. Therefore we simplify the above into a binary categorization: @@ -18,6 +17,26 @@ Therefore we simplify the above into a binary categorization: [Safety Impact](safety_impact.md) table. - *Minimal* is when none do. +The mapping is shown in the diagram and table below. + +```python exec="true" idprefix="" +from ssvc.decision_tables.ssvc.public_safety_impact import LATEST as DT +from ssvc.decision_tables.helpers import mapping2mermaid, mermaid_title_from_dt + +rows = DT.mapping +title = mermaid_title_from_dt(DT) +print(mapping2mermaid(rows, title=title)) +``` + +```python exec="true" idprefix="" + +from ssvc.decision_tables.ssvc.public_safety_impact import LATEST as DT +from ssvc.decision_tables.helpers import dt2df_md + +print(dt2df_md(DT)) +``` + + ## Prior Versions ```python exec="true" idprefix="" diff --git a/src/ssvc/decision_tables/ssvc/public_safety_impact.py b/src/ssvc/decision_tables/ssvc/public_safety_impact.py new file mode 100644 index 00000000..a93f1c93 --- /dev/null +++ b/src/ssvc/decision_tables/ssvc/public_safety_impact.py @@ -0,0 +1,78 @@ +#!/usr/bin/env python +""" +Public Safety Impact Decision Table +""" + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.ssvc.public_safety_impact import ( + PUBLIC_SAFETY_IMPACT_2_0_1 as PSI, +) +from ssvc.decision_points.ssvc.safety_impact import SAFETY_IMPACT_2 as SI +from ssvc.decision_tables.base import DecisionTable +from ssvc.namespaces import NameSpace + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +V1_0_0 = DecisionTable( + namespace=NameSpace.SSVC, + key="DT_PSI", + version="1.0.0", + name="Public Safety Impact", + description="Public Safety Impact Decision Table", + decision_points={dp.id: dp for dp in [SI, PSI]}, + outcome=PSI.id, + mapping=[ + {"ssvc:SI:2.0.0": "N", "ssvc:PSI:2.0.1": "M"}, + {"ssvc:SI:2.0.0": "M", "ssvc:PSI:2.0.1": "S"}, + {"ssvc:SI:2.0.0": "R", "ssvc:PSI:2.0.1": "S"}, + {"ssvc:SI:2.0.0": "C", "ssvc:PSI:2.0.1": "S"}, + ], +) + +VERSIONS = (V1_0_0,) +LATEST = VERSIONS[-1] + + +def main(): + from ssvc.decision_tables.helpers import print_dt_version + + print_dt_version(LATEST, longform=False) + + +if __name__ == "__main__": + main() From f3f05aa528b3c12f4a47f4c5745d97015e7bd6f1 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 22 Aug 2025 15:44:44 -0400 Subject: [PATCH 336/468] add code examples and fix filename for utility documentation --- docs/reference/decision_points/utility.md | 20 +++++++++++++++++++ .../ssvc/{utlity.py => utility.py} | 0 2 files changed, 20 insertions(+) rename src/ssvc/decision_tables/ssvc/{utlity.py => utility.py} (100%) diff --git a/docs/reference/decision_points/utility.md b/docs/reference/decision_points/utility.md index 13fca8b1..a32aa6e4 100644 --- a/docs/reference/decision_points/utility.md +++ b/docs/reference/decision_points/utility.md @@ -29,6 +29,26 @@ This framing makes it easier to analytically derive these categories from a desc Roughly, *Utility* is a combination of two things: (1) the value of each exploitation event and (2) the ease and speed with which the adversary can cause exploitation events. We define *Utility* as laborious, efficient, or super effective, as described in the table above. +The mapping is shown in the diagram and table below. + +```python exec="true" idprefix="" +from ssvc.decision_tables.ssvc.utility import LATEST as DT +from ssvc.decision_tables.helpers import mapping2mermaid, mermaid_title_from_dt + +rows = DT.mapping +title = mermaid_title_from_dt(DT) +print(mapping2mermaid(rows, title=title)) +``` + +```python exec="true" idprefix="" + +from ssvc.decision_tables.ssvc.utility import LATEST as DT +from ssvc.decision_tables.helpers import dt2df_md + +print(dt2df_md(DT)) +``` + + ## Alternative Utility Outputs Alternative heuristics can plausibly be used as proxies for adversary utility. diff --git a/src/ssvc/decision_tables/ssvc/utlity.py b/src/ssvc/decision_tables/ssvc/utility.py similarity index 100% rename from src/ssvc/decision_tables/ssvc/utlity.py rename to src/ssvc/decision_tables/ssvc/utility.py From e704717eb856c07536aa7df061d0d60167b3133e Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 22 Aug 2025 15:56:27 -0400 Subject: [PATCH 337/468] add subgraph structure for inputs and outputs in diagram generation --- src/ssvc/decision_tables/helpers.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/ssvc/decision_tables/helpers.py b/src/ssvc/decision_tables/helpers.py index 7da2c694..3de37678 100644 --- a/src/ssvc/decision_tables/helpers.py +++ b/src/ssvc/decision_tables/helpers.py @@ -102,7 +102,7 @@ def _mapping2mermaid(mapping: list[dict[str:str]], title: str = None) -> str: # add the yaml front matter for the title lines.extend(["---", f"title: {title}", "---"]) - lines.extend(["graph LR", "n1(( ))"]) + lines.extend(["graph LR", "subgraph inputs[Inputs]", "n1(( ))"]) columns = list(mapping[0].keys()) node_ids = {} # (col_idx, path_tuple) -> node_id @@ -110,6 +110,11 @@ def _mapping2mermaid(mapping: list[dict[str:str]], title: str = None) -> str: # Build subgraphs + nodes for col_idx, col in enumerate(columns): + # if it's the last column, close the Inputs subgraph and start the Outputs subgraph + if col_idx == len(columns) - 1: + lines.append("end") + lines.append("subgraph outputs[Outcome]") + subgraph_name = f's{col_idx+1}["{col}"]' lines.append(f"subgraph {subgraph_name}") seen_paths = set() @@ -124,6 +129,7 @@ def _mapping2mermaid(mapping: list[dict[str:str]], title: str = None) -> str: lines.append(f"{node_id}([{label}])") node_ids[(col_idx, path)] = node_id lines.append("end") + lines.append("end") # close the outputs subgraph # Root → level 0 for row in mapping: From 9d9a14029ca2df1df9c2540a623033f79fddb73f Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Sat, 23 Aug 2025 10:49:19 -0400 Subject: [PATCH 338/468] Add discussion on 'scope' concept in Selection Schema --- issues/892.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 issues/892.md diff --git a/issues/892.md b/issues/892.md new file mode 100644 index 00000000..d4ea0492 --- /dev/null +++ b/issues/892.md @@ -0,0 +1,5 @@ +### Discussion on Introducing 'Scope' Concept in Selection Schema + +I would like to discuss the idea of introducing a 'scope' concept within the Selection Schema. This could help clarify the boundaries within which a decision or outcome is valid. By defining a scope, we can ensure better collaboration and contextual understanding among stakeholders. + +What are your thoughts on this? \ No newline at end of file From 12abad300455dfde2f20156d5ed68af77022df73 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 25 Aug 2025 11:32:58 -0400 Subject: [PATCH 339/468] add reference docs for SSVC and CVSS collections decision point groups. --- docs/reference/code/decision_point_groups.md | 18 +++ mkdocs.yml | 1 + src/ssvc/dp_groups/cvss/collections.py | 120 ++++++++++++------- src/ssvc/dp_groups/ssvc/collections.py | 5 + 4 files changed, 101 insertions(+), 43 deletions(-) create mode 100644 docs/reference/code/decision_point_groups.md diff --git a/docs/reference/code/decision_point_groups.md b/docs/reference/code/decision_point_groups.md new file mode 100644 index 00000000..b4607f8a --- /dev/null +++ b/docs/reference/code/decision_point_groups.md @@ -0,0 +1,18 @@ +# Decision Point Groups + +Decision Point groups provide collections of related Decision Points for some +specific purpose. + +With the introduction of [Decision Tables](decision_tables.md), +Decision Point groups are less important than they once were, and may be +deprecated in a future release. +However, they can still be useful for documentation and +for some programmatic uses. + +## SSVC Decision Point Groups + +::: ssvc.dp_groups.ssvc.collections + +## CVSS Decision Point Groups + +::: ssvc.dp_groups.cvss.collections \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index db985033..0831f25d 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -119,6 +119,7 @@ nav: - Intro: 'reference/code/index.md' - Decision Points: 'reference/code/decision_points.md' - Decision Tables: 'reference/code/decision_tables.md' + - Decision Point Groups: 'reference/code/decision_point_groups.md' - Outcomes: 'reference/code/outcomes.md' - Namespaces: 'reference/code/namespaces.md' - Selections: 'reference/code/selection.md' diff --git a/src/ssvc/dp_groups/cvss/collections.py b/src/ssvc/dp_groups/cvss/collections.py index 37bf11b8..e345adb0 100644 --- a/src/ssvc/dp_groups/cvss/collections.py +++ b/src/ssvc/dp_groups/cvss/collections.py @@ -132,7 +132,7 @@ from ssvc.dp_groups.base import DecisionPointGroup # Instantiate the CVSS v1 decision point group -_BASE_1 = [ +BASE_1 = [ ACCESS_VECTOR_1, ACCESS_COMPLEXITY_1, AUTHENTICATION_1, @@ -141,42 +141,50 @@ AVAILABILITY_IMPACT_1, IMPACT_BIAS_1, ] -_TEMPORAL_1 = [ +"""List of CVSS v1 Base decision points""" + +TEMPORAL_1 = [ EXPLOITABILITY_1, REMEDIATION_LEVEL_1, REPORT_CONFIDENCE_1, ] -_ENVIRONMENTAL_1 = [ +"""List of CVSS v1 Temporal decision points""" + +ENVIRONMENTAL_1 = [ COLLATERAL_DAMAGE_POTENTIAL_1, TARGET_DISTRIBUTION_1, ] +"""List of CVSS v1 Environmental decision points""" CVSSv1_B = DecisionPointGroup( name="CVSS", version="1.0.0", description="CVSS v1 decision points", - decision_points=tuple(_BASE_1), + decision_points=tuple(BASE_1), ) +"""CVSS v1 Base Metrics""" CVSSv1_BT = DecisionPointGroup( name="CVSS", version="1.0.0", description="CVSS v1 decision points", - decision_points=tuple(_BASE_1 + _TEMPORAL_1), + decision_points=tuple(BASE_1 + TEMPORAL_1), ) +"""CVSS v1 Base and Temporal Metrics""" CVSSv1_BTE = DecisionPointGroup( name="CVSS", version="1.0.0", description="CVSS v1 decision points", - decision_points=tuple(_BASE_1 + _TEMPORAL_1 + _ENVIRONMENTAL_1), + decision_points=tuple(BASE_1 + TEMPORAL_1 + ENVIRONMENTAL_1), ) +"""CVSS v1 Base, Temporal, and Environmental Metrics""" CVSSv1 = CVSSv1_BTE # convenience alias # CVSS v2 decision points -_BASE_2 = [ +BASE_2 = [ ACCESS_VECTOR_2, ACCESS_COMPLEXITY_2, AUTHENTICATION_2, @@ -184,44 +192,52 @@ INTEGRITY_IMPACT_1, AVAILABILITY_IMPACT_1, ] -_TEMPORAL_2 = [ +"""List of CVSS v2 Base decision points""" + +TEMPORAL_2 = [ EXPLOITABILITY_1_1, REMEDIATION_LEVEL_1_1, REPORT_CONFIDENCE_1_1, ] -_ENVIRONMENTAL_2 = [ +"""List of CVSS v2 Temporal decision points""" + +ENVIRONMENTAL_2 = [ COLLATERAL_DAMAGE_POTENTIAL_2, TARGET_DISTRIBUTION_1_1, CONFIDENTIALITY_REQUIREMENT_1, INTEGRITY_REQUIREMENT_1, AVAILABILITY_REQUIREMENT_1, ] +"""List of CVSS v2 Environmental decision points""" CVSSv2_B = DecisionPointGroup( name="CVSS Version 2 Base Metrics", description="Base metrics for CVSS v2", version="2.0.0", - decision_points=tuple(_BASE_2), + decision_points=tuple(BASE_2), ) +"""CVSS v2 Base Metrics""" CVSSv2_BT = DecisionPointGroup( name="CVSS Version 2 Base and Temporal Metrics", description="Base and Temporal metrics for CVSS v2", version="2.0.0", - decision_points=tuple(_BASE_2 + _TEMPORAL_2), + decision_points=tuple(BASE_2 + TEMPORAL_2), ) +"""CVSS v2 Base and Temporal Metrics""" CVSSv2_BTE = DecisionPointGroup( name="CVSS Version 2 Base, Temporal, and Environmental Metrics", description="Base, Temporal, and Environmental metrics for CVSS v2", version="2.0.0", - decision_points=tuple(_BASE_2 + _TEMPORAL_2 + _ENVIRONMENTAL_2), + decision_points=tuple(BASE_2 + TEMPORAL_2 + ENVIRONMENTAL_2), ) +"""CVSS v2 Base, Temporal, and Environmental Metrics""" CVSSv2 = CVSSv2_BTE # convenience alias # CVSS v3 decision points -_BASE_3 = [ +BASE_3 = [ ATTACK_VECTOR_3, ATTACK_COMPLEXITY_3, PRIVILEGES_REQUIRED_1, @@ -231,54 +247,61 @@ INTEGRITY_IMPACT_2, AVAILABILITY_IMPACT_2, ] -_TEMPORAL_3 = [ +"""List of CVSS v3 Base decision points""" + +TEMPORAL_3 = [ EXPLOIT_CODE_MATURITY_1_2, REMEDIATION_LEVEL_1_1, REPORT_CONFIDENCE_2, ] +"""List of CVSS v3 Temporal decision points""" + +ENVIRONMENTAL_3 = [modify_3(dp) for dp in BASE_3] + [ + CONFIDENTIALITY_REQUIREMENT_1_1, + INTEGRITY_REQUIREMENT_1_1, + AVAILABILITY_REQUIREMENT_1_1, +] +"""List of CVSS v3 Environmental decision points""" -_ENVIRONMENTAL_3 = [modify_3(dp) for dp in _BASE_3] -_ENVIRONMENTAL_3.extend( - [ - CONFIDENTIALITY_REQUIREMENT_1_1, - INTEGRITY_REQUIREMENT_1_1, - AVAILABILITY_REQUIREMENT_1_1, - ] -) CVSSv3_B = DecisionPointGroup( name="CVSS Version 3 Base Metrics", description="Base metrics for CVSS v3", version="3.0.0", - decision_points=tuple(_BASE_3), + decision_points=tuple(BASE_3), ) +"""CVSS v3 Base Metrics""" CVSSv3_BT = DecisionPointGroup( name="CVSS Version 3 Base and Temporal Metrics", description="Base and Temporal metrics for CVSS v3", version="3.0.0", - decision_points=tuple(_BASE_3 + _TEMPORAL_3), + decision_points=tuple(BASE_3 + TEMPORAL_3), ) +"""CVSS v3 Base and Temporal Metrics""" CVSSv3_BTE = DecisionPointGroup( name="CVSS Version 3 Base, Temporal, and Environmental Metrics", description="Base, Temporal, and Environmental metrics for CVSS v3", version="3.0.0", - decision_points=tuple(_BASE_3 + _TEMPORAL_3 + _ENVIRONMENTAL_3), + decision_points=tuple(BASE_3 + TEMPORAL_3 + ENVIRONMENTAL_3), ) +"""CVSS v3 Base, Temporal, and Environmental Metrics""" CVSSv3 = CVSSv3_BTE # convenience alias # CVSS v4 decision points -_EXPLOITABILITY_4 = [ +EXPLOITABILITY_4 = [ ATTACK_VECTOR_3_0_1, ATTACK_COMPLEXITY_3_0_1, ATTACK_REQUIREMENTS_1, PRIVILEGES_REQUIRED_1_0_1, USER_INTERACTION_2, ] -_IMPACT_4 = [ +"""List of CVSS v4 Exploitability decision points""" + +IMPACT_4 = [ CONFIDENTIALITY_IMPACT_3_0_0, INTEGRITY_IMPACT_3_0_0, AVAILABILITY_IMPACT_3_0_0, @@ -286,22 +309,25 @@ SUBSEQUENT_INTEGRITY_IMPACT_1, SUBSEQUENT_AVAILABILITY_IMPACT_1, ] -_BASE_4 = _EXPLOITABILITY_4 + _IMPACT_4 +"""List of CVSS v4 Impact decision points""" + +BASE_4 = EXPLOITABILITY_4 + IMPACT_4 +"""List of CVSS v4 Base decision points""" # note: CVSS v4 does more than just insert "modified" in front of the name and "M" in front of the key -_ENVIRONMENTAL_4 = [modify_4(dp) for dp in _BASE_4] -_ENVIRONMENTAL_4.extend( - [ - CONFIDENTIALITY_REQUIREMENT_1_1_1, - INTEGRITY_REQUIREMENT_1_1_1, - AVAILABILITY_REQUIREMENT_1_1_1, - ] -) -_THREAT_4 = [ +ENVIRONMENTAL_4 = [modify_4(dp) for dp in BASE_4] + [ + CONFIDENTIALITY_REQUIREMENT_1_1_1, + INTEGRITY_REQUIREMENT_1_1_1, + AVAILABILITY_REQUIREMENT_1_1_1, +] +"""List of CVSS v4 Environmental decision points""" + +THREAT_4 = [ EXPLOIT_MATURITY_2, ] +"""List of CVSS v4 Threat decision points""" -_SUPPLEMENTAL_4 = [ +SUPPLEMENTAL_4 = [ SAFETY_1, AUTOMATABLE_1, PROVIDER_URGENCY_1, @@ -309,46 +335,53 @@ VALUE_DENSITY_1, VULNERABILITY_RESPONSE_EFFORT_1, ] +"""List of CVSS v4 Supplemental decision points""" + # CVSS-B Base metrics CVSSv4_B = DecisionPointGroup( name="CVSSv4 Base Metrics", description="Base metrics for CVSS v4", version="4.0.0", - decision_points=tuple(_BASE_4), + decision_points=tuple(BASE_4), ) +"""CVSS v4 Base Metrics""" # CVSS-BE Base and Environmental metrics CVSSv4_BE = DecisionPointGroup( name="CVSSv4 Base and Environmental Metrics", description="Base and Environmental metrics for CVSS v4", version="4.0.0", - decision_points=tuple(_BASE_4 + _ENVIRONMENTAL_4), + decision_points=tuple(BASE_4 + ENVIRONMENTAL_4), ) +"""CVSS v4 Base and Environmental Metrics""" # CVSS-BT Base and Threat metrics CVSSv4_BT = DecisionPointGroup( name="CVSSv4 Base and Threat Metrics", description="Base and Threat metrics for CVSS v4", version="4.0.0", - decision_points=tuple(_BASE_4 + _THREAT_4), + decision_points=tuple(BASE_4 + THREAT_4), ) +"""CVSS v4 Base and Threat Metrics""" # CVSS-BTE CVSSv4_BTE = DecisionPointGroup( name="CVSSv4 Base, Threat, and Environmental Metrics", description="Base, Threat, and Environmental metrics for CVSS v4", version="4.0.0", - decision_points=tuple(_BASE_4 + _THREAT_4 + _ENVIRONMENTAL_4), + decision_points=tuple(BASE_4 + THREAT_4 + ENVIRONMENTAL_4), ) +"""CVSS v4 Base, Threat, and Environmental Metrics""" CVSSv4 = DecisionPointGroup( name="CVSSv4", description="All decision points for CVSS v4 (including supplemental metrics)", version="4.0.0", decision_points=tuple( - _BASE_4 + _THREAT_4 + _ENVIRONMENTAL_4 + _SUPPLEMENTAL_4 + BASE_4 + THREAT_4 + ENVIRONMENTAL_4 + SUPPLEMENTAL_4 ), ) +"""CVSS v4 All Metrics""" CVSSv4_Equivalence_Sets = DecisionPointGroup( name="CVSSv4 EQ Sets", @@ -364,6 +397,7 @@ ), ) + CVSSv4_EQ = CVSSv4_Equivalence_Sets # convenience alias diff --git a/src/ssvc/dp_groups/ssvc/collections.py b/src/ssvc/dp_groups/ssvc/collections.py index 5845401c..05f20da0 100644 --- a/src/ssvc/dp_groups/ssvc/collections.py +++ b/src/ssvc/dp_groups/ssvc/collections.py @@ -46,6 +46,8 @@ PATCH_APPLIER_1, PATCH_DEVELOPER_1 ), ) +"""SSVC version 1 decision point group.""" + SSVCv2 = DecisionPointGroup( name="SSVCv2", description="The second version of the SSVC.", @@ -54,6 +56,8 @@ COORDINATOR_PUBLICATION_1, COORDINATOR_TRIAGE_1, DEPLOYER_2, SUPPLIER_2 ), ) +"""SSVC version 2 decision point group.""" + SSVCv2_1 = DecisionPointGroup( name="SSVCv2.1", description="The second version of the SSVC.", @@ -62,6 +66,7 @@ COORDINATOR_PUBLICATION_1, COORDINATOR_TRIAGE_1, DEPLOYER_3, SUPPLIER_2 ), ) +"""SSVC version 2.1 decision point group.""" VERSIONS = (SSVCv1, SSVCv2, SSVCv2_1) LATEST = VERSIONS[-1] From b8e054aa4d3771aa52b82bf4e8a934efebe2efb1 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 25 Aug 2025 11:52:49 -0400 Subject: [PATCH 340/468] change "policy" to "decision table" in relevant docs --- docs/howto/bootstrap/_steps_table.md | 12 +++--- docs/howto/bootstrap/prepare.md | 48 +++++++++++----------- docs/howto/bootstrap/summary.md | 8 ++-- docs/howto/bootstrap/use.md | 10 ++--- docs/howto/coordination_triage_decision.md | 2 +- docs/howto/cvss_v4/eq1.md | 2 +- docs/howto/cvss_v4/eq2.md | 2 +- docs/howto/cvss_v4/eq3.md | 2 +- docs/howto/cvss_v4/eq4.md | 2 +- docs/howto/cvss_v4/eq5.md | 2 +- docs/howto/cvss_v4/eq6.md | 2 +- docs/howto/cvss_v4/qualitative.md | 2 +- docs/howto/deployer_tree.md | 6 +-- docs/howto/publication_decision.md | 4 +- docs/howto/supplier_tree.md | 4 +- docs/reference/code/policy_generator.md | 2 +- docs/ssvc_overview.md | 6 +-- docs/topics/decision_points_as_bricks.md | 4 +- docs/topics/enumerating_decisions.md | 4 +- docs/topics/enumerating_stakeholders.md | 4 +- docs/topics/index.md | 8 ++-- docs/tutorials/index.md | 4 +- 22 files changed, 70 insertions(+), 70 deletions(-) diff --git a/docs/howto/bootstrap/_steps_table.md b/docs/howto/bootstrap/_steps_table.md index 01c6e98e..a1ed4939 100644 --- a/docs/howto/bootstrap/_steps_table.md +++ b/docs/howto/bootstrap/_steps_table.md @@ -1,6 +1,6 @@ -| Step | Description | -| ---- |------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| [**Prepare**](prepare.md) | Define the decision you want to make, the outcomes you care about, the decision points you will use to make the decision, the decision policy, the data you need to inform the decision points, and the process for maintaining your decision model. | -| [**Collect**](collect.md) | Collect the data you need to make informed decisions. | -| [**Use SSVC**](use.md) | Use SSVC to make decisions about how to respond to vulnerabilities. | -| [**Respond**](use.md) | Respond to vulnerabilities according to the prioritization. | +| Step | Description | +| ---- |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [**Prepare**](prepare.md) | Define the decision you want to make, the outcomes you care about, the decision points you will use to make the decision, the decision table, the data you need to inform the decision points, and the process for maintaining your decision model. | +| [**Collect**](collect.md) | Collect the data you need to make informed decisions. | +| [**Use SSVC**](use.md) | Use SSVC to make decisions about how to respond to vulnerabilities. | +| [**Respond**](use.md) | Respond to vulnerabilities according to the prioritization. | diff --git a/docs/howto/bootstrap/prepare.md b/docs/howto/bootstrap/prepare.md index 79f144ea..f4971120 100644 --- a/docs/howto/bootstrap/prepare.md +++ b/docs/howto/bootstrap/prepare.md @@ -1,13 +1,13 @@ # Prepare to Use SSVC Preparing to use SSVC involves defining a decision you want to make, -the information you need to make that decision, and the policy you want to use to make that decision. +the information you need to make that decision, and the decision table you want to use to make that decision. !!! tip "Stakeholder Involvement" Multiple organizational stakeholders should be involved in the SSVC adoption process. - - _Risk Owners_ must be involved in the development of the risk management policy represented by SSVC. + - _Risk Owners_ must be involved in the development of the risk management decision table represented by SSVC. - _Vulnerability Management_ stakeholders, including IT Security and IT Service Management (ITSM), should be involved in the decision modeling and data mapping processes as well. - _Other Roles_ depend on the organization and specific decision models being developed. For example, a Supplier @@ -32,8 +32,8 @@ flowchart decisionpoints[Define Inputs] dataeng[Data Mapping] dm[/Data Map/] - policy[Policy Development] - p[/Policy/] + policy[Decision Table Development] + p[/Decision Table/] end dcd --> outcomes dcd --> governance @@ -181,18 +181,18 @@ flowchart LR device safety regulations. So, the medical device manufacturer might define a decision point called _Regulated_ with the values _Regulated Device_, _Non-Regulated Device_, and _Support Service_. -## Define Policy +## Define Decision Table So far, you have chosen a decision to model, defined the possible outcomes for that decision, and defined the information you need to make that decision. -Now, you need to define the policy you want to use to make that decision. -A policy is a function that takes a set of decision point values as input and returns an outcome as output. -While we often choose to represent policies as decision trees, they can be represented in other ways as well. -In fact, we find that it is often useful to represent policies in tabular form, for example as a CSV file. -We have provided a number of example policies in the [SSVC documentation](../index.md), but you can define your own policy to meet your needs. +Now, you need to define the decision table you want to use to make that decision. +A decision table is a function that takes a set of decision point values as input and returns an outcome as output. +While we often choose to represent decision tables as decision trees, they can be represented in other ways as well. +In fact, we find that it is often useful to represent decision tables in tabular form, for example as a CSV file. +We have provided a number of example decision tables in the [SSVC documentation](../index.md), but you can define your own decision table to meet your needs. ```mermaid --- -title: Policy Definition Process +title: Decision Table Definition Process --- flowchart LR subgraph do[Define Outcomes] @@ -201,9 +201,9 @@ flowchart LR subgraph di [Define Inputs] dps[/Decision Point Set/] end - subgraph policy [Policy Development] - dfp{{Define Policy}} - p[/Policy/] + subgraph policy [Decision Table Development] + dfp{{Define Decision Table}} + p[/Decision Table/] end oc --> dfp dps --> dfp @@ -217,10 +217,10 @@ flowchart LR decision model and decide that both the outcome set and the decision point set that define the structure of the decision model are appropriate for their needs. They map the 48 hour requirement to the _Immediate_ outcome, because it essentially represents their highest priority response. - However, they notice that the specific policy given in the [Deployer Prioritization](../supplier_tree.md) + However, they notice that the specific decision table given in the [Deployer Prioritization](../supplier_tree.md) example—that is, the mapping from decision point values to outcomes—is not appropriate for their needs because it has too few _Immediate_ outcomes to suit their policy. - Therefore, the bank decides to reuse the same decision point set and outcome set but define their own policy. + Therefore, the bank decides to reuse the same decision point set and outcome set but define their own decision table. ## Map Data to Model Inputs @@ -298,10 +298,10 @@ SSVC. Each of the items we discussed above could be reviewed in turn, ensuring t - The decision itself remains relevant to the organization - The outcomes remain relevant to the decision - The decision points remain relevant to the decision -- The policy remains relevant to the organization's needs +- The decision table remains relevant to the organization's needs - The data sources remain relevant to informing the decision points -Depending on the review, any necessary adjustments can be made to the outcomes, decision points, policy, data map, +Depending on the review, any necessary adjustments can be made to the outcomes, decision points, decision table, data map, or operational processes. ```mermaid @@ -314,13 +314,13 @@ subgraph Governance direction LR ro[/Modify Outcomes?\] mdp[/Modify Decision Points?\] - rp[/Modify Policy?\] + rp[/Modify Decision Table?\] rds[/Modify Data Mapping?\] oc[/Outcomes/] dp[/Decision Points/] dm[/Data Map/] - um{{Update Policy}} - po[/Policy/] + um{{Update Decision Table}} + po[/Decision Table/] end ro -->|yes| oc @@ -355,10 +355,10 @@ um --> po - Are there decision points that are not as useful as we thought they would be? - Are there new decision points we should add? - - Does the policy still reflect our understanding and expectations of how we want to make this decision? + - Does the decision table still reflect our understanding and expectations of how we want to make this decision? - - Have there been instances where the policy has led to a decision that we later regretted? - - Are there new constraints or requirements that the policy mapping does not capture? + - Have there been instances where the decision table has led to a decision that we later regretted? + - Are there new constraints or requirements that the decision table mapping does not capture? - Do we have the right data to inform the decision points in the decision model? diff --git a/docs/howto/bootstrap/summary.md b/docs/howto/bootstrap/summary.md index 1de97b42..f5e33b69 100644 --- a/docs/howto/bootstrap/summary.md +++ b/docs/howto/bootstrap/summary.md @@ -39,9 +39,9 @@ subgraph prep [Prepare to use SSVC] ddf[/Data Definition/] end l7((1)) - subgraph policy [Policy Development] - dfp{{Define Policy}} - p[/Policy/] + subgraph policy [Decision Table Development] + dfp{{Define Decision Table}} + p[/Decision Table/] end subgraph gov [Governance] eg{{Establish Governance Process}} @@ -60,7 +60,7 @@ end subgraph runtime [Use SSVC] mdp[[Apply Decision Point Mapping to Data]] dp[/Decision Point Values/] - ap[[Apply Policy]] + ap[[Apply Decision Table]] oc[/Outcome/] end r[Vulnerability Response] diff --git a/docs/howto/bootstrap/use.md b/docs/howto/bootstrap/use.md index 9093c196..9625fc5a 100644 --- a/docs/howto/bootstrap/use.md +++ b/docs/howto/bootstrap/use.md @@ -5,8 +5,8 @@ SSVC to make decisions about how to respond to vulnerabilities. ```mermaid flowchart LR - subgraph pd[Policy Development] - p[/Policy/] + subgraph pd[Decision Table Development] + p[/Decision Table/] end subgraph dmp[Data Mapping] dm[/Data Map/] @@ -18,7 +18,7 @@ flowchart LR subgraph runtime [Use SSVC] mdp[[Apply Decision Point Mapping to Data]] dp[/Decision Point Values/] - ap[[Apply Policy]] + ap[[Apply Decision Table]] oc[/Outcome/] end dm --> mdp @@ -42,14 +42,14 @@ flowchart LR matches their existing process. These same requirements also led them to define a decision function based on a custom selection of existing decision points. - They've mapped their agency policy to a decision policy that assigns specific decision point values to specific outcomes. + They've mapped their agency policy to a decision table that assigns specific decision point values to specific outcomes. They have also enumerated the data they need to inform the relevant decision point values. The agency has a process for collecting the data they need, and they have collected the data for a particular vulnerability. Now they are ready to use SSVC to decide how to respond to a vulnerability. Taking the data they have collected, they first combine it with the data map to produce a set of decision point values. - Then they apply the policy to the decision point values to produce an outcome. + Then they apply the decision table to the decision point values to produce an outcome. The outcome is a prioritization decision that they can use to inform their response to the vulnerability. ## Respond to Vulnerabilities diff --git a/docs/howto/coordination_triage_decision.md b/docs/howto/coordination_triage_decision.md index 0113247d..65e5912e 100644 --- a/docs/howto/coordination_triage_decision.md +++ b/docs/howto/coordination_triage_decision.md @@ -95,7 +95,7 @@ for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: ## Coordinator Triage Decision Model -The following example decision model is a policy that closely follows our own decision model at the CERT/CC. +The following example decision model is a decision table that closely follows our own decision model at the CERT/CC. Other coordinators should consider customizing the tree to their needs, as described in [Tree Construction and Customization Guidance](tree_customization.md). !!! tip "SSVC Customization in Action: CISA" diff --git a/docs/howto/cvss_v4/eq1.md b/docs/howto/cvss_v4/eq1.md index b674c7ad..6a6733fb 100644 --- a/docs/howto/cvss_v4/eq1.md +++ b/docs/howto/cvss_v4/eq1.md @@ -36,7 +36,7 @@ for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: ## Analyst Decision Model -Below we provide an example deployer prioritization policy that maps the decision points just listed to the outcomes described above. +Below we provide an example deployer prioritization decision table that maps the decision points just listed to the outcomes described above. ### Decision Model Visualization diff --git a/docs/howto/cvss_v4/eq2.md b/docs/howto/cvss_v4/eq2.md index 73a3c3f2..c0e8b3a1 100644 --- a/docs/howto/cvss_v4/eq2.md +++ b/docs/howto/cvss_v4/eq2.md @@ -36,7 +36,7 @@ for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: ## Analyst Decision Model -Below we provide an example deployer prioritization policy that maps the decision points just listed to the outcomes described above. +Below we provide an example deployer prioritization decision table that maps the decision points just listed to the outcomes described above. ### Decision Model Visualization diff --git a/docs/howto/cvss_v4/eq3.md b/docs/howto/cvss_v4/eq3.md index c21ea005..dd72315b 100644 --- a/docs/howto/cvss_v4/eq3.md +++ b/docs/howto/cvss_v4/eq3.md @@ -36,7 +36,7 @@ for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: ## Analyst Decision Model -Below we provide an example deployer prioritization policy that maps the decision points just listed to the outcomes described above. +Below we provide an example deployer prioritization decision table that maps the decision points just listed to the outcomes described above. ### Decision Model Visualization diff --git a/docs/howto/cvss_v4/eq4.md b/docs/howto/cvss_v4/eq4.md index 6f1986ba..b4ce4e89 100644 --- a/docs/howto/cvss_v4/eq4.md +++ b/docs/howto/cvss_v4/eq4.md @@ -36,7 +36,7 @@ for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: ## Analyst Decision Model -Below we provide an example deployer prioritization policy that maps the decision points just listed to the outcomes described above. +Below we provide an example deployer prioritization decision table that maps the decision points just listed to the outcomes described above. ### Decision Model Visualization diff --git a/docs/howto/cvss_v4/eq5.md b/docs/howto/cvss_v4/eq5.md index 76b8e5ee..4e6526f8 100644 --- a/docs/howto/cvss_v4/eq5.md +++ b/docs/howto/cvss_v4/eq5.md @@ -36,7 +36,7 @@ for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: ## Analyst Decision Model -Below we provide an example deployer prioritization policy that maps the decision points just listed to the outcomes described above. +Below we provide an example deployer prioritization decision table that maps the decision points just listed to the outcomes described above. ### Decision Model Visualization diff --git a/docs/howto/cvss_v4/eq6.md b/docs/howto/cvss_v4/eq6.md index d0bea8d1..51885845 100644 --- a/docs/howto/cvss_v4/eq6.md +++ b/docs/howto/cvss_v4/eq6.md @@ -36,7 +36,7 @@ for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: ## Analyst Decision Model -Below we provide an example deployer prioritization policy that maps the decision points just listed to the outcomes described above. +Below we provide an example deployer prioritization decision table that maps the decision points just listed to the outcomes described above. ### Decision Model Visualization diff --git a/docs/howto/cvss_v4/qualitative.md b/docs/howto/cvss_v4/qualitative.md index 11d805d9..f221c20b 100644 --- a/docs/howto/cvss_v4/qualitative.md +++ b/docs/howto/cvss_v4/qualitative.md @@ -71,7 +71,7 @@ for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: ## Analyst Decision Model -Below we provide an example deployer prioritization policy that maps the decision points just listed to the outcomes described above. +Below we provide an example deployer prioritization decision table that maps the decision points just listed to the outcomes described above. ### Decision Model Visualization diff --git a/docs/howto/deployer_tree.md b/docs/howto/deployer_tree.md index 148881b5..09c4a777 100644 --- a/docs/howto/deployer_tree.md +++ b/docs/howto/deployer_tree.md @@ -132,11 +132,11 @@ In the *Human Impact* table above, *MEF* stands for Mission Essential Function. ## Deployer Decision Model -Below we provide an example deployer prioritization policy that maps the decision points just listed to the outcomes described above. +Below we provide an example deployer prioritization decision table that maps the decision points just listed to the outcomes described above. -!!! tip "Notes on the Deployer Decision Model Example Policy" +!!! tip "Notes on the Deployer Decision Model Example Decision Table" - In the example policy shown below: + In the example decision table shown below: - An [_active_](../reference/decision_points/exploitation.md) state of [*Exploitation*](../reference/decision_points/exploitation.md) will never result in a *defer* priority. - A [_none_](../reference/decision_points/exploitation.md) state of [*Exploitation*](../reference/decision_points/exploitation.md) (no evidence of exploitation) will result in either *defer* or *scheduled* priority—unless the state of [*Human Impact*](../reference/decision_points/human_impact.md) is [_very high_](../reference/decision_points/human_impact.md), resulting in an *out-of-cycle* priority. diff --git a/docs/howto/publication_decision.md b/docs/howto/publication_decision.md index 2928d79a..d0c396be 100644 --- a/docs/howto/publication_decision.md +++ b/docs/howto/publication_decision.md @@ -11,7 +11,7 @@ While other stakeholders may also have to make a publication decision, here we f the combination of the stakeholder and the decision being modeled. In this case, the stakeholder is the **Coordinator** and the decision is **whether to publish an advisory about the vulnerability**. -## Policy Constraints and Publication Decisions +## Decision Table Constraints and Publication Decisions !!! tip inline end "Other Stakeholders' Publication Decisions" @@ -144,7 +144,7 @@ for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: ## Coordinator Publication Decision Model -An example coordinator publication decision model is shown below. The policy described by the model is based on CERT/CC +An example coordinator publication decision model is shown below. The decision table described by the model is based on CERT/CC publication decisions. Other organizations may have different publication criteria and may want to include other decision points in their publication decision model. diff --git a/docs/howto/supplier_tree.md b/docs/howto/supplier_tree.md index aeabc470..cd70e52f 100644 --- a/docs/howto/supplier_tree.md +++ b/docs/howto/supplier_tree.md @@ -94,8 +94,8 @@ for dp in [v for k,v in DT.decision_points.items() if k != DT.outcome]: ## Supplier Decision Model -The example supplier decision model below shows a prioritization policy for the supplier. -We display the decision model as a decision tree, which provides a compact representation of the policy, +The example supplier decision model below shows a prioritization decision table for the supplier. +We display the decision model as a decision tree, which provides a compact representation of the decision table, showing the relative priority of different situations. ```python exec="true" idprefix="" diff --git a/docs/reference/code/policy_generator.md b/docs/reference/code/policy_generator.md index 4520599f..23e02db3 100644 --- a/docs/reference/code/policy_generator.md +++ b/docs/reference/code/policy_generator.md @@ -1,7 +1,7 @@ # SSVC Policy Generator Tool The SSVC Policy Generator is a Python object that generates an SSVC decision -policy (a decision tree) from a set of input parameters. +table from a set of input parameters. It is intended to be used as a library, for example within a Jupyter notebook. diff --git a/docs/ssvc_overview.md b/docs/ssvc_overview.md index 74cdaeef..f95a49b9 100644 --- a/docs/ssvc_overview.md +++ b/docs/ssvc_overview.md @@ -44,15 +44,15 @@ Many Suppliers and Deployers will want to resolve *Defer* vulnerabilities in due ### Prioritization categories for Coordinators -Our advice for Coordinators is based on the [CERT/CC Coordinated Vulnerability Disclosure (CVD) project](../howto/coordination_triage_decision/#coordinator-triage-units-of-work). Because we make separate decisions for triage and publication, we provide separate example trees, each of which has different prioritizations at the end. These trees represent how we apply SSVC to our needs, and other coordinators might make *different* decisions based on different inputs and output scales. The following categories are listed in increasing order of involvement. +Our advice for Coordinators is based on the [CERT/CC Coordinated Vulnerability Disclosure (CVD) project](../howto/coordination_triage_decision/#coordinator-triage-units-of-work). Because we make separate decisions for triage and publication, we provide separate example decision tables, each of which has different prioritizations at the end. These decision tables represent how we apply SSVC to our needs, and other coordinators might make *different* decisions based on different inputs and output scales. The following categories are listed in increasing order of involvement. -A triage tree might have: +A triage decision table might have: - *Decline* to act on the report. - *Track* information about the reported vulnerability, but do not take overt actions. - *Coordinate* a response to the vulnerabilty report, potentially including technical analysis, reproduction, notifying vendors, publication, and assisting another party. -Whereas a publication tree might have: +Whereas a publication decision table might have: - *Don't publish* information about the vulnerability. - *Publish* information about the vulnerability. diff --git a/docs/topics/decision_points_as_bricks.md b/docs/topics/decision_points_as_bricks.md index 47aafdea..2b7cd890 100644 --- a/docs/topics/decision_points_as_bricks.md +++ b/docs/topics/decision_points_as_bricks.md @@ -78,10 +78,10 @@ to decide how much of that flexibility to use. Similarly, SSVC provides a set of "bricks" in the form of [decision points](../reference/decision_points/index.md) and [outcomes](../reference/code/outcomes.md). -We have provided a set of [example decision models](../howto/index.md) and [policies](../howto/index.md) to get you started. +We have provided a set of [example decision models](../howto/index.md) and [decision tables](../howto/index.md) to get you started. You might choose to simply use what we've provided as a starting point. Or you might already recognize that our example gets the structure of the decision model right, -but you need to adapt the outcomes or policy to better fit your situation. +but you need to adapt the outcomes or decision table to better fit your situation. You might also recognize that you need to combine different example decision models to build the model you need. For example, you might recognize that you need to combine the [supplier decision model](../howto/supplier_tree.md) diff --git a/docs/topics/enumerating_decisions.md b/docs/topics/enumerating_decisions.md index 3e228a97..10d42788 100644 --- a/docs/topics/enumerating_decisions.md +++ b/docs/topics/enumerating_decisions.md @@ -39,9 +39,9 @@ If their decisions are explicit, then the decision makers can use the recommenda their decisions. For example, one organization might need to map their decisions to three priority levels, while another might need to map their decisions to five priority levels. - Variation can also arise from different organization goals or risk tolerance that alters the policy mapping the + Variation can also arise from different organization goals or risk tolerance that alters the decision table mapping the decision points to priority outcomes. The decision points themselves are often the same for the - stakeholder-decision pairing, but the policy that maps the decision points to priority outcomes is different. + stakeholder-decision pairing, but the decision table that maps the decision points to priority outcomes is different. The salient information required to make a specific kind of decision in a specific context is often the same across organizations. diff --git a/docs/topics/enumerating_stakeholders.md b/docs/topics/enumerating_stakeholders.md index e6e05a74..38c8ee8e 100644 --- a/docs/topics/enumerating_stakeholders.md +++ b/docs/topics/enumerating_stakeholders.md @@ -19,7 +19,7 @@ The choice not to segregate the decisions by sector is reinforced by the fact th It is less likely that one organization has multiple responsibilities within the vulnerability management process. Even if there is overlap within an organization, the two responsibilities are often located in distinct business units with distinct decision-making processes. -We can treat the responsibilities as non-overlapping, and, therefore, we can build two decision trees—one for each of the “patch supplier” and “patch deployer” responsibilities in the vulnerability management process. +We can treat the responsibilities as non-overlapping, and, therefore, we can build two decision tables—one for each of the “patch supplier” and “patch deployer” responsibilities in the vulnerability management process. Each of these trees will have different decision points that they take to arrive at a decision about a given unit of work. @@ -34,5 +34,5 @@ In [Enumerating Decisions](./enumerating_decisions.md), we describe the decision The following decision system may help such laypeople, but we do not intend it to be used by that audience. While C-level executives and public policy professionals often make, shape, or incentivize decisions about managing information systems, they are not the target audience, either. - To the extent that decision trees for vulnerability management help higher level policy decisions, we believe the best way to help policy makers is by making technical decisions more transparent and explainable. + To the extent that decision tables for vulnerability management help higher level policy decisions, we believe the best way to help policy makers is by making technical decisions more transparent and explainable. Policy makers may see indirect benefits, but they are not our primary audience and we are not designing an approach for them directly. diff --git a/docs/topics/index.md b/docs/topics/index.md index d1e73a6d..52a6d9f2 100644 --- a/docs/topics/index.md +++ b/docs/topics/index.md @@ -35,9 +35,9 @@ SSVC models individual vulnerability management decisions. It is built around th possible result of the decision. - **Outcome Values** are the possible values for an Outcome. Outcomes are similarly defined as an ordered set of enumerated values, usually indicating a priority or urgency. -- A **Policy** is a mapping from each combination of decision point values to the set of outcome values. +- A **Decision Table** is a mapping from each combination of decision point values to the set of outcome values. - A **Decision Function** is a function that accepts a set of decision point values and returns an outcome value based - on a policy. + on a decision table. ```mermaid --- @@ -50,7 +50,7 @@ flowchart LR dp1 --> dv2[Decision Value 2] dp1 --> dv3[Decision Value 3] end - subgraph Policy + subgraph Policy[Decision Table] direction LR dp1dv1[Decision Point 1 Decision Value 1] --> o1ov1[Outcome 1 Value 1] dp1dv2[Decision Point 1 Decision Value 2] --> o1ov2[Outcome 1 Value 2] @@ -71,7 +71,7 @@ flowchart LR Our initial concept for SSVC's decision modeling was based on decision trees. A decision tree represents important elements of a decision, possible decision values, and possible outcomes. We often represent a decision function as a decision tree because it is a convenient way to represent - a **Policy** as a branching decision structure. + a **Decision Table** as a branching decision structure. We do not claim this approach is the only viable option. In particular, we have received feedback that decision trees are not always the best way to represent diff --git a/docs/tutorials/index.md b/docs/tutorials/index.md index 802ff565..a5f7513b 100644 --- a/docs/tutorials/index.md +++ b/docs/tutorials/index.md @@ -12,10 +12,10 @@ For technical reference, including a list of decision points, see [Reference](.. !!! info "SSVC in a Nutshell" SSVC is built around the concept of a **Decision Model** that takes a set of input **Decision Points** and - applies a **Policy** to produce a set of output **Outcomes**. + applies a **Decision Table** to produce a set of output **Outcomes**. The **Decision Points** are the factors that influence the decision, and the **Outcomes** are the possible results of the decision. Both **Decision Points** and **Outcomes** are defined as ordered sets of enumerated values. - The **Policy** is a mapping from each combination of decision point values to the set of outcome values. + The **Decision Table** is a mapping from each combination of decision point values to the set of outcome values. One of SSVC's goals is to provide a methodology to develop risk-informed guidance at a human scale, while enabling data-driven decision-making. From 4b005874ee21642d7b99421196b6a6026821ce0c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Aug 2025 05:34:54 +0000 Subject: [PATCH 341/468] Bump the mkdocs group with 2 updates Bumps the mkdocs group with 2 updates: [mkdocs-material](https://github.com/squidfunk/mkdocs-material) and [mkdocstrings-python](https://github.com/mkdocstrings/python). Updates `mkdocs-material` from 9.6.16 to 9.6.18 - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.16...9.6.18) Updates `mkdocstrings-python` from 1.16.12 to 1.17.0 - [Release notes](https://github.com/mkdocstrings/python/releases) - [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md) - [Commits](https://github.com/mkdocstrings/python/compare/1.16.12...1.17.0) --- updated-dependencies: - dependency-name: mkdocs-material dependency-version: 9.6.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: mkdocs - dependency-name: mkdocstrings-python dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: mkdocs ... Signed-off-by: dependabot[bot] --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index a664977e..1cd36a79 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,10 +2,10 @@ mkdocs==1.6.1 mkdocs-bibtex==4.4.0 mkdocs-include-markdown-plugin==7.1.6 mkdocs-table-reader-plugin==3.1.0 -mkdocs-material==9.6.16 +mkdocs-material==9.6.18 mkdocs-material-extensions==1.3.1 mkdocstrings==0.30.0 -mkdocstrings-python==1.16.12 +mkdocstrings-python==1.17.0 mkdocs-print-site-plugin==2.8 markdown-exec==1.11.0 thefuzz==0.22.1 From 19ed9d46e05d9d5ed35f47ff3da6ba5494bc9c43 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Aug 2025 05:35:00 +0000 Subject: [PATCH 342/468] Bump jsonschema from 4.25.0 to 4.25.1 Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.25.0 to 4.25.1. - [Release notes](https://github.com/python-jsonschema/jsonschema/releases) - [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst) - [Commits](https://github.com/python-jsonschema/jsonschema/compare/v4.25.0...v4.25.1) --- updated-dependencies: - dependency-name: jsonschema dependency-version: 4.25.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index a664977e..a20a3e7e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,7 +11,7 @@ markdown-exec==1.11.0 thefuzz==0.22.1 pandas==2.3.1 scikit-learn==1.6.1 -jsonschema==4.25.0 +jsonschema==4.25.1 networkx==3.4.2 pydantic==2.11.7 semver==3.0.4 \ No newline at end of file From 833deef1c273b01f41155f5d0d15b3b789673f8e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Aug 2025 05:48:07 +0000 Subject: [PATCH 343/468] Bump actions/upload-pages-artifact from 3 to 4 Bumps [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](https://github.com/actions/upload-pages-artifact/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/upload-pages-artifact dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/deploy_site.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy_site.yml b/.github/workflows/deploy_site.yml index 67f2a54f..071254bc 100644 --- a/.github/workflows/deploy_site.yml +++ b/.github/workflows/deploy_site.yml @@ -53,7 +53,7 @@ jobs: mkdocs build --verbose --clean --config-file mkdocs.yml - name: Upload artifact - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@v4 with: # Upload entire repository path: 'site' From 2c3d4762ce49c466925c8de9ca74ed2790f3f52e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Aug 2025 13:15:31 +0000 Subject: [PATCH 344/468] Bump pandas from 2.3.1 to 2.3.2 Bumps [pandas](https://github.com/pandas-dev/pandas) from 2.3.1 to 2.3.2. - [Release notes](https://github.com/pandas-dev/pandas/releases) - [Commits](https://github.com/pandas-dev/pandas/compare/v2.3.1...v2.3.2) --- updated-dependencies: - dependency-name: pandas dependency-version: 2.3.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index a20a3e7e..39a4df7e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9,7 +9,7 @@ mkdocstrings-python==1.16.12 mkdocs-print-site-plugin==2.8 markdown-exec==1.11.0 thefuzz==0.22.1 -pandas==2.3.1 +pandas==2.3.2 scikit-learn==1.6.1 jsonschema==4.25.1 networkx==3.4.2 From 28d87552239da9986a68dbaa8924539900ff975d Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 26 Aug 2025 10:14:00 -0400 Subject: [PATCH 345/468] catch pyproject.toml up to main --- requirements.txt | 63 +++++++++++++++++++-------------------- src/pyproject.toml | 8 ++--- src/uv.lock | 73 +++++++++++++++++++++++----------------------- 3 files changed, 73 insertions(+), 71 deletions(-) diff --git a/requirements.txt b/requirements.txt index 7b61f1cb..ce455ac8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -89,6 +89,7 @@ click==8.2.1 \ --hash=sha256:61a3265b914e850b85317d0b3109c7f8cd35a670f963866005d6ef1d5175a12b # via # mkdocs + # mkdocs-material # rich-toolkit # typer # uvicorn @@ -195,9 +196,9 @@ joblib==1.5.1 \ --hash=sha256:4719a31f054c7d766948dcd83e9613686b27114f190f717cec7eaa2084f8a74a \ --hash=sha256:f4f86e351f39fe3d0d32a9f2c3d8af1ee4cec285aafcb27003dda5205576b444 # via scikit-learn -jsonschema==4.25.0 \ - --hash=sha256:24c2e8da302de79c8b9382fee3e76b355e44d2a4364bb207159ce10b517bd716 \ - --hash=sha256:e63acf5c11762c0e6672ffb61482bdf57f0876684d8d249c0fe2d730d48bc55f +jsonschema==4.25.1 \ + --hash=sha256:3fba0169e345c7175110351d456342c364814cfcf3b964ba4587f22915230a63 \ + --hash=sha256:e4a9655ce0da0c0b67a085847e00a3a51449e1157f4f75e9fb5aa545e122eb85 # via ssvc jsonschema-specifications==2025.4.1 \ --hash=sha256:4653bffbd6584f7de83a67e0d620ef16900b390ddc7939d56684d6c81e33f1af \ @@ -303,9 +304,9 @@ mkdocs-include-markdown-plugin==7.1.6 \ --hash=sha256:7975a593514887c18ecb68e11e35c074c5499cfa3e51b18cd16323862e1f7345 \ --hash=sha256:a0753cb82704c10a287f1e789fc9848f82b6beb8749814b24b03dd9f67816677 # via ssvc -mkdocs-material==9.6.16 \ - --hash=sha256:8d1a1282b892fe1fdf77bfeb08c485ba3909dd743c9ba69a19a40f637c6ec18c \ - --hash=sha256:d07011df4a5c02ee0877496d9f1bfc986cfb93d964799b032dd99fe34c0e9d19 +mkdocs-material==9.6.18 \ + --hash=sha256:a2eb253bcc8b66f8c6eaf8379c10ed6e9644090c2e2e9d0971c7722dc7211c05 \ + --hash=sha256:dbc1e146a0ecce951a4d84f97b816a54936cdc9e1edd1667fc6868878ac06701 # via # mkdocs-print-site-plugin # ssvc @@ -329,9 +330,9 @@ mkdocstrings==0.30.0 \ # via # mkdocstrings-python # ssvc -mkdocstrings-python==1.16.12 \ - --hash=sha256:22ded3a63b3d823d57457a70ff9860d5a4de9e8b1e482876fc9baabaf6f5f374 \ - --hash=sha256:9b9eaa066e0024342d433e332a41095c4e429937024945fea511afe58f63175d +mkdocstrings-python==1.17.0 \ + --hash=sha256:49903fa355dfecc5ad0b891e78ff5d25d30ffd00846952801bbe8331e123d4b0 \ + --hash=sha256:c6295962b60542a9c7468a3b515ce8524616ca9f8c1a38c790db4286340ba501 # via ssvc networkx==3.4.2 \ --hash=sha256:307c3669428c5362aab27c8a1260aa8f47c4e91d3891f48be0141738d8d053e1 \ @@ -452,28 +453,28 @@ paginate==0.5.7 \ --hash=sha256:22bd083ab41e1a8b4f3690544afb2c60c25e5c9a63a30fa2f483f6c60c8e5945 \ --hash=sha256:b885e2af73abcf01d9559fd5216b57ef722f8c42affbb63942377668e35c7591 # via mkdocs-material -pandas==2.3.1 \ - --hash=sha256:025e92411c16cbe5bb2a4abc99732a6b132f439b8aab23a59fa593eb00704232 \ - --hash=sha256:0a95b9ac964fe83ce317827f80304d37388ea77616b1425f0ae41c9d2d0d7bb2 \ - --hash=sha256:1c78cf43c8fde236342a1cb2c34bcff89564a7bfed7e474ed2fffa6aed03a956 \ - --hash=sha256:2ba6aff74075311fc88504b1db890187a3cd0f887a5b10f5525f8e2ef55bfdb9 \ - --hash=sha256:2f4d6feeba91744872a600e6edbbd5b033005b431d5ae8379abee5bcfa479fab \ - --hash=sha256:56a342b231e8862c96bdb6ab97170e203ce511f4d0429589c8ede1ee8ece48b8 \ - --hash=sha256:5db9637dbc24b631ff3707269ae4559bce4b7fd75c1c4d7e13f40edc42df4444 \ - --hash=sha256:689968e841136f9e542020698ee1c4fbe9caa2ed2213ae2388dc7b81721510d3 \ - --hash=sha256:6de8547d4fdb12421e2d047a2c446c623ff4c11f47fddb6b9169eb98ffba485a \ - --hash=sha256:6f3bf5ec947526106399a9e1d26d40ee2b259c66422efdf4de63c848492d91bb \ - --hash=sha256:782647ddc63c83133b2506912cc6b108140a38a37292102aaa19c81c83db2928 \ - --hash=sha256:7dcb79bf373a47d2a40cf7232928eb7540155abbc460925c2c96d2d30b006eb4 \ - --hash=sha256:8dfc17328e8da77be3cf9f47509e5637ba8f137148ed0e9b5241e1baf526e20a \ - --hash=sha256:9026bd4a80108fac2239294a15ef9003c4ee191a0f64b90f170b40cfb7cf2d22 \ - --hash=sha256:911580460fc4884d9b05254b38a6bfadddfcc6aaef856fb5859e7ca202e45275 \ - --hash=sha256:9b7ff55f31c4fcb3e316e8f7fa194566b286d6ac430afec0d461163312c5841e \ - --hash=sha256:ac942bfd0aca577bef61f2bc8da8147c4ef6879965ef883d8e8d5d2dc3e744b8 \ - --hash=sha256:ca7ed14832bce68baef331f4d7f294411bed8efd032f8109d690df45e00c4679 \ - --hash=sha256:e5635178b387bd2ba4ac040f82bc2ef6e6b500483975c4ebacd34bec945fda12 \ - --hash=sha256:ec6c851509364c59a5344458ab935e6451b31b818be467eb24b0fe89bd05b6b9 \ - --hash=sha256:fe37e757f462d31a9cd7580236a82f353f5713a80e059a29753cf938c6775d96 +pandas==2.3.2 \ + --hash=sha256:0064187b80a5be6f2f9c9d6bdde29372468751dfa89f4211a3c5871854cfbf7a \ + --hash=sha256:0bd281310d4f412733f319a5bc552f86d62cddc5f51d2e392c8787335c994175 \ + --hash=sha256:0c6ecbac99a354a051ef21c5307601093cb9e0f4b1855984a084bfec9302699e \ + --hash=sha256:0cee69d583b9b128823d9514171cabb6861e09409af805b54459bd0c821a35c2 \ + --hash=sha256:114c2fe4f4328cf98ce5716d1532f3ab79c5919f95a9cfee81d9140064a2e4d6 \ + --hash=sha256:12d039facec710f7ba305786837d0225a3444af7bbd9c15c32ca2d40d157ed8b \ + --hash=sha256:1b9b52693123dd234b7c985c68b709b0b009f4521000d0525f2b95c22f15944b \ + --hash=sha256:213a5adf93d020b74327cb2c1b842884dbdd37f895f42dcc2f09d451d949f811 \ + --hash=sha256:2319656ed81124982900b4c37f0e0c58c015af9a7bbc62342ba5ad07ace82ba9 \ + --hash=sha256:3fbb977f802156e7a3f829e9d1d5398f6192375a3e2d1a9ee0803e35fe70a2b9 \ + --hash=sha256:48fa91c4dfb3b2b9bfdb5c24cd3567575f4e13f9636810462ffed8925352be5a \ + --hash=sha256:4ac8c320bded4718b298281339c1a50fb00a6ba78cb2a63521c39bec95b0209b \ + --hash=sha256:837248b4fc3a9b83b9c6214699a13f069dc13510a6a6d7f9ba33145d2841a012 \ + --hash=sha256:8c13b81a9347eb8c7548f53fd9a4f08d4dfe996836543f805c987bafa03317ae \ + --hash=sha256:96d31a6b4354e3b9b8a2c848af75d31da390657e3ac6f30c05c82068b9ed79b9 \ + --hash=sha256:ab7b58f8f82706890924ccdfb5f48002b83d2b5a3845976a9fb705d36c34dcdb \ + --hash=sha256:b37205ad6f00d52f16b6d09f406434ba928c1a1966e2771006a9033c736d30d2 \ + --hash=sha256:c624b615ce97864eb588779ed4046186f967374185c047070545253a52ab2d57 \ + --hash=sha256:c6f048aa0fd080d6a06cc7e7537c09b53be6642d330ac6f54a600c3ace857ee9 \ + --hash=sha256:d2c3554bd31b731cd6490d94a28f3abb8dd770634a9e06eb6d2911b9827db370 \ + --hash=sha256:df4df0b9d02bb873a106971bb85d448378ef14b86ba96f035f50bbd3688456b4 # via # mkdocs-table-reader-plugin # ssvc diff --git a/src/pyproject.toml b/src/pyproject.toml index 1e65aaac..3025fbb9 100644 --- a/src/pyproject.toml +++ b/src/pyproject.toml @@ -32,14 +32,14 @@ classifiers = [ ] dependencies = [ "mkdocs==1.6.1", - "mkdocs-material==9.6.16", + "mkdocs-material==9.6.18", "mkdocs-material-extensions==1.3.1", "mkdocstrings==0.30.0", - "mkdocstrings-python==1.16.12", + "mkdocstrings-python==1.17.0", "mkdocs-include-markdown-plugin==7.1.6", - "pandas==2.3.1", + "pandas==2.3.2", "scipy==1.16.1", - "jsonschema==4.25.0", + "jsonschema==4.25.1", "mkdocs-bibtex==4.4.0", "mkdocs-table-reader-plugin==3.1.0", "mkdocs-print-site-plugin==2.8", diff --git a/src/uv.lock b/src/uv.lock index e9faffa8..c93a5b40 100644 --- a/src/uv.lock +++ b/src/uv.lock @@ -382,7 +382,7 @@ wheels = [ [[package]] name = "jsonschema" -version = "4.25.0" +version = "4.25.1" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "attrs" }, @@ -390,9 +390,9 @@ dependencies = [ { name = "referencing" }, { name = "rpds-py" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/d5/00/a297a868e9d0784450faa7365c2172a7d6110c763e30ba861867c32ae6a9/jsonschema-4.25.0.tar.gz", hash = "sha256:e63acf5c11762c0e6672ffb61482bdf57f0876684d8d249c0fe2d730d48bc55f", size = 356830, upload-time = "2025-07-18T15:39:45.11Z" } +sdist = { url = "https://files.pythonhosted.org/packages/74/69/f7185de793a29082a9f3c7728268ffb31cb5095131a9c139a74078e27336/jsonschema-4.25.1.tar.gz", hash = "sha256:e4a9655ce0da0c0b67a085847e00a3a51449e1157f4f75e9fb5aa545e122eb85", size = 357342, upload-time = "2025-08-18T17:03:50.038Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/fe/54/c86cd8e011fe98803d7e382fd67c0df5ceab8d2b7ad8c5a81524f791551c/jsonschema-4.25.0-py3-none-any.whl", hash = "sha256:24c2e8da302de79c8b9382fee3e76b355e44d2a4364bb207159ce10b517bd716", size = 89184, upload-time = "2025-07-18T15:39:42.956Z" }, + { url = "https://files.pythonhosted.org/packages/bf/9c/8c95d856233c1f82500c2450b8c68576b4cf1c871db3afac5c34ff84e6fd/jsonschema-4.25.1-py3-none-any.whl", hash = "sha256:3fba0169e345c7175110351d456342c364814cfcf3b964ba4587f22915230a63", size = 90040, upload-time = "2025-08-18T17:03:48.373Z" }, ] [[package]] @@ -609,11 +609,12 @@ wheels = [ [[package]] name = "mkdocs-material" -version = "9.6.16" +version = "9.6.18" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "babel" }, { name = "backrefs" }, + { name = "click" }, { name = "colorama" }, { name = "jinja2" }, { name = "markdown" }, @@ -624,9 +625,9 @@ dependencies = [ { name = "pymdown-extensions" }, { name = "requests" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/dd/84/aec27a468c5e8c27689c71b516fb5a0d10b8fca45b9ad2dd9d6e43bc4296/mkdocs_material-9.6.16.tar.gz", hash = "sha256:d07011df4a5c02ee0877496d9f1bfc986cfb93d964799b032dd99fe34c0e9d19", size = 4028828, upload-time = "2025-07-26T15:53:47.542Z" } +sdist = { url = "https://files.pythonhosted.org/packages/e6/46/db0d78add5aac29dfcd0a593bcc6049c86c77ba8a25b3a5b681c190d5e99/mkdocs_material-9.6.18.tar.gz", hash = "sha256:a2eb253bcc8b66f8c6eaf8379c10ed6e9644090c2e2e9d0971c7722dc7211c05", size = 4034856, upload-time = "2025-08-22T08:21:47.575Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/65/f4/90ad67125b4dd66e7884e4dbdfab82e3679eb92b751116f8bb25ccfe2f0c/mkdocs_material-9.6.16-py3-none-any.whl", hash = "sha256:8d1a1282b892fe1fdf77bfeb08c485ba3909dd743c9ba69a19a40f637c6ec18c", size = 9223743, upload-time = "2025-07-26T15:53:44.236Z" }, + { url = "https://files.pythonhosted.org/packages/22/0b/545a4f8d4f9057e77f1d99640eb09aaae40c4f9034707f25636caf716ff9/mkdocs_material-9.6.18-py3-none-any.whl", hash = "sha256:dbc1e146a0ecce951a4d84f97b816a54936cdc9e1edd1667fc6868878ac06701", size = 9232642, upload-time = "2025-08-22T08:21:44.52Z" }, ] [[package]] @@ -684,16 +685,16 @@ wheels = [ [[package]] name = "mkdocstrings-python" -version = "1.16.12" +version = "1.17.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "griffe" }, { name = "mkdocs-autorefs" }, { name = "mkdocstrings" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/bf/ed/b886f8c714fd7cccc39b79646b627dbea84cd95c46be43459ef46852caf0/mkdocstrings_python-1.16.12.tar.gz", hash = "sha256:9b9eaa066e0024342d433e332a41095c4e429937024945fea511afe58f63175d", size = 206065, upload-time = "2025-06-03T12:52:49.276Z" } +sdist = { url = "https://files.pythonhosted.org/packages/39/7c/6dfd8ad59c0eebae167168528ed6cad00116f58ef2327686149f7b25d175/mkdocstrings_python-1.17.0.tar.gz", hash = "sha256:c6295962b60542a9c7468a3b515ce8524616ca9f8c1a38c790db4286340ba501", size = 200408, upload-time = "2025-08-14T21:18:14.568Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/3b/dd/a24ee3de56954bfafb6ede7cd63c2413bb842cc48eb45e41c43a05a33074/mkdocstrings_python-1.16.12-py3-none-any.whl", hash = "sha256:22ded3a63b3d823d57457a70ff9860d5a4de9e8b1e482876fc9baabaf6f5f374", size = 124287, upload-time = "2025-06-03T12:52:47.819Z" }, + { url = "https://files.pythonhosted.org/packages/bd/ac/b1fcc937f4ecd372f3e857162dea67c45c1e2eedbac80447be516e3372bb/mkdocstrings_python-1.17.0-py3-none-any.whl", hash = "sha256:49903fa355dfecc5ad0b891e78ff5d25d30ffd00846952801bbe8331e123d4b0", size = 124778, upload-time = "2025-08-14T21:18:12.821Z" }, ] [[package]] @@ -837,7 +838,7 @@ wheels = [ [[package]] name = "pandas" -version = "2.3.1" +version = "2.3.2" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "numpy" }, @@ -845,28 +846,28 @@ dependencies = [ { name = "pytz" }, { name = "tzdata" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/d1/6f/75aa71f8a14267117adeeed5d21b204770189c0a0025acbdc03c337b28fc/pandas-2.3.1.tar.gz", hash = "sha256:0a95b9ac964fe83ce317827f80304d37388ea77616b1425f0ae41c9d2d0d7bb2", size = 4487493, upload-time = "2025-07-07T19:20:04.079Z" } -wheels = [ - { url = "https://files.pythonhosted.org/packages/46/de/b8445e0f5d217a99fe0eeb2f4988070908979bec3587c0633e5428ab596c/pandas-2.3.1-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:689968e841136f9e542020698ee1c4fbe9caa2ed2213ae2388dc7b81721510d3", size = 11588172, upload-time = "2025-07-07T19:18:52.054Z" }, - { url = "https://files.pythonhosted.org/packages/1e/e0/801cdb3564e65a5ac041ab99ea6f1d802a6c325bb6e58c79c06a3f1cd010/pandas-2.3.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:025e92411c16cbe5bb2a4abc99732a6b132f439b8aab23a59fa593eb00704232", size = 10717365, upload-time = "2025-07-07T19:18:54.785Z" }, - { url = "https://files.pythonhosted.org/packages/51/a5/c76a8311833c24ae61a376dbf360eb1b1c9247a5d9c1e8b356563b31b80c/pandas-2.3.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9b7ff55f31c4fcb3e316e8f7fa194566b286d6ac430afec0d461163312c5841e", size = 11280411, upload-time = "2025-07-07T19:18:57.045Z" }, - { url = "https://files.pythonhosted.org/packages/da/01/e383018feba0a1ead6cf5fe8728e5d767fee02f06a3d800e82c489e5daaf/pandas-2.3.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7dcb79bf373a47d2a40cf7232928eb7540155abbc460925c2c96d2d30b006eb4", size = 11988013, upload-time = "2025-07-07T19:18:59.771Z" }, - { url = "https://files.pythonhosted.org/packages/5b/14/cec7760d7c9507f11c97d64f29022e12a6cc4fc03ac694535e89f88ad2ec/pandas-2.3.1-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:56a342b231e8862c96bdb6ab97170e203ce511f4d0429589c8ede1ee8ece48b8", size = 12767210, upload-time = "2025-07-07T19:19:02.944Z" }, - { url = "https://files.pythonhosted.org/packages/50/b9/6e2d2c6728ed29fb3d4d4d302504fb66f1a543e37eb2e43f352a86365cdf/pandas-2.3.1-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:ca7ed14832bce68baef331f4d7f294411bed8efd032f8109d690df45e00c4679", size = 13440571, upload-time = "2025-07-07T19:19:06.82Z" }, - { url = "https://files.pythonhosted.org/packages/80/a5/3a92893e7399a691bad7664d977cb5e7c81cf666c81f89ea76ba2bff483d/pandas-2.3.1-cp312-cp312-win_amd64.whl", hash = "sha256:ac942bfd0aca577bef61f2bc8da8147c4ef6879965ef883d8e8d5d2dc3e744b8", size = 10987601, upload-time = "2025-07-07T19:19:09.589Z" }, - { url = "https://files.pythonhosted.org/packages/32/ed/ff0a67a2c5505e1854e6715586ac6693dd860fbf52ef9f81edee200266e7/pandas-2.3.1-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:9026bd4a80108fac2239294a15ef9003c4ee191a0f64b90f170b40cfb7cf2d22", size = 11531393, upload-time = "2025-07-07T19:19:12.245Z" }, - { url = "https://files.pythonhosted.org/packages/c7/db/d8f24a7cc9fb0972adab0cc80b6817e8bef888cfd0024eeb5a21c0bb5c4a/pandas-2.3.1-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:6de8547d4fdb12421e2d047a2c446c623ff4c11f47fddb6b9169eb98ffba485a", size = 10668750, upload-time = "2025-07-07T19:19:14.612Z" }, - { url = "https://files.pythonhosted.org/packages/0f/b0/80f6ec783313f1e2356b28b4fd8d2148c378370045da918c73145e6aab50/pandas-2.3.1-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:782647ddc63c83133b2506912cc6b108140a38a37292102aaa19c81c83db2928", size = 11342004, upload-time = "2025-07-07T19:19:16.857Z" }, - { url = "https://files.pythonhosted.org/packages/e9/e2/20a317688435470872885e7fc8f95109ae9683dec7c50be29b56911515a5/pandas-2.3.1-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2ba6aff74075311fc88504b1db890187a3cd0f887a5b10f5525f8e2ef55bfdb9", size = 12050869, upload-time = "2025-07-07T19:19:19.265Z" }, - { url = "https://files.pythonhosted.org/packages/55/79/20d746b0a96c67203a5bee5fb4e00ac49c3e8009a39e1f78de264ecc5729/pandas-2.3.1-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:e5635178b387bd2ba4ac040f82bc2ef6e6b500483975c4ebacd34bec945fda12", size = 12750218, upload-time = "2025-07-07T19:19:21.547Z" }, - { url = "https://files.pythonhosted.org/packages/7c/0f/145c8b41e48dbf03dd18fdd7f24f8ba95b8254a97a3379048378f33e7838/pandas-2.3.1-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:6f3bf5ec947526106399a9e1d26d40ee2b259c66422efdf4de63c848492d91bb", size = 13416763, upload-time = "2025-07-07T19:19:23.939Z" }, - { url = "https://files.pythonhosted.org/packages/b2/c0/54415af59db5cdd86a3d3bf79863e8cc3fa9ed265f0745254061ac09d5f2/pandas-2.3.1-cp313-cp313-win_amd64.whl", hash = "sha256:1c78cf43c8fde236342a1cb2c34bcff89564a7bfed7e474ed2fffa6aed03a956", size = 10987482, upload-time = "2025-07-07T19:19:42.699Z" }, - { url = "https://files.pythonhosted.org/packages/48/64/2fd2e400073a1230e13b8cd604c9bc95d9e3b962e5d44088ead2e8f0cfec/pandas-2.3.1-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:8dfc17328e8da77be3cf9f47509e5637ba8f137148ed0e9b5241e1baf526e20a", size = 12029159, upload-time = "2025-07-07T19:19:26.362Z" }, - { url = "https://files.pythonhosted.org/packages/d8/0a/d84fd79b0293b7ef88c760d7dca69828d867c89b6d9bc52d6a27e4d87316/pandas-2.3.1-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:ec6c851509364c59a5344458ab935e6451b31b818be467eb24b0fe89bd05b6b9", size = 11393287, upload-time = "2025-07-07T19:19:29.157Z" }, - { url = "https://files.pythonhosted.org/packages/50/ae/ff885d2b6e88f3c7520bb74ba319268b42f05d7e583b5dded9837da2723f/pandas-2.3.1-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:911580460fc4884d9b05254b38a6bfadddfcc6aaef856fb5859e7ca202e45275", size = 11309381, upload-time = "2025-07-07T19:19:31.436Z" }, - { url = "https://files.pythonhosted.org/packages/85/86/1fa345fc17caf5d7780d2699985c03dbe186c68fee00b526813939062bb0/pandas-2.3.1-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2f4d6feeba91744872a600e6edbbd5b033005b431d5ae8379abee5bcfa479fab", size = 11883998, upload-time = "2025-07-07T19:19:34.267Z" }, - { url = "https://files.pythonhosted.org/packages/81/aa/e58541a49b5e6310d89474333e994ee57fea97c8aaa8fc7f00b873059bbf/pandas-2.3.1-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:fe37e757f462d31a9cd7580236a82f353f5713a80e059a29753cf938c6775d96", size = 12704705, upload-time = "2025-07-07T19:19:36.856Z" }, - { url = "https://files.pythonhosted.org/packages/d5/f9/07086f5b0f2a19872554abeea7658200824f5835c58a106fa8f2ae96a46c/pandas-2.3.1-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:5db9637dbc24b631ff3707269ae4559bce4b7fd75c1c4d7e13f40edc42df4444", size = 13189044, upload-time = "2025-07-07T19:19:39.999Z" }, +sdist = { url = "https://files.pythonhosted.org/packages/79/8e/0e90233ac205ad182bd6b422532695d2b9414944a280488105d598c70023/pandas-2.3.2.tar.gz", hash = "sha256:ab7b58f8f82706890924ccdfb5f48002b83d2b5a3845976a9fb705d36c34dcdb", size = 4488684, upload-time = "2025-08-21T10:28:29.257Z" } +wheels = [ + { url = "https://files.pythonhosted.org/packages/ec/db/614c20fb7a85a14828edd23f1c02db58a30abf3ce76f38806155d160313c/pandas-2.3.2-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:3fbb977f802156e7a3f829e9d1d5398f6192375a3e2d1a9ee0803e35fe70a2b9", size = 11587652, upload-time = "2025-08-21T10:27:15.888Z" }, + { url = "https://files.pythonhosted.org/packages/99/b0/756e52f6582cade5e746f19bad0517ff27ba9c73404607c0306585c201b3/pandas-2.3.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:1b9b52693123dd234b7c985c68b709b0b009f4521000d0525f2b95c22f15944b", size = 10717686, upload-time = "2025-08-21T10:27:18.486Z" }, + { url = "https://files.pythonhosted.org/packages/37/4c/dd5ccc1e357abfeee8353123282de17997f90ff67855f86154e5a13b81e5/pandas-2.3.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0bd281310d4f412733f319a5bc552f86d62cddc5f51d2e392c8787335c994175", size = 11278722, upload-time = "2025-08-21T10:27:21.149Z" }, + { url = "https://files.pythonhosted.org/packages/d3/a4/f7edcfa47e0a88cda0be8b068a5bae710bf264f867edfdf7b71584ace362/pandas-2.3.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:96d31a6b4354e3b9b8a2c848af75d31da390657e3ac6f30c05c82068b9ed79b9", size = 11987803, upload-time = "2025-08-21T10:27:23.767Z" }, + { url = "https://files.pythonhosted.org/packages/f6/61/1bce4129f93ab66f1c68b7ed1c12bac6a70b1b56c5dab359c6bbcd480b52/pandas-2.3.2-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:df4df0b9d02bb873a106971bb85d448378ef14b86ba96f035f50bbd3688456b4", size = 12766345, upload-time = "2025-08-21T10:27:26.6Z" }, + { url = "https://files.pythonhosted.org/packages/8e/46/80d53de70fee835531da3a1dae827a1e76e77a43ad22a8cd0f8142b61587/pandas-2.3.2-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:213a5adf93d020b74327cb2c1b842884dbdd37f895f42dcc2f09d451d949f811", size = 13439314, upload-time = "2025-08-21T10:27:29.213Z" }, + { url = "https://files.pythonhosted.org/packages/28/30/8114832daff7489f179971dbc1d854109b7f4365a546e3ea75b6516cea95/pandas-2.3.2-cp312-cp312-win_amd64.whl", hash = "sha256:8c13b81a9347eb8c7548f53fd9a4f08d4dfe996836543f805c987bafa03317ae", size = 10983326, upload-time = "2025-08-21T10:27:31.901Z" }, + { url = "https://files.pythonhosted.org/packages/27/64/a2f7bf678af502e16b472527735d168b22b7824e45a4d7e96a4fbb634b59/pandas-2.3.2-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:0c6ecbac99a354a051ef21c5307601093cb9e0f4b1855984a084bfec9302699e", size = 11531061, upload-time = "2025-08-21T10:27:34.647Z" }, + { url = "https://files.pythonhosted.org/packages/54/4c/c3d21b2b7769ef2f4c2b9299fcadd601efa6729f1357a8dbce8dd949ed70/pandas-2.3.2-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:c6f048aa0fd080d6a06cc7e7537c09b53be6642d330ac6f54a600c3ace857ee9", size = 10668666, upload-time = "2025-08-21T10:27:37.203Z" }, + { url = "https://files.pythonhosted.org/packages/50/e2/f775ba76ecfb3424d7f5862620841cf0edb592e9abd2d2a5387d305fe7a8/pandas-2.3.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0064187b80a5be6f2f9c9d6bdde29372468751dfa89f4211a3c5871854cfbf7a", size = 11332835, upload-time = "2025-08-21T10:27:40.188Z" }, + { url = "https://files.pythonhosted.org/packages/8f/52/0634adaace9be2d8cac9ef78f05c47f3a675882e068438b9d7ec7ef0c13f/pandas-2.3.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:4ac8c320bded4718b298281339c1a50fb00a6ba78cb2a63521c39bec95b0209b", size = 12057211, upload-time = "2025-08-21T10:27:43.117Z" }, + { url = "https://files.pythonhosted.org/packages/0b/9d/2df913f14b2deb9c748975fdb2491da1a78773debb25abbc7cbc67c6b549/pandas-2.3.2-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:114c2fe4f4328cf98ce5716d1532f3ab79c5919f95a9cfee81d9140064a2e4d6", size = 12749277, upload-time = "2025-08-21T10:27:45.474Z" }, + { url = "https://files.pythonhosted.org/packages/87/af/da1a2417026bd14d98c236dba88e39837182459d29dcfcea510b2ac9e8a1/pandas-2.3.2-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:48fa91c4dfb3b2b9bfdb5c24cd3567575f4e13f9636810462ffed8925352be5a", size = 13415256, upload-time = "2025-08-21T10:27:49.885Z" }, + { url = "https://files.pythonhosted.org/packages/22/3c/f2af1ce8840ef648584a6156489636b5692c162771918aa95707c165ad2b/pandas-2.3.2-cp313-cp313-win_amd64.whl", hash = "sha256:12d039facec710f7ba305786837d0225a3444af7bbd9c15c32ca2d40d157ed8b", size = 10982579, upload-time = "2025-08-21T10:28:08.435Z" }, + { url = "https://files.pythonhosted.org/packages/f3/98/8df69c4097a6719e357dc249bf437b8efbde808038268e584421696cbddf/pandas-2.3.2-cp313-cp313t-macosx_10_13_x86_64.whl", hash = "sha256:c624b615ce97864eb588779ed4046186f967374185c047070545253a52ab2d57", size = 12028163, upload-time = "2025-08-21T10:27:52.232Z" }, + { url = "https://files.pythonhosted.org/packages/0e/23/f95cbcbea319f349e10ff90db488b905c6883f03cbabd34f6b03cbc3c044/pandas-2.3.2-cp313-cp313t-macosx_11_0_arm64.whl", hash = "sha256:0cee69d583b9b128823d9514171cabb6861e09409af805b54459bd0c821a35c2", size = 11391860, upload-time = "2025-08-21T10:27:54.673Z" }, + { url = "https://files.pythonhosted.org/packages/ad/1b/6a984e98c4abee22058aa75bfb8eb90dce58cf8d7296f8bc56c14bc330b0/pandas-2.3.2-cp313-cp313t-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2319656ed81124982900b4c37f0e0c58c015af9a7bbc62342ba5ad07ace82ba9", size = 11309830, upload-time = "2025-08-21T10:27:56.957Z" }, + { url = "https://files.pythonhosted.org/packages/15/d5/f0486090eb18dd8710bf60afeaf638ba6817047c0c8ae5c6a25598665609/pandas-2.3.2-cp313-cp313t-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b37205ad6f00d52f16b6d09f406434ba928c1a1966e2771006a9033c736d30d2", size = 11883216, upload-time = "2025-08-21T10:27:59.302Z" }, + { url = "https://files.pythonhosted.org/packages/10/86/692050c119696da19e20245bbd650d8dfca6ceb577da027c3a73c62a047e/pandas-2.3.2-cp313-cp313t-musllinux_1_2_aarch64.whl", hash = "sha256:837248b4fc3a9b83b9c6214699a13f069dc13510a6a6d7f9ba33145d2841a012", size = 12699743, upload-time = "2025-08-21T10:28:02.447Z" }, + { url = "https://files.pythonhosted.org/packages/cd/d7/612123674d7b17cf345aad0a10289b2a384bff404e0463a83c4a3a59d205/pandas-2.3.2-cp313-cp313t-musllinux_1_2_x86_64.whl", hash = "sha256:d2c3554bd31b731cd6490d94a28f3abb8dd770634a9e06eb6d2911b9827db370", size = 13186141, upload-time = "2025-08-21T10:28:05.377Z" }, ] [[package]] @@ -1554,19 +1555,19 @@ dev = [ [package.metadata] requires-dist = [ { name = "fastapi", extras = ["all", "standard"], specifier = ">=0.116.1" }, - { name = "jsonschema", specifier = "==4.25.0" }, + { name = "jsonschema", specifier = "==4.25.1" }, { name = "markdown-exec", extras = ["ansi"], specifier = "==1.11.0" }, { name = "mkdocs", specifier = "==1.6.1" }, { name = "mkdocs-bibtex", specifier = "==4.4.0" }, { name = "mkdocs-include-markdown-plugin", specifier = "==7.1.6" }, - { name = "mkdocs-material", specifier = "==9.6.16" }, + { name = "mkdocs-material", specifier = "==9.6.18" }, { name = "mkdocs-material-extensions", specifier = "==1.3.1" }, { name = "mkdocs-print-site-plugin", specifier = "==2.8" }, { name = "mkdocs-table-reader-plugin", specifier = "==3.1.0" }, { name = "mkdocstrings", specifier = "==0.30.0" }, - { name = "mkdocstrings-python", specifier = "==1.16.12" }, + { name = "mkdocstrings-python", specifier = "==1.17.0" }, { name = "networkx", specifier = "==3.4.2" }, - { name = "pandas", specifier = "==2.3.1" }, + { name = "pandas", specifier = "==2.3.2" }, { name = "pydantic", specifier = "==2.11.7" }, { name = "scikit-learn", specifier = "==1.6.1" }, { name = "scipy", specifier = "==1.16.1" }, From 773470ed1f24c3df0c567eb1c16045d282e93565 Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli Date: Tue, 26 Aug 2025 10:48:29 -0400 Subject: [PATCH 346/468] Update CVE items to be unique and update tests see #905 --- .../v2/Decision_Point_Value_Selection-2-0-0.schema.json | 3 ++- src/ssvc/selection.py | 3 +++ src/test/test_selections.py | 9 +++++++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index 685bbd8e..2bc4052d 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -191,7 +191,8 @@ "type": "string" }, "minItems": 1, - "type": "array" + "type": "array", + "uniqueItems": true }, "selections": { "title": "Selections", diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index b7a36798..6e8a09cd 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -224,6 +224,7 @@ class SelectionList(_Timestamped, BaseModel): ["VU#999999", "GHSA-0123-4567-89ab"], ], min_length=1, + json_schema_extra={"uniqueItems": True}, ) selections: list[Selection] = Field( ..., @@ -297,6 +298,8 @@ def validate_target_ids( for item in value: if not isinstance(item, str): raise ValueError("Each target_id must be a string.") + if len(value) != len(set(value)): + raise ValueError("target_ids must not contain duplicates.") return value def add_selection(self, selection: Selection) -> None: diff --git a/src/test/test_selections.py b/src/test/test_selections.py index a029353d..a2cf3e13 100644 --- a/src/test/test_selections.py +++ b/src/test/test_selections.py @@ -282,6 +282,15 @@ def test_target_ids_validation(self): target_ids=[123], # Invalid: not a string ) + # Test invalid target_ids (duplicate items) + with self.assertRaises(ValueError): + SelectionList( + selections=[self.s1], + timestamp=datetime.now(), + # Invalid: due to duplicates + target_ids=["CVE-1900-1234","CVE-1900-1234"], + ) + def test_add_selection_method(self): """Test the add_selection method.""" initial_count = len(self.selections.selections) From 6e2cdce8dc991368ecc21ae92ac6003198a674c2 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 27 Aug 2025 10:45:15 -0400 Subject: [PATCH 347/468] avoid mounting volume containing .venv in docker containers, it's causing weird .venv interactions with host system in dev (cherry picked from commit 51f345e9840ccd0eafb44e68b4a1032fa7ddc4d9) --- docker/docker-compose.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 111d8937..8f043fac 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -32,8 +32,6 @@ services: image: docs:latest depends_on: - dependencies - volumes: - - ..:/app ports: - "8000:8000" @@ -45,7 +43,5 @@ services: image: registry_api:latest depends_on: - dependencies - volumes: - - ..:/app ports: - "8001:8000" \ No newline at end of file From c61ad0d76731422d979a9c692d10258ef75710ba Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 27 Aug 2025 10:41:11 -0400 Subject: [PATCH 348/468] mark `ssvc.dp_groups.base` as deprecated --- .../v2/Decision_Point_Group-2-0-0.schema.json | 2 +- docs/reference/code/decision_point_groups.md | 4 +++- src/ssvc/dp_groups/base.py | 18 ++++++++++++++++++ 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/data/schema/v2/Decision_Point_Group-2-0-0.schema.json b/data/schema/v2/Decision_Point_Group-2-0-0.schema.json index 38bb0c0b..059c87d4 100644 --- a/data/schema/v2/Decision_Point_Group-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Group-2-0-0.schema.json @@ -1,6 +1,6 @@ { "title": "DecisionPointGroup", - "description": "Models a group of decision points as a dictionary, keyed by their ID.", + "description": "**DEPRECATED:** `DecisionPointGroup` has been superseded by `DecisionTable`.\nNew development should use `DecisionTable` instead.\nWe are keeping this class around for backward compatibility, but it may be removed in future releases.\n\nModels a group of decision points as a dictionary, keyed by their ID.", "type": "object", "$defs": { "DecisionPoint": { diff --git a/docs/reference/code/decision_point_groups.md b/docs/reference/code/decision_point_groups.md index b4607f8a..da805033 100644 --- a/docs/reference/code/decision_point_groups.md +++ b/docs/reference/code/decision_point_groups.md @@ -5,10 +5,12 @@ specific purpose. With the introduction of [Decision Tables](decision_tables.md), Decision Point groups are less important than they once were, and may be -deprecated in a future release. +removed in a future release. However, they can still be useful for documentation and for some programmatic uses. +::: ssvc.dp_groups.base + ## SSVC Decision Point Groups ::: ssvc.dp_groups.ssvc.collections diff --git a/src/ssvc/dp_groups/base.py b/src/ssvc/dp_groups/base.py index 65a3cbc6..aa517d75 100644 --- a/src/ssvc/dp_groups/base.py +++ b/src/ssvc/dp_groups/base.py @@ -21,7 +21,13 @@ """ Provides a DecisionPointGroup object for use in SSVC. + +!!! warning "`ssvc.dp_groups` is deprecated" + + This module is *deprecated*. New development should focus on [`ssvc.decision_tables`](decision_tables.md). + """ +import warnings from collections.abc import MutableMapping from typing import Literal @@ -39,6 +45,10 @@ class DecisionPointGroup( _Base, _SchemaVersioned, _Versioned, BaseModel, MutableMapping ): """ + **DEPRECATED:** `DecisionPointGroup` has been superseded by `DecisionTable`. + New development should use `DecisionTable` instead. + We are keeping this class around for backward compatibility, but it may be removed in future releases. + Models a group of decision points as a dictionary, keyed by their ID. """ @@ -46,6 +56,14 @@ class DecisionPointGroup( schemaVersion: Literal[SCHEMA_VERSION] + def __init__(self, *args, **kwargs): + warnings.warn( + f"{self.__class__.__name__} is deprecated; use `DecisionTable` instead.", + DeprecationWarning, + stacklevel=2, + ) + super().__init__(*args, **kwargs) + @model_validator(mode="before") @classmethod def set_schema_version(cls, data): From 14e65d001472a0b3f2258a1cd4e4efa678e12cb3 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Wed, 27 Aug 2025 17:09:02 +0200 Subject: [PATCH 349/468] fix namespace ABNF and resulting pattern * correct defect introduced by 86b62f4 in the ABNF. * do minor cleanup in the ABNF: make whitespace consistent and remove superfluous brackets. * update the python pattern with the ABNF output, which leads to the same combined json schema pattern. --- src/ssvc/utils/patterns.py | 9 ++++----- src/ssvc/utils/ssvc_namespace_pattern.abnf | 10 +++++----- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/src/ssvc/utils/patterns.py b/src/ssvc/utils/patterns.py index 750552eb..4b5e994f 100644 --- a/src/ssvc/utils/patterns.py +++ b/src/ssvc/utils/patterns.py @@ -47,15 +47,14 @@ alnumlow = f'({lower}|[0-9])' dash = '-' alnumlowdash = f'({alnumlow}|{dash})' -dot = '\\.' -specialchar = f'({dot}|{dash})' -alnumlowsc = f'({alnumlow}|{specialchar})' label = f'{alnumlow}(({alnumlowdash}){{,61}}{alnumlow})?' reverse_dns = f'{label}(\\.{label})+' -fragment_seg = f'({alnumlow})+([.\\-]({alnumlow})+)*' +dot = '\\.' +specialchar = f'({dot}|{dash})' +fragment_seg = f'({alnumlow})+({specialchar}({alnumlow})+)*' x_name = f'{reverse_dns}\\#{fragment_seg}' x_base = f'x_{x_name}' -ns_core = f'{lower}{alnumlow}([.\\-]?({alnumlow})+)+' +ns_core = f'{lower}{alnumlow}(({specialchar})?({alnumlow})+)+' reg_base = f'{ns_core}(\\#{fragment_seg})?' base_ns = f'({x_base}|{reg_base})' singleton = '[0-9A-WY-Za-wy-z]' diff --git a/src/ssvc/utils/ssvc_namespace_pattern.abnf b/src/ssvc/utils/ssvc_namespace_pattern.abnf index 6e042554..614174b6 100644 --- a/src/ssvc/utils/ssvc_namespace_pattern.abnf +++ b/src/ssvc/utils/ssvc_namespace_pattern.abnf @@ -14,7 +14,7 @@ reg-base = ns-core [ "#" fragment-seg ] ; ns-core starts with a lowercase letter and may have '.' or '-' separators. ; Consecutive '.' or '-' are not allowed. ; It needs at least 3 characters. -ns-core = LOWER ALNUMLOW 1*( SPECIALCHAR 1*ALNUMLOW) +ns-core = LOWER ALNUMLOW 1*( [ SPECIALCHAR ] 1*ALNUMLOW ) x-name = reverse-dns "#" fragment-seg @@ -23,16 +23,16 @@ x-name = reverse-dns "#" fragment-seg reverse-dns = label 1*("." label) ; Each label must be between 1 and 63 characters long -label = ALNUMLOW [ *61(ALNUMLOWDASH) ALNUMLOW ] +label = ALNUMLOW [ *61ALNUMLOWDASH ALNUMLOW ] fragment-seg = 1*ALNUMLOW *( SPECIALCHAR 1*ALNUMLOW ) -extensions = lang-ext [ 1*("/" ext-seg) ] +extensions = lang-ext [ 1*( "/" ext-seg ) ] ; Language extension: either / (empty language extension) ; or / (BCP-47 language code) -lang-ext = "/" / ( "/" bcp47 ) +lang-ext = "/" / ( "/" bcp47 ) ; Extension segment between slashes. ; - is either a language or @@ -48,7 +48,7 @@ bcp47 = ( 2*3ALPHA [ "-" 4ALPHA ] [ "-" ( 2ALPHA / 3DIGIT ) ] *( "-" ( 5*8ALNUM / (DIGIT 3ALNUM) ) ) - *( "-" singleton 1*("-" (2*8ALNUM))) + *( "-" singleton 1*( "-" 2*8ALNUM ) ) [ "-" "x" 1*( "-" 2*8ALNUM ) ] / "x" 1*( "-" 2*8ALNUM ) / "i-default" From cc1028c83d413bfe6267d87841f784f20eee2379 Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Wed, 27 Aug 2025 17:28:46 +0200 Subject: [PATCH 350/468] fix JSON schema pattern for namespace change the allowed Python pattern `{,m}` to Javascript's equivalent `{0,m}` and update the resulting pattern in the schema resolve #916 --- data/schema/v2/Decision_Point-2-0-0.schema.json | 2 +- data/schema/v2/Decision_Point_Group-2-0-0.schema.json | 2 +- .../v2/Decision_Point_Value_Selection-2-0-0.schema.json | 2 +- data/schema/v2/Decision_Table-2-0-0.schema.json | 4 ++-- data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json | 4 ++-- src/ssvc/utils/patterns.py | 7 ++++--- 6 files changed, 11 insertions(+), 10 deletions(-) diff --git a/data/schema/v2/Decision_Point-2-0-0.schema.json b/data/schema/v2/Decision_Point-2-0-0.schema.json index c5bd948a..a751501f 100644 --- a/data/schema/v2/Decision_Point-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point-2-0-0.schema.json @@ -53,7 +53,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])(((\\.|-))?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", "type": "string" }, "key": { diff --git a/data/schema/v2/Decision_Point_Group-2-0-0.schema.json b/data/schema/v2/Decision_Point_Group-2-0-0.schema.json index 38bb0c0b..6ad475e6 100644 --- a/data/schema/v2/Decision_Point_Group-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Group-2-0-0.schema.json @@ -18,7 +18,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])(((\\.|-))?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", "type": "string" }, "key": { diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index 2bc4052d..ac839749 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -79,7 +79,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])(((\\.|-))?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", "type": "string" }, "key": { diff --git a/data/schema/v2/Decision_Table-2-0-0.schema.json b/data/schema/v2/Decision_Table-2-0-0.schema.json index 95870b27..095b91d7 100644 --- a/data/schema/v2/Decision_Table-2-0-0.schema.json +++ b/data/schema/v2/Decision_Table-2-0-0.schema.json @@ -18,7 +18,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])(((\\.|-))?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", "type": "string" }, "key": { @@ -131,7 +131,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])(((\\.|-))?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", "type": "string" }, "key": { diff --git a/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json b/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json index 0b00cf09..338276f4 100644 --- a/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json +++ b/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json @@ -17,7 +17,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])(((\\.|-))?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", "type": "string" }, "key": { @@ -132,7 +132,7 @@ ], "maxLength": 1000, "minLength": 3, - "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])([.\\-]?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+([.\\-](([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", + "pattern": "^(?=.{3,1000}$)(x_([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*|[a-z]([a-z]|[0-9])(((\\.|-))?(([a-z]|[0-9]))+)+(\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*)?)((/|/(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo))((/((([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)|\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*|\\.(([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+|([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?(\\.([a-z]|[0-9])(((([a-z]|[0-9])|-)){0,61}([a-z]|[0-9]))?)+\\#(([a-z]|[0-9]))+((\\.|-)(([a-z]|[0-9]))+)*)\\$(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-zA-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-(([a-zA-Z0-9]){5,8}|[0-9]([a-zA-Z0-9]){3}))*(-[0-9A-WY-Za-wy-z](-([a-zA-Z0-9]){2,8})+)*(-[xX](-([a-zA-Z0-9]){2,8})+)?|[xX](-([a-zA-Z0-9]){2,8})+|i-default|i-mingo)))+)?)?$", "type": "string" }, "key": { diff --git a/src/ssvc/utils/patterns.py b/src/ssvc/utils/patterns.py index 4b5e994f..c4d790fb 100644 --- a/src/ssvc/utils/patterns.py +++ b/src/ssvc/utils/patterns.py @@ -41,13 +41,14 @@ # fmt: off # --- the following section is generated with -# abnf-to-regexp --format python-nested -i ssvc_namespace_pattern.abnf +# abnf-to-regexp --format python-nested -i ssvc_namespace_pattern.abnf | \ +# sed 's/{,/{0,/g' alnum = '[a-zA-Z0-9]' lower = '[a-z]' alnumlow = f'({lower}|[0-9])' dash = '-' alnumlowdash = f'({alnumlow}|{dash})' -label = f'{alnumlow}(({alnumlowdash}){{,61}}{alnumlow})?' +label = f'{alnumlow}(({alnumlowdash}){{0,61}}{alnumlow})?' reverse_dns = f'{label}(\\.{label})+' dot = '\\.' specialchar = f'({dot}|{dash})' @@ -59,7 +60,7 @@ base_ns = f'({x_base}|{reg_base})' singleton = '[0-9A-WY-Za-wy-z]' bcp47 = ( - '(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){,2})?|[a-z' + '(([a-zA-Z]{2,3}(-[a-zA-Z]{3}(-[a-zA-Z]{3}){0,2})?|[a-z' 'A-Z]{4,8})(-[a-zA-Z]{4})?(-([a-zA-Z]{2}|[0-9]{3}))?(-' f'(({alnum}){{5,8}}|[0-9]({alnum}){{3}}))*(-{singleton}(-' f'({alnum}){{2,8}})+)*(-[xX](-({alnum}){{2,8}})+)?|[xX](-' From c6cd44b92b202326462e17aef7a8edbf1a3b6572 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 27 Aug 2025 11:49:57 -0400 Subject: [PATCH 351/468] rename "description" attribute to "definition" in all the things --- Makefile | 2 +- .../do_schedule_delegate_delete_1_0_0.json | 10 +- .../basic/lowmediumhigh_1_0_0.json | 8 +- .../decision_points/basic/moscow_1_0_0.json | 10 +- .../basic/value_complexity_1_0_0.json | 10 +- .../decision_points/basic/yesno_1_0_0.json | 6 +- .../cisa/cisa_levels_1_1_0.json | 10 +- .../decision_points/cisa/in_kev_1_0_0.json | 6 +- .../cisa/mission_prevalence_1_0_0.json | 8 +- .../cvss/access_complexity_1_0_0.json | 6 +- .../cvss/access_complexity_2_0_0.json | 8 +- .../cvss/access_vector_1_0_0.json | 6 +- .../cvss/access_vector_2_0_0.json | 8 +- .../cvss/attack_complexity_3_0_0.json | 6 +- .../cvss/attack_complexity_3_0_1.json | 6 +- .../cvss/attack_requirements_1_0_0.json | 6 +- .../cvss/attack_vector_3_0_0.json | 10 +- .../cvss/attack_vector_3_0_1.json | 10 +- .../cvss/authentication_1_0_0.json | 6 +- .../cvss/authentication_2_0_0.json | 8 +- .../cvss/automatable_1_0_0.json | 8 +- .../cvss/availability_impact_1_0_0.json | 8 +- .../cvss/availability_impact_2_0_0.json | 8 +- ...impact_to_the_subsequent_system_1_0_0.json | 8 +- ...impact_to_the_vulnerable_system_3_0_0.json | 8 +- .../cvss/availability_requirement_1_0_0.json | 10 +- .../cvss/availability_requirement_1_1_0.json | 10 +- .../cvss/availability_requirement_1_1_1.json | 10 +- ...equirement_without_not_defined__1_1_1.json | 8 +- .../collateral_damage_potential_1_0_0.json | 10 +- .../collateral_damage_potential_2_0_0.json | 12 +- .../cvss/confidentiality_impact_1_0_0.json | 8 +- .../cvss/confidentiality_impact_2_0_0.json | 8 +- ...impact_to_the_subsequent_system_1_0_0.json | 8 +- ...impact_to_the_vulnerable_system_3_0_0.json | 8 +- .../confidentiality_requirement_1_0_0.json | 10 +- .../confidentiality_requirement_1_1_0.json | 10 +- .../confidentiality_requirement_1_1_1.json | 10 +- ...equirement_without_not_defined__1_1_1.json | 8 +- ...alitative_severity_rating_scale_1_0_0.json | 12 +- .../cvss/equivalence_set_1_1_0_0.json | 8 +- .../cvss/equivalence_set_2_1_0_0.json | 6 +- .../cvss/equivalence_set_3_1_0_0.json | 8 +- .../cvss/equivalence_set_4_1_0_0.json | 8 +- .../cvss/equivalence_set_5_1_0_0.json | 8 +- .../cvss/equivalence_set_6_1_0_0.json | 6 +- .../cvss/exploit_code_maturity_1_2_0.json | 12 +- .../cvss/exploit_maturity_2_0_0.json | 10 +- ...t_maturity_without_not_defined__2_0_0.json | 8 +- .../cvss/exploitability_1_0_0.json | 10 +- .../cvss/exploitability_1_1_0.json | 12 +- .../cvss/impact_bias_1_0_0.json | 10 +- .../cvss/integrity_impact_1_0_0.json | 8 +- .../cvss/integrity_impact_2_0_0.json | 8 +- ...impact_to_the_subsequent_system_1_0_0.json | 8 +- ...impact_to_the_vulnerable_system_3_0_0.json | 8 +- .../cvss/integrity_requirement_1_0_0.json | 10 +- .../cvss/integrity_requirement_1_1_0.json | 10 +- .../cvss/integrity_requirement_1_1_1.json | 10 +- ...equirement_without_not_defined__1_1_1.json | 8 +- .../modified_attack_complexity_3_0_0.json | 8 +- .../modified_attack_complexity_3_0_1.json | 8 +- .../modified_attack_requirements_1_0_0.json | 8 +- .../cvss/modified_attack_vector_3_0_0.json | 12 +- .../cvss/modified_attack_vector_3_0_1.json | 12 +- .../modified_availability_impact_2_0_0.json | 10 +- ...impact_to_the_subsequent_system_1_0_0.json | 10 +- ...impact_to_the_subsequent_system_1_0_1.json | 12 +- ...ent_system_without_not_defined__1_0_1.json | 10 +- ...impact_to_the_vulnerable_system_3_0_0.json | 10 +- ...modified_confidentiality_impact_2_0_0.json | 10 +- ...impact_to_the_subsequent_system_1_0_0.json | 10 +- ...impact_to_the_subsequent_system_1_0_1.json | 10 +- ...impact_to_the_vulnerable_system_3_0_0.json | 10 +- .../cvss/modified_integrity_impact_2_0_0.json | 10 +- ...impact_to_the_subsequent_system_1_0_0.json | 10 +- ...impact_to_the_subsequent_system_1_0_1.json | 12 +- ...ent_system_without_not_defined__1_0_1.json | 10 +- ...impact_to_the_vulnerable_system_3_0_0.json | 10 +- .../modified_privileges_required_1_0_0.json | 10 +- .../modified_privileges_required_1_0_1.json | 10 +- .../cvss/modified_scope_1_0_0.json | 8 +- .../cvss/modified_user_interaction_1_0_0.json | 8 +- .../cvss/modified_user_interaction_2_0_0.json | 10 +- .../cvss/privileges_required_1_0_0.json | 8 +- .../cvss/privileges_required_1_0_1.json | 8 +- .../cvss/provider_urgency_1_0_0.json | 12 +- .../decision_points/cvss/recovery_1_0_0.json | 10 +- .../cvss/remediation_level_1_0_0.json | 10 +- .../cvss/remediation_level_1_1_0.json | 12 +- .../cvss/report_confidence_1_0_0.json | 8 +- .../cvss/report_confidence_1_1_0.json | 10 +- .../cvss/report_confidence_2_0_0.json | 10 +- .../decision_points/cvss/safety_1_0_0.json | 8 +- .../decision_points/cvss/scope_1_0_0.json | 6 +- .../cvss/target_distribution_1_0_0.json | 10 +- .../cvss/target_distribution_1_1_0.json | 12 +- .../cvss/user_interaction_1_0_0.json | 6 +- .../cvss/user_interaction_2_0_0.json | 8 +- .../cvss/value_density_1_0_0.json | 8 +- .../vulnerability_response_effort_1_0_0.json | 10 +- .../ssvc/automatable_2_0_0.json | 6 +- .../ssvc/critical_software_1_0_0.json | 6 +- .../ssvc/decline_track_coordinate_1_0_0.json | 8 +- .../ssvc/decline_track_coordinate_1_0_1.json | 8 +- ...cheduled_out_of_cycle_immediate_1_0_0.json | 10 +- .../ssvc/exploitation_1_0_0.json | 8 +- .../ssvc/exploitation_1_1_0.json | 8 +- .../ssvc/high_value_asset_1_0_0.json | 6 +- .../ssvc/human_impact_2_0_0.json | 10 +- .../ssvc/human_impact_2_0_1.json | 10 +- .../ssvc/human_impact_2_0_2.json | 10 +- .../mission_and_well_being_impact_1_0_0.json | 8 +- .../ssvc/mission_impact_1_0_0.json | 12 +- .../ssvc/mission_impact_2_0_0.json | 10 +- .../ssvc/public_safety_impact_2_0_0.json | 6 +- .../ssvc/public_safety_impact_2_0_1.json | 6 +- .../ssvc/public_value_added_1_0_0.json | 8 +- .../ssvc/public_well_being_impact_1_1_0.json | 8 +- .../ssvc/publish_do_not_publish_1_0_0.json | 6 +- .../ssvc/report_credibility_1_0_0.json | 6 +- .../ssvc/report_public_1_0_0.json | 6 +- .../ssvc/safety_impact_1_0_0.json | 12 +- .../ssvc/safety_impact_2_0_0.json | 10 +- .../ssvc/supplier_cardinality_1_0_0.json | 6 +- .../ssvc/supplier_contacted_1_0_0.json | 6 +- .../ssvc/supplier_engagement_1_0_0.json | 6 +- .../ssvc/supplier_involvement_1_0_0.json | 8 +- .../ssvc/system_exposure_1_0_0.json | 8 +- .../ssvc/system_exposure_1_0_1.json | 8 +- .../ssvc/technical_impact_1_0_0.json | 6 +- .../decision_points/ssvc/utility_1_0_0.json | 8 +- .../decision_points/ssvc/utility_1_0_1.json | 8 +- .../ssvc/value_density_1_0_0.json | 6 +- .../decision_points/ssvc/virulence_1_0_0.json | 6 +- .../x_com_yahooinc/theparanoids_1_0_0.json | 40 - .../theparanoids_1_0_0.json | 14 +- .../cisa/cisa_coordinator_2_0_3.json | 40 +- ..._0_qualitative_severity_ratings_4_0_0.json | 58 +- .../cvss/cvss_v4_equivalence_set_1_1_0_0.json | 36 +- .../cvss/cvss_v4_equivalence_set_2_1_0_0.json | 20 +- .../cvss/cvss_v4_equivalence_set_3_1_0_0.json | 34 +- .../cvss/cvss_v4_equivalence_set_4_1_0_0.json | 38 +- .../cvss/cvss_v4_equivalence_set_5_1_0_0.json | 18 +- .../cvss/cvss_v4_equivalence_set_6_1_0_0.json | 56 +- ...rdinator_publish_decision_table_1_0_0.json | 32 +- .../ssvc/coordinator_triage_1_0_0.json | 54 +- ...oyer_patch_application_priority_1_0_0.json | 44 +- .../ssvc/human_impact_1_0_0.json | 32 +- .../ssvc/public_safety_impact_1_0_0.json | 18 +- ...lier_patch_development_priority_1_0_0.json | 40 +- .../decision_tables/ssvc/utility_1_0_0.json | 22 +- data/json/ssvc_object_registry.json | 2652 ++++++++--------- .../v2/Decision_Point-2-0-0.schema.json | 12 +- .../v2/Decision_Point_Group-2-0-0.schema.json | 18 +- ...on_Point_Value_Selection-2-0-0.schema.json | 10 +- .../v2/Decision_Table-2-0-0.schema.json | 18 +- .../v2/Ssvc_Object_Registry-2-0-0.schema.json | 24 +- src/ssvc/_mixins.py | 2 +- src/ssvc/decision_points/base.py | 8 +- src/ssvc/decision_points/cisa/in_kev.py | 6 +- .../cisa/mission_prevalence.py | 8 +- src/ssvc/decision_points/cvss/_not_defined.py | 4 +- .../decision_points/cvss/attack_complexity.py | 26 +- .../cvss/attack_requirements.py | 6 +- .../decision_points/cvss/attack_vector.py | 34 +- .../decision_points/cvss/authentication.py | 14 +- .../cvss/availability_impact.py | 24 +- .../cvss/availability_requirement.py | 18 +- .../cvss/collateral_damage_potential.py | 18 +- .../cvss/confidentiality_impact.py | 24 +- .../cvss/confidentiality_requirement.py | 18 +- .../decision_points/cvss/equivalence_set_1.py | 8 +- .../decision_points/cvss/equivalence_set_2.py | 6 +- .../decision_points/cvss/equivalence_set_3.py | 8 +- .../decision_points/cvss/equivalence_set_4.py | 8 +- .../decision_points/cvss/equivalence_set_5.py | 8 +- .../decision_points/cvss/equivalence_set_6.py | 6 +- .../decision_points/cvss/exploit_maturity.py | 30 +- src/ssvc/decision_points/cvss/helpers.py | 8 +- src/ssvc/decision_points/cvss/impact_bias.py | 10 +- .../decision_points/cvss/integrity_impact.py | 24 +- .../cvss/integrity_requirement.py | 18 +- .../cvss/privileges_required.py | 16 +- .../cvss/qualitative_severity.py | 12 +- .../decision_points/cvss/remediation_level.py | 12 +- .../decision_points/cvss/report_confidence.py | 18 +- src/ssvc/decision_points/cvss/scope.py | 6 +- .../cvss/subsequent_availability_impact.py | 8 +- .../cvss/subsequent_confidentiality_impact.py | 8 +- .../cvss/subsequent_integrity_impact.py | 8 +- .../cvss/supplemental/automatable.py | 6 +- .../cvss/supplemental/provider_urgency.py | 10 +- .../cvss/supplemental/recovery.py | 8 +- .../cvss/supplemental/safety.py | 6 +- .../cvss/supplemental/value_density.py | 6 +- .../vulnerability_response_effort.py | 8 +- .../cvss/target_distribution.py | 12 +- .../decision_points/cvss/user_interaction.py | 14 +- src/ssvc/decision_points/helpers.py | 8 +- src/ssvc/decision_points/ssvc/automatable.py | 12 +- .../decision_points/ssvc/critical_software.py | 6 +- src/ssvc/decision_points/ssvc/exploitation.py | 12 +- .../decision_points/ssvc/high_value_asset.py | 6 +- src/ssvc/decision_points/ssvc/human_impact.py | 34 +- .../decision_points/ssvc/mission_impact.py | 16 +- .../ssvc/public_safety_impact.py | 22 +- .../ssvc/public_value_added.py | 8 +- .../ssvc/report_credibility.py | 6 +- .../decision_points/ssvc/report_public.py | 6 +- .../decision_points/ssvc/safety_impact.py | 22 +- .../ssvc/supplier_cardinality.py | 6 +- .../ssvc/supplier_contacted.py | 6 +- .../ssvc/supplier_engagement.py | 6 +- .../ssvc/supplier_involvement.py | 8 +- .../decision_points/ssvc/system_exposure.py | 12 +- .../decision_points/ssvc/technical_impact.py | 6 +- src/ssvc/decision_points/ssvc/utility.py | 16 +- .../decision_points/ssvc/value_density.py | 6 +- src/ssvc/decision_tables/base.py | 2 +- .../cisa/cisa_coordinate_dt.py | 2 +- .../cvss/equivalence_set_five.py | 2 +- .../cvss/equivalence_set_four.py | 2 +- .../cvss/equivalence_set_one.py | 2 +- .../cvss/equivalence_set_six.py | 2 +- .../cvss/equivalence_set_three.py | 2 +- .../cvss/equivalence_set_two.py | 2 +- .../cvss/qualitative_severity.py | 2 +- src/ssvc/decision_tables/ssvc/coord_pub_dt.py | 2 +- src/ssvc/decision_tables/ssvc/coord_triage.py | 2 +- src/ssvc/decision_tables/ssvc/deployer_dt.py | 2 +- src/ssvc/decision_tables/ssvc/human_impact.py | 2 +- .../ssvc/public_safety_impact.py | 2 +- src/ssvc/decision_tables/ssvc/supplier_dt.py | 2 +- src/ssvc/decision_tables/ssvc/utility.py | 2 +- src/ssvc/doc_helpers.py | 4 +- src/ssvc/dp_groups/cvss/collections.py | 30 +- src/ssvc/dp_groups/ssvc/collections.py | 6 +- .../dp_groups/ssvc/coordinator_publication.py | 2 +- src/ssvc/dp_groups/ssvc/coordinator_triage.py | 2 +- src/ssvc/dp_groups/ssvc/deployer.py | 6 +- src/ssvc/dp_groups/ssvc/supplier.py | 4 +- src/ssvc/outcomes/basic/ike.py | 14 +- src/ssvc/outcomes/basic/lmh.py | 8 +- src/ssvc/outcomes/basic/mscw.py | 10 +- src/ssvc/outcomes/basic/value_complexity.py | 14 +- src/ssvc/outcomes/basic/yn.py | 6 +- src/ssvc/outcomes/cisa/scoring.py | 10 +- src/ssvc/outcomes/cvss/lmhc.py | 12 +- src/ssvc/outcomes/ssvc/coordinate.py | 16 +- src/ssvc/outcomes/ssvc/dsoi.py | 10 +- src/ssvc/outcomes/ssvc/publish.py | 6 +- src/ssvc/outcomes/x_com_yahooinc/paranoids.py | 14 +- src/ssvc/policy_generator.py | 2 +- src/ssvc/registry/__init__.py | 2 +- src/ssvc/registry/base.py | 4 +- src/ssvc/selection.py | 12 +- src/test/api/routers/test_decision_point.py | 8 +- src/test/api/routers/test_decision_points.py | 6 +- src/test/api/routers/test_decision_table.py | 18 +- src/test/api/routers/test_decision_tables.py | 18 +- src/test/api/routers/test_objects.py | 24 +- src/test/decision_points/test_cvss_helpers.py | 14 +- src/test/decision_points/test_dp_base.py | 10 +- src/test/decision_points/test_dp_helpers.py | 18 +- src/test/decision_tables/test_base.py | 32 +- src/test/dp_groups/test_dp_groups.py | 16 +- src/test/outcomes/test_outcomes.py | 12 +- src/test/registry/test_base.py | 120 +- src/test/test_doc_helpers.py | 8 +- src/test/test_doctools.py | 6 +- src/test/test_mixins.py | 29 +- src/test/test_policy_generator.py | 12 +- src/test/test_selections.py | 14 +- src/test/utils/test_toposort.py | 12 +- 275 files changed, 2868 insertions(+), 2957 deletions(-) delete mode 100644 data/json/decision_points/x_com_yahooinc/theparanoids_1_0_0.json diff --git a/Makefile b/Makefile index a30b4f5f..efbfc498 100644 --- a/Makefile +++ b/Makefile @@ -55,7 +55,7 @@ down: regenerate_json: @echo "Regenerating JSON files..." rm -rf data/json/decision_points - export PYTHONPATH=$(PWD)/src && ./src/ssvc/doctools.py --jsondir=./data/json/decision_points --overwrite + export PYTHONPATH=$(PWD)/src && ./src/ssvc/doctools.py --jsondir=./data/json --overwrite clean: @echo "Cleaning up Docker resources..." diff --git a/data/json/decision_points/basic/do_schedule_delegate_delete_1_0_0.json b/data/json/decision_points/basic/do_schedule_delegate_delete_1_0_0.json index b3dffaba..49c5dd0d 100644 --- a/data/json/decision_points/basic/do_schedule_delegate_delete_1_0_0.json +++ b/data/json/decision_points/basic/do_schedule_delegate_delete_1_0_0.json @@ -3,28 +3,28 @@ "key": "IKE", "version": "1.0.0", "name": "Do, Schedule, Delegate, Delete", - "description": "The Eisenhower outcome group.", + "definition": "The Eisenhower outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Delete", - "description": "Delete" + "definition": "Delete" }, { "key": "G", "name": "Delegate", - "description": "Delegate" + "definition": "Delegate" }, { "key": "S", "name": "Schedule", - "description": "Schedule" + "definition": "Schedule" }, { "key": "O", "name": "Do", - "description": "Do" + "definition": "Do" } ] } diff --git a/data/json/decision_points/basic/lowmediumhigh_1_0_0.json b/data/json/decision_points/basic/lowmediumhigh_1_0_0.json index 8b178ab2..3cfd0a8f 100644 --- a/data/json/decision_points/basic/lowmediumhigh_1_0_0.json +++ b/data/json/decision_points/basic/lowmediumhigh_1_0_0.json @@ -3,23 +3,23 @@ "key": "LMH", "version": "1.0.0", "name": "LowMediumHigh", - "description": "A Low/Medium/High decision point / outcome group.", + "definition": "A Low/Medium/High decision point / outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Low" + "definition": "Low" }, { "key": "M", "name": "Medium", - "description": "Medium" + "definition": "Medium" }, { "key": "H", "name": "High", - "description": "High" + "definition": "High" } ] } diff --git a/data/json/decision_points/basic/moscow_1_0_0.json b/data/json/decision_points/basic/moscow_1_0_0.json index 7b29da07..ce8ddcba 100644 --- a/data/json/decision_points/basic/moscow_1_0_0.json +++ b/data/json/decision_points/basic/moscow_1_0_0.json @@ -3,28 +3,28 @@ "key": "MSCW", "version": "1.0.0", "name": "MoSCoW", - "description": "The MoSCoW (Must, Should, Could, Won't) outcome group.", + "definition": "The MoSCoW (Must, Should, Could, Won't) outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "W", "name": "Won't", - "description": "Won't" + "definition": "Won't" }, { "key": "C", "name": "Could", - "description": "Could" + "definition": "Could" }, { "key": "S", "name": "Should", - "description": "Should" + "definition": "Should" }, { "key": "M", "name": "Must", - "description": "Must" + "definition": "Must" } ] } diff --git a/data/json/decision_points/basic/value_complexity_1_0_0.json b/data/json/decision_points/basic/value_complexity_1_0_0.json index d3354f2d..11c0fc20 100644 --- a/data/json/decision_points/basic/value_complexity_1_0_0.json +++ b/data/json/decision_points/basic/value_complexity_1_0_0.json @@ -3,28 +3,28 @@ "key": "VALUE_COMPLEXITY", "version": "1.0.0", "name": "Value, Complexity", - "description": "The Value/Complexity outcome group.", + "definition": "The Value/Complexity outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Drop", - "description": "Drop" + "definition": "Drop" }, { "key": "R", "name": "Reconsider Later", - "description": "Reconsider Later" + "definition": "Reconsider Later" }, { "key": "E", "name": "Easy Win", - "description": "Easy Win" + "definition": "Easy Win" }, { "key": "F", "name": "Do First", - "description": "Do First" + "definition": "Do First" } ] } diff --git a/data/json/decision_points/basic/yesno_1_0_0.json b/data/json/decision_points/basic/yesno_1_0_0.json index b376989b..d177d2cf 100644 --- a/data/json/decision_points/basic/yesno_1_0_0.json +++ b/data/json/decision_points/basic/yesno_1_0_0.json @@ -3,18 +3,18 @@ "key": "YN", "version": "1.0.0", "name": "YesNo", - "description": "A Yes/No decision point / outcome group.", + "definition": "A Yes/No decision point / outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "No" + "definition": "No" }, { "key": "Y", "name": "Yes", - "description": "Yes" + "definition": "Yes" } ] } diff --git a/data/json/decision_points/cisa/cisa_levels_1_1_0.json b/data/json/decision_points/cisa/cisa_levels_1_1_0.json index 965874bb..7633ec00 100644 --- a/data/json/decision_points/cisa/cisa_levels_1_1_0.json +++ b/data/json/decision_points/cisa/cisa_levels_1_1_0.json @@ -3,28 +3,28 @@ "key": "CISA", "version": "1.1.0", "name": "CISA Levels", - "description": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", + "definition": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", "schemaVersion": "2.0.0", "values": [ { "key": "T", "name": "Track", - "description": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." + "definition": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." }, { "key": "T*", "name": "Track*", - "description": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." + "definition": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." }, { "key": "AT", "name": "Attend", - "description": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." + "definition": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." }, { "key": "AC", "name": "Act", - "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." + "definition": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." } ] } diff --git a/data/json/decision_points/cisa/in_kev_1_0_0.json b/data/json/decision_points/cisa/in_kev_1_0_0.json index dad51ecb..5431bbd0 100644 --- a/data/json/decision_points/cisa/in_kev_1_0_0.json +++ b/data/json/decision_points/cisa/in_kev_1_0_0.json @@ -3,18 +3,18 @@ "key": "KEV", "version": "1.0.0", "name": "In KEV", - "description": "Denotes whether a vulnerability is in the CISA Known Exploited Vulnerabilities (KEV) list.", + "definition": "Denotes whether a vulnerability is in the CISA Known Exploited Vulnerabilities (KEV) list.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "Vulnerability is not listed in KEV." + "definition": "Vulnerability is not listed in KEV." }, { "key": "Y", "name": "Yes", - "description": "Vulnerability is listed in KEV." + "definition": "Vulnerability is listed in KEV." } ] } diff --git a/data/json/decision_points/cisa/mission_prevalence_1_0_0.json b/data/json/decision_points/cisa/mission_prevalence_1_0_0.json index c3b8285b..07546241 100644 --- a/data/json/decision_points/cisa/mission_prevalence_1_0_0.json +++ b/data/json/decision_points/cisa/mission_prevalence_1_0_0.json @@ -3,23 +3,23 @@ "key": "MP", "version": "1.0.0", "name": "Mission Prevalence", - "description": "Prevalence of the mission essential functions", + "definition": "Prevalence of the mission essential functions", "schemaVersion": "2.0.0", "values": [ { "key": "M", "name": "Minimal", - "description": "Neither Support nor Essential apply. The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions." + "definition": "Neither Support nor Essential apply. The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions." }, { "key": "S", "name": "Support", - "description": "The vulnerable component only supports MEFs for two or more entities." + "definition": "The vulnerable component only supports MEFs for two or more entities." }, { "key": "E", "name": "Essential", - "description": "The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure." + "definition": "The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure." } ] } diff --git a/data/json/decision_points/cvss/access_complexity_1_0_0.json b/data/json/decision_points/cvss/access_complexity_1_0_0.json index 2fb2dca4..41063a4b 100644 --- a/data/json/decision_points/cvss/access_complexity_1_0_0.json +++ b/data/json/decision_points/cvss/access_complexity_1_0_0.json @@ -3,18 +3,18 @@ "key": "AC", "version": "1.0.0", "name": "Access Complexity", - "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", + "definition": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)" + "definition": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)" }, { "key": "L", "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable." + "definition": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable." } ] } diff --git a/data/json/decision_points/cvss/access_complexity_2_0_0.json b/data/json/decision_points/cvss/access_complexity_2_0_0.json index ff8b6c5d..12b744cc 100644 --- a/data/json/decision_points/cvss/access_complexity_2_0_0.json +++ b/data/json/decision_points/cvss/access_complexity_2_0_0.json @@ -3,23 +3,23 @@ "key": "AC", "version": "2.0.0", "name": "Access Complexity", - "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", + "definition": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "Specialized access conditions exist." + "definition": "Specialized access conditions exist." }, { "key": "M", "name": "Medium", - "description": "The access conditions are somewhat specialized." + "definition": "The access conditions are somewhat specialized." }, { "key": "L", "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist." + "definition": "Specialized access conditions or extenuating circumstances do not exist." } ] } diff --git a/data/json/decision_points/cvss/access_vector_1_0_0.json b/data/json/decision_points/cvss/access_vector_1_0_0.json index 89c5976a..f9fced74 100644 --- a/data/json/decision_points/cvss/access_vector_1_0_0.json +++ b/data/json/decision_points/cvss/access_vector_1_0_0.json @@ -3,18 +3,18 @@ "key": "AV", "version": "1.0.0", "name": "Access Vector", - "description": "This metric measures whether or not the vulnerability is exploitable locally or remotely.", + "definition": "This metric measures whether or not the vulnerability is exploitable locally or remotely.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Local", - "description": "The vulnerability is only exploitable locally (i.e., it requires physical access or authenticated login to the target system)" + "definition": "The vulnerability is only exploitable locally (i.e., it requires physical access or authenticated login to the target system)" }, { "key": "R", "name": "Remote", - "description": "The vulnerability is exploitable remotely." + "definition": "The vulnerability is exploitable remotely." } ] } diff --git a/data/json/decision_points/cvss/access_vector_2_0_0.json b/data/json/decision_points/cvss/access_vector_2_0_0.json index 48ec3f7b..ab92b164 100644 --- a/data/json/decision_points/cvss/access_vector_2_0_0.json +++ b/data/json/decision_points/cvss/access_vector_2_0_0.json @@ -3,23 +3,23 @@ "key": "AV", "version": "2.0.0", "name": "Access Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible.", + "definition": "This metric reflects the context by which vulnerability exploitation is possible.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Local", - "description": "A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account." + "definition": "A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account." }, { "key": "A", "name": "Adjacent Network", - "description": "A vulnerability exploitable with adjacent network access requires the attacker to have access to either the broadcast or collision domain of the vulnerable software." + "definition": "A vulnerability exploitable with adjacent network access requires the attacker to have access to either the broadcast or collision domain of the vulnerable software." }, { "key": "N", "name": "Network", - "description": "A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed 'remotely exploitable'." + "definition": "A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed 'remotely exploitable'." } ] } diff --git a/data/json/decision_points/cvss/attack_complexity_3_0_0.json b/data/json/decision_points/cvss/attack_complexity_3_0_0.json index d5d89c07..a2ef8eaa 100644 --- a/data/json/decision_points/cvss/attack_complexity_3_0_0.json +++ b/data/json/decision_points/cvss/attack_complexity_3_0_0.json @@ -3,18 +3,18 @@ "key": "AC", "version": "3.0.0", "name": "Attack Complexity", - "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", + "definition": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "A successful attack depends on conditions beyond the attacker's control." + "definition": "A successful attack depends on conditions beyond the attacker's control." }, { "key": "L", "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." + "definition": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." } ] } diff --git a/data/json/decision_points/cvss/attack_complexity_3_0_1.json b/data/json/decision_points/cvss/attack_complexity_3_0_1.json index 88ed9707..9267e9df 100644 --- a/data/json/decision_points/cvss/attack_complexity_3_0_1.json +++ b/data/json/decision_points/cvss/attack_complexity_3_0_1.json @@ -3,18 +3,18 @@ "key": "AC", "version": "3.0.1", "name": "Attack Complexity", - "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", + "definition": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + "definition": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." }, { "key": "L", "name": "Low", - "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + "definition": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " } ] } diff --git a/data/json/decision_points/cvss/attack_requirements_1_0_0.json b/data/json/decision_points/cvss/attack_requirements_1_0_0.json index 49219df7..8ff48413 100644 --- a/data/json/decision_points/cvss/attack_requirements_1_0_0.json +++ b/data/json/decision_points/cvss/attack_requirements_1_0_0.json @@ -3,18 +3,18 @@ "key": "AT", "version": "1.0.0", "name": "Attack Requirements", - "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", + "definition": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Present", - "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + "definition": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." }, { "key": "N", "name": "None", - "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + "definition": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." } ] } diff --git a/data/json/decision_points/cvss/attack_vector_3_0_0.json b/data/json/decision_points/cvss/attack_vector_3_0_0.json index a369277a..f8415045 100644 --- a/data/json/decision_points/cvss/attack_vector_3_0_0.json +++ b/data/json/decision_points/cvss/attack_vector_3_0_0.json @@ -3,28 +3,28 @@ "key": "AV", "version": "3.0.0", "name": "Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. ", + "definition": "This metric reflects the context by which vulnerability exploitation is possible. ", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Physical", - "description": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." + "definition": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." }, { "key": "L", "name": "Local", - "description": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." + "definition": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." }, { "key": "A", "name": "Adjacent", - "description": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + "definition": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." }, { "key": "N", "name": "Network", - "description": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." + "definition": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." } ] } diff --git a/data/json/decision_points/cvss/attack_vector_3_0_1.json b/data/json/decision_points/cvss/attack_vector_3_0_1.json index c5843891..494691ea 100644 --- a/data/json/decision_points/cvss/attack_vector_3_0_1.json +++ b/data/json/decision_points/cvss/attack_vector_3_0_1.json @@ -3,28 +3,28 @@ "key": "AV", "version": "3.0.1", "name": "Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", + "definition": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Physical", - "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + "definition": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." }, { "key": "L", "name": "Local", - "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + "definition": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." }, { "key": "A", "name": "Adjacent", - "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + "definition": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." }, { "key": "N", "name": "Network", - "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + "definition": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." } ] } diff --git a/data/json/decision_points/cvss/authentication_1_0_0.json b/data/json/decision_points/cvss/authentication_1_0_0.json index 2faea2b0..46bb9637 100644 --- a/data/json/decision_points/cvss/authentication_1_0_0.json +++ b/data/json/decision_points/cvss/authentication_1_0_0.json @@ -3,18 +3,18 @@ "key": "Au", "version": "1.0.0", "name": "Authentication", - "description": "This metric measures whether or not an attacker needs to be authenticated to the target system in order to exploit the vulnerability.", + "definition": "This metric measures whether or not an attacker needs to be authenticated to the target system in order to exploit the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Not Required", - "description": "Authentication is not required to access or exploit the vulnerability." + "definition": "Authentication is not required to access or exploit the vulnerability." }, { "key": "R", "name": "Required", - "description": "Authentication is required to access and exploit the vulnerability." + "definition": "Authentication is required to access and exploit the vulnerability." } ] } diff --git a/data/json/decision_points/cvss/authentication_2_0_0.json b/data/json/decision_points/cvss/authentication_2_0_0.json index b95dc185..e3422570 100644 --- a/data/json/decision_points/cvss/authentication_2_0_0.json +++ b/data/json/decision_points/cvss/authentication_2_0_0.json @@ -3,23 +3,23 @@ "key": "Au", "version": "2.0.0", "name": "Authentication", - "description": "This metric measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability. This metric does not gauge the strength or complexity of the authentication process, only that an attacker is required to provide credentials before an exploit may occur. The possible values for this metric are listed in Table 3. The fewer authentication instances that are required, the higher the vulnerability score.", + "definition": "This metric measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability. This metric does not gauge the strength or complexity of the authentication process, only that an attacker is required to provide credentials before an exploit may occur. The possible values for this metric are listed in Table 3. The fewer authentication instances that are required, the higher the vulnerability score.", "schemaVersion": "2.0.0", "values": [ { "key": "M", "name": "Multiple", - "description": "Exploiting the vulnerability requires that the attacker authenticate two or more times, even if the same credentials are used each time." + "definition": "Exploiting the vulnerability requires that the attacker authenticate two or more times, even if the same credentials are used each time." }, { "key": "S", "name": "Single", - "description": "The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface)." + "definition": "The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface)." }, { "key": "N", "name": "None", - "description": "Authentication is not required to exploit the vulnerability." + "definition": "Authentication is not required to exploit the vulnerability." } ] } diff --git a/data/json/decision_points/cvss/automatable_1_0_0.json b/data/json/decision_points/cvss/automatable_1_0_0.json index 65751950..0e7464bf 100644 --- a/data/json/decision_points/cvss/automatable_1_0_0.json +++ b/data/json/decision_points/cvss/automatable_1_0_0.json @@ -3,23 +3,23 @@ "key": "AU", "version": "1.0.0", "name": "Automatable", - "description": "The \"Automatable\" metric captures the answer to the question \"Can an attacker automate exploitation events for this vulnerability across multiple targets?\" based on steps 1-4 of the kill chain.", + "definition": "The \"Automatable\" metric captures the answer to the question \"Can an attacker automate exploitation events for this vulnerability across multiple targets?\" based on steps 1-4 of the kill chain.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + "definition": "Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." }, { "key": "Y", "name": "Yes", - "description": "Attackers can reliably automate all 4 steps of the kill chain. These steps are reconnaissance, weaponization, delivery, and exploitation (e.g., the vulnerability is \"wormable\")." + "definition": "Attackers can reliably automate all 4 steps of the kill chain. These steps are reconnaissance, weaponization, delivery, and exploitation (e.g., the vulnerability is \"wormable\")." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/availability_impact_1_0_0.json b/data/json/decision_points/cvss/availability_impact_1_0_0.json index db9dcfce..5a98cf85 100644 --- a/data/json/decision_points/cvss/availability_impact_1_0_0.json +++ b/data/json/decision_points/cvss/availability_impact_1_0_0.json @@ -3,23 +3,23 @@ "key": "A", "version": "1.0.0", "name": "Availability Impact", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the target system.", + "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the target system.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "No impact on availability." + "definition": "No impact on availability." }, { "key": "P", "name": "Partial", - "description": "Considerable lag in or interruptions in resource availability. For example, a network-based flood attack that reduces available bandwidth to a web server farm to such an extent that only a small number of connections successfully complete." + "definition": "Considerable lag in or interruptions in resource availability. For example, a network-based flood attack that reduces available bandwidth to a web server farm to such an extent that only a small number of connections successfully complete." }, { "key": "C", "name": "Complete", - "description": "Total shutdown of the affected resource. The attacker can render the resource completely unavailable." + "definition": "Total shutdown of the affected resource. The attacker can render the resource completely unavailable." } ] } diff --git a/data/json/decision_points/cvss/availability_impact_2_0_0.json b/data/json/decision_points/cvss/availability_impact_2_0_0.json index 2dc9723d..80a86a13 100644 --- a/data/json/decision_points/cvss/availability_impact_2_0_0.json +++ b/data/json/decision_points/cvss/availability_impact_2_0_0.json @@ -3,23 +3,23 @@ "key": "A", "version": "2.0.0", "name": "Availability Impact", - "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to availability of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to the availability of the system." + "definition": "There is no impact to the availability of the system." }, { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability." + "definition": "There is reduced performance or interruptions in resource availability." }, { "key": "H", "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } ] } diff --git a/data/json/decision_points/cvss/availability_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/availability_impact_to_the_subsequent_system_1_0_0.json index 4aec18d9..e6d67244 100644 --- a/data/json/decision_points/cvss/availability_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/availability_impact_to_the_subsequent_system_1_0_0.json @@ -3,23 +3,23 @@ "key": "SA", "version": "1.0.0", "name": "Availability Impact to the Subsequent System", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", + "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "definition": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } ] } diff --git a/data/json/decision_points/cvss/availability_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/availability_impact_to_the_vulnerable_system_3_0_0.json index e72867d5..cd3f640f 100644 --- a/data/json/decision_points/cvss/availability_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/availability_impact_to_the_vulnerable_system_3_0_0.json @@ -3,23 +3,23 @@ "key": "VA", "version": "3.0.0", "name": "Availability Impact to the Vulnerable System", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to availability within the Vulnerable System." + "definition": "There is no impact to availability within the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + "definition": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." }, { "key": "H", "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } ] } diff --git a/data/json/decision_points/cvss/availability_requirement_1_0_0.json b/data/json/decision_points/cvss/availability_requirement_1_0_0.json index 01e98283..2a953169 100644 --- a/data/json/decision_points/cvss/availability_requirement_1_0_0.json +++ b/data/json/decision_points/cvss/availability_requirement_1_0_0.json @@ -3,28 +3,28 @@ "key": "AR", "version": "1.0.0", "name": "Availability Requirement", - "description": "This metric measures the impact to the availability of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the availability of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "ND", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/availability_requirement_1_1_0.json b/data/json/decision_points/cvss/availability_requirement_1_1_0.json index 400a6ee6..17621b17 100644 --- a/data/json/decision_points/cvss/availability_requirement_1_1_0.json +++ b/data/json/decision_points/cvss/availability_requirement_1_1_0.json @@ -3,28 +3,28 @@ "key": "AR", "version": "1.1.0", "name": "Availability Requirement", - "description": "This metric measures the impact to the availability of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the availability of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/availability_requirement_1_1_1.json b/data/json/decision_points/cvss/availability_requirement_1_1_1.json index 2188b155..8836d40c 100644 --- a/data/json/decision_points/cvss/availability_requirement_1_1_1.json +++ b/data/json/decision_points/cvss/availability_requirement_1_1_1.json @@ -3,28 +3,28 @@ "key": "AR", "version": "1.1.1", "name": "Availability Requirement", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability.", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/availability_requirement_without_not_defined__1_1_1.json b/data/json/decision_points/cvss/availability_requirement_without_not_defined__1_1_1.json index c4d36b64..230831d3 100644 --- a/data/json/decision_points/cvss/availability_requirement_without_not_defined__1_1_1.json +++ b/data/json/decision_points/cvss/availability_requirement_without_not_defined__1_1_1.json @@ -3,23 +3,23 @@ "key": "AR_NoX", "version": "1.1.1", "name": "Availability Requirement (without Not Defined)", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability. This version does not include the Not Defined (X) option.", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } ] } diff --git a/data/json/decision_points/cvss/collateral_damage_potential_1_0_0.json b/data/json/decision_points/cvss/collateral_damage_potential_1_0_0.json index 0b40ec7a..fb14a84a 100644 --- a/data/json/decision_points/cvss/collateral_damage_potential_1_0_0.json +++ b/data/json/decision_points/cvss/collateral_damage_potential_1_0_0.json @@ -3,28 +3,28 @@ "key": "CDP", "version": "1.0.0", "name": "Collateral Damage Potential", - "description": "This metric measures the potential for a loss in physical equipment, property damage or loss of life or limb.", + "definition": "This metric measures the potential for a loss in physical equipment, property damage or loss of life or limb.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no potential for physical or property damage." + "definition": "There is no potential for physical or property damage." }, { "key": "L", "name": "Low", - "description": "A successful exploit of this vulnerability may result in light physical or property damage or loss. The system itself may be damaged or destroyed." + "definition": "A successful exploit of this vulnerability may result in light physical or property damage or loss. The system itself may be damaged or destroyed." }, { "key": "M", "name": "Medium", - "description": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." + "definition": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." }, { "key": "H", "name": "High", - "description": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." + "definition": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." } ] } diff --git a/data/json/decision_points/cvss/collateral_damage_potential_2_0_0.json b/data/json/decision_points/cvss/collateral_damage_potential_2_0_0.json index 8b3e106e..0fcd9bab 100644 --- a/data/json/decision_points/cvss/collateral_damage_potential_2_0_0.json +++ b/data/json/decision_points/cvss/collateral_damage_potential_2_0_0.json @@ -3,33 +3,33 @@ "key": "CDP", "version": "2.0.0", "name": "Collateral Damage Potential", - "description": "This metric measures the potential for loss of life or physical assets.", + "definition": "This metric measures the potential for loss of life or physical assets.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no potential for loss of life, physical assets, productivity or revenue." + "definition": "There is no potential for loss of life, physical assets, productivity or revenue." }, { "key": "LM", "name": "Low-Medium", - "description": "A successful exploit of this vulnerability may result in moderate physical or property damage or loss." + "definition": "A successful exploit of this vulnerability may result in moderate physical or property damage or loss." }, { "key": "MH", "name": "Medium-High", - "description": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." + "definition": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." }, { "key": "H", "name": "High", - "description": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." + "definition": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." }, { "key": "ND", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/confidentiality_impact_1_0_0.json b/data/json/decision_points/cvss/confidentiality_impact_1_0_0.json index 5634d799..f4b17718 100644 --- a/data/json/decision_points/cvss/confidentiality_impact_1_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_impact_1_0_0.json @@ -3,23 +3,23 @@ "key": "C", "version": "1.0.0", "name": "Confidentiality Impact", - "description": "This metric measures the impact on confidentiality of a successful exploit of the vulnerability on the target system.", + "definition": "This metric measures the impact on confidentiality of a successful exploit of the vulnerability on the target system.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "No impact on confidentiality." + "definition": "No impact on confidentiality." }, { "key": "P", "name": "Partial", - "description": "There is considerable informational disclosure. Access to critical system files is possible. There is a loss of important information, but the attacker doesn't have control over what is obtainable or the scope of the loss is constrained." + "definition": "There is considerable informational disclosure. Access to critical system files is possible. There is a loss of important information, but the attacker doesn't have control over what is obtainable or the scope of the loss is constrained." }, { "key": "C", "name": "Complete", - "description": "A total compromise of critical system information. A complete loss of system protection resulting in all critical system files being revealed. The attacker has sovereign control to read all of the system's data (memory, files, etc)." + "definition": "A total compromise of critical system information. A complete loss of system protection resulting in all critical system files being revealed. The attacker has sovereign control to read all of the system's data (memory, files, etc)." } ] } diff --git a/data/json/decision_points/cvss/confidentiality_impact_2_0_0.json b/data/json/decision_points/cvss/confidentiality_impact_2_0_0.json index 44f31e5a..1b92fd1f 100644 --- a/data/json/decision_points/cvss/confidentiality_impact_2_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_impact_2_0_0.json @@ -3,23 +3,23 @@ "key": "C", "version": "2.0.0", "name": "Confidentiality Impact", - "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "definition": "There is no loss of confidentiality within the impacted component." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, { "key": "H", "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." } ] } diff --git a/data/json/decision_points/cvss/confidentiality_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/confidentiality_impact_to_the_subsequent_system_1_0_0.json index 37208528..761697d1 100644 --- a/data/json/decision_points/cvss/confidentiality_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_impact_to_the_subsequent_system_1_0_0.json @@ -3,23 +3,23 @@ "key": "SC", "version": "1.0.0", "name": "Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "definition": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." } ] } diff --git a/data/json/decision_points/cvss/confidentiality_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/confidentiality_impact_to_the_vulnerable_system_3_0_0.json index 33b141c1..fd33d6e6 100644 --- a/data/json/decision_points/cvss/confidentiality_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_impact_to_the_vulnerable_system_3_0_0.json @@ -3,23 +3,23 @@ "key": "VC", "version": "3.0.0", "name": "Confidentiality Impact to the Vulnerable System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "definition": "There is no loss of confidentiality within the impacted component." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, { "key": "H", "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." } ] } diff --git a/data/json/decision_points/cvss/confidentiality_requirement_1_0_0.json b/data/json/decision_points/cvss/confidentiality_requirement_1_0_0.json index ad330ec3..d635256e 100644 --- a/data/json/decision_points/cvss/confidentiality_requirement_1_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_requirement_1_0_0.json @@ -3,28 +3,28 @@ "key": "CR", "version": "1.0.0", "name": "Confidentiality Requirement", - "description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "ND", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/confidentiality_requirement_1_1_0.json b/data/json/decision_points/cvss/confidentiality_requirement_1_1_0.json index ab170f65..1c188c33 100644 --- a/data/json/decision_points/cvss/confidentiality_requirement_1_1_0.json +++ b/data/json/decision_points/cvss/confidentiality_requirement_1_1_0.json @@ -3,28 +3,28 @@ "key": "CR", "version": "1.1.0", "name": "Confidentiality Requirement", - "description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/confidentiality_requirement_1_1_1.json b/data/json/decision_points/cvss/confidentiality_requirement_1_1_1.json index e78267b6..1d99b7cd 100644 --- a/data/json/decision_points/cvss/confidentiality_requirement_1_1_1.json +++ b/data/json/decision_points/cvss/confidentiality_requirement_1_1_1.json @@ -3,28 +3,28 @@ "key": "CR", "version": "1.1.1", "name": "Confidentiality Requirement", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/confidentiality_requirement_without_not_defined__1_1_1.json b/data/json/decision_points/cvss/confidentiality_requirement_without_not_defined__1_1_1.json index 12e989e4..a9970c8b 100644 --- a/data/json/decision_points/cvss/confidentiality_requirement_without_not_defined__1_1_1.json +++ b/data/json/decision_points/cvss/confidentiality_requirement_without_not_defined__1_1_1.json @@ -3,23 +3,23 @@ "key": "CR_NoX", "version": "1.1.1", "name": "Confidentiality Requirement (without Not Defined)", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } ] } diff --git a/data/json/decision_points/cvss/cvss_qualitative_severity_rating_scale_1_0_0.json b/data/json/decision_points/cvss/cvss_qualitative_severity_rating_scale_1_0_0.json index dca56b8b..96efe88c 100644 --- a/data/json/decision_points/cvss/cvss_qualitative_severity_rating_scale_1_0_0.json +++ b/data/json/decision_points/cvss/cvss_qualitative_severity_rating_scale_1_0_0.json @@ -3,33 +3,33 @@ "key": "CVSS", "version": "1.0.0", "name": "CVSS Qualitative Severity Rating Scale", - "description": "The CVSS Qualitative Severity Rating Scale group.", + "definition": "The CVSS Qualitative Severity Rating Scale group.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "None (0.0)" + "definition": "None (0.0)" }, { "key": "L", "name": "Low", - "description": "Low (0.1-3.9)" + "definition": "Low (0.1-3.9)" }, { "key": "M", "name": "Medium", - "description": "Medium (4.0-6.9)" + "definition": "Medium (4.0-6.9)" }, { "key": "H", "name": "High", - "description": "High (7.0-8.9)" + "definition": "High (7.0-8.9)" }, { "key": "C", "name": "Critical", - "description": "Critical (9.0-10.0)" + "definition": "Critical (9.0-10.0)" } ] } diff --git a/data/json/decision_points/cvss/equivalence_set_1_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_1_1_0_0.json index 4eefa33a..583fb814 100644 --- a/data/json/decision_points/cvss/equivalence_set_1_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_1_1_0_0.json @@ -3,23 +3,23 @@ "key": "EQ1", "version": "1.0.0", "name": "Equivalence Set 1", - "description": "AV/PR/UI with 3 levels specified in Table 24", + "definition": "AV/PR/UI with 3 levels specified in Table 24", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: AV:P or not(AV:N or PR:N or UI:N)" + "definition": "2: AV:P or not(AV:N or PR:N or UI:N)" }, { "key": "M", "name": "Medium", - "description": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" + "definition": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" }, { "key": "H", "name": "High", - "description": "0: AV:N and PR:N and UI:N" + "definition": "0: AV:N and PR:N and UI:N" } ] } diff --git a/data/json/decision_points/cvss/equivalence_set_2_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_2_1_0_0.json index ee665375..6d32a351 100644 --- a/data/json/decision_points/cvss/equivalence_set_2_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_2_1_0_0.json @@ -3,18 +3,18 @@ "key": "EQ2", "version": "1.0.0", "name": "Equivalence Set 2", - "description": "AC/AT with 2 levels specified in Table 25", + "definition": "AC/AT with 2 levels specified in Table 25", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "1: not (AC:L and AT:N)" + "definition": "1: not (AC:L and AT:N)" }, { "key": "H", "name": "High", - "description": "0: AC:L and AT:N" + "definition": "0: AC:L and AT:N" } ] } diff --git a/data/json/decision_points/cvss/equivalence_set_3_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_3_1_0_0.json index 9d224fd9..b79a1b35 100644 --- a/data/json/decision_points/cvss/equivalence_set_3_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_3_1_0_0.json @@ -3,23 +3,23 @@ "key": "EQ3", "version": "1.0.0", "name": "Equivalence Set 3", - "description": "VC/VI/VA with 3 levels specified in Table 26", + "definition": "VC/VI/VA with 3 levels specified in Table 26", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: not (VC:H or VI:H or VA:H)" + "definition": "2: not (VC:H or VI:H or VA:H)" }, { "key": "M", "name": "Medium", - "description": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" + "definition": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" }, { "key": "H", "name": "High", - "description": "0: VC:H and VI:H" + "definition": "0: VC:H and VI:H" } ] } diff --git a/data/json/decision_points/cvss/equivalence_set_4_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_4_1_0_0.json index b0daf241..bdf23b9c 100644 --- a/data/json/decision_points/cvss/equivalence_set_4_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_4_1_0_0.json @@ -3,23 +3,23 @@ "key": "EQ4", "version": "1.0.0", "name": "Equivalence Set 4", - "description": "SC/SI/SA with 3 levels specified in Table 27", + "definition": "SC/SI/SA with 3 levels specified in Table 27", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" + "definition": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" }, { "key": "M", "name": "Medium", - "description": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" + "definition": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" }, { "key": "H", "name": "High", - "description": "0: MSI:S or MSA:S" + "definition": "0: MSI:S or MSA:S" } ] } diff --git a/data/json/decision_points/cvss/equivalence_set_5_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_5_1_0_0.json index f0116db6..cee5ce58 100644 --- a/data/json/decision_points/cvss/equivalence_set_5_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_5_1_0_0.json @@ -3,23 +3,23 @@ "key": "EQ5", "version": "1.0.0", "name": "Equivalence Set 5", - "description": "E with 3 levels specified in Table 28", + "definition": "E with 3 levels specified in Table 28", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: E:U" + "definition": "2: E:U" }, { "key": "M", "name": "Medium", - "description": "1: E:P" + "definition": "1: E:P" }, { "key": "H", "name": "High", - "description": "0: E:A" + "definition": "0: E:A" } ] } diff --git a/data/json/decision_points/cvss/equivalence_set_6_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_6_1_0_0.json index a1790231..d2ef4775 100644 --- a/data/json/decision_points/cvss/equivalence_set_6_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_6_1_0_0.json @@ -3,18 +3,18 @@ "key": "EQ6", "version": "1.0.0", "name": "Equivalence Set 6", - "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", + "definition": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" + "definition": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" }, { "key": "H", "name": "High", - "description": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" + "definition": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" } ] } diff --git a/data/json/decision_points/cvss/exploit_code_maturity_1_2_0.json b/data/json/decision_points/cvss/exploit_code_maturity_1_2_0.json index 0722a613..60d471cd 100644 --- a/data/json/decision_points/cvss/exploit_code_maturity_1_2_0.json +++ b/data/json/decision_points/cvss/exploit_code_maturity_1_2_0.json @@ -3,33 +3,33 @@ "key": "E", "version": "1.2.0", "name": "Exploit Code Maturity", - "description": "measures the likelihood of the vulnerability being attacked, and is typically based on the current state of exploit techniques, exploit code availability, or active, 'in-the-wild' exploitation", + "definition": "measures the likelihood of the vulnerability being attacked, and is typically based on the current state of exploit techniques, exploit code availability, or active, 'in-the-wild' exploitation", "schemaVersion": "2.0.0", "values": [ { "key": "U", "name": "Unproven", - "description": "No exploit code is available, or an exploit is theoretical." + "definition": "No exploit code is available, or an exploit is theoretical." }, { "key": "POC", "name": "Proof-of-Concept", - "description": "Proof-of-concept exploit code is available, or an attack demonstration is not practical for most systems. The code or technique is not functional in all situations and may require substantial modification by a skilled attacker." + "definition": "Proof-of-concept exploit code is available, or an attack demonstration is not practical for most systems. The code or technique is not functional in all situations and may require substantial modification by a skilled attacker." }, { "key": "F", "name": "Functional", - "description": "Functional exploit code is available. The code works in most situations where the vulnerability exists." + "definition": "Functional exploit code is available. The code works in most situations where the vulnerability exists." }, { "key": "H", "name": "High", - "description": "Functional autonomous code exists, or no exploit is required (manual trigger) and details are widely available. Exploit code works in every situation, or is actively being delivered via an autonomous agent (such as a worm or virus). Network-connected systems are likely to encounter scanning or exploitation attempts. Exploit development has reached the level of reliable, widely-available, easy-to-use automated tools." + "definition": "Functional autonomous code exists, or no exploit is required (manual trigger) and details are widely available. Exploit code works in every situation, or is actively being delivered via an autonomous agent (such as a worm or virus). Network-connected systems are likely to encounter scanning or exploitation attempts. Exploit development has reached the level of reliable, widely-available, easy-to-use automated tools." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/exploit_maturity_2_0_0.json b/data/json/decision_points/cvss/exploit_maturity_2_0_0.json index 1c6985a7..e12b3c98 100644 --- a/data/json/decision_points/cvss/exploit_maturity_2_0_0.json +++ b/data/json/decision_points/cvss/exploit_maturity_2_0_0.json @@ -3,28 +3,28 @@ "key": "E", "version": "2.0.0", "name": "Exploit Maturity", - "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation.", + "definition": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation.", "schemaVersion": "2.0.0", "values": [ { "key": "U", "name": "Unreported", - "description": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + "definition": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" }, { "key": "P", "name": "Proof-of-Concept", - "description": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + "definition": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" }, { "key": "A", "name": "Attacked", - "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + "definition": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/exploit_maturity_without_not_defined__2_0_0.json b/data/json/decision_points/cvss/exploit_maturity_without_not_defined__2_0_0.json index c3f4e72c..879ddc6b 100644 --- a/data/json/decision_points/cvss/exploit_maturity_without_not_defined__2_0_0.json +++ b/data/json/decision_points/cvss/exploit_maturity_without_not_defined__2_0_0.json @@ -3,23 +3,23 @@ "key": "E_NoX", "version": "2.0.0", "name": "Exploit Maturity (without Not Defined)", - "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation. This version does not include the Not Defined (X) option.", + "definition": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "U", "name": "Unreported", - "description": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + "definition": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" }, { "key": "P", "name": "Proof-of-Concept", - "description": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + "definition": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" }, { "key": "A", "name": "Attacked", - "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + "definition": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" } ] } diff --git a/data/json/decision_points/cvss/exploitability_1_0_0.json b/data/json/decision_points/cvss/exploitability_1_0_0.json index acb0cf98..d94b8005 100644 --- a/data/json/decision_points/cvss/exploitability_1_0_0.json +++ b/data/json/decision_points/cvss/exploitability_1_0_0.json @@ -3,28 +3,28 @@ "key": "E", "version": "1.0.0", "name": "Exploitability", - "description": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", + "definition": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", "schemaVersion": "2.0.0", "values": [ { "key": "U", "name": "Unproven", - "description": "No exploit code is yet available or an exploit method is entirely theoretical." + "definition": "No exploit code is yet available or an exploit method is entirely theoretical." }, { "key": "P", "name": "Proof of Concept", - "description": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." + "definition": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." }, { "key": "F", "name": "Functional", - "description": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." + "definition": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." }, { "key": "H", "name": "High", - "description": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." + "definition": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." } ] } diff --git a/data/json/decision_points/cvss/exploitability_1_1_0.json b/data/json/decision_points/cvss/exploitability_1_1_0.json index 02685cba..e62634cd 100644 --- a/data/json/decision_points/cvss/exploitability_1_1_0.json +++ b/data/json/decision_points/cvss/exploitability_1_1_0.json @@ -3,33 +3,33 @@ "key": "E", "version": "1.1.0", "name": "Exploitability", - "description": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", + "definition": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", "schemaVersion": "2.0.0", "values": [ { "key": "U", "name": "Unproven", - "description": "No exploit code is yet available or an exploit method is entirely theoretical." + "definition": "No exploit code is yet available or an exploit method is entirely theoretical." }, { "key": "P", "name": "Proof of Concept", - "description": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." + "definition": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." }, { "key": "F", "name": "Functional", - "description": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." + "definition": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." }, { "key": "H", "name": "High", - "description": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." + "definition": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." }, { "key": "ND", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/impact_bias_1_0_0.json b/data/json/decision_points/cvss/impact_bias_1_0_0.json index f2a9e366..22cb190c 100644 --- a/data/json/decision_points/cvss/impact_bias_1_0_0.json +++ b/data/json/decision_points/cvss/impact_bias_1_0_0.json @@ -3,28 +3,28 @@ "key": "IB", "version": "1.0.0", "name": "Impact Bias", - "description": "This metric measures the impact bias of the vulnerability.", + "definition": "This metric measures the impact bias of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Normal", - "description": "Confidentiality Impact, Integrity Impact, and Availability Impact are all assigned the same weight." + "definition": "Confidentiality Impact, Integrity Impact, and Availability Impact are all assigned the same weight." }, { "key": "C", "name": "Confidentiality", - "description": "Confidentiality impact is assigned greater weight than Integrity Impact or Availability Impact." + "definition": "Confidentiality impact is assigned greater weight than Integrity Impact or Availability Impact." }, { "key": "I", "name": "Integrity", - "description": "Integrity Impact is assigned greater weight than Confidentiality Impact or Availability Impact." + "definition": "Integrity Impact is assigned greater weight than Confidentiality Impact or Availability Impact." }, { "key": "A", "name": "Availability", - "description": "Availability Impact is assigned greater weight than Confidentiality Impact or Integrity Impact." + "definition": "Availability Impact is assigned greater weight than Confidentiality Impact or Integrity Impact." } ] } diff --git a/data/json/decision_points/cvss/integrity_impact_1_0_0.json b/data/json/decision_points/cvss/integrity_impact_1_0_0.json index 8b380ad7..d2bd3620 100644 --- a/data/json/decision_points/cvss/integrity_impact_1_0_0.json +++ b/data/json/decision_points/cvss/integrity_impact_1_0_0.json @@ -3,23 +3,23 @@ "key": "I", "version": "1.0.0", "name": "Integrity Impact", - "description": "This metric measures the impact on integrity a successful exploit of the vulnerability will have on the target system.", + "definition": "This metric measures the impact on integrity a successful exploit of the vulnerability will have on the target system.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "No impact on integrity." + "definition": "No impact on integrity." }, { "key": "P", "name": "Partial", - "description": "Considerable breach in integrity. Modification of critical system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is constrained. For example, key system or program files may be overwritten or modified, but at random or in a limited context or scope." + "definition": "Considerable breach in integrity. Modification of critical system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is constrained. For example, key system or program files may be overwritten or modified, but at random or in a limited context or scope." }, { "key": "C", "name": "Complete", - "description": "A total compromise of system integrity. There is a complete loss of system protection resulting in the entire system being compromised. The attacker has sovereign control to modify any system files." + "definition": "A total compromise of system integrity. There is a complete loss of system protection resulting in the entire system being compromised. The attacker has sovereign control to modify any system files." } ] } diff --git a/data/json/decision_points/cvss/integrity_impact_2_0_0.json b/data/json/decision_points/cvss/integrity_impact_2_0_0.json index 89dc794b..66923efa 100644 --- a/data/json/decision_points/cvss/integrity_impact_2_0_0.json +++ b/data/json/decision_points/cvss/integrity_impact_2_0_0.json @@ -3,23 +3,23 @@ "key": "I", "version": "2.0.0", "name": "Integrity Impact", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to the integrity of the system." + "definition": "There is no impact to the integrity of the system." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "definition": "There is a total loss of integrity, or a complete loss of protection." } ] } diff --git a/data/json/decision_points/cvss/integrity_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/integrity_impact_to_the_subsequent_system_1_0_0.json index 32c37517..b65690ba 100644 --- a/data/json/decision_points/cvss/integrity_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/integrity_impact_to_the_subsequent_system_1_0_0.json @@ -3,23 +3,23 @@ "key": "SI", "version": "1.0.0", "name": "Integrity Impact to the Subsequent System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "definition": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." } ] } diff --git a/data/json/decision_points/cvss/integrity_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/integrity_impact_to_the_vulnerable_system_3_0_0.json index 291d15b8..c8d16851 100644 --- a/data/json/decision_points/cvss/integrity_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/integrity_impact_to_the_vulnerable_system_3_0_0.json @@ -3,23 +3,23 @@ "key": "VI", "version": "3.0.0", "name": "Integrity Impact to the Vulnerable System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of integrity within the Vulnerable System." + "definition": "There is no loss of integrity within the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "definition": "There is a total loss of integrity, or a complete loss of protection." } ] } diff --git a/data/json/decision_points/cvss/integrity_requirement_1_0_0.json b/data/json/decision_points/cvss/integrity_requirement_1_0_0.json index e19b1609..903e6cd4 100644 --- a/data/json/decision_points/cvss/integrity_requirement_1_0_0.json +++ b/data/json/decision_points/cvss/integrity_requirement_1_0_0.json @@ -3,28 +3,28 @@ "key": "IR", "version": "1.0.0", "name": "Integrity Requirement", - "description": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "ND", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/integrity_requirement_1_1_0.json b/data/json/decision_points/cvss/integrity_requirement_1_1_0.json index 0eb8f298..80096996 100644 --- a/data/json/decision_points/cvss/integrity_requirement_1_1_0.json +++ b/data/json/decision_points/cvss/integrity_requirement_1_1_0.json @@ -3,28 +3,28 @@ "key": "IR", "version": "1.1.0", "name": "Integrity Requirement", - "description": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/integrity_requirement_1_1_1.json b/data/json/decision_points/cvss/integrity_requirement_1_1_1.json index a09b6123..95400381 100644 --- a/data/json/decision_points/cvss/integrity_requirement_1_1_1.json +++ b/data/json/decision_points/cvss/integrity_requirement_1_1_1.json @@ -3,28 +3,28 @@ "key": "IR", "version": "1.1.1", "name": "Integrity Requirement", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/integrity_requirement_without_not_defined__1_1_1.json b/data/json/decision_points/cvss/integrity_requirement_without_not_defined__1_1_1.json index 48563745..3abf6819 100644 --- a/data/json/decision_points/cvss/integrity_requirement_without_not_defined__1_1_1.json +++ b/data/json/decision_points/cvss/integrity_requirement_without_not_defined__1_1_1.json @@ -3,23 +3,23 @@ "key": "IR_NoX", "version": "1.1.1", "name": "Integrity Requirement (without Not Defined)", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } ] } diff --git a/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json b/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json index c71ee607..fb5b8d39 100644 --- a/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json +++ b/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json @@ -3,23 +3,23 @@ "key": "MAC", "version": "3.0.0", "name": "Modified Attack Complexity", - "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", + "definition": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "A successful attack depends on conditions beyond the attacker's control." + "definition": "A successful attack depends on conditions beyond the attacker's control." }, { "key": "L", "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." + "definition": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json b/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json index 20df5d53..dc7a0f6b 100644 --- a/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json +++ b/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json @@ -3,23 +3,23 @@ "key": "MAC", "version": "3.0.1", "name": "Modified Attack Complexity", - "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", + "definition": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + "definition": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." }, { "key": "L", "name": "Low", - "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + "definition": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json b/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json index 60ae3f61..8b650401 100644 --- a/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json +++ b/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json @@ -3,23 +3,23 @@ "key": "MAT", "version": "1.0.0", "name": "Modified Attack Requirements", - "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", + "definition": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Present", - "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + "definition": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." }, { "key": "N", "name": "None", - "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + "definition": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_attack_vector_3_0_0.json b/data/json/decision_points/cvss/modified_attack_vector_3_0_0.json index 20797e81..85e7dc16 100644 --- a/data/json/decision_points/cvss/modified_attack_vector_3_0_0.json +++ b/data/json/decision_points/cvss/modified_attack_vector_3_0_0.json @@ -3,33 +3,33 @@ "key": "MAV", "version": "3.0.0", "name": "Modified Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. ", + "definition": "This metric reflects the context by which vulnerability exploitation is possible. ", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Physical", - "description": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." + "definition": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." }, { "key": "L", "name": "Local", - "description": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." + "definition": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." }, { "key": "A", "name": "Adjacent", - "description": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + "definition": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." }, { "key": "N", "name": "Network", - "description": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." + "definition": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_attack_vector_3_0_1.json b/data/json/decision_points/cvss/modified_attack_vector_3_0_1.json index b7ffc2cf..88c8d267 100644 --- a/data/json/decision_points/cvss/modified_attack_vector_3_0_1.json +++ b/data/json/decision_points/cvss/modified_attack_vector_3_0_1.json @@ -3,33 +3,33 @@ "key": "MAV", "version": "3.0.1", "name": "Modified Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", + "definition": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Physical", - "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + "definition": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." }, { "key": "L", "name": "Local", - "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + "definition": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." }, { "key": "A", "name": "Adjacent", - "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + "definition": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." }, { "key": "N", "name": "Network", - "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + "definition": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_availability_impact_2_0_0.json b/data/json/decision_points/cvss/modified_availability_impact_2_0_0.json index 62dc1ba9..c5aa2298 100644 --- a/data/json/decision_points/cvss/modified_availability_impact_2_0_0.json +++ b/data/json/decision_points/cvss/modified_availability_impact_2_0_0.json @@ -3,28 +3,28 @@ "key": "MA", "version": "2.0.0", "name": "Modified Availability Impact", - "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to availability of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to the availability of the system." + "definition": "There is no impact to the availability of the system." }, { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability." + "definition": "There is reduced performance or interruptions in resource availability." }, { "key": "H", "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json index 69f0c877..101ad830 100644 --- a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json @@ -3,28 +3,28 @@ "key": "MSA", "version": "1.0.0", "name": "Modified Availability Impact to the Subsequent System", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", + "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "definition": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_1.json b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_1.json index 0d8de3f9..c22b366c 100644 --- a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_1.json +++ b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_1.json @@ -3,33 +3,33 @@ "key": "MSA", "version": "1.0.1", "name": "Modified Availability Impact to the Subsequent System", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", + "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "definition": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, { "key": "S", "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] } diff --git a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_without_not_defined__1_0_1.json b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_without_not_defined__1_0_1.json index 5230980a..ae06a2ae 100644 --- a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_without_not_defined__1_0_1.json +++ b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_without_not_defined__1_0_1.json @@ -3,28 +3,28 @@ "key": "MSA_NoX", "version": "1.0.1", "name": "Modified Availability Impact to the Subsequent System (without Not Defined)", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System. This version does not include the Not Defined (X) option.", + "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "definition": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, { "key": "S", "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] } diff --git a/data/json/decision_points/cvss/modified_availability_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/modified_availability_impact_to_the_vulnerable_system_3_0_0.json index 59d90019..5f0feecb 100644 --- a/data/json/decision_points/cvss/modified_availability_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/modified_availability_impact_to_the_vulnerable_system_3_0_0.json @@ -3,28 +3,28 @@ "key": "MVA", "version": "3.0.0", "name": "Modified Availability Impact to the Vulnerable System", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to availability within the Vulnerable System." + "definition": "There is no impact to availability within the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + "definition": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." }, { "key": "H", "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_confidentiality_impact_2_0_0.json b/data/json/decision_points/cvss/modified_confidentiality_impact_2_0_0.json index b202d8e6..ddf0beba 100644 --- a/data/json/decision_points/cvss/modified_confidentiality_impact_2_0_0.json +++ b/data/json/decision_points/cvss/modified_confidentiality_impact_2_0_0.json @@ -3,28 +3,28 @@ "key": "MC", "version": "2.0.0", "name": "Modified Confidentiality Impact", - "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "definition": "There is no loss of confidentiality within the impacted component." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, { "key": "H", "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json index f54dbe39..e201564b 100644 --- a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json @@ -3,28 +3,28 @@ "key": "MSC", "version": "1.0.0", "name": "Modified Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "definition": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_1.json b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_1.json index 591b0d95..31fa1d8d 100644 --- a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_1.json +++ b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_1.json @@ -3,28 +3,28 @@ "key": "MSC", "version": "1.0.1", "name": "Modified Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "definition": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_vulnerable_system_3_0_0.json index 85ae8d10..425d4f03 100644 --- a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_vulnerable_system_3_0_0.json @@ -3,28 +3,28 @@ "key": "MVC", "version": "3.0.0", "name": "Modified Confidentiality Impact to the Vulnerable System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "definition": "There is no loss of confidentiality within the impacted component." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, { "key": "H", "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_integrity_impact_2_0_0.json b/data/json/decision_points/cvss/modified_integrity_impact_2_0_0.json index deef28d3..fbf2eeae 100644 --- a/data/json/decision_points/cvss/modified_integrity_impact_2_0_0.json +++ b/data/json/decision_points/cvss/modified_integrity_impact_2_0_0.json @@ -3,28 +3,28 @@ "key": "MI", "version": "2.0.0", "name": "Modified Integrity Impact", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to the integrity of the system." + "definition": "There is no impact to the integrity of the system." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "definition": "There is a total loss of integrity, or a complete loss of protection." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json index 7f159510..754befa2 100644 --- a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json @@ -3,28 +3,28 @@ "key": "MSI", "version": "1.0.0", "name": "Modified Integrity Impact to the Subsequent System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "definition": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_1.json b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_1.json index 448c1035..a116751d 100644 --- a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_1.json +++ b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_1.json @@ -3,33 +3,33 @@ "key": "MSI", "version": "1.0.1", "name": "Modified Integrity Impact to the Subsequent System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "definition": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, { "key": "S", "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] } diff --git a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_without_not_defined__1_0_1.json b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_without_not_defined__1_0_1.json index 1af512ba..92495703 100644 --- a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_without_not_defined__1_0_1.json +++ b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_without_not_defined__1_0_1.json @@ -3,28 +3,28 @@ "key": "MSI_NoX", "version": "1.0.1", "name": "Modified Integrity Impact to the Subsequent System (without Not Defined)", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest. This version does not include the Not Defined (X) option.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "definition": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." }, { "key": "S", "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] } diff --git a/data/json/decision_points/cvss/modified_integrity_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/modified_integrity_impact_to_the_vulnerable_system_3_0_0.json index 4cdf393a..7964a614 100644 --- a/data/json/decision_points/cvss/modified_integrity_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/modified_integrity_impact_to_the_vulnerable_system_3_0_0.json @@ -3,28 +3,28 @@ "key": "MVI", "version": "3.0.0", "name": "Modified Integrity Impact to the Vulnerable System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of integrity within the Vulnerable System." + "definition": "There is no loss of integrity within the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "definition": "There is a total loss of integrity, or a complete loss of protection." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_privileges_required_1_0_0.json b/data/json/decision_points/cvss/modified_privileges_required_1_0_0.json index e7242d88..a88ee9f5 100644 --- a/data/json/decision_points/cvss/modified_privileges_required_1_0_0.json +++ b/data/json/decision_points/cvss/modified_privileges_required_1_0_0.json @@ -3,28 +3,28 @@ "key": "MPR", "version": "1.0.0", "name": "Modified Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", + "definition": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." + "definition": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." }, { "key": "L", "name": "Low", - "description": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." + "definition": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." }, { "key": "N", "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_privileges_required_1_0_1.json b/data/json/decision_points/cvss/modified_privileges_required_1_0_1.json index 8f693d5a..0e4a54c8 100644 --- a/data/json/decision_points/cvss/modified_privileges_required_1_0_1.json +++ b/data/json/decision_points/cvss/modified_privileges_required_1_0_1.json @@ -3,28 +3,28 @@ "key": "MPR", "version": "1.0.1", "name": "Modified Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", + "definition": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + "definition": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." }, { "key": "L", "name": "Low", - "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + "definition": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." }, { "key": "N", "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_scope_1_0_0.json b/data/json/decision_points/cvss/modified_scope_1_0_0.json index 15685974..ca81fdd3 100644 --- a/data/json/decision_points/cvss/modified_scope_1_0_0.json +++ b/data/json/decision_points/cvss/modified_scope_1_0_0.json @@ -3,23 +3,23 @@ "key": "MS", "version": "1.0.0", "name": "Modified Scope", - "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", + "definition": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", "schemaVersion": "2.0.0", "values": [ { "key": "U", "name": "Unchanged", - "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + "definition": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." }, { "key": "C", "name": "Changed", - "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + "definition": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_user_interaction_1_0_0.json b/data/json/decision_points/cvss/modified_user_interaction_1_0_0.json index 61eaea70..87d17ac2 100644 --- a/data/json/decision_points/cvss/modified_user_interaction_1_0_0.json +++ b/data/json/decision_points/cvss/modified_user_interaction_1_0_0.json @@ -3,23 +3,23 @@ "key": "MUI", "version": "1.0.0", "name": "Modified User Interaction", - "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", + "definition": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", "schemaVersion": "2.0.0", "values": [ { "key": "R", "name": "Required", - "description": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + "definition": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." }, { "key": "N", "name": "None", - "description": "The vulnerable system can be exploited without interaction from any user." + "definition": "The vulnerable system can be exploited without interaction from any user." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/modified_user_interaction_2_0_0.json b/data/json/decision_points/cvss/modified_user_interaction_2_0_0.json index 826233f7..e2964a66 100644 --- a/data/json/decision_points/cvss/modified_user_interaction_2_0_0.json +++ b/data/json/decision_points/cvss/modified_user_interaction_2_0_0.json @@ -3,28 +3,28 @@ "key": "MUI", "version": "2.0.0", "name": "Modified User Interaction", - "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", + "definition": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "schemaVersion": "2.0.0", "values": [ { "key": "A", "name": "Active", - "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + "definition": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." }, { "key": "P", "name": "Passive", - "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + "definition": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." }, { "key": "N", "name": "None", - "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + "definition": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/privileges_required_1_0_0.json b/data/json/decision_points/cvss/privileges_required_1_0_0.json index a4134d43..1916bf3a 100644 --- a/data/json/decision_points/cvss/privileges_required_1_0_0.json +++ b/data/json/decision_points/cvss/privileges_required_1_0_0.json @@ -3,23 +3,23 @@ "key": "PR", "version": "1.0.0", "name": "Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", + "definition": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." + "definition": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." }, { "key": "L", "name": "Low", - "description": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." + "definition": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." }, { "key": "N", "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." } ] } diff --git a/data/json/decision_points/cvss/privileges_required_1_0_1.json b/data/json/decision_points/cvss/privileges_required_1_0_1.json index c74a9b3c..0674b8e2 100644 --- a/data/json/decision_points/cvss/privileges_required_1_0_1.json +++ b/data/json/decision_points/cvss/privileges_required_1_0_1.json @@ -3,23 +3,23 @@ "key": "PR", "version": "1.0.1", "name": "Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", + "definition": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + "definition": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." }, { "key": "L", "name": "Low", - "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + "definition": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." }, { "key": "N", "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." } ] } diff --git a/data/json/decision_points/cvss/provider_urgency_1_0_0.json b/data/json/decision_points/cvss/provider_urgency_1_0_0.json index f3db62ce..902c7d71 100644 --- a/data/json/decision_points/cvss/provider_urgency_1_0_0.json +++ b/data/json/decision_points/cvss/provider_urgency_1_0_0.json @@ -3,33 +3,33 @@ "key": "U", "version": "1.0.0", "name": "Provider Urgency", - "description": "Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional \"pass-through\" Supplemental Metric called Provider Urgency is available.", + "definition": "Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional \"pass-through\" Supplemental Metric called Provider Urgency is available.", "schemaVersion": "2.0.0", "values": [ { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, { "key": "C", "name": "Clear", - "description": "Provider has assessed the impact of this vulnerability as having no urgency (Informational)." + "definition": "Provider has assessed the impact of this vulnerability as having no urgency (Informational)." }, { "key": "G", "name": "Green", - "description": "Provider has assessed the impact of this vulnerability as having a reduced urgency." + "definition": "Provider has assessed the impact of this vulnerability as having a reduced urgency." }, { "key": "A", "name": "Amber", - "description": "Provider has assessed the impact of this vulnerability as having a moderate urgency." + "definition": "Provider has assessed the impact of this vulnerability as having a moderate urgency." }, { "key": "R", "name": "Red", - "description": "Provider has assessed the impact of this vulnerability as having the highest urgency." + "definition": "Provider has assessed the impact of this vulnerability as having the highest urgency." } ] } diff --git a/data/json/decision_points/cvss/recovery_1_0_0.json b/data/json/decision_points/cvss/recovery_1_0_0.json index 42f1c7c1..31fd5b62 100644 --- a/data/json/decision_points/cvss/recovery_1_0_0.json +++ b/data/json/decision_points/cvss/recovery_1_0_0.json @@ -3,28 +3,28 @@ "key": "R", "version": "1.0.0", "name": "Recovery", - "description": "The Recovery metric describes the resilience of a system to recover services, in terms of performance and availability, after an attack has been performed.", + "definition": "The Recovery metric describes the resilience of a system to recover services, in terms of performance and availability, after an attack has been performed.", "schemaVersion": "2.0.0", "values": [ { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, { "key": "A", "name": "Automatic", - "description": "The system recovers services automatically after an attack has been performed." + "definition": "The system recovers services automatically after an attack has been performed." }, { "key": "U", "name": "User", - "description": "The system requires manual intervention by the user to recover services, after an attack has been performed." + "definition": "The system requires manual intervention by the user to recover services, after an attack has been performed." }, { "key": "I", "name": "Irrecoverable", - "description": "The system services are irrecoverable by the user, after an attack has been performed." + "definition": "The system services are irrecoverable by the user, after an attack has been performed." } ] } diff --git a/data/json/decision_points/cvss/remediation_level_1_0_0.json b/data/json/decision_points/cvss/remediation_level_1_0_0.json index 7f440814..7210259e 100644 --- a/data/json/decision_points/cvss/remediation_level_1_0_0.json +++ b/data/json/decision_points/cvss/remediation_level_1_0_0.json @@ -3,28 +3,28 @@ "key": "RL", "version": "1.0.0", "name": "Remediation Level", - "description": "This metric measures the remediation status of a vulnerability.", + "definition": "This metric measures the remediation status of a vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "OF", "name": "Official Fix", - "description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." + "definition": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." }, { "key": "TF", "name": "Temporary Fix", - "description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + "definition": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." }, { "key": "W", "name": "Workaround", - "description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + "definition": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." }, { "key": "U", "name": "Unavailable", - "description": "There is either no solution available or it is impossible to apply." + "definition": "There is either no solution available or it is impossible to apply." } ] } diff --git a/data/json/decision_points/cvss/remediation_level_1_1_0.json b/data/json/decision_points/cvss/remediation_level_1_1_0.json index 0b33e7c2..81216ea5 100644 --- a/data/json/decision_points/cvss/remediation_level_1_1_0.json +++ b/data/json/decision_points/cvss/remediation_level_1_1_0.json @@ -3,33 +3,33 @@ "key": "RL", "version": "1.1.0", "name": "Remediation Level", - "description": "This metric measures the remediation status of a vulnerability.", + "definition": "This metric measures the remediation status of a vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "OF", "name": "Official Fix", - "description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." + "definition": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." }, { "key": "TF", "name": "Temporary Fix", - "description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + "definition": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." }, { "key": "W", "name": "Workaround", - "description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + "definition": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." }, { "key": "U", "name": "Unavailable", - "description": "There is either no solution available or it is impossible to apply." + "definition": "There is either no solution available or it is impossible to apply." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/report_confidence_1_0_0.json b/data/json/decision_points/cvss/report_confidence_1_0_0.json index 2d9489bb..5df2b995 100644 --- a/data/json/decision_points/cvss/report_confidence_1_0_0.json +++ b/data/json/decision_points/cvss/report_confidence_1_0_0.json @@ -3,23 +3,23 @@ "key": "RC", "version": "1.0.0", "name": "Report Confidence", - "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", + "definition": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "schemaVersion": "2.0.0", "values": [ { "key": "UC", "name": "Unconfirmed", - "description": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." + "definition": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." }, { "key": "UR", "name": "Uncorroborated", - "description": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + "definition": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." }, { "key": "C", "name": "Confirmed", - "description": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." + "definition": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." } ] } diff --git a/data/json/decision_points/cvss/report_confidence_1_1_0.json b/data/json/decision_points/cvss/report_confidence_1_1_0.json index ccbd5185..e817cb30 100644 --- a/data/json/decision_points/cvss/report_confidence_1_1_0.json +++ b/data/json/decision_points/cvss/report_confidence_1_1_0.json @@ -3,28 +3,28 @@ "key": "RC", "version": "1.1.0", "name": "Report Confidence", - "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", + "definition": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "schemaVersion": "2.0.0", "values": [ { "key": "UC", "name": "Unconfirmed", - "description": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." + "definition": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." }, { "key": "UR", "name": "Uncorroborated", - "description": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + "definition": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." }, { "key": "C", "name": "Confirmed", - "description": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." + "definition": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." }, { "key": "ND", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/report_confidence_2_0_0.json b/data/json/decision_points/cvss/report_confidence_2_0_0.json index 2d1a51b8..50efb8f1 100644 --- a/data/json/decision_points/cvss/report_confidence_2_0_0.json +++ b/data/json/decision_points/cvss/report_confidence_2_0_0.json @@ -3,28 +3,28 @@ "key": "RC", "version": "2.0.0", "name": "Report Confidence", - "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", + "definition": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "schemaVersion": "2.0.0", "values": [ { "key": "U", "name": "Unknown", - "description": "There are reports of impacts that indicate a vulnerability is present. The reports indicate that the cause of the vulnerability is unknown, or reports may differ on the cause or impacts of the vulnerability. Reporters are uncertain of the true nature of the vulnerability, and there is little confidence in the validity of the reports or whether a static Base score can be applied given the differences described." + "definition": "There are reports of impacts that indicate a vulnerability is present. The reports indicate that the cause of the vulnerability is unknown, or reports may differ on the cause or impacts of the vulnerability. Reporters are uncertain of the true nature of the vulnerability, and there is little confidence in the validity of the reports or whether a static Base score can be applied given the differences described." }, { "key": "R", "name": "Reasonable", - "description": "Significant details are published, but researchers either do not have full confidence in the root cause, or do not have access to source code to fully confirm all of the interactions that may lead to the result. Reasonable confidence exists, however, that the bug is reproducible and at least one impact is able to be verified (proof-of-concept exploits may provide this)." + "definition": "Significant details are published, but researchers either do not have full confidence in the root cause, or do not have access to source code to fully confirm all of the interactions that may lead to the result. Reasonable confidence exists, however, that the bug is reproducible and at least one impact is able to be verified (proof-of-concept exploits may provide this)." }, { "key": "C", "name": "Confirmed", - "description": "Detailed reports exist, or functional reproduction is possible (functional exploits may provide this). Source code is available to independently verify the assertions of the research, or the author or vendor of the affected code has confirmed the presence of the vulnerability." + "definition": "Detailed reports exist, or functional reproduction is possible (functional exploits may provide this). Source code is available to independently verify the assertions of the research, or the author or vendor of the affected code has confirmed the presence of the vulnerability." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/safety_1_0_0.json b/data/json/decision_points/cvss/safety_1_0_0.json index 06ff99ce..3f9ea913 100644 --- a/data/json/decision_points/cvss/safety_1_0_0.json +++ b/data/json/decision_points/cvss/safety_1_0_0.json @@ -3,23 +3,23 @@ "key": "SF", "version": "1.0.0", "name": "Safety", - "description": "The Safety decision point is a measure of the potential for harm to humans or the environment.", + "definition": "The Safety decision point is a measure of the potential for harm to humans or the environment.", "schemaVersion": "2.0.0", "values": [ { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, { "key": "P", "name": "Present", - "description": "Consequences of the vulnerability meet definition of IEC 61508 consequence categories of \"marginal,\" \"critical,\" or \"catastrophic.\"" + "definition": "Consequences of the vulnerability meet definition of IEC 61508 consequence categories of \"marginal,\" \"critical,\" or \"catastrophic.\"" }, { "key": "N", "name": "Negligible", - "description": "Consequences of the vulnerability meet definition of IEC 61508 consequence category \"negligible.\"" + "definition": "Consequences of the vulnerability meet definition of IEC 61508 consequence category \"negligible.\"" } ] } diff --git a/data/json/decision_points/cvss/scope_1_0_0.json b/data/json/decision_points/cvss/scope_1_0_0.json index f0f8e16b..813c4365 100644 --- a/data/json/decision_points/cvss/scope_1_0_0.json +++ b/data/json/decision_points/cvss/scope_1_0_0.json @@ -3,18 +3,18 @@ "key": "S", "version": "1.0.0", "name": "Scope", - "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", + "definition": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", "schemaVersion": "2.0.0", "values": [ { "key": "U", "name": "Unchanged", - "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + "definition": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." }, { "key": "C", "name": "Changed", - "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + "definition": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." } ] } diff --git a/data/json/decision_points/cvss/target_distribution_1_0_0.json b/data/json/decision_points/cvss/target_distribution_1_0_0.json index f9c3e3c8..c6b7e412 100644 --- a/data/json/decision_points/cvss/target_distribution_1_0_0.json +++ b/data/json/decision_points/cvss/target_distribution_1_0_0.json @@ -3,28 +3,28 @@ "key": "TD", "version": "1.0.0", "name": "Target Distribution", - "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", + "definition": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." + "definition": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." }, { "key": "L", "name": "Low", - "description": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + "definition": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." }, { "key": "M", "name": "Medium", - "description": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + "definition": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." }, { "key": "H", "name": "High", - "description": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + "definition": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." } ] } diff --git a/data/json/decision_points/cvss/target_distribution_1_1_0.json b/data/json/decision_points/cvss/target_distribution_1_1_0.json index 820c76c5..90af4d1d 100644 --- a/data/json/decision_points/cvss/target_distribution_1_1_0.json +++ b/data/json/decision_points/cvss/target_distribution_1_1_0.json @@ -3,33 +3,33 @@ "key": "TD", "version": "1.1.0", "name": "Target Distribution", - "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", + "definition": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." + "definition": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." }, { "key": "L", "name": "Low", - "description": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + "definition": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." }, { "key": "M", "name": "Medium", - "description": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + "definition": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." }, { "key": "H", "name": "High", - "description": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + "definition": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] } diff --git a/data/json/decision_points/cvss/user_interaction_1_0_0.json b/data/json/decision_points/cvss/user_interaction_1_0_0.json index 9e99caf3..de29297c 100644 --- a/data/json/decision_points/cvss/user_interaction_1_0_0.json +++ b/data/json/decision_points/cvss/user_interaction_1_0_0.json @@ -3,18 +3,18 @@ "key": "UI", "version": "1.0.0", "name": "User Interaction", - "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", + "definition": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", "schemaVersion": "2.0.0", "values": [ { "key": "R", "name": "Required", - "description": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + "definition": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." }, { "key": "N", "name": "None", - "description": "The vulnerable system can be exploited without interaction from any user." + "definition": "The vulnerable system can be exploited without interaction from any user." } ] } diff --git a/data/json/decision_points/cvss/user_interaction_2_0_0.json b/data/json/decision_points/cvss/user_interaction_2_0_0.json index fff2dc8b..4bc2c5f6 100644 --- a/data/json/decision_points/cvss/user_interaction_2_0_0.json +++ b/data/json/decision_points/cvss/user_interaction_2_0_0.json @@ -3,23 +3,23 @@ "key": "UI", "version": "2.0.0", "name": "User Interaction", - "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", + "definition": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "schemaVersion": "2.0.0", "values": [ { "key": "A", "name": "Active", - "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + "definition": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." }, { "key": "P", "name": "Passive", - "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + "definition": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." }, { "key": "N", "name": "None", - "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + "definition": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." } ] } diff --git a/data/json/decision_points/cvss/value_density_1_0_0.json b/data/json/decision_points/cvss/value_density_1_0_0.json index 6a09e1e2..1edffbd0 100644 --- a/data/json/decision_points/cvss/value_density_1_0_0.json +++ b/data/json/decision_points/cvss/value_density_1_0_0.json @@ -3,23 +3,23 @@ "key": "V", "version": "1.0.0", "name": "Value Density", - "description": "Value Density describes the resources that the attacker will gain control over with a single exploitation event. It has two possible values, diffuse and concentrated.", + "definition": "Value Density describes the resources that the attacker will gain control over with a single exploitation event. It has two possible values, diffuse and concentrated.", "schemaVersion": "2.0.0", "values": [ { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, { "key": "D", "name": "Diffuse", - "description": "The vulnerable system has limited resources. That is, the resources that the attacker will gain control over with a single exploitation event are relatively small." + "definition": "The vulnerable system has limited resources. That is, the resources that the attacker will gain control over with a single exploitation event are relatively small." }, { "key": "C", "name": "Concentrated", - "description": "The vulnerable system is rich in resources. Heuristically, such systems are often the direct responsibility of \"system operators\" rather than users." + "definition": "The vulnerable system is rich in resources. Heuristically, such systems are often the direct responsibility of \"system operators\" rather than users." } ] } diff --git a/data/json/decision_points/cvss/vulnerability_response_effort_1_0_0.json b/data/json/decision_points/cvss/vulnerability_response_effort_1_0_0.json index 12b26541..be0cb7ca 100644 --- a/data/json/decision_points/cvss/vulnerability_response_effort_1_0_0.json +++ b/data/json/decision_points/cvss/vulnerability_response_effort_1_0_0.json @@ -3,28 +3,28 @@ "key": "RE", "version": "1.0.0", "name": "Vulnerability Response Effort", - "description": "The intention of the Vulnerability Response Effort metric is to provide supplemental information on how difficult it is for consumers to provide an initial response to the impact of vulnerabilities for deployed products and services in their infrastructure. The consumer can then take this additional information on effort required into consideration when applying mitigations and/or scheduling remediation.", + "definition": "The intention of the Vulnerability Response Effort metric is to provide supplemental information on how difficult it is for consumers to provide an initial response to the impact of vulnerabilities for deployed products and services in their infrastructure. The consumer can then take this additional information on effort required into consideration when applying mitigations and/or scheduling remediation.", "schemaVersion": "2.0.0", "values": [ { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, { "key": "L", "name": "Low", - "description": "The effort required to respond to a vulnerability is low/trivial." + "definition": "The effort required to respond to a vulnerability is low/trivial." }, { "key": "M", "name": "Moderate", - "description": "The actions required to respond to a vulnerability require some effort on behalf of the consumer and could cause minimal service impact to implement." + "definition": "The actions required to respond to a vulnerability require some effort on behalf of the consumer and could cause minimal service impact to implement." }, { "key": "H", "name": "High", - "description": "The actions required to respond to a vulnerability are significant and/or difficult, and may possibly lead to an extended, scheduled service impact. This would need to be considered for scheduling purposes including honoring any embargo on deployment of the selected response. Alternatively, response to the vulnerability in the field is not possible remotely. The only resolution to the vulnerability involves physical replacement (e.g. units deployed would have to be recalled for a depot level repair or replacement)." + "definition": "The actions required to respond to a vulnerability are significant and/or difficult, and may possibly lead to an extended, scheduled service impact. This would need to be considered for scheduling purposes including honoring any embargo on deployment of the selected response. Alternatively, response to the vulnerability in the field is not possible remotely. The only resolution to the vulnerability involves physical replacement (e.g. units deployed would have to be recalled for a depot level repair or replacement)." } ] } diff --git a/data/json/decision_points/ssvc/automatable_2_0_0.json b/data/json/decision_points/ssvc/automatable_2_0_0.json index 874297d0..858c79c0 100644 --- a/data/json/decision_points/ssvc/automatable_2_0_0.json +++ b/data/json/decision_points/ssvc/automatable_2_0_0.json @@ -3,18 +3,18 @@ "key": "A", "version": "2.0.0", "name": "Automatable", - "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "definition": "Can an attacker reliably automate creating exploitation events for this vulnerability?", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + "definition": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." }, { "key": "Y", "name": "Yes", - "description": "Attackers can reliably automate steps 1-4 of the kill chain." + "definition": "Attackers can reliably automate steps 1-4 of the kill chain." } ] } diff --git a/data/json/decision_points/ssvc/critical_software_1_0_0.json b/data/json/decision_points/ssvc/critical_software_1_0_0.json index 1373b380..7a3867f7 100644 --- a/data/json/decision_points/ssvc/critical_software_1_0_0.json +++ b/data/json/decision_points/ssvc/critical_software_1_0_0.json @@ -3,18 +3,18 @@ "key": "CS", "version": "1.0.0", "name": "Critical Software", - "description": "Denotes whether a system meets a critical software definition.", + "definition": "Denotes whether a system meets a critical software definition.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "System does not meet a critical software definition." + "definition": "System does not meet a critical software definition." }, { "key": "Y", "name": "Yes", - "description": "System meets a critical software definition." + "definition": "System meets a critical software definition." } ] } diff --git a/data/json/decision_points/ssvc/decline_track_coordinate_1_0_0.json b/data/json/decision_points/ssvc/decline_track_coordinate_1_0_0.json index 87e7fa38..5457a1d9 100644 --- a/data/json/decision_points/ssvc/decline_track_coordinate_1_0_0.json +++ b/data/json/decision_points/ssvc/decline_track_coordinate_1_0_0.json @@ -3,23 +3,23 @@ "key": "COORDINATE", "version": "1.0.0", "name": "Decline, Track, Coordinate", - "description": "The coordinate outcome group.", + "definition": "The coordinate outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Decline", - "description": "Decline" + "definition": "Decline" }, { "key": "T", "name": "Track", - "description": "Track" + "definition": "Track" }, { "key": "C", "name": "Coordinate", - "description": "Coordinate" + "definition": "Coordinate" } ] } diff --git a/data/json/decision_points/ssvc/decline_track_coordinate_1_0_1.json b/data/json/decision_points/ssvc/decline_track_coordinate_1_0_1.json index ff53fc5d..3a4041cb 100644 --- a/data/json/decision_points/ssvc/decline_track_coordinate_1_0_1.json +++ b/data/json/decision_points/ssvc/decline_track_coordinate_1_0_1.json @@ -3,23 +3,23 @@ "key": "COORDINATE", "version": "1.0.1", "name": "Decline, Track, Coordinate", - "description": "The coordinate outcome group.", + "definition": "The coordinate outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Decline", - "description": "Do not act on the report." + "definition": "Do not act on the report." }, { "key": "T", "name": "Track", - "description": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." + "definition": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." }, { "key": "C", "name": "Coordinate", - "description": "Take action on the report." + "definition": "Take action on the report." } ] } diff --git a/data/json/decision_points/ssvc/defer_scheduled_out_of_cycle_immediate_1_0_0.json b/data/json/decision_points/ssvc/defer_scheduled_out_of_cycle_immediate_1_0_0.json index 49a60a1f..98b78916 100644 --- a/data/json/decision_points/ssvc/defer_scheduled_out_of_cycle_immediate_1_0_0.json +++ b/data/json/decision_points/ssvc/defer_scheduled_out_of_cycle_immediate_1_0_0.json @@ -3,28 +3,28 @@ "key": "DSOI", "version": "1.0.0", "name": "Defer, Scheduled, Out-of-Cycle, Immediate", - "description": "The original SSVC outcome group.", + "definition": "The original SSVC outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Defer", - "description": "Defer" + "definition": "Defer" }, { "key": "S", "name": "Scheduled", - "description": "Scheduled" + "definition": "Scheduled" }, { "key": "O", "name": "Out-of-Cycle", - "description": "Out-of-Cycle" + "definition": "Out-of-Cycle" }, { "key": "I", "name": "Immediate", - "description": "Immediate" + "definition": "Immediate" } ] } diff --git a/data/json/decision_points/ssvc/exploitation_1_0_0.json b/data/json/decision_points/ssvc/exploitation_1_0_0.json index 3fd20507..bdae60b9 100644 --- a/data/json/decision_points/ssvc/exploitation_1_0_0.json +++ b/data/json/decision_points/ssvc/exploitation_1_0_0.json @@ -3,23 +3,23 @@ "key": "E", "version": "1.0.0", "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", + "definition": "The present state of exploitation of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, { "key": "P", "name": "PoC", - "description": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation." + "definition": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation." }, { "key": "A", "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } ] } diff --git a/data/json/decision_points/ssvc/exploitation_1_1_0.json b/data/json/decision_points/ssvc/exploitation_1_1_0.json index dbd8670f..d1eb2fb9 100644 --- a/data/json/decision_points/ssvc/exploitation_1_1_0.json +++ b/data/json/decision_points/ssvc/exploitation_1_1_0.json @@ -3,23 +3,23 @@ "key": "E", "version": "1.1.0", "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", + "definition": "The present state of exploitation of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, { "key": "P", "name": "Public PoC", - "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + "definition": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." }, { "key": "A", "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } ] } diff --git a/data/json/decision_points/ssvc/high_value_asset_1_0_0.json b/data/json/decision_points/ssvc/high_value_asset_1_0_0.json index 610e3006..f12e832e 100644 --- a/data/json/decision_points/ssvc/high_value_asset_1_0_0.json +++ b/data/json/decision_points/ssvc/high_value_asset_1_0_0.json @@ -3,18 +3,18 @@ "key": "HVA", "version": "1.0.0", "name": "High Value Asset", - "description": "Denotes whether a system meets a high value asset definition.", + "definition": "Denotes whether a system meets a high value asset definition.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "System does not meet a high value asset definition." + "definition": "System does not meet a high value asset definition." }, { "key": "Y", "name": "Yes", - "description": "System meets a high value asset definition." + "definition": "System meets a high value asset definition." } ] } diff --git a/data/json/decision_points/ssvc/human_impact_2_0_0.json b/data/json/decision_points/ssvc/human_impact_2_0_0.json index 10f837dc..9d24b932 100644 --- a/data/json/decision_points/ssvc/human_impact_2_0_0.json +++ b/data/json/decision_points/ssvc/human_impact_2_0_0.json @@ -3,28 +3,28 @@ "key": "HI", "version": "2.0.0", "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", + "definition": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)" + "definition": "Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)" }, { "key": "M", "name": "Medium", - "description": "(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))" + "definition": "(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))" }, { "key": "H", "name": "High", - "description": "(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)" + "definition": "(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)" }, { "key": "VH", "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } ] } diff --git a/data/json/decision_points/ssvc/human_impact_2_0_1.json b/data/json/decision_points/ssvc/human_impact_2_0_1.json index 80224c2f..58f11f8c 100644 --- a/data/json/decision_points/ssvc/human_impact_2_0_1.json +++ b/data/json/decision_points/ssvc/human_impact_2_0_1.json @@ -3,28 +3,28 @@ "key": "HI", "version": "2.0.1", "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", + "definition": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + "definition": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" }, { "key": "M", "name": "Medium", - "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" }, { "key": "H", "name": "High", - "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + "definition": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" }, { "key": "VH", "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } ] } diff --git a/data/json/decision_points/ssvc/human_impact_2_0_2.json b/data/json/decision_points/ssvc/human_impact_2_0_2.json index f6164b6b..ab777d65 100644 --- a/data/json/decision_points/ssvc/human_impact_2_0_2.json +++ b/data/json/decision_points/ssvc/human_impact_2_0_2.json @@ -3,28 +3,28 @@ "key": "HI", "version": "2.0.2", "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", + "definition": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" + "definition": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" }, { "key": "M", "name": "Medium", - "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" + "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" }, { "key": "H", "name": "High", - "description": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + "definition": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" }, { "key": "VH", "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } ] } diff --git a/data/json/decision_points/ssvc/mission_and_well_being_impact_1_0_0.json b/data/json/decision_points/ssvc/mission_and_well_being_impact_1_0_0.json index ec9a3b92..1ac6533d 100644 --- a/data/json/decision_points/ssvc/mission_and_well_being_impact_1_0_0.json +++ b/data/json/decision_points/ssvc/mission_and_well_being_impact_1_0_0.json @@ -3,23 +3,23 @@ "key": "MWI", "version": "1.0.0", "name": "Mission and Well-Being Impact", - "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", + "definition": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" + "definition": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" }, { "key": "M", "name": "Medium", - "description": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" + "definition": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" }, { "key": "H", "name": "High", - "description": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" + "definition": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" } ] } diff --git a/data/json/decision_points/ssvc/mission_impact_1_0_0.json b/data/json/decision_points/ssvc/mission_impact_1_0_0.json index 3d5b93d5..76f496f7 100644 --- a/data/json/decision_points/ssvc/mission_impact_1_0_0.json +++ b/data/json/decision_points/ssvc/mission_impact_1_0_0.json @@ -3,33 +3,33 @@ "key": "MI", "version": "1.0.0", "name": "Mission Impact", - "description": "Impact on Mission Essential Functions of the Organization", + "definition": "Impact on Mission Essential Functions of the Organization", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "Little to no impact" + "definition": "Little to no impact" }, { "key": "NED", "name": "Non-Essential Degraded", - "description": "Degradation of non-essential functions; chronic degradation would eventually harm essential functions" + "definition": "Degradation of non-essential functions; chronic degradation would eventually harm essential functions" }, { "key": "MSC", "name": "MEF Support Crippled", - "description": "Activities that directly support essential functions are crippled; essential functions continue for a time" + "definition": "Activities that directly support essential functions are crippled; essential functions continue for a time" }, { "key": "MEF", "name": "MEF Failure", - "description": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + "definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" }, { "key": "MF", "name": "Mission Failure", - "description": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + "definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" } ] } diff --git a/data/json/decision_points/ssvc/mission_impact_2_0_0.json b/data/json/decision_points/ssvc/mission_impact_2_0_0.json index 527b8201..3822302a 100644 --- a/data/json/decision_points/ssvc/mission_impact_2_0_0.json +++ b/data/json/decision_points/ssvc/mission_impact_2_0_0.json @@ -3,28 +3,28 @@ "key": "MI", "version": "2.0.0", "name": "Mission Impact", - "description": "Impact on Mission Essential Functions of the Organization", + "definition": "Impact on Mission Essential Functions of the Organization", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Degraded", - "description": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" + "definition": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" }, { "key": "MSC", "name": "MEF Support Crippled", - "description": "Activities that directly support essential functions are crippled; essential functions continue for a time" + "definition": "Activities that directly support essential functions are crippled; essential functions continue for a time" }, { "key": "MEF", "name": "MEF Failure", - "description": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + "definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" }, { "key": "MF", "name": "Mission Failure", - "description": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + "definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" } ] } diff --git a/data/json/decision_points/ssvc/public_safety_impact_2_0_0.json b/data/json/decision_points/ssvc/public_safety_impact_2_0_0.json index 6730bfdf..2cfcf18c 100644 --- a/data/json/decision_points/ssvc/public_safety_impact_2_0_0.json +++ b/data/json/decision_points/ssvc/public_safety_impact_2_0_0.json @@ -3,18 +3,18 @@ "key": "PSI", "version": "2.0.0", "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", + "definition": "A coarse-grained representation of impact to public safety.", "schemaVersion": "2.0.0", "values": [ { "key": "M", "name": "Minimal", - "description": "Safety Impact:(None OR Minor)" + "definition": "Safety Impact:(None OR Minor)" }, { "key": "S", "name": "Significant", - "description": "Safety Impact:(Major OR Hazardous OR Catastrophic)" + "definition": "Safety Impact:(Major OR Hazardous OR Catastrophic)" } ] } diff --git a/data/json/decision_points/ssvc/public_safety_impact_2_0_1.json b/data/json/decision_points/ssvc/public_safety_impact_2_0_1.json index 729bed14..a8e96eb6 100644 --- a/data/json/decision_points/ssvc/public_safety_impact_2_0_1.json +++ b/data/json/decision_points/ssvc/public_safety_impact_2_0_1.json @@ -3,18 +3,18 @@ "key": "PSI", "version": "2.0.1", "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", + "definition": "A coarse-grained representation of impact to public safety.", "schemaVersion": "2.0.0", "values": [ { "key": "M", "name": "Minimal", - "description": "Safety Impact:Negligible" + "definition": "Safety Impact:Negligible" }, { "key": "S", "name": "Significant", - "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + "definition": "Safety Impact:(Marginal OR Critical OR Catastrophic)" } ] } diff --git a/data/json/decision_points/ssvc/public_value_added_1_0_0.json b/data/json/decision_points/ssvc/public_value_added_1_0_0.json index c1f2f7b7..33759d6c 100644 --- a/data/json/decision_points/ssvc/public_value_added_1_0_0.json +++ b/data/json/decision_points/ssvc/public_value_added_1_0_0.json @@ -3,23 +3,23 @@ "key": "PVA", "version": "1.0.0", "name": "Public Value Added", - "description": "How much value would a publication from the coordinator benefit the broader community?", + "definition": "How much value would a publication from the coordinator benefit the broader community?", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Limited", - "description": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." + "definition": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." }, { "key": "A", "name": "Ampliative", - "description": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." + "definition": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." }, { "key": "P", "name": "Precedence", - "description": "The publication would be the first publicly available, or be coincident with the first publicly available." + "definition": "The publication would be the first publicly available, or be coincident with the first publicly available." } ] } diff --git a/data/json/decision_points/ssvc/public_well_being_impact_1_1_0.json b/data/json/decision_points/ssvc/public_well_being_impact_1_1_0.json index 38780b34..a441c6ff 100644 --- a/data/json/decision_points/ssvc/public_well_being_impact_1_1_0.json +++ b/data/json/decision_points/ssvc/public_well_being_impact_1_1_0.json @@ -3,23 +3,23 @@ "key": "PWI", "version": "1.1.0", "name": "Public Well-Being Impact", - "description": "A coarse-grained representation of impact to public well-being.", + "definition": "A coarse-grained representation of impact to public well-being.", "schemaVersion": "2.0.0", "values": [ { "key": "M", "name": "Minimal", - "description": "The effect is below the threshold for all aspects described in material. " + "definition": "The effect is below the threshold for all aspects described in material. " }, { "key": "MA", "name": "Material", - "description": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. " + "definition": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. " }, { "key": "I", "name": "Irreversible", - "description": "Any one or more of these conditions hold. Physical harm: One or both of the following are true: (a) Multiple fatalities are likely.(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) are imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse. Psychological: N/A " + "definition": "Any one or more of these conditions hold. Physical harm: One or both of the following are true: (a) Multiple fatalities are likely.(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) are imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse. Psychological: N/A " } ] } diff --git a/data/json/decision_points/ssvc/publish_do_not_publish_1_0_0.json b/data/json/decision_points/ssvc/publish_do_not_publish_1_0_0.json index 641c55d2..eaad66ee 100644 --- a/data/json/decision_points/ssvc/publish_do_not_publish_1_0_0.json +++ b/data/json/decision_points/ssvc/publish_do_not_publish_1_0_0.json @@ -3,18 +3,18 @@ "key": "PUBLISH", "version": "1.0.0", "name": "Publish, Do Not Publish", - "description": "The publish outcome group.", + "definition": "The publish outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Do Not Publish", - "description": "Do Not Publish" + "definition": "Do Not Publish" }, { "key": "P", "name": "Publish", - "description": "Publish" + "definition": "Publish" } ] } diff --git a/data/json/decision_points/ssvc/report_credibility_1_0_0.json b/data/json/decision_points/ssvc/report_credibility_1_0_0.json index bb45bb12..ae5a793f 100644 --- a/data/json/decision_points/ssvc/report_credibility_1_0_0.json +++ b/data/json/decision_points/ssvc/report_credibility_1_0_0.json @@ -3,18 +3,18 @@ "key": "RC", "version": "1.0.0", "name": "Report Credibility", - "description": "Is the report credible?", + "definition": "Is the report credible?", "schemaVersion": "2.0.0", "values": [ { "key": "NC", "name": "Not Credible", - "description": "The report is not credible." + "definition": "The report is not credible." }, { "key": "C", "name": "Credible", - "description": "The report is credible." + "definition": "The report is credible." } ] } diff --git a/data/json/decision_points/ssvc/report_public_1_0_0.json b/data/json/decision_points/ssvc/report_public_1_0_0.json index c6c8b699..c859f165 100644 --- a/data/json/decision_points/ssvc/report_public_1_0_0.json +++ b/data/json/decision_points/ssvc/report_public_1_0_0.json @@ -3,18 +3,18 @@ "key": "RP", "version": "1.0.0", "name": "Report Public", - "description": "Is a viable report of the details of the vulnerability already publicly available?", + "definition": "Is a viable report of the details of the vulnerability already publicly available?", "schemaVersion": "2.0.0", "values": [ { "key": "Y", "name": "Yes", - "description": "A public report of the vulnerability exists." + "definition": "A public report of the vulnerability exists." }, { "key": "N", "name": "No", - "description": "No public report of the vulnerability exists." + "definition": "No public report of the vulnerability exists." } ] } diff --git a/data/json/decision_points/ssvc/safety_impact_1_0_0.json b/data/json/decision_points/ssvc/safety_impact_1_0_0.json index a9d923cb..264b75eb 100644 --- a/data/json/decision_points/ssvc/safety_impact_1_0_0.json +++ b/data/json/decision_points/ssvc/safety_impact_1_0_0.json @@ -3,33 +3,33 @@ "key": "SI", "version": "1.0.0", "name": "Safety Impact", - "description": "The safety impact of the vulnerability.", + "definition": "The safety impact of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "The effect is below the threshold for all aspects described in Minor." + "definition": "The effect is below the threshold for all aspects described in Minor." }, { "key": "M", "name": "Minor", - "description": "Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + "definition": "Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." }, { "key": "J", "name": "Major", - "description": "Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + "definition": "Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." }, { "key": "H", "name": "Hazardous", - "description": "Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A." + "definition": "Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A." }, { "key": "C", "name": "Catastrophic", - "description": "Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A." + "definition": "Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A." } ] } diff --git a/data/json/decision_points/ssvc/safety_impact_2_0_0.json b/data/json/decision_points/ssvc/safety_impact_2_0_0.json index 073067a3..dd224fae 100644 --- a/data/json/decision_points/ssvc/safety_impact_2_0_0.json +++ b/data/json/decision_points/ssvc/safety_impact_2_0_0.json @@ -3,28 +3,28 @@ "key": "SI", "version": "2.0.0", "name": "Safety Impact", - "description": "The safety impact of the vulnerability. (based on IEC 61508)", + "definition": "The safety impact of the vulnerability. (based on IEC 61508)", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." }, { "key": "M", "name": "Marginal", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." }, { "key": "R", "name": "Critical", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." }, { "key": "C", "name": "Catastrophic", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." } ] } diff --git a/data/json/decision_points/ssvc/supplier_cardinality_1_0_0.json b/data/json/decision_points/ssvc/supplier_cardinality_1_0_0.json index c291caf8..12ad6531 100644 --- a/data/json/decision_points/ssvc/supplier_cardinality_1_0_0.json +++ b/data/json/decision_points/ssvc/supplier_cardinality_1_0_0.json @@ -3,18 +3,18 @@ "key": "SC", "version": "1.0.0", "name": "Supplier Cardinality", - "description": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", + "definition": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", "schemaVersion": "2.0.0", "values": [ { "key": "O", "name": "One", - "description": "There is only one supplier of the vulnerable component." + "definition": "There is only one supplier of the vulnerable component." }, { "key": "M", "name": "Multiple", - "description": "There are multiple suppliers of the vulnerable component." + "definition": "There are multiple suppliers of the vulnerable component." } ] } diff --git a/data/json/decision_points/ssvc/supplier_contacted_1_0_0.json b/data/json/decision_points/ssvc/supplier_contacted_1_0_0.json index dbd2cdc5..e8a4698f 100644 --- a/data/json/decision_points/ssvc/supplier_contacted_1_0_0.json +++ b/data/json/decision_points/ssvc/supplier_contacted_1_0_0.json @@ -3,18 +3,18 @@ "key": "SCON", "version": "1.0.0", "name": "Supplier Contacted", - "description": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", + "definition": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "The supplier has not been contacted." + "definition": "The supplier has not been contacted." }, { "key": "Y", "name": "Yes", - "description": "The supplier has been contacted." + "definition": "The supplier has been contacted." } ] } diff --git a/data/json/decision_points/ssvc/supplier_engagement_1_0_0.json b/data/json/decision_points/ssvc/supplier_engagement_1_0_0.json index 5142fcb9..29d45ac5 100644 --- a/data/json/decision_points/ssvc/supplier_engagement_1_0_0.json +++ b/data/json/decision_points/ssvc/supplier_engagement_1_0_0.json @@ -3,18 +3,18 @@ "key": "SE", "version": "1.0.0", "name": "Supplier Engagement", - "description": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", + "definition": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", "schemaVersion": "2.0.0", "values": [ { "key": "A", "name": "Active", - "description": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." + "definition": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." }, { "key": "U", "name": "Unresponsive", - "description": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." + "definition": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." } ] } diff --git a/data/json/decision_points/ssvc/supplier_involvement_1_0_0.json b/data/json/decision_points/ssvc/supplier_involvement_1_0_0.json index cee58610..eea94740 100644 --- a/data/json/decision_points/ssvc/supplier_involvement_1_0_0.json +++ b/data/json/decision_points/ssvc/supplier_involvement_1_0_0.json @@ -3,23 +3,23 @@ "key": "SINV", "version": "1.0.0", "name": "Supplier Involvement", - "description": "What is the state of the supplier’s work on addressing the vulnerability?", + "definition": "What is the state of the supplier’s work on addressing the vulnerability?", "schemaVersion": "2.0.0", "values": [ { "key": "FR", "name": "Fix Ready", - "description": "The supplier has provided a patch or fix." + "definition": "The supplier has provided a patch or fix." }, { "key": "C", "name": "Cooperative", - "description": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." + "definition": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." }, { "key": "UU", "name": "Uncooperative/Unresponsive", - "description": "The supplier has not responded, declined to generate a remediation, or no longer exists." + "definition": "The supplier has not responded, declined to generate a remediation, or no longer exists." } ] } diff --git a/data/json/decision_points/ssvc/system_exposure_1_0_0.json b/data/json/decision_points/ssvc/system_exposure_1_0_0.json index 089fa443..f09137c0 100644 --- a/data/json/decision_points/ssvc/system_exposure_1_0_0.json +++ b/data/json/decision_points/ssvc/system_exposure_1_0_0.json @@ -3,23 +3,23 @@ "key": "EXP", "version": "1.0.0", "name": "System Exposure", - "description": "The Accessible Attack Surface of the Affected System or Service", + "definition": "The Accessible Attack Surface of the Affected System or Service", "schemaVersion": "2.0.0", "values": [ { "key": "S", "name": "Small", - "description": "Local service or program; highly controlled network" + "definition": "Local service or program; highly controlled network" }, { "key": "C", "name": "Controlled", - "description": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + "definition": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." }, { "key": "U", "name": "Unavoidable", - "description": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + "definition": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" } ] } diff --git a/data/json/decision_points/ssvc/system_exposure_1_0_1.json b/data/json/decision_points/ssvc/system_exposure_1_0_1.json index 23095082..0ee50eef 100644 --- a/data/json/decision_points/ssvc/system_exposure_1_0_1.json +++ b/data/json/decision_points/ssvc/system_exposure_1_0_1.json @@ -3,23 +3,23 @@ "key": "EXP", "version": "1.0.1", "name": "System Exposure", - "description": "The Accessible Attack Surface of the Affected System or Service", + "definition": "The Accessible Attack Surface of the Affected System or Service", "schemaVersion": "2.0.0", "values": [ { "key": "S", "name": "Small", - "description": "Local service or program; highly controlled network" + "definition": "Local service or program; highly controlled network" }, { "key": "C", "name": "Controlled", - "description": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + "definition": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." }, { "key": "O", "name": "Open", - "description": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + "definition": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" } ] } diff --git a/data/json/decision_points/ssvc/technical_impact_1_0_0.json b/data/json/decision_points/ssvc/technical_impact_1_0_0.json index a23475e4..25d7cb68 100644 --- a/data/json/decision_points/ssvc/technical_impact_1_0_0.json +++ b/data/json/decision_points/ssvc/technical_impact_1_0_0.json @@ -3,18 +3,18 @@ "key": "TI", "version": "1.0.0", "name": "Technical Impact", - "description": "The technical impact of the vulnerability.", + "definition": "The technical impact of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Partial", - "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." + "definition": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." }, { "key": "T", "name": "Total", - "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." + "definition": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." } ] } diff --git a/data/json/decision_points/ssvc/utility_1_0_0.json b/data/json/decision_points/ssvc/utility_1_0_0.json index 463c772e..bbdcc41b 100644 --- a/data/json/decision_points/ssvc/utility_1_0_0.json +++ b/data/json/decision_points/ssvc/utility_1_0_0.json @@ -3,23 +3,23 @@ "key": "U", "version": "1.0.0", "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", + "definition": "The Usefulness of the Exploit to the Adversary", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Laborious", - "description": "Virulence:Slow and Value Density:Diffuse" + "definition": "Virulence:Slow and Value Density:Diffuse" }, { "key": "E", "name": "Efficient", - "description": "Virulence:Rapid and Value Density:Diffuse OR Virulence:Slow and Value Density:Concentrated" + "definition": "Virulence:Rapid and Value Density:Diffuse OR Virulence:Slow and Value Density:Concentrated" }, { "key": "S", "name": "Super Effective", - "description": "Virulence:Rapid and Value Density:Concentrated" + "definition": "Virulence:Rapid and Value Density:Concentrated" } ] } diff --git a/data/json/decision_points/ssvc/utility_1_0_1.json b/data/json/decision_points/ssvc/utility_1_0_1.json index 4e2e50d4..33d3c787 100644 --- a/data/json/decision_points/ssvc/utility_1_0_1.json +++ b/data/json/decision_points/ssvc/utility_1_0_1.json @@ -3,23 +3,23 @@ "key": "U", "version": "1.0.1", "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", + "definition": "The Usefulness of the Exploit to the Adversary", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Laborious", - "description": "Automatable:No AND Value Density:Diffuse" + "definition": "Automatable:No AND Value Density:Diffuse" }, { "key": "E", "name": "Efficient", - "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + "definition": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" }, { "key": "S", "name": "Super Effective", - "description": "Automatable:Yes AND Value Density:Concentrated" + "definition": "Automatable:Yes AND Value Density:Concentrated" } ] } diff --git a/data/json/decision_points/ssvc/value_density_1_0_0.json b/data/json/decision_points/ssvc/value_density_1_0_0.json index 263f4087..1d2e7eb3 100644 --- a/data/json/decision_points/ssvc/value_density_1_0_0.json +++ b/data/json/decision_points/ssvc/value_density_1_0_0.json @@ -3,18 +3,18 @@ "key": "VD", "version": "1.0.0", "name": "Value Density", - "description": "The concentration of value in the target", + "definition": "The concentration of value in the target", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Diffuse", - "description": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." + "definition": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." }, { "key": "C", "name": "Concentrated", - "description": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." + "definition": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." } ] } diff --git a/data/json/decision_points/ssvc/virulence_1_0_0.json b/data/json/decision_points/ssvc/virulence_1_0_0.json index 37571357..055ca76b 100644 --- a/data/json/decision_points/ssvc/virulence_1_0_0.json +++ b/data/json/decision_points/ssvc/virulence_1_0_0.json @@ -3,18 +3,18 @@ "key": "V", "version": "1.0.0", "name": "Virulence", - "description": "The speed at which the vulnerability can be exploited.", + "definition": "The speed at which the vulnerability can be exploited.", "schemaVersion": "2.0.0", "values": [ { "key": "S", "name": "Slow", - "description": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + "definition": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." }, { "key": "R", "name": "Rapid", - "description": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote code execution or command injection, the default response should be rapid." + "definition": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote code execution or command injection, the default response should be rapid." } ] } diff --git a/data/json/decision_points/x_com_yahooinc/theparanoids_1_0_0.json b/data/json/decision_points/x_com_yahooinc/theparanoids_1_0_0.json deleted file mode 100644 index 4bb333e5..00000000 --- a/data/json/decision_points/x_com_yahooinc/theparanoids_1_0_0.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "namespace": "x_com.yahooinc", - "key": "PARANOIDS", - "version": "1.0.0", - "name": "theParanoids", - "description": "PrioritizedRiskRemediation outcome group based on TheParanoids.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "5", - "name": "Track 5", - "description": "Track" - }, - { - "key": "4", - "name": "Track Closely 4", - "description": "Track Closely" - }, - { - "key": "3", - "name": "Attend 3", - "description": "Attend" - }, - { - "key": "2", - "name": "Attend 2", - "description": "Attend" - }, - { - "key": "1", - "name": "Act 1", - "description": "Act" - }, - { - "key": "0", - "name": "Act ASAP 0", - "description": "Act ASAP" - } - ] -} diff --git a/data/json/decision_points/x_com_yahooinc_prioritized_risk_remediation/theparanoids_1_0_0.json b/data/json/decision_points/x_com_yahooinc_prioritized_risk_remediation/theparanoids_1_0_0.json index 40735809..d5cad0b8 100644 --- a/data/json/decision_points/x_com_yahooinc_prioritized_risk_remediation/theparanoids_1_0_0.json +++ b/data/json/decision_points/x_com_yahooinc_prioritized_risk_remediation/theparanoids_1_0_0.json @@ -3,38 +3,38 @@ "key": "PARANOIDS", "version": "1.0.0", "name": "theParanoids", - "description": "PrioritizedRiskRemediation outcome group based on TheParanoids.", + "definition": "PrioritizedRiskRemediation outcome group based on TheParanoids.", "schemaVersion": "2.0.0", "values": [ { "key": "5", "name": "Track 5", - "description": "Track" + "definition": "Track" }, { "key": "4", "name": "Track Closely 4", - "description": "Track Closely" + "definition": "Track Closely" }, { "key": "3", "name": "Attend 3", - "description": "Attend" + "definition": "Attend" }, { "key": "2", "name": "Attend 2", - "description": "Attend" + "definition": "Attend" }, { "key": "1", "name": "Act 1", - "description": "Act" + "definition": "Act" }, { "key": "0", "name": "Act ASAP 0", - "description": "Act ASAP" + "definition": "Act ASAP" } ] } diff --git a/data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json b/data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json index 92c7fac7..2a076a2c 100644 --- a/data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json +++ b/data/json/decision_tables/cisa/cisa_coordinator_2_0_3.json @@ -3,7 +3,7 @@ "key": "DT_CO", "version": "2.0.3", "name": "CISA Coordinator", - "description": "CISA Coordinator decision table for SSVC", + "definition": "CISA Coordinator decision table for SSVC", "schemaVersion": "2.0.0", "decision_points": { "ssvc:E:1.1.0": { @@ -11,23 +11,23 @@ "key": "E", "version": "1.1.0", "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", + "definition": "The present state of exploitation of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, { "key": "P", "name": "Public PoC", - "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + "definition": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." }, { "key": "A", "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } ] }, @@ -36,18 +36,18 @@ "key": "A", "version": "2.0.0", "name": "Automatable", - "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "definition": "Can an attacker reliably automate creating exploitation events for this vulnerability?", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + "definition": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." }, { "key": "Y", "name": "Yes", - "description": "Attackers can reliably automate steps 1-4 of the kill chain." + "definition": "Attackers can reliably automate steps 1-4 of the kill chain." } ] }, @@ -56,18 +56,18 @@ "key": "TI", "version": "1.0.0", "name": "Technical Impact", - "description": "The technical impact of the vulnerability.", + "definition": "The technical impact of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Partial", - "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." + "definition": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." }, { "key": "T", "name": "Total", - "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." + "definition": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." } ] }, @@ -76,23 +76,23 @@ "key": "MWI", "version": "1.0.0", "name": "Mission and Well-Being Impact", - "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", + "definition": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" + "definition": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" }, { "key": "M", "name": "Medium", - "description": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" + "definition": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" }, { "key": "H", "name": "High", - "description": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" + "definition": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" } ] }, @@ -101,28 +101,28 @@ "key": "CISA", "version": "1.1.0", "name": "CISA Levels", - "description": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", + "definition": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", "schemaVersion": "2.0.0", "values": [ { "key": "T", "name": "Track", - "description": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." + "definition": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." }, { "key": "T*", "name": "Track*", - "description": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." + "definition": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." }, { "key": "AT", "name": "Attend", - "description": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." + "definition": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." }, { "key": "AC", "name": "Act", - "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." + "definition": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." } ] } diff --git a/data/json/decision_tables/cvss/cvss_v4_0_qualitative_severity_ratings_4_0_0.json b/data/json/decision_tables/cvss/cvss_v4_0_qualitative_severity_ratings_4_0_0.json index 370ce1ce..fd5a7f1b 100644 --- a/data/json/decision_tables/cvss/cvss_v4_0_qualitative_severity_ratings_4_0_0.json +++ b/data/json/decision_tables/cvss/cvss_v4_0_qualitative_severity_ratings_4_0_0.json @@ -3,7 +3,7 @@ "key": "DT_CVSS_QSR", "version": "4.0.0", "name": "CVSS v4.0 Qualitative Severity Ratings", - "description": "CVSS v4.0 using MacroVectors and Interpolation. See https://www.first.org/cvss/specification-document#New-Scoring-System-Development for details", + "definition": "CVSS v4.0 using MacroVectors and Interpolation. See https://www.first.org/cvss/specification-document#New-Scoring-System-Development for details", "schemaVersion": "2.0.0", "decision_points": { "cvss:EQ1:1.0.0": { @@ -11,23 +11,23 @@ "key": "EQ1", "version": "1.0.0", "name": "Equivalence Set 1", - "description": "AV/PR/UI with 3 levels specified in Table 24", + "definition": "AV/PR/UI with 3 levels specified in Table 24", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: AV:P or not(AV:N or PR:N or UI:N)" + "definition": "2: AV:P or not(AV:N or PR:N or UI:N)" }, { "key": "M", "name": "Medium", - "description": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" + "definition": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" }, { "key": "H", "name": "High", - "description": "0: AV:N and PR:N and UI:N" + "definition": "0: AV:N and PR:N and UI:N" } ] }, @@ -36,18 +36,18 @@ "key": "EQ2", "version": "1.0.0", "name": "Equivalence Set 2", - "description": "AC/AT with 2 levels specified in Table 25", + "definition": "AC/AT with 2 levels specified in Table 25", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "1: not (AC:L and AT:N)" + "definition": "1: not (AC:L and AT:N)" }, { "key": "H", "name": "High", - "description": "0: AC:L and AT:N" + "definition": "0: AC:L and AT:N" } ] }, @@ -56,23 +56,23 @@ "key": "EQ3", "version": "1.0.0", "name": "Equivalence Set 3", - "description": "VC/VI/VA with 3 levels specified in Table 26", + "definition": "VC/VI/VA with 3 levels specified in Table 26", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: not (VC:H or VI:H or VA:H)" + "definition": "2: not (VC:H or VI:H or VA:H)" }, { "key": "M", "name": "Medium", - "description": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" + "definition": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" }, { "key": "H", "name": "High", - "description": "0: VC:H and VI:H" + "definition": "0: VC:H and VI:H" } ] }, @@ -81,23 +81,23 @@ "key": "EQ4", "version": "1.0.0", "name": "Equivalence Set 4", - "description": "SC/SI/SA with 3 levels specified in Table 27", + "definition": "SC/SI/SA with 3 levels specified in Table 27", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" + "definition": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" }, { "key": "M", "name": "Medium", - "description": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" + "definition": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" }, { "key": "H", "name": "High", - "description": "0: MSI:S or MSA:S" + "definition": "0: MSI:S or MSA:S" } ] }, @@ -106,23 +106,23 @@ "key": "EQ5", "version": "1.0.0", "name": "Equivalence Set 5", - "description": "E with 3 levels specified in Table 28", + "definition": "E with 3 levels specified in Table 28", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: E:U" + "definition": "2: E:U" }, { "key": "M", "name": "Medium", - "description": "1: E:P" + "definition": "1: E:P" }, { "key": "H", "name": "High", - "description": "0: E:A" + "definition": "0: E:A" } ] }, @@ -131,18 +131,18 @@ "key": "EQ6", "version": "1.0.0", "name": "Equivalence Set 6", - "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", + "definition": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" + "definition": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" }, { "key": "H", "name": "High", - "description": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" + "definition": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" } ] }, @@ -151,33 +151,33 @@ "key": "CVSS", "version": "1.0.0", "name": "CVSS Qualitative Severity Rating Scale", - "description": "The CVSS Qualitative Severity Rating Scale group.", + "definition": "The CVSS Qualitative Severity Rating Scale group.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "None (0.0)" + "definition": "None (0.0)" }, { "key": "L", "name": "Low", - "description": "Low (0.1-3.9)" + "definition": "Low (0.1-3.9)" }, { "key": "M", "name": "Medium", - "description": "Medium (4.0-6.9)" + "definition": "Medium (4.0-6.9)" }, { "key": "H", "name": "High", - "description": "High (7.0-8.9)" + "definition": "High (7.0-8.9)" }, { "key": "C", "name": "Critical", - "description": "Critical (9.0-10.0)" + "definition": "Critical (9.0-10.0)" } ] } diff --git a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_1_1_0_0.json b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_1_1_0_0.json index 6f3ade36..97711ae8 100644 --- a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_1_1_0_0.json +++ b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_1_1_0_0.json @@ -3,7 +3,7 @@ "key": "DT_CVSS4_EQ1", "version": "1.0.0", "name": "CVSS v4 Equivalence Set 1", - "description": "This decision table models equivalence set 1 from CVSS v4. Factors include Attack Vector (AV), Privileges Required (PR), and User Interaction (UI).", + "definition": "This decision table models equivalence set 1 from CVSS v4. Factors include Attack Vector (AV), Privileges Required (PR), and User Interaction (UI).", "schemaVersion": "2.0.0", "decision_points": { "cvss:AV:3.0.1": { @@ -11,28 +11,28 @@ "key": "AV", "version": "3.0.1", "name": "Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", + "definition": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Physical", - "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + "definition": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." }, { "key": "L", "name": "Local", - "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + "definition": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." }, { "key": "A", "name": "Adjacent", - "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + "definition": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." }, { "key": "N", "name": "Network", - "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + "definition": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." } ] }, @@ -41,23 +41,23 @@ "key": "PR", "version": "1.0.1", "name": "Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", + "definition": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + "definition": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." }, { "key": "L", "name": "Low", - "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + "definition": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." }, { "key": "N", "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." } ] }, @@ -66,23 +66,23 @@ "key": "UI", "version": "2.0.0", "name": "User Interaction", - "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", + "definition": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "schemaVersion": "2.0.0", "values": [ { "key": "A", "name": "Active", - "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + "definition": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." }, { "key": "P", "name": "Passive", - "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + "definition": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." }, { "key": "N", "name": "None", - "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + "definition": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." } ] }, @@ -91,23 +91,23 @@ "key": "EQ1", "version": "1.0.0", "name": "Equivalence Set 1", - "description": "AV/PR/UI with 3 levels specified in Table 24", + "definition": "AV/PR/UI with 3 levels specified in Table 24", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: AV:P or not(AV:N or PR:N or UI:N)" + "definition": "2: AV:P or not(AV:N or PR:N or UI:N)" }, { "key": "M", "name": "Medium", - "description": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" + "definition": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" }, { "key": "H", "name": "High", - "description": "0: AV:N and PR:N and UI:N" + "definition": "0: AV:N and PR:N and UI:N" } ] } diff --git a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_2_1_0_0.json b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_2_1_0_0.json index f60778e9..1bee90bf 100644 --- a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_2_1_0_0.json +++ b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_2_1_0_0.json @@ -3,7 +3,7 @@ "key": "DT_CVSS4_EQ2", "version": "1.0.0", "name": "CVSS v4 Equivalence Set 2", - "description": "This decision table models equivalence set 2 from CVSS v4. Factors include Attack Complexity (AC) and Attack Requirements (AT).", + "definition": "This decision table models equivalence set 2 from CVSS v4. Factors include Attack Complexity (AC) and Attack Requirements (AT).", "schemaVersion": "2.0.0", "decision_points": { "cvss:AC:3.0.1": { @@ -11,18 +11,18 @@ "key": "AC", "version": "3.0.1", "name": "Attack Complexity", - "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", + "definition": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + "definition": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." }, { "key": "L", "name": "Low", - "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + "definition": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " } ] }, @@ -31,18 +31,18 @@ "key": "AT", "version": "1.0.0", "name": "Attack Requirements", - "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", + "definition": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Present", - "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + "definition": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." }, { "key": "N", "name": "None", - "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + "definition": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." } ] }, @@ -51,18 +51,18 @@ "key": "EQ2", "version": "1.0.0", "name": "Equivalence Set 2", - "description": "AC/AT with 2 levels specified in Table 25", + "definition": "AC/AT with 2 levels specified in Table 25", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "1: not (AC:L and AT:N)" + "definition": "1: not (AC:L and AT:N)" }, { "key": "H", "name": "High", - "description": "0: AC:L and AT:N" + "definition": "0: AC:L and AT:N" } ] } diff --git a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_3_1_0_0.json b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_3_1_0_0.json index b27b5d8b..dd5c4502 100644 --- a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_3_1_0_0.json +++ b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_3_1_0_0.json @@ -3,7 +3,7 @@ "key": "DT_CVSS4_EQ3", "version": "1.0.0", "name": "CVSS v4 Equivalence Set 3", - "description": "This decision table models equivalence set 3 from CVSS v4.", + "definition": "This decision table models equivalence set 3 from CVSS v4.", "schemaVersion": "2.0.0", "decision_points": { "cvss:VC:3.0.0": { @@ -11,23 +11,23 @@ "key": "VC", "version": "3.0.0", "name": "Confidentiality Impact to the Vulnerable System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "definition": "There is no loss of confidentiality within the impacted component." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, { "key": "H", "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." } ] }, @@ -36,23 +36,23 @@ "key": "VI", "version": "3.0.0", "name": "Integrity Impact to the Vulnerable System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of integrity within the Vulnerable System." + "definition": "There is no loss of integrity within the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "definition": "There is a total loss of integrity, or a complete loss of protection." } ] }, @@ -61,23 +61,23 @@ "key": "VA", "version": "3.0.0", "name": "Availability Impact to the Vulnerable System", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to availability within the Vulnerable System." + "definition": "There is no impact to availability within the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + "definition": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." }, { "key": "H", "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } ] }, @@ -86,23 +86,23 @@ "key": "EQ3", "version": "1.0.0", "name": "Equivalence Set 3", - "description": "VC/VI/VA with 3 levels specified in Table 26", + "definition": "VC/VI/VA with 3 levels specified in Table 26", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: not (VC:H or VI:H or VA:H)" + "definition": "2: not (VC:H or VI:H or VA:H)" }, { "key": "M", "name": "Medium", - "description": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" + "definition": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" }, { "key": "H", "name": "High", - "description": "0: VC:H and VI:H" + "definition": "0: VC:H and VI:H" } ] } diff --git a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_4_1_0_0.json b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_4_1_0_0.json index 440b97cf..6e587adf 100644 --- a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_4_1_0_0.json +++ b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_4_1_0_0.json @@ -3,7 +3,7 @@ "key": "DT_CVSS4_EQ4", "version": "1.0.0", "name": "CVSS v4 Equivalence Set 4", - "description": "This decision table models equivalence set 4 from CVSS v4.", + "definition": "This decision table models equivalence set 4 from CVSS v4.", "schemaVersion": "2.0.0", "decision_points": { "cvss:SC:1.0.0": { @@ -11,23 +11,23 @@ "key": "SC", "version": "1.0.0", "name": "Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "definition": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." } ] }, @@ -36,28 +36,28 @@ "key": "MSI_NoX", "version": "1.0.1", "name": "Modified Integrity Impact to the Subsequent System (without Not Defined)", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest. This version does not include the Not Defined (X) option.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "definition": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." }, { "key": "S", "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] }, @@ -66,28 +66,28 @@ "key": "MSA_NoX", "version": "1.0.1", "name": "Modified Availability Impact to the Subsequent System (without Not Defined)", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System. This version does not include the Not Defined (X) option.", + "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "definition": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, { "key": "S", "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] }, @@ -96,23 +96,23 @@ "key": "EQ4", "version": "1.0.0", "name": "Equivalence Set 4", - "description": "SC/SI/SA with 3 levels specified in Table 27", + "definition": "SC/SI/SA with 3 levels specified in Table 27", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" + "definition": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" }, { "key": "M", "name": "Medium", - "description": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" + "definition": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" }, { "key": "H", "name": "High", - "description": "0: MSI:S or MSA:S" + "definition": "0: MSI:S or MSA:S" } ] } diff --git a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_5_1_0_0.json b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_5_1_0_0.json index dc517df1..12c737db 100644 --- a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_5_1_0_0.json +++ b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_5_1_0_0.json @@ -3,7 +3,7 @@ "key": "DT_CVSS_EQ5", "version": "1.0.0", "name": "CVSS v4 Equivalence Set 5", - "description": "CVSS Equivalence Set 5 Decision Table", + "definition": "CVSS Equivalence Set 5 Decision Table", "schemaVersion": "2.0.0", "decision_points": { "cvss:E_NoX:2.0.0": { @@ -11,23 +11,23 @@ "key": "E_NoX", "version": "2.0.0", "name": "Exploit Maturity (without Not Defined)", - "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation. This version does not include the Not Defined (X) option.", + "definition": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "U", "name": "Unreported", - "description": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + "definition": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" }, { "key": "P", "name": "Proof-of-Concept", - "description": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + "definition": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" }, { "key": "A", "name": "Attacked", - "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + "definition": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" } ] }, @@ -36,23 +36,23 @@ "key": "EQ5", "version": "1.0.0", "name": "Equivalence Set 5", - "description": "E with 3 levels specified in Table 28", + "definition": "E with 3 levels specified in Table 28", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: E:U" + "definition": "2: E:U" }, { "key": "M", "name": "Medium", - "description": "1: E:P" + "definition": "1: E:P" }, { "key": "H", "name": "High", - "description": "0: E:A" + "definition": "0: E:A" } ] } diff --git a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_6_1_0_0.json b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_6_1_0_0.json index b51bf831..887ff00a 100644 --- a/data/json/decision_tables/cvss/cvss_v4_equivalence_set_6_1_0_0.json +++ b/data/json/decision_tables/cvss/cvss_v4_equivalence_set_6_1_0_0.json @@ -3,7 +3,7 @@ "key": "DT_CVSS4_EQ6", "version": "1.0.0", "name": "CVSS v4 Equivalence Set 6", - "description": "This decision table models equivalence set 6 from CVSS v4.", + "definition": "This decision table models equivalence set 6 from CVSS v4.", "schemaVersion": "2.0.0", "decision_points": { "cvss:CR_NoX:1.1.1": { @@ -11,23 +11,23 @@ "key": "CR_NoX", "version": "1.1.1", "name": "Confidentiality Requirement (without Not Defined)", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } ] }, @@ -36,23 +36,23 @@ "key": "VC", "version": "3.0.0", "name": "Confidentiality Impact to the Vulnerable System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "definition": "There is no loss of confidentiality within the impacted component." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, { "key": "H", "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." } ] }, @@ -61,23 +61,23 @@ "key": "IR_NoX", "version": "1.1.1", "name": "Integrity Requirement (without Not Defined)", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } ] }, @@ -86,23 +86,23 @@ "key": "VI", "version": "3.0.0", "name": "Integrity Impact to the Vulnerable System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of integrity within the Vulnerable System." + "definition": "There is no loss of integrity within the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "definition": "There is a total loss of integrity, or a complete loss of protection." } ] }, @@ -111,23 +111,23 @@ "key": "AR_NoX", "version": "1.1.1", "name": "Availability Requirement (without Not Defined)", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability. This version does not include the Not Defined (X) option.", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } ] }, @@ -136,23 +136,23 @@ "key": "VA", "version": "3.0.0", "name": "Availability Impact to the Vulnerable System", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to availability within the Vulnerable System." + "definition": "There is no impact to availability within the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + "definition": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." }, { "key": "H", "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } ] }, @@ -161,18 +161,18 @@ "key": "EQ6", "version": "1.0.0", "name": "Equivalence Set 6", - "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", + "definition": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" + "definition": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" }, { "key": "H", "name": "High", - "description": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" + "definition": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" } ] } diff --git a/data/json/decision_tables/ssvc/coordinator_publish_decision_table_1_0_0.json b/data/json/decision_tables/ssvc/coordinator_publish_decision_table_1_0_0.json index 796e2ad5..6d478ced 100644 --- a/data/json/decision_tables/ssvc/coordinator_publish_decision_table_1_0_0.json +++ b/data/json/decision_tables/ssvc/coordinator_publish_decision_table_1_0_0.json @@ -3,7 +3,7 @@ "key": "DT_COORD_PUBLISH", "version": "1.0.0", "name": "Coordinator Publish Decision Table", - "description": "This decision table is used to determine the priority of a coordinator publish.", + "definition": "This decision table is used to determine the priority of a coordinator publish.", "schemaVersion": "2.0.0", "decision_points": { "ssvc:SINV:1.0.0": { @@ -11,23 +11,23 @@ "key": "SINV", "version": "1.0.0", "name": "Supplier Involvement", - "description": "What is the state of the supplier’s work on addressing the vulnerability?", + "definition": "What is the state of the supplier’s work on addressing the vulnerability?", "schemaVersion": "2.0.0", "values": [ { "key": "FR", "name": "Fix Ready", - "description": "The supplier has provided a patch or fix." + "definition": "The supplier has provided a patch or fix." }, { "key": "C", "name": "Cooperative", - "description": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." + "definition": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." }, { "key": "UU", "name": "Uncooperative/Unresponsive", - "description": "The supplier has not responded, declined to generate a remediation, or no longer exists." + "definition": "The supplier has not responded, declined to generate a remediation, or no longer exists." } ] }, @@ -36,23 +36,23 @@ "key": "E", "version": "1.1.0", "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", + "definition": "The present state of exploitation of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, { "key": "P", "name": "Public PoC", - "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + "definition": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." }, { "key": "A", "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } ] }, @@ -61,23 +61,23 @@ "key": "PVA", "version": "1.0.0", "name": "Public Value Added", - "description": "How much value would a publication from the coordinator benefit the broader community?", + "definition": "How much value would a publication from the coordinator benefit the broader community?", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Limited", - "description": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." + "definition": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." }, { "key": "A", "name": "Ampliative", - "description": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." + "definition": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." }, { "key": "P", "name": "Precedence", - "description": "The publication would be the first publicly available, or be coincident with the first publicly available." + "definition": "The publication would be the first publicly available, or be coincident with the first publicly available." } ] }, @@ -86,18 +86,18 @@ "key": "PUBLISH", "version": "1.0.0", "name": "Publish, Do Not Publish", - "description": "The publish outcome group.", + "definition": "The publish outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Do Not Publish", - "description": "Do Not Publish" + "definition": "Do Not Publish" }, { "key": "P", "name": "Publish", - "description": "Publish" + "definition": "Publish" } ] } diff --git a/data/json/decision_tables/ssvc/coordinator_triage_1_0_0.json b/data/json/decision_tables/ssvc/coordinator_triage_1_0_0.json index 016b1d37..ca54f544 100644 --- a/data/json/decision_tables/ssvc/coordinator_triage_1_0_0.json +++ b/data/json/decision_tables/ssvc/coordinator_triage_1_0_0.json @@ -3,7 +3,7 @@ "key": "DT_COORD_TRIAGE", "version": "1.0.0", "name": "Coordinator Triage", - "description": "Decision table for coordinator triage", + "definition": "Decision table for coordinator triage", "schemaVersion": "2.0.0", "decision_points": { "ssvc:RP:1.0.0": { @@ -11,18 +11,18 @@ "key": "RP", "version": "1.0.0", "name": "Report Public", - "description": "Is a viable report of the details of the vulnerability already publicly available?", + "definition": "Is a viable report of the details of the vulnerability already publicly available?", "schemaVersion": "2.0.0", "values": [ { "key": "Y", "name": "Yes", - "description": "A public report of the vulnerability exists." + "definition": "A public report of the vulnerability exists." }, { "key": "N", "name": "No", - "description": "No public report of the vulnerability exists." + "definition": "No public report of the vulnerability exists." } ] }, @@ -31,18 +31,18 @@ "key": "SCON", "version": "1.0.0", "name": "Supplier Contacted", - "description": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", + "definition": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "The supplier has not been contacted." + "definition": "The supplier has not been contacted." }, { "key": "Y", "name": "Yes", - "description": "The supplier has been contacted." + "definition": "The supplier has been contacted." } ] }, @@ -51,18 +51,18 @@ "key": "RC", "version": "1.0.0", "name": "Report Credibility", - "description": "Is the report credible?", + "definition": "Is the report credible?", "schemaVersion": "2.0.0", "values": [ { "key": "NC", "name": "Not Credible", - "description": "The report is not credible." + "definition": "The report is not credible." }, { "key": "C", "name": "Credible", - "description": "The report is credible." + "definition": "The report is credible." } ] }, @@ -71,18 +71,18 @@ "key": "SC", "version": "1.0.0", "name": "Supplier Cardinality", - "description": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", + "definition": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", "schemaVersion": "2.0.0", "values": [ { "key": "O", "name": "One", - "description": "There is only one supplier of the vulnerable component." + "definition": "There is only one supplier of the vulnerable component." }, { "key": "M", "name": "Multiple", - "description": "There are multiple suppliers of the vulnerable component." + "definition": "There are multiple suppliers of the vulnerable component." } ] }, @@ -91,18 +91,18 @@ "key": "SE", "version": "1.0.0", "name": "Supplier Engagement", - "description": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", + "definition": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", "schemaVersion": "2.0.0", "values": [ { "key": "A", "name": "Active", - "description": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." + "definition": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." }, { "key": "U", "name": "Unresponsive", - "description": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." + "definition": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." } ] }, @@ -111,23 +111,23 @@ "key": "U", "version": "1.0.1", "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", + "definition": "The Usefulness of the Exploit to the Adversary", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Laborious", - "description": "Automatable:No AND Value Density:Diffuse" + "definition": "Automatable:No AND Value Density:Diffuse" }, { "key": "E", "name": "Efficient", - "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + "definition": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" }, { "key": "S", "name": "Super Effective", - "description": "Automatable:Yes AND Value Density:Concentrated" + "definition": "Automatable:Yes AND Value Density:Concentrated" } ] }, @@ -136,18 +136,18 @@ "key": "PSI", "version": "2.0.1", "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", + "definition": "A coarse-grained representation of impact to public safety.", "schemaVersion": "2.0.0", "values": [ { "key": "M", "name": "Minimal", - "description": "Safety Impact:Negligible" + "definition": "Safety Impact:Negligible" }, { "key": "S", "name": "Significant", - "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + "definition": "Safety Impact:(Marginal OR Critical OR Catastrophic)" } ] }, @@ -156,23 +156,23 @@ "key": "COORDINATE", "version": "1.0.1", "name": "Decline, Track, Coordinate", - "description": "The coordinate outcome group.", + "definition": "The coordinate outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Decline", - "description": "Do not act on the report." + "definition": "Do not act on the report." }, { "key": "T", "name": "Track", - "description": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." + "definition": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." }, { "key": "C", "name": "Coordinate", - "description": "Take action on the report." + "definition": "Take action on the report." } ] } diff --git a/data/json/decision_tables/ssvc/deployer_patch_application_priority_1_0_0.json b/data/json/decision_tables/ssvc/deployer_patch_application_priority_1_0_0.json index 19cb05ab..db82509f 100644 --- a/data/json/decision_tables/ssvc/deployer_patch_application_priority_1_0_0.json +++ b/data/json/decision_tables/ssvc/deployer_patch_application_priority_1_0_0.json @@ -3,7 +3,7 @@ "key": "DT_DP", "version": "1.0.0", "name": "Deployer Patch Application Priority", - "description": "Decision table for evaluating deployer's patch application priority in SSVC", + "definition": "Decision table for evaluating deployer's patch application priority in SSVC", "schemaVersion": "2.0.0", "decision_points": { "ssvc:E:1.1.0": { @@ -11,23 +11,23 @@ "key": "E", "version": "1.1.0", "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", + "definition": "The present state of exploitation of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, { "key": "P", "name": "Public PoC", - "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + "definition": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." }, { "key": "A", "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } ] }, @@ -36,23 +36,23 @@ "key": "EXP", "version": "1.0.1", "name": "System Exposure", - "description": "The Accessible Attack Surface of the Affected System or Service", + "definition": "The Accessible Attack Surface of the Affected System or Service", "schemaVersion": "2.0.0", "values": [ { "key": "S", "name": "Small", - "description": "Local service or program; highly controlled network" + "definition": "Local service or program; highly controlled network" }, { "key": "C", "name": "Controlled", - "description": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + "definition": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." }, { "key": "O", "name": "Open", - "description": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + "definition": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" } ] }, @@ -61,18 +61,18 @@ "key": "A", "version": "2.0.0", "name": "Automatable", - "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "definition": "Can an attacker reliably automate creating exploitation events for this vulnerability?", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + "definition": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." }, { "key": "Y", "name": "Yes", - "description": "Attackers can reliably automate steps 1-4 of the kill chain." + "definition": "Attackers can reliably automate steps 1-4 of the kill chain." } ] }, @@ -81,28 +81,28 @@ "key": "HI", "version": "2.0.2", "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", + "definition": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" + "definition": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" }, { "key": "M", "name": "Medium", - "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" + "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" }, { "key": "H", "name": "High", - "description": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + "definition": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" }, { "key": "VH", "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } ] }, @@ -111,28 +111,28 @@ "key": "DSOI", "version": "1.0.0", "name": "Defer, Scheduled, Out-of-Cycle, Immediate", - "description": "The original SSVC outcome group.", + "definition": "The original SSVC outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Defer", - "description": "Defer" + "definition": "Defer" }, { "key": "S", "name": "Scheduled", - "description": "Scheduled" + "definition": "Scheduled" }, { "key": "O", "name": "Out-of-Cycle", - "description": "Out-of-Cycle" + "definition": "Out-of-Cycle" }, { "key": "I", "name": "Immediate", - "description": "Immediate" + "definition": "Immediate" } ] } diff --git a/data/json/decision_tables/ssvc/human_impact_1_0_0.json b/data/json/decision_tables/ssvc/human_impact_1_0_0.json index e7f20d6b..fed1197f 100644 --- a/data/json/decision_tables/ssvc/human_impact_1_0_0.json +++ b/data/json/decision_tables/ssvc/human_impact_1_0_0.json @@ -3,7 +3,7 @@ "key": "DT_HI", "version": "1.0.0", "name": "Human Impact", - "description": "Human Impact decision table for SSVC", + "definition": "Human Impact decision table for SSVC", "schemaVersion": "2.0.0", "decision_points": { "ssvc:SI:2.0.0": { @@ -11,28 +11,28 @@ "key": "SI", "version": "2.0.0", "name": "Safety Impact", - "description": "The safety impact of the vulnerability. (based on IEC 61508)", + "definition": "The safety impact of the vulnerability. (based on IEC 61508)", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." }, { "key": "M", "name": "Marginal", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." }, { "key": "R", "name": "Critical", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." }, { "key": "C", "name": "Catastrophic", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." } ] }, @@ -41,28 +41,28 @@ "key": "MI", "version": "2.0.0", "name": "Mission Impact", - "description": "Impact on Mission Essential Functions of the Organization", + "definition": "Impact on Mission Essential Functions of the Organization", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Degraded", - "description": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" + "definition": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" }, { "key": "MSC", "name": "MEF Support Crippled", - "description": "Activities that directly support essential functions are crippled; essential functions continue for a time" + "definition": "Activities that directly support essential functions are crippled; essential functions continue for a time" }, { "key": "MEF", "name": "MEF Failure", - "description": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + "definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" }, { "key": "MF", "name": "Mission Failure", - "description": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + "definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" } ] }, @@ -71,28 +71,28 @@ "key": "HI", "version": "2.0.2", "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", + "definition": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" + "definition": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" }, { "key": "M", "name": "Medium", - "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" + "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" }, { "key": "H", "name": "High", - "description": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + "definition": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" }, { "key": "VH", "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } ] } diff --git a/data/json/decision_tables/ssvc/public_safety_impact_1_0_0.json b/data/json/decision_tables/ssvc/public_safety_impact_1_0_0.json index 5f55ff27..ab7f2ab1 100644 --- a/data/json/decision_tables/ssvc/public_safety_impact_1_0_0.json +++ b/data/json/decision_tables/ssvc/public_safety_impact_1_0_0.json @@ -3,7 +3,7 @@ "key": "DT_PSI", "version": "1.0.0", "name": "Public Safety Impact", - "description": "Public Safety Impact Decision Table", + "definition": "Public Safety Impact Decision Table", "schemaVersion": "2.0.0", "decision_points": { "ssvc:SI:2.0.0": { @@ -11,28 +11,28 @@ "key": "SI", "version": "2.0.0", "name": "Safety Impact", - "description": "The safety impact of the vulnerability. (based on IEC 61508)", + "definition": "The safety impact of the vulnerability. (based on IEC 61508)", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." }, { "key": "M", "name": "Marginal", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." }, { "key": "R", "name": "Critical", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." }, { "key": "C", "name": "Catastrophic", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." } ] }, @@ -41,18 +41,18 @@ "key": "PSI", "version": "2.0.1", "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", + "definition": "A coarse-grained representation of impact to public safety.", "schemaVersion": "2.0.0", "values": [ { "key": "M", "name": "Minimal", - "description": "Safety Impact:Negligible" + "definition": "Safety Impact:Negligible" }, { "key": "S", "name": "Significant", - "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + "definition": "Safety Impact:(Marginal OR Critical OR Catastrophic)" } ] } diff --git a/data/json/decision_tables/ssvc/supplier_patch_development_priority_1_0_0.json b/data/json/decision_tables/ssvc/supplier_patch_development_priority_1_0_0.json index 97355890..0adff324 100644 --- a/data/json/decision_tables/ssvc/supplier_patch_development_priority_1_0_0.json +++ b/data/json/decision_tables/ssvc/supplier_patch_development_priority_1_0_0.json @@ -3,7 +3,7 @@ "key": "DT_SP", "version": "1.0.0", "name": "Supplier Patch Development Priority", - "description": "Decision table for evaluating supplier patch development priority in SSVC", + "definition": "Decision table for evaluating supplier patch development priority in SSVC", "schemaVersion": "2.0.0", "decision_points": { "ssvc:E:1.1.0": { @@ -11,23 +11,23 @@ "key": "E", "version": "1.1.0", "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", + "definition": "The present state of exploitation of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, { "key": "P", "name": "Public PoC", - "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + "definition": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." }, { "key": "A", "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } ] }, @@ -36,23 +36,23 @@ "key": "U", "version": "1.0.1", "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", + "definition": "The Usefulness of the Exploit to the Adversary", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Laborious", - "description": "Automatable:No AND Value Density:Diffuse" + "definition": "Automatable:No AND Value Density:Diffuse" }, { "key": "E", "name": "Efficient", - "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + "definition": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" }, { "key": "S", "name": "Super Effective", - "description": "Automatable:Yes AND Value Density:Concentrated" + "definition": "Automatable:Yes AND Value Density:Concentrated" } ] }, @@ -61,18 +61,18 @@ "key": "TI", "version": "1.0.0", "name": "Technical Impact", - "description": "The technical impact of the vulnerability.", + "definition": "The technical impact of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Partial", - "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." + "definition": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." }, { "key": "T", "name": "Total", - "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." + "definition": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." } ] }, @@ -81,18 +81,18 @@ "key": "PSI", "version": "2.0.1", "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", + "definition": "A coarse-grained representation of impact to public safety.", "schemaVersion": "2.0.0", "values": [ { "key": "M", "name": "Minimal", - "description": "Safety Impact:Negligible" + "definition": "Safety Impact:Negligible" }, { "key": "S", "name": "Significant", - "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + "definition": "Safety Impact:(Marginal OR Critical OR Catastrophic)" } ] }, @@ -101,28 +101,28 @@ "key": "DSOI", "version": "1.0.0", "name": "Defer, Scheduled, Out-of-Cycle, Immediate", - "description": "The original SSVC outcome group.", + "definition": "The original SSVC outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Defer", - "description": "Defer" + "definition": "Defer" }, { "key": "S", "name": "Scheduled", - "description": "Scheduled" + "definition": "Scheduled" }, { "key": "O", "name": "Out-of-Cycle", - "description": "Out-of-Cycle" + "definition": "Out-of-Cycle" }, { "key": "I", "name": "Immediate", - "description": "Immediate" + "definition": "Immediate" } ] } diff --git a/data/json/decision_tables/ssvc/utility_1_0_0.json b/data/json/decision_tables/ssvc/utility_1_0_0.json index 30602fa0..af8e8cba 100644 --- a/data/json/decision_tables/ssvc/utility_1_0_0.json +++ b/data/json/decision_tables/ssvc/utility_1_0_0.json @@ -3,7 +3,7 @@ "key": "DT_U", "version": "1.0.0", "name": "Utility", - "description": "Utility decision table for SSVC", + "definition": "Utility decision table for SSVC", "schemaVersion": "2.0.0", "decision_points": { "ssvc:A:2.0.0": { @@ -11,18 +11,18 @@ "key": "A", "version": "2.0.0", "name": "Automatable", - "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "definition": "Can an attacker reliably automate creating exploitation events for this vulnerability?", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + "definition": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." }, { "key": "Y", "name": "Yes", - "description": "Attackers can reliably automate steps 1-4 of the kill chain." + "definition": "Attackers can reliably automate steps 1-4 of the kill chain." } ] }, @@ -31,18 +31,18 @@ "key": "VD", "version": "1.0.0", "name": "Value Density", - "description": "The concentration of value in the target", + "definition": "The concentration of value in the target", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Diffuse", - "description": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." + "definition": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." }, { "key": "C", "name": "Concentrated", - "description": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." + "definition": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." } ] }, @@ -51,23 +51,23 @@ "key": "U", "version": "1.0.1", "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", + "definition": "The Usefulness of the Exploit to the Adversary", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Laborious", - "description": "Automatable:No AND Value Density:Diffuse" + "definition": "Automatable:No AND Value Density:Diffuse" }, { "key": "E", "name": "Efficient", - "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + "definition": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" }, { "key": "S", "name": "Super Effective", - "description": "Automatable:Yes AND Value Density:Concentrated" + "definition": "Automatable:Yes AND Value Density:Concentrated" } ] } diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index ce84bb7d..70558bb9 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -1,6 +1,6 @@ { "name": "SSVC Object Registry", - "description": "A registry for SSVC objects organized by type, namespace, key, and version.", + "definition": "A registry for SSVC objects organized by type, namespace, key, and version.", "schemaVersion": "2.0.0", "types": { "DecisionPoint": { @@ -19,18 +19,18 @@ "key": "KEV", "version": "1.0.0", "name": "In KEV", - "description": "Denotes whether a vulnerability is in the CISA Known Exploited Vulnerabilities (KEV) list.", + "definition": "Denotes whether a vulnerability is in the CISA Known Exploited Vulnerabilities (KEV) list.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "Vulnerability is not listed in KEV." + "definition": "Vulnerability is not listed in KEV." }, { "key": "Y", "name": "Yes", - "description": "Vulnerability is listed in KEV." + "definition": "Vulnerability is listed in KEV." } ] }, @@ -38,12 +38,12 @@ "N": { "key": "N", "name": "No", - "description": "Vulnerability is not listed in KEV." + "definition": "Vulnerability is not listed in KEV." }, "Y": { "key": "Y", "name": "Yes", - "description": "Vulnerability is listed in KEV." + "definition": "Vulnerability is listed in KEV." } } } @@ -59,23 +59,23 @@ "key": "MP", "version": "1.0.0", "name": "Mission Prevalence", - "description": "Prevalence of the mission essential functions", + "definition": "Prevalence of the mission essential functions", "schemaVersion": "2.0.0", "values": [ { "key": "M", "name": "Minimal", - "description": "Neither Support nor Essential apply. The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions." + "definition": "Neither Support nor Essential apply. The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions." }, { "key": "S", "name": "Support", - "description": "The vulnerable component only supports MEFs for two or more entities." + "definition": "The vulnerable component only supports MEFs for two or more entities." }, { "key": "E", "name": "Essential", - "description": "The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure." + "definition": "The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure." } ] }, @@ -83,17 +83,17 @@ "M": { "key": "M", "name": "Minimal", - "description": "Neither Support nor Essential apply. The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions." + "definition": "Neither Support nor Essential apply. The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions." }, "S": { "key": "S", "name": "Support", - "description": "The vulnerable component only supports MEFs for two or more entities." + "definition": "The vulnerable component only supports MEFs for two or more entities." }, "E": { "key": "E", "name": "Essential", - "description": "The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure." + "definition": "The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure." } } } @@ -109,28 +109,28 @@ "key": "CISA", "version": "1.1.0", "name": "CISA Levels", - "description": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", + "definition": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", "schemaVersion": "2.0.0", "values": [ { "key": "T", "name": "Track", - "description": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." + "definition": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." }, { "key": "T*", "name": "Track*", - "description": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." + "definition": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." }, { "key": "AT", "name": "Attend", - "description": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." + "definition": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." }, { "key": "AC", "name": "Act", - "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." + "definition": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." } ] }, @@ -138,22 +138,22 @@ "T": { "key": "T", "name": "Track", - "description": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." + "definition": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." }, "T*": { "key": "T*", "name": "Track*", - "description": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." + "definition": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." }, "AT": { "key": "AT", "name": "Attend", - "description": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." + "definition": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." }, "AC": { "key": "AC", "name": "Act", - "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." + "definition": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." } } } @@ -174,18 +174,18 @@ "key": "AC", "version": "1.0.0", "name": "Access Complexity", - "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", + "definition": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)" + "definition": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)" }, { "key": "L", "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable." + "definition": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable." } ] }, @@ -193,12 +193,12 @@ "H": { "key": "H", "name": "High", - "description": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)" + "definition": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)" }, "L": { "key": "L", "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable." + "definition": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable." } } }, @@ -209,23 +209,23 @@ "key": "AC", "version": "2.0.0", "name": "Access Complexity", - "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", + "definition": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "Specialized access conditions exist." + "definition": "Specialized access conditions exist." }, { "key": "M", "name": "Medium", - "description": "The access conditions are somewhat specialized." + "definition": "The access conditions are somewhat specialized." }, { "key": "L", "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist." + "definition": "Specialized access conditions or extenuating circumstances do not exist." } ] }, @@ -233,17 +233,17 @@ "H": { "key": "H", "name": "High", - "description": "Specialized access conditions exist." + "definition": "Specialized access conditions exist." }, "M": { "key": "M", "name": "Medium", - "description": "The access conditions are somewhat specialized." + "definition": "The access conditions are somewhat specialized." }, "L": { "key": "L", "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist." + "definition": "Specialized access conditions or extenuating circumstances do not exist." } } }, @@ -254,18 +254,18 @@ "key": "AC", "version": "3.0.0", "name": "Attack Complexity", - "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", + "definition": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "A successful attack depends on conditions beyond the attacker's control." + "definition": "A successful attack depends on conditions beyond the attacker's control." }, { "key": "L", "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." + "definition": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." } ] }, @@ -273,12 +273,12 @@ "H": { "key": "H", "name": "High", - "description": "A successful attack depends on conditions beyond the attacker's control." + "definition": "A successful attack depends on conditions beyond the attacker's control." }, "L": { "key": "L", "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." + "definition": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." } } }, @@ -289,18 +289,18 @@ "key": "AC", "version": "3.0.1", "name": "Attack Complexity", - "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", + "definition": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + "definition": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." }, { "key": "L", "name": "Low", - "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + "definition": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " } ] }, @@ -308,12 +308,12 @@ "H": { "key": "H", "name": "High", - "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + "definition": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." }, "L": { "key": "L", "name": "Low", - "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + "definition": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " } } } @@ -329,18 +329,18 @@ "key": "AT", "version": "1.0.0", "name": "Attack Requirements", - "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", + "definition": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Present", - "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + "definition": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." }, { "key": "N", "name": "None", - "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + "definition": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." } ] }, @@ -348,12 +348,12 @@ "P": { "key": "P", "name": "Present", - "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + "definition": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." }, "N": { "key": "N", "name": "None", - "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + "definition": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." } } } @@ -369,18 +369,18 @@ "key": "AV", "version": "1.0.0", "name": "Access Vector", - "description": "This metric measures whether or not the vulnerability is exploitable locally or remotely.", + "definition": "This metric measures whether or not the vulnerability is exploitable locally or remotely.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Local", - "description": "The vulnerability is only exploitable locally (i.e., it requires physical access or authenticated login to the target system)" + "definition": "The vulnerability is only exploitable locally (i.e., it requires physical access or authenticated login to the target system)" }, { "key": "R", "name": "Remote", - "description": "The vulnerability is exploitable remotely." + "definition": "The vulnerability is exploitable remotely." } ] }, @@ -388,12 +388,12 @@ "L": { "key": "L", "name": "Local", - "description": "The vulnerability is only exploitable locally (i.e., it requires physical access or authenticated login to the target system)" + "definition": "The vulnerability is only exploitable locally (i.e., it requires physical access or authenticated login to the target system)" }, "R": { "key": "R", "name": "Remote", - "description": "The vulnerability is exploitable remotely." + "definition": "The vulnerability is exploitable remotely." } } }, @@ -404,23 +404,23 @@ "key": "AV", "version": "2.0.0", "name": "Access Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible.", + "definition": "This metric reflects the context by which vulnerability exploitation is possible.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Local", - "description": "A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account." + "definition": "A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account." }, { "key": "A", "name": "Adjacent Network", - "description": "A vulnerability exploitable with adjacent network access requires the attacker to have access to either the broadcast or collision domain of the vulnerable software." + "definition": "A vulnerability exploitable with adjacent network access requires the attacker to have access to either the broadcast or collision domain of the vulnerable software." }, { "key": "N", "name": "Network", - "description": "A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed 'remotely exploitable'." + "definition": "A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed 'remotely exploitable'." } ] }, @@ -428,17 +428,17 @@ "L": { "key": "L", "name": "Local", - "description": "A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account." + "definition": "A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account." }, "A": { "key": "A", "name": "Adjacent Network", - "description": "A vulnerability exploitable with adjacent network access requires the attacker to have access to either the broadcast or collision domain of the vulnerable software." + "definition": "A vulnerability exploitable with adjacent network access requires the attacker to have access to either the broadcast or collision domain of the vulnerable software." }, "N": { "key": "N", "name": "Network", - "description": "A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed 'remotely exploitable'." + "definition": "A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed 'remotely exploitable'." } } }, @@ -449,28 +449,28 @@ "key": "AV", "version": "3.0.0", "name": "Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. ", + "definition": "This metric reflects the context by which vulnerability exploitation is possible. ", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Physical", - "description": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." + "definition": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." }, { "key": "L", "name": "Local", - "description": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." + "definition": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." }, { "key": "A", "name": "Adjacent", - "description": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + "definition": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." }, { "key": "N", "name": "Network", - "description": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." + "definition": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." } ] }, @@ -478,22 +478,22 @@ "P": { "key": "P", "name": "Physical", - "description": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." + "definition": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." }, "L": { "key": "L", "name": "Local", - "description": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." + "definition": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." }, "A": { "key": "A", "name": "Adjacent", - "description": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + "definition": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." }, "N": { "key": "N", "name": "Network", - "description": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." + "definition": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." } } }, @@ -504,28 +504,28 @@ "key": "AV", "version": "3.0.1", "name": "Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", + "definition": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Physical", - "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + "definition": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." }, { "key": "L", "name": "Local", - "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + "definition": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." }, { "key": "A", "name": "Adjacent", - "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + "definition": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." }, { "key": "N", "name": "Network", - "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + "definition": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." } ] }, @@ -533,22 +533,22 @@ "P": { "key": "P", "name": "Physical", - "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + "definition": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." }, "L": { "key": "L", "name": "Local", - "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + "definition": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." }, "A": { "key": "A", "name": "Adjacent", - "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + "definition": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." }, "N": { "key": "N", "name": "Network", - "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + "definition": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." } } } @@ -564,18 +564,18 @@ "key": "Au", "version": "1.0.0", "name": "Authentication", - "description": "This metric measures whether or not an attacker needs to be authenticated to the target system in order to exploit the vulnerability.", + "definition": "This metric measures whether or not an attacker needs to be authenticated to the target system in order to exploit the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Not Required", - "description": "Authentication is not required to access or exploit the vulnerability." + "definition": "Authentication is not required to access or exploit the vulnerability." }, { "key": "R", "name": "Required", - "description": "Authentication is required to access and exploit the vulnerability." + "definition": "Authentication is required to access and exploit the vulnerability." } ] }, @@ -583,12 +583,12 @@ "N": { "key": "N", "name": "Not Required", - "description": "Authentication is not required to access or exploit the vulnerability." + "definition": "Authentication is not required to access or exploit the vulnerability." }, "R": { "key": "R", "name": "Required", - "description": "Authentication is required to access and exploit the vulnerability." + "definition": "Authentication is required to access and exploit the vulnerability." } } }, @@ -599,23 +599,23 @@ "key": "Au", "version": "2.0.0", "name": "Authentication", - "description": "This metric measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability. This metric does not gauge the strength or complexity of the authentication process, only that an attacker is required to provide credentials before an exploit may occur. The possible values for this metric are listed in Table 3. The fewer authentication instances that are required, the higher the vulnerability score.", + "definition": "This metric measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability. This metric does not gauge the strength or complexity of the authentication process, only that an attacker is required to provide credentials before an exploit may occur. The possible values for this metric are listed in Table 3. The fewer authentication instances that are required, the higher the vulnerability score.", "schemaVersion": "2.0.0", "values": [ { "key": "M", "name": "Multiple", - "description": "Exploiting the vulnerability requires that the attacker authenticate two or more times, even if the same credentials are used each time." + "definition": "Exploiting the vulnerability requires that the attacker authenticate two or more times, even if the same credentials are used each time." }, { "key": "S", "name": "Single", - "description": "The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface)." + "definition": "The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface)." }, { "key": "N", "name": "None", - "description": "Authentication is not required to exploit the vulnerability." + "definition": "Authentication is not required to exploit the vulnerability." } ] }, @@ -623,17 +623,17 @@ "M": { "key": "M", "name": "Multiple", - "description": "Exploiting the vulnerability requires that the attacker authenticate two or more times, even if the same credentials are used each time." + "definition": "Exploiting the vulnerability requires that the attacker authenticate two or more times, even if the same credentials are used each time." }, "S": { "key": "S", "name": "Single", - "description": "The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface)." + "definition": "The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface)." }, "N": { "key": "N", "name": "None", - "description": "Authentication is not required to exploit the vulnerability." + "definition": "Authentication is not required to exploit the vulnerability." } } } @@ -649,23 +649,23 @@ "key": "A", "version": "1.0.0", "name": "Availability Impact", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the target system.", + "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the target system.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "No impact on availability." + "definition": "No impact on availability." }, { "key": "P", "name": "Partial", - "description": "Considerable lag in or interruptions in resource availability. For example, a network-based flood attack that reduces available bandwidth to a web server farm to such an extent that only a small number of connections successfully complete." + "definition": "Considerable lag in or interruptions in resource availability. For example, a network-based flood attack that reduces available bandwidth to a web server farm to such an extent that only a small number of connections successfully complete." }, { "key": "C", "name": "Complete", - "description": "Total shutdown of the affected resource. The attacker can render the resource completely unavailable." + "definition": "Total shutdown of the affected resource. The attacker can render the resource completely unavailable." } ] }, @@ -673,17 +673,17 @@ "N": { "key": "N", "name": "None", - "description": "No impact on availability." + "definition": "No impact on availability." }, "P": { "key": "P", "name": "Partial", - "description": "Considerable lag in or interruptions in resource availability. For example, a network-based flood attack that reduces available bandwidth to a web server farm to such an extent that only a small number of connections successfully complete." + "definition": "Considerable lag in or interruptions in resource availability. For example, a network-based flood attack that reduces available bandwidth to a web server farm to such an extent that only a small number of connections successfully complete." }, "C": { "key": "C", "name": "Complete", - "description": "Total shutdown of the affected resource. The attacker can render the resource completely unavailable." + "definition": "Total shutdown of the affected resource. The attacker can render the resource completely unavailable." } } }, @@ -694,23 +694,23 @@ "key": "A", "version": "2.0.0", "name": "Availability Impact", - "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to availability of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to the availability of the system." + "definition": "There is no impact to the availability of the system." }, { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability." + "definition": "There is reduced performance or interruptions in resource availability." }, { "key": "H", "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } ] }, @@ -718,17 +718,17 @@ "N": { "key": "N", "name": "None", - "description": "There is no impact to the availability of the system." + "definition": "There is no impact to the availability of the system." }, "L": { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability." + "definition": "There is reduced performance or interruptions in resource availability." }, "H": { "key": "H", "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } } } @@ -744,23 +744,23 @@ "key": "VA", "version": "3.0.0", "name": "Availability Impact to the Vulnerable System", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to availability within the Vulnerable System." + "definition": "There is no impact to availability within the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + "definition": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." }, { "key": "H", "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } ] }, @@ -768,17 +768,17 @@ "N": { "key": "N", "name": "None", - "description": "There is no impact to availability within the Vulnerable System." + "definition": "There is no impact to availability within the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + "definition": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." }, "H": { "key": "H", "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } } } @@ -794,28 +794,28 @@ "key": "AR", "version": "1.0.0", "name": "Availability Requirement", - "description": "This metric measures the impact to the availability of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the availability of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "ND", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -823,22 +823,22 @@ "L": { "key": "L", "name": "Low", - "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "M": { "key": "M", "name": "Medium", - "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "ND": { "key": "ND", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -849,28 +849,28 @@ "key": "AR", "version": "1.1.0", "name": "Availability Requirement", - "description": "This metric measures the impact to the availability of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the availability of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -878,22 +878,22 @@ "L": { "key": "L", "name": "Low", - "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "M": { "key": "M", "name": "Medium", - "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -904,28 +904,28 @@ "key": "AR", "version": "1.1.1", "name": "Availability Requirement", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability.", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -933,22 +933,22 @@ "L": { "key": "L", "name": "Low", - "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "M": { "key": "M", "name": "Medium", - "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -964,23 +964,23 @@ "key": "AR_NoX", "version": "1.1.1", "name": "Availability Requirement (without Not Defined)", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability. This version does not include the Not Defined (X) option.", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } ] }, @@ -988,17 +988,17 @@ "L": { "key": "L", "name": "Low", - "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "M": { "key": "M", "name": "Medium", - "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } } } @@ -1014,28 +1014,28 @@ "key": "CDP", "version": "1.0.0", "name": "Collateral Damage Potential", - "description": "This metric measures the potential for a loss in physical equipment, property damage or loss of life or limb.", + "definition": "This metric measures the potential for a loss in physical equipment, property damage or loss of life or limb.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no potential for physical or property damage." + "definition": "There is no potential for physical or property damage." }, { "key": "L", "name": "Low", - "description": "A successful exploit of this vulnerability may result in light physical or property damage or loss. The system itself may be damaged or destroyed." + "definition": "A successful exploit of this vulnerability may result in light physical or property damage or loss. The system itself may be damaged or destroyed." }, { "key": "M", "name": "Medium", - "description": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." + "definition": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." }, { "key": "H", "name": "High", - "description": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." + "definition": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." } ] }, @@ -1043,22 +1043,22 @@ "N": { "key": "N", "name": "None", - "description": "There is no potential for physical or property damage." + "definition": "There is no potential for physical or property damage." }, "L": { "key": "L", "name": "Low", - "description": "A successful exploit of this vulnerability may result in light physical or property damage or loss. The system itself may be damaged or destroyed." + "definition": "A successful exploit of this vulnerability may result in light physical or property damage or loss. The system itself may be damaged or destroyed." }, "M": { "key": "M", "name": "Medium", - "description": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." + "definition": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." }, "H": { "key": "H", "name": "High", - "description": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." + "definition": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." } } }, @@ -1069,33 +1069,33 @@ "key": "CDP", "version": "2.0.0", "name": "Collateral Damage Potential", - "description": "This metric measures the potential for loss of life or physical assets.", + "definition": "This metric measures the potential for loss of life or physical assets.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no potential for loss of life, physical assets, productivity or revenue." + "definition": "There is no potential for loss of life, physical assets, productivity or revenue." }, { "key": "LM", "name": "Low-Medium", - "description": "A successful exploit of this vulnerability may result in moderate physical or property damage or loss." + "definition": "A successful exploit of this vulnerability may result in moderate physical or property damage or loss." }, { "key": "MH", "name": "Medium-High", - "description": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." + "definition": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." }, { "key": "H", "name": "High", - "description": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." + "definition": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." }, { "key": "ND", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -1103,27 +1103,27 @@ "N": { "key": "N", "name": "None", - "description": "There is no potential for loss of life, physical assets, productivity or revenue." + "definition": "There is no potential for loss of life, physical assets, productivity or revenue." }, "LM": { "key": "LM", "name": "Low-Medium", - "description": "A successful exploit of this vulnerability may result in moderate physical or property damage or loss." + "definition": "A successful exploit of this vulnerability may result in moderate physical or property damage or loss." }, "MH": { "key": "MH", "name": "Medium-High", - "description": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." + "definition": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." }, "H": { "key": "H", "name": "High", - "description": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." + "definition": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." }, "ND": { "key": "ND", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -1139,23 +1139,23 @@ "key": "C", "version": "1.0.0", "name": "Confidentiality Impact", - "description": "This metric measures the impact on confidentiality of a successful exploit of the vulnerability on the target system.", + "definition": "This metric measures the impact on confidentiality of a successful exploit of the vulnerability on the target system.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "No impact on confidentiality." + "definition": "No impact on confidentiality." }, { "key": "P", "name": "Partial", - "description": "There is considerable informational disclosure. Access to critical system files is possible. There is a loss of important information, but the attacker doesn't have control over what is obtainable or the scope of the loss is constrained." + "definition": "There is considerable informational disclosure. Access to critical system files is possible. There is a loss of important information, but the attacker doesn't have control over what is obtainable or the scope of the loss is constrained." }, { "key": "C", "name": "Complete", - "description": "A total compromise of critical system information. A complete loss of system protection resulting in all critical system files being revealed. The attacker has sovereign control to read all of the system's data (memory, files, etc)." + "definition": "A total compromise of critical system information. A complete loss of system protection resulting in all critical system files being revealed. The attacker has sovereign control to read all of the system's data (memory, files, etc)." } ] }, @@ -1163,17 +1163,17 @@ "N": { "key": "N", "name": "None", - "description": "No impact on confidentiality." + "definition": "No impact on confidentiality." }, "P": { "key": "P", "name": "Partial", - "description": "There is considerable informational disclosure. Access to critical system files is possible. There is a loss of important information, but the attacker doesn't have control over what is obtainable or the scope of the loss is constrained." + "definition": "There is considerable informational disclosure. Access to critical system files is possible. There is a loss of important information, but the attacker doesn't have control over what is obtainable or the scope of the loss is constrained." }, "C": { "key": "C", "name": "Complete", - "description": "A total compromise of critical system information. A complete loss of system protection resulting in all critical system files being revealed. The attacker has sovereign control to read all of the system's data (memory, files, etc)." + "definition": "A total compromise of critical system information. A complete loss of system protection resulting in all critical system files being revealed. The attacker has sovereign control to read all of the system's data (memory, files, etc)." } } }, @@ -1184,23 +1184,23 @@ "key": "C", "version": "2.0.0", "name": "Confidentiality Impact", - "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "definition": "There is no loss of confidentiality within the impacted component." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, { "key": "H", "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." } ] }, @@ -1208,17 +1208,17 @@ "N": { "key": "N", "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "definition": "There is no loss of confidentiality within the impacted component." }, "L": { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, "H": { "key": "H", "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." } } } @@ -1234,23 +1234,23 @@ "key": "VC", "version": "3.0.0", "name": "Confidentiality Impact to the Vulnerable System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "definition": "There is no loss of confidentiality within the impacted component." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, { "key": "H", "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." } ] }, @@ -1258,17 +1258,17 @@ "N": { "key": "N", "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "definition": "There is no loss of confidentiality within the impacted component." }, "L": { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, "H": { "key": "H", "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." } } } @@ -1284,28 +1284,28 @@ "key": "CR", "version": "1.0.0", "name": "Confidentiality Requirement", - "description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "ND", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -1313,22 +1313,22 @@ "L": { "key": "L", "name": "Low", - "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "M": { "key": "M", "name": "Medium", - "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "ND": { "key": "ND", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -1339,28 +1339,28 @@ "key": "CR", "version": "1.1.0", "name": "Confidentiality Requirement", - "description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -1368,22 +1368,22 @@ "L": { "key": "L", "name": "Low", - "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "M": { "key": "M", "name": "Medium", - "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -1394,28 +1394,28 @@ "key": "CR", "version": "1.1.1", "name": "Confidentiality Requirement", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -1423,22 +1423,22 @@ "L": { "key": "L", "name": "Low", - "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "M": { "key": "M", "name": "Medium", - "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -1454,23 +1454,23 @@ "key": "CR_NoX", "version": "1.1.1", "name": "Confidentiality Requirement (without Not Defined)", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } ] }, @@ -1478,17 +1478,17 @@ "L": { "key": "L", "name": "Low", - "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "M": { "key": "M", "name": "Medium", - "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } } } @@ -1504,23 +1504,23 @@ "key": "EQ1", "version": "1.0.0", "name": "Equivalence Set 1", - "description": "AV/PR/UI with 3 levels specified in Table 24", + "definition": "AV/PR/UI with 3 levels specified in Table 24", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: AV:P or not(AV:N or PR:N or UI:N)" + "definition": "2: AV:P or not(AV:N or PR:N or UI:N)" }, { "key": "M", "name": "Medium", - "description": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" + "definition": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" }, { "key": "H", "name": "High", - "description": "0: AV:N and PR:N and UI:N" + "definition": "0: AV:N and PR:N and UI:N" } ] }, @@ -1528,17 +1528,17 @@ "L": { "key": "L", "name": "Low", - "description": "2: AV:P or not(AV:N or PR:N or UI:N)" + "definition": "2: AV:P or not(AV:N or PR:N or UI:N)" }, "M": { "key": "M", "name": "Medium", - "description": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" + "definition": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" }, "H": { "key": "H", "name": "High", - "description": "0: AV:N and PR:N and UI:N" + "definition": "0: AV:N and PR:N and UI:N" } } } @@ -1554,18 +1554,18 @@ "key": "EQ2", "version": "1.0.0", "name": "Equivalence Set 2", - "description": "AC/AT with 2 levels specified in Table 25", + "definition": "AC/AT with 2 levels specified in Table 25", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "1: not (AC:L and AT:N)" + "definition": "1: not (AC:L and AT:N)" }, { "key": "H", "name": "High", - "description": "0: AC:L and AT:N" + "definition": "0: AC:L and AT:N" } ] }, @@ -1573,12 +1573,12 @@ "L": { "key": "L", "name": "Low", - "description": "1: not (AC:L and AT:N)" + "definition": "1: not (AC:L and AT:N)" }, "H": { "key": "H", "name": "High", - "description": "0: AC:L and AT:N" + "definition": "0: AC:L and AT:N" } } } @@ -1594,23 +1594,23 @@ "key": "EQ3", "version": "1.0.0", "name": "Equivalence Set 3", - "description": "VC/VI/VA with 3 levels specified in Table 26", + "definition": "VC/VI/VA with 3 levels specified in Table 26", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: not (VC:H or VI:H or VA:H)" + "definition": "2: not (VC:H or VI:H or VA:H)" }, { "key": "M", "name": "Medium", - "description": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" + "definition": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" }, { "key": "H", "name": "High", - "description": "0: VC:H and VI:H" + "definition": "0: VC:H and VI:H" } ] }, @@ -1618,17 +1618,17 @@ "L": { "key": "L", "name": "Low", - "description": "2: not (VC:H or VI:H or VA:H)" + "definition": "2: not (VC:H or VI:H or VA:H)" }, "M": { "key": "M", "name": "Medium", - "description": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" + "definition": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" }, "H": { "key": "H", "name": "High", - "description": "0: VC:H and VI:H" + "definition": "0: VC:H and VI:H" } } } @@ -1644,23 +1644,23 @@ "key": "EQ4", "version": "1.0.0", "name": "Equivalence Set 4", - "description": "SC/SI/SA with 3 levels specified in Table 27", + "definition": "SC/SI/SA with 3 levels specified in Table 27", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" + "definition": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" }, { "key": "M", "name": "Medium", - "description": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" + "definition": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" }, { "key": "H", "name": "High", - "description": "0: MSI:S or MSA:S" + "definition": "0: MSI:S or MSA:S" } ] }, @@ -1668,17 +1668,17 @@ "L": { "key": "L", "name": "Low", - "description": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" + "definition": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" }, "M": { "key": "M", "name": "Medium", - "description": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" + "definition": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" }, "H": { "key": "H", "name": "High", - "description": "0: MSI:S or MSA:S" + "definition": "0: MSI:S or MSA:S" } } } @@ -1694,23 +1694,23 @@ "key": "EQ5", "version": "1.0.0", "name": "Equivalence Set 5", - "description": "E with 3 levels specified in Table 28", + "definition": "E with 3 levels specified in Table 28", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: E:U" + "definition": "2: E:U" }, { "key": "M", "name": "Medium", - "description": "1: E:P" + "definition": "1: E:P" }, { "key": "H", "name": "High", - "description": "0: E:A" + "definition": "0: E:A" } ] }, @@ -1718,17 +1718,17 @@ "L": { "key": "L", "name": "Low", - "description": "2: E:U" + "definition": "2: E:U" }, "M": { "key": "M", "name": "Medium", - "description": "1: E:P" + "definition": "1: E:P" }, "H": { "key": "H", "name": "High", - "description": "0: E:A" + "definition": "0: E:A" } } } @@ -1744,18 +1744,18 @@ "key": "EQ6", "version": "1.0.0", "name": "Equivalence Set 6", - "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", + "definition": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" + "definition": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" }, { "key": "H", "name": "High", - "description": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" + "definition": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" } ] }, @@ -1763,12 +1763,12 @@ "L": { "key": "L", "name": "Low", - "description": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" + "definition": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" }, "H": { "key": "H", "name": "High", - "description": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" + "definition": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" } } } @@ -1784,28 +1784,28 @@ "key": "E", "version": "1.0.0", "name": "Exploitability", - "description": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", + "definition": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", "schemaVersion": "2.0.0", "values": [ { "key": "U", "name": "Unproven", - "description": "No exploit code is yet available or an exploit method is entirely theoretical." + "definition": "No exploit code is yet available or an exploit method is entirely theoretical." }, { "key": "P", "name": "Proof of Concept", - "description": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." + "definition": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." }, { "key": "F", "name": "Functional", - "description": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." + "definition": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." }, { "key": "H", "name": "High", - "description": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." + "definition": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." } ] }, @@ -1813,22 +1813,22 @@ "U": { "key": "U", "name": "Unproven", - "description": "No exploit code is yet available or an exploit method is entirely theoretical." + "definition": "No exploit code is yet available or an exploit method is entirely theoretical." }, "P": { "key": "P", "name": "Proof of Concept", - "description": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." + "definition": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." }, "F": { "key": "F", "name": "Functional", - "description": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." + "definition": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." }, "H": { "key": "H", "name": "High", - "description": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." + "definition": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." } } }, @@ -1839,33 +1839,33 @@ "key": "E", "version": "1.1.0", "name": "Exploitability", - "description": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", + "definition": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", "schemaVersion": "2.0.0", "values": [ { "key": "U", "name": "Unproven", - "description": "No exploit code is yet available or an exploit method is entirely theoretical." + "definition": "No exploit code is yet available or an exploit method is entirely theoretical." }, { "key": "P", "name": "Proof of Concept", - "description": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." + "definition": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." }, { "key": "F", "name": "Functional", - "description": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." + "definition": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." }, { "key": "H", "name": "High", - "description": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." + "definition": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." }, { "key": "ND", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -1873,27 +1873,27 @@ "U": { "key": "U", "name": "Unproven", - "description": "No exploit code is yet available or an exploit method is entirely theoretical." + "definition": "No exploit code is yet available or an exploit method is entirely theoretical." }, "P": { "key": "P", "name": "Proof of Concept", - "description": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." + "definition": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." }, "F": { "key": "F", "name": "Functional", - "description": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." + "definition": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." }, "H": { "key": "H", "name": "High", - "description": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." + "definition": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." }, "ND": { "key": "ND", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -1904,33 +1904,33 @@ "key": "E", "version": "1.2.0", "name": "Exploit Code Maturity", - "description": "measures the likelihood of the vulnerability being attacked, and is typically based on the current state of exploit techniques, exploit code availability, or active, 'in-the-wild' exploitation", + "definition": "measures the likelihood of the vulnerability being attacked, and is typically based on the current state of exploit techniques, exploit code availability, or active, 'in-the-wild' exploitation", "schemaVersion": "2.0.0", "values": [ { "key": "U", "name": "Unproven", - "description": "No exploit code is available, or an exploit is theoretical." + "definition": "No exploit code is available, or an exploit is theoretical." }, { "key": "POC", "name": "Proof-of-Concept", - "description": "Proof-of-concept exploit code is available, or an attack demonstration is not practical for most systems. The code or technique is not functional in all situations and may require substantial modification by a skilled attacker." + "definition": "Proof-of-concept exploit code is available, or an attack demonstration is not practical for most systems. The code or technique is not functional in all situations and may require substantial modification by a skilled attacker." }, { "key": "F", "name": "Functional", - "description": "Functional exploit code is available. The code works in most situations where the vulnerability exists." + "definition": "Functional exploit code is available. The code works in most situations where the vulnerability exists." }, { "key": "H", "name": "High", - "description": "Functional autonomous code exists, or no exploit is required (manual trigger) and details are widely available. Exploit code works in every situation, or is actively being delivered via an autonomous agent (such as a worm or virus). Network-connected systems are likely to encounter scanning or exploitation attempts. Exploit development has reached the level of reliable, widely-available, easy-to-use automated tools." + "definition": "Functional autonomous code exists, or no exploit is required (manual trigger) and details are widely available. Exploit code works in every situation, or is actively being delivered via an autonomous agent (such as a worm or virus). Network-connected systems are likely to encounter scanning or exploitation attempts. Exploit development has reached the level of reliable, widely-available, easy-to-use automated tools." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -1938,27 +1938,27 @@ "U": { "key": "U", "name": "Unproven", - "description": "No exploit code is available, or an exploit is theoretical." + "definition": "No exploit code is available, or an exploit is theoretical." }, "POC": { "key": "POC", "name": "Proof-of-Concept", - "description": "Proof-of-concept exploit code is available, or an attack demonstration is not practical for most systems. The code or technique is not functional in all situations and may require substantial modification by a skilled attacker." + "definition": "Proof-of-concept exploit code is available, or an attack demonstration is not practical for most systems. The code or technique is not functional in all situations and may require substantial modification by a skilled attacker." }, "F": { "key": "F", "name": "Functional", - "description": "Functional exploit code is available. The code works in most situations where the vulnerability exists." + "definition": "Functional exploit code is available. The code works in most situations where the vulnerability exists." }, "H": { "key": "H", "name": "High", - "description": "Functional autonomous code exists, or no exploit is required (manual trigger) and details are widely available. Exploit code works in every situation, or is actively being delivered via an autonomous agent (such as a worm or virus). Network-connected systems are likely to encounter scanning or exploitation attempts. Exploit development has reached the level of reliable, widely-available, easy-to-use automated tools." + "definition": "Functional autonomous code exists, or no exploit is required (manual trigger) and details are widely available. Exploit code works in every situation, or is actively being delivered via an autonomous agent (such as a worm or virus). Network-connected systems are likely to encounter scanning or exploitation attempts. Exploit development has reached the level of reliable, widely-available, easy-to-use automated tools." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -1969,28 +1969,28 @@ "key": "E", "version": "2.0.0", "name": "Exploit Maturity", - "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation.", + "definition": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation.", "schemaVersion": "2.0.0", "values": [ { "key": "U", "name": "Unreported", - "description": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + "definition": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" }, { "key": "P", "name": "Proof-of-Concept", - "description": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + "definition": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" }, { "key": "A", "name": "Attacked", - "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + "definition": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -1998,22 +1998,22 @@ "U": { "key": "U", "name": "Unreported", - "description": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + "definition": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" }, "P": { "key": "P", "name": "Proof-of-Concept", - "description": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + "definition": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" }, "A": { "key": "A", "name": "Attacked", - "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + "definition": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -2029,23 +2029,23 @@ "key": "E_NoX", "version": "2.0.0", "name": "Exploit Maturity (without Not Defined)", - "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation. This version does not include the Not Defined (X) option.", + "definition": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "U", "name": "Unreported", - "description": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + "definition": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" }, { "key": "P", "name": "Proof-of-Concept", - "description": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + "definition": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" }, { "key": "A", "name": "Attacked", - "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + "definition": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" } ] }, @@ -2053,17 +2053,17 @@ "U": { "key": "U", "name": "Unreported", - "description": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + "definition": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" }, "P": { "key": "P", "name": "Proof-of-Concept", - "description": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + "definition": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" }, "A": { "key": "A", "name": "Attacked", - "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + "definition": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" } } } @@ -2079,28 +2079,28 @@ "key": "IB", "version": "1.0.0", "name": "Impact Bias", - "description": "This metric measures the impact bias of the vulnerability.", + "definition": "This metric measures the impact bias of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Normal", - "description": "Confidentiality Impact, Integrity Impact, and Availability Impact are all assigned the same weight." + "definition": "Confidentiality Impact, Integrity Impact, and Availability Impact are all assigned the same weight." }, { "key": "C", "name": "Confidentiality", - "description": "Confidentiality impact is assigned greater weight than Integrity Impact or Availability Impact." + "definition": "Confidentiality impact is assigned greater weight than Integrity Impact or Availability Impact." }, { "key": "I", "name": "Integrity", - "description": "Integrity Impact is assigned greater weight than Confidentiality Impact or Availability Impact." + "definition": "Integrity Impact is assigned greater weight than Confidentiality Impact or Availability Impact." }, { "key": "A", "name": "Availability", - "description": "Availability Impact is assigned greater weight than Confidentiality Impact or Integrity Impact." + "definition": "Availability Impact is assigned greater weight than Confidentiality Impact or Integrity Impact." } ] }, @@ -2108,22 +2108,22 @@ "N": { "key": "N", "name": "Normal", - "description": "Confidentiality Impact, Integrity Impact, and Availability Impact are all assigned the same weight." + "definition": "Confidentiality Impact, Integrity Impact, and Availability Impact are all assigned the same weight." }, "C": { "key": "C", "name": "Confidentiality", - "description": "Confidentiality impact is assigned greater weight than Integrity Impact or Availability Impact." + "definition": "Confidentiality impact is assigned greater weight than Integrity Impact or Availability Impact." }, "I": { "key": "I", "name": "Integrity", - "description": "Integrity Impact is assigned greater weight than Confidentiality Impact or Availability Impact." + "definition": "Integrity Impact is assigned greater weight than Confidentiality Impact or Availability Impact." }, "A": { "key": "A", "name": "Availability", - "description": "Availability Impact is assigned greater weight than Confidentiality Impact or Integrity Impact." + "definition": "Availability Impact is assigned greater weight than Confidentiality Impact or Integrity Impact." } } } @@ -2139,23 +2139,23 @@ "key": "I", "version": "1.0.0", "name": "Integrity Impact", - "description": "This metric measures the impact on integrity a successful exploit of the vulnerability will have on the target system.", + "definition": "This metric measures the impact on integrity a successful exploit of the vulnerability will have on the target system.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "No impact on integrity." + "definition": "No impact on integrity." }, { "key": "P", "name": "Partial", - "description": "Considerable breach in integrity. Modification of critical system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is constrained. For example, key system or program files may be overwritten or modified, but at random or in a limited context or scope." + "definition": "Considerable breach in integrity. Modification of critical system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is constrained. For example, key system or program files may be overwritten or modified, but at random or in a limited context or scope." }, { "key": "C", "name": "Complete", - "description": "A total compromise of system integrity. There is a complete loss of system protection resulting in the entire system being compromised. The attacker has sovereign control to modify any system files." + "definition": "A total compromise of system integrity. There is a complete loss of system protection resulting in the entire system being compromised. The attacker has sovereign control to modify any system files." } ] }, @@ -2163,17 +2163,17 @@ "N": { "key": "N", "name": "None", - "description": "No impact on integrity." + "definition": "No impact on integrity." }, "P": { "key": "P", "name": "Partial", - "description": "Considerable breach in integrity. Modification of critical system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is constrained. For example, key system or program files may be overwritten or modified, but at random or in a limited context or scope." + "definition": "Considerable breach in integrity. Modification of critical system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is constrained. For example, key system or program files may be overwritten or modified, but at random or in a limited context or scope." }, "C": { "key": "C", "name": "Complete", - "description": "A total compromise of system integrity. There is a complete loss of system protection resulting in the entire system being compromised. The attacker has sovereign control to modify any system files." + "definition": "A total compromise of system integrity. There is a complete loss of system protection resulting in the entire system being compromised. The attacker has sovereign control to modify any system files." } } }, @@ -2184,23 +2184,23 @@ "key": "I", "version": "2.0.0", "name": "Integrity Impact", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to the integrity of the system." + "definition": "There is no impact to the integrity of the system." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "definition": "There is a total loss of integrity, or a complete loss of protection." } ] }, @@ -2208,17 +2208,17 @@ "N": { "key": "N", "name": "None", - "description": "There is no impact to the integrity of the system." + "definition": "There is no impact to the integrity of the system." }, "L": { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "definition": "There is a total loss of integrity, or a complete loss of protection." } } } @@ -2234,23 +2234,23 @@ "key": "VI", "version": "3.0.0", "name": "Integrity Impact to the Vulnerable System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of integrity within the Vulnerable System." + "definition": "There is no loss of integrity within the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "definition": "There is a total loss of integrity, or a complete loss of protection." } ] }, @@ -2258,17 +2258,17 @@ "N": { "key": "N", "name": "None", - "description": "There is no loss of integrity within the Vulnerable System." + "definition": "There is no loss of integrity within the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "definition": "There is a total loss of integrity, or a complete loss of protection." } } } @@ -2284,28 +2284,28 @@ "key": "IR", "version": "1.0.0", "name": "Integrity Requirement", - "description": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "ND", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -2313,22 +2313,22 @@ "L": { "key": "L", "name": "Low", - "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "M": { "key": "M", "name": "Medium", - "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "ND": { "key": "ND", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -2339,28 +2339,28 @@ "key": "IR", "version": "1.1.0", "name": "Integrity Requirement", - "description": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -2368,22 +2368,22 @@ "L": { "key": "L", "name": "Low", - "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "M": { "key": "M", "name": "Medium", - "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -2394,28 +2394,28 @@ "key": "IR", "version": "1.1.1", "name": "Integrity Requirement", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -2423,22 +2423,22 @@ "L": { "key": "L", "name": "Low", - "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "M": { "key": "M", "name": "Medium", - "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -2454,23 +2454,23 @@ "key": "IR_NoX", "version": "1.1.1", "name": "Integrity Requirement (without Not Defined)", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } ] }, @@ -2478,17 +2478,17 @@ "L": { "key": "L", "name": "Low", - "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "M": { "key": "M", "name": "Medium", - "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } } } @@ -2504,23 +2504,23 @@ "key": "SA", "version": "1.0.0", "name": "Availability Impact to the Subsequent System", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", + "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "definition": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } ] }, @@ -2528,17 +2528,17 @@ "N": { "key": "N", "name": "None", - "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "definition": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } } } @@ -2554,28 +2554,28 @@ "key": "MSA", "version": "1.0.0", "name": "Modified Availability Impact to the Subsequent System", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", + "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "definition": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -2583,22 +2583,22 @@ "N": { "key": "N", "name": "None", - "description": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "definition": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -2609,33 +2609,33 @@ "key": "MSA", "version": "1.0.1", "name": "Modified Availability Impact to the Subsequent System", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", + "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "definition": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, { "key": "S", "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] }, @@ -2643,27 +2643,27 @@ "N": { "key": "N", "name": "Negligible", - "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "definition": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, "S": { "key": "S", "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } } } @@ -2679,28 +2679,28 @@ "key": "MSA_NoX", "version": "1.0.1", "name": "Modified Availability Impact to the Subsequent System (without Not Defined)", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System. This version does not include the Not Defined (X) option.", + "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "definition": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, { "key": "S", "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] }, @@ -2708,22 +2708,22 @@ "N": { "key": "N", "name": "Negligible", - "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "definition": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, "S": { "key": "S", "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } } } @@ -2739,23 +2739,23 @@ "key": "SI", "version": "1.0.0", "name": "Integrity Impact to the Subsequent System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "definition": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." } ] }, @@ -2763,17 +2763,17 @@ "N": { "key": "N", "name": "None", - "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "definition": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." } } } @@ -2789,28 +2789,28 @@ "key": "MSI", "version": "1.0.0", "name": "Modified Integrity Impact to the Subsequent System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "definition": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -2818,22 +2818,22 @@ "N": { "key": "N", "name": "None", - "description": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "definition": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -2844,33 +2844,33 @@ "key": "MSI", "version": "1.0.1", "name": "Modified Integrity Impact to the Subsequent System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "definition": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, { "key": "S", "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] }, @@ -2878,27 +2878,27 @@ "N": { "key": "N", "name": "Negligible", - "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "definition": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, "S": { "key": "S", "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } } } @@ -2914,28 +2914,28 @@ "key": "MSI_NoX", "version": "1.0.1", "name": "Modified Integrity Impact to the Subsequent System (without Not Defined)", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest. This version does not include the Not Defined (X) option.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "definition": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." }, { "key": "S", "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] }, @@ -2943,22 +2943,22 @@ "N": { "key": "N", "name": "Negligible", - "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "definition": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." }, "S": { "key": "S", "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } } } @@ -2974,23 +2974,23 @@ "key": "PR", "version": "1.0.0", "name": "Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", + "definition": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." + "definition": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." }, { "key": "L", "name": "Low", - "description": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." + "definition": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." }, { "key": "N", "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." } ] }, @@ -2998,17 +2998,17 @@ "H": { "key": "H", "name": "High", - "description": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." + "definition": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." }, "L": { "key": "L", "name": "Low", - "description": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." + "definition": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." }, "N": { "key": "N", "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." } } }, @@ -3019,23 +3019,23 @@ "key": "PR", "version": "1.0.1", "name": "Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", + "definition": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + "definition": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." }, { "key": "L", "name": "Low", - "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + "definition": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." }, { "key": "N", "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." } ] }, @@ -3043,17 +3043,17 @@ "H": { "key": "H", "name": "High", - "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + "definition": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." }, "L": { "key": "L", "name": "Low", - "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + "definition": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." }, "N": { "key": "N", "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." } } } @@ -3069,33 +3069,33 @@ "key": "QS", "version": "1.0.0", "name": "CVSS Qualitative Severity Rating Scale", - "description": "The CVSS Qualitative Severity Rating Scale provides a categorical representation of a CVSS Score.", + "definition": "The CVSS Qualitative Severity Rating Scale provides a categorical representation of a CVSS Score.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "No severity rating (0.0)" + "definition": "No severity rating (0.0)" }, { "key": "L", "name": "Low", - "description": "Low (0.1 - 3.9)" + "definition": "Low (0.1 - 3.9)" }, { "key": "M", "name": "Medium", - "description": "Medium (4.0 - 6.9)" + "definition": "Medium (4.0 - 6.9)" }, { "key": "H", "name": "High", - "description": "High (7.0 - 8.9)" + "definition": "High (7.0 - 8.9)" }, { "key": "C", "name": "Critical", - "description": "Critical (9.0 - 10.0)" + "definition": "Critical (9.0 - 10.0)" } ] }, @@ -3103,27 +3103,27 @@ "N": { "key": "N", "name": "None", - "description": "No severity rating (0.0)" + "definition": "No severity rating (0.0)" }, "L": { "key": "L", "name": "Low", - "description": "Low (0.1 - 3.9)" + "definition": "Low (0.1 - 3.9)" }, "M": { "key": "M", "name": "Medium", - "description": "Medium (4.0 - 6.9)" + "definition": "Medium (4.0 - 6.9)" }, "H": { "key": "H", "name": "High", - "description": "High (7.0 - 8.9)" + "definition": "High (7.0 - 8.9)" }, "C": { "key": "C", "name": "Critical", - "description": "Critical (9.0 - 10.0)" + "definition": "Critical (9.0 - 10.0)" } } } @@ -3139,28 +3139,28 @@ "key": "RL", "version": "1.0.0", "name": "Remediation Level", - "description": "This metric measures the remediation status of a vulnerability.", + "definition": "This metric measures the remediation status of a vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "OF", "name": "Official Fix", - "description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." + "definition": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." }, { "key": "TF", "name": "Temporary Fix", - "description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + "definition": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." }, { "key": "W", "name": "Workaround", - "description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + "definition": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." }, { "key": "U", "name": "Unavailable", - "description": "There is either no solution available or it is impossible to apply." + "definition": "There is either no solution available or it is impossible to apply." } ] }, @@ -3168,22 +3168,22 @@ "OF": { "key": "OF", "name": "Official Fix", - "description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." + "definition": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." }, "TF": { "key": "TF", "name": "Temporary Fix", - "description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + "definition": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." }, "W": { "key": "W", "name": "Workaround", - "description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + "definition": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." }, "U": { "key": "U", "name": "Unavailable", - "description": "There is either no solution available or it is impossible to apply." + "definition": "There is either no solution available or it is impossible to apply." } } }, @@ -3194,33 +3194,33 @@ "key": "RL", "version": "1.1.0", "name": "Remediation Level", - "description": "This metric measures the remediation status of a vulnerability.", + "definition": "This metric measures the remediation status of a vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "OF", "name": "Official Fix", - "description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." + "definition": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." }, { "key": "TF", "name": "Temporary Fix", - "description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + "definition": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." }, { "key": "W", "name": "Workaround", - "description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + "definition": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." }, { "key": "U", "name": "Unavailable", - "description": "There is either no solution available or it is impossible to apply." + "definition": "There is either no solution available or it is impossible to apply." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -3228,27 +3228,27 @@ "OF": { "key": "OF", "name": "Official Fix", - "description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." + "definition": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." }, "TF": { "key": "TF", "name": "Temporary Fix", - "description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + "definition": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." }, "W": { "key": "W", "name": "Workaround", - "description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + "definition": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." }, "U": { "key": "U", "name": "Unavailable", - "description": "There is either no solution available or it is impossible to apply." + "definition": "There is either no solution available or it is impossible to apply." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -3264,23 +3264,23 @@ "key": "RC", "version": "1.0.0", "name": "Report Confidence", - "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", + "definition": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "schemaVersion": "2.0.0", "values": [ { "key": "UC", "name": "Unconfirmed", - "description": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." + "definition": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." }, { "key": "UR", "name": "Uncorroborated", - "description": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + "definition": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." }, { "key": "C", "name": "Confirmed", - "description": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." + "definition": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." } ] }, @@ -3288,17 +3288,17 @@ "UC": { "key": "UC", "name": "Unconfirmed", - "description": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." + "definition": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." }, "UR": { "key": "UR", "name": "Uncorroborated", - "description": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + "definition": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." }, "C": { "key": "C", "name": "Confirmed", - "description": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." + "definition": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." } } }, @@ -3309,28 +3309,28 @@ "key": "RC", "version": "1.1.0", "name": "Report Confidence", - "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", + "definition": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "schemaVersion": "2.0.0", "values": [ { "key": "UC", "name": "Unconfirmed", - "description": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." + "definition": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." }, { "key": "UR", "name": "Uncorroborated", - "description": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + "definition": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." }, { "key": "C", "name": "Confirmed", - "description": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." + "definition": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." }, { "key": "ND", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -3338,22 +3338,22 @@ "UC": { "key": "UC", "name": "Unconfirmed", - "description": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." + "definition": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." }, "UR": { "key": "UR", "name": "Uncorroborated", - "description": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + "definition": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." }, "C": { "key": "C", "name": "Confirmed", - "description": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." + "definition": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." }, "ND": { "key": "ND", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -3364,28 +3364,28 @@ "key": "RC", "version": "2.0.0", "name": "Report Confidence", - "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", + "definition": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "schemaVersion": "2.0.0", "values": [ { "key": "U", "name": "Unknown", - "description": "There are reports of impacts that indicate a vulnerability is present. The reports indicate that the cause of the vulnerability is unknown, or reports may differ on the cause or impacts of the vulnerability. Reporters are uncertain of the true nature of the vulnerability, and there is little confidence in the validity of the reports or whether a static Base score can be applied given the differences described." + "definition": "There are reports of impacts that indicate a vulnerability is present. The reports indicate that the cause of the vulnerability is unknown, or reports may differ on the cause or impacts of the vulnerability. Reporters are uncertain of the true nature of the vulnerability, and there is little confidence in the validity of the reports or whether a static Base score can be applied given the differences described." }, { "key": "R", "name": "Reasonable", - "description": "Significant details are published, but researchers either do not have full confidence in the root cause, or do not have access to source code to fully confirm all of the interactions that may lead to the result. Reasonable confidence exists, however, that the bug is reproducible and at least one impact is able to be verified (proof-of-concept exploits may provide this)." + "definition": "Significant details are published, but researchers either do not have full confidence in the root cause, or do not have access to source code to fully confirm all of the interactions that may lead to the result. Reasonable confidence exists, however, that the bug is reproducible and at least one impact is able to be verified (proof-of-concept exploits may provide this)." }, { "key": "C", "name": "Confirmed", - "description": "Detailed reports exist, or functional reproduction is possible (functional exploits may provide this). Source code is available to independently verify the assertions of the research, or the author or vendor of the affected code has confirmed the presence of the vulnerability." + "definition": "Detailed reports exist, or functional reproduction is possible (functional exploits may provide this). Source code is available to independently verify the assertions of the research, or the author or vendor of the affected code has confirmed the presence of the vulnerability." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -3393,22 +3393,22 @@ "U": { "key": "U", "name": "Unknown", - "description": "There are reports of impacts that indicate a vulnerability is present. The reports indicate that the cause of the vulnerability is unknown, or reports may differ on the cause or impacts of the vulnerability. Reporters are uncertain of the true nature of the vulnerability, and there is little confidence in the validity of the reports or whether a static Base score can be applied given the differences described." + "definition": "There are reports of impacts that indicate a vulnerability is present. The reports indicate that the cause of the vulnerability is unknown, or reports may differ on the cause or impacts of the vulnerability. Reporters are uncertain of the true nature of the vulnerability, and there is little confidence in the validity of the reports or whether a static Base score can be applied given the differences described." }, "R": { "key": "R", "name": "Reasonable", - "description": "Significant details are published, but researchers either do not have full confidence in the root cause, or do not have access to source code to fully confirm all of the interactions that may lead to the result. Reasonable confidence exists, however, that the bug is reproducible and at least one impact is able to be verified (proof-of-concept exploits may provide this)." + "definition": "Significant details are published, but researchers either do not have full confidence in the root cause, or do not have access to source code to fully confirm all of the interactions that may lead to the result. Reasonable confidence exists, however, that the bug is reproducible and at least one impact is able to be verified (proof-of-concept exploits may provide this)." }, "C": { "key": "C", "name": "Confirmed", - "description": "Detailed reports exist, or functional reproduction is possible (functional exploits may provide this). Source code is available to independently verify the assertions of the research, or the author or vendor of the affected code has confirmed the presence of the vulnerability." + "definition": "Detailed reports exist, or functional reproduction is possible (functional exploits may provide this). Source code is available to independently verify the assertions of the research, or the author or vendor of the affected code has confirmed the presence of the vulnerability." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -3424,18 +3424,18 @@ "key": "S", "version": "1.0.0", "name": "Scope", - "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", + "definition": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", "schemaVersion": "2.0.0", "values": [ { "key": "U", "name": "Unchanged", - "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + "definition": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." }, { "key": "C", "name": "Changed", - "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + "definition": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." } ] }, @@ -3443,12 +3443,12 @@ "U": { "key": "U", "name": "Unchanged", - "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + "definition": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." }, "C": { "key": "C", "name": "Changed", - "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + "definition": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." } } } @@ -3464,23 +3464,23 @@ "key": "SC", "version": "1.0.0", "name": "Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "definition": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." } ] }, @@ -3488,17 +3488,17 @@ "N": { "key": "N", "name": "Negligible", - "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "definition": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." } } } @@ -3514,23 +3514,23 @@ "key": "AU", "version": "1.0.0", "name": "Automatable", - "description": "The \"Automatable\" metric captures the answer to the question \"Can an attacker automate exploitation events for this vulnerability across multiple targets?\" based on steps 1-4 of the kill chain.", + "definition": "The \"Automatable\" metric captures the answer to the question \"Can an attacker automate exploitation events for this vulnerability across multiple targets?\" based on steps 1-4 of the kill chain.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + "definition": "Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." }, { "key": "Y", "name": "Yes", - "description": "Attackers can reliably automate all 4 steps of the kill chain. These steps are reconnaissance, weaponization, delivery, and exploitation (e.g., the vulnerability is \"wormable\")." + "definition": "Attackers can reliably automate all 4 steps of the kill chain. These steps are reconnaissance, weaponization, delivery, and exploitation (e.g., the vulnerability is \"wormable\")." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -3538,17 +3538,17 @@ "N": { "key": "N", "name": "No", - "description": "Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + "definition": "Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." }, "Y": { "key": "Y", "name": "Yes", - "description": "Attackers can reliably automate all 4 steps of the kill chain. These steps are reconnaissance, weaponization, delivery, and exploitation (e.g., the vulnerability is \"wormable\")." + "definition": "Attackers can reliably automate all 4 steps of the kill chain. These steps are reconnaissance, weaponization, delivery, and exploitation (e.g., the vulnerability is \"wormable\")." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -3564,33 +3564,33 @@ "key": "U", "version": "1.0.0", "name": "Provider Urgency", - "description": "Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional \"pass-through\" Supplemental Metric called Provider Urgency is available.", + "definition": "Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional \"pass-through\" Supplemental Metric called Provider Urgency is available.", "schemaVersion": "2.0.0", "values": [ { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, { "key": "C", "name": "Clear", - "description": "Provider has assessed the impact of this vulnerability as having no urgency (Informational)." + "definition": "Provider has assessed the impact of this vulnerability as having no urgency (Informational)." }, { "key": "G", "name": "Green", - "description": "Provider has assessed the impact of this vulnerability as having a reduced urgency." + "definition": "Provider has assessed the impact of this vulnerability as having a reduced urgency." }, { "key": "A", "name": "Amber", - "description": "Provider has assessed the impact of this vulnerability as having a moderate urgency." + "definition": "Provider has assessed the impact of this vulnerability as having a moderate urgency." }, { "key": "R", "name": "Red", - "description": "Provider has assessed the impact of this vulnerability as having the highest urgency." + "definition": "Provider has assessed the impact of this vulnerability as having the highest urgency." } ] }, @@ -3598,27 +3598,27 @@ "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, "C": { "key": "C", "name": "Clear", - "description": "Provider has assessed the impact of this vulnerability as having no urgency (Informational)." + "definition": "Provider has assessed the impact of this vulnerability as having no urgency (Informational)." }, "G": { "key": "G", "name": "Green", - "description": "Provider has assessed the impact of this vulnerability as having a reduced urgency." + "definition": "Provider has assessed the impact of this vulnerability as having a reduced urgency." }, "A": { "key": "A", "name": "Amber", - "description": "Provider has assessed the impact of this vulnerability as having a moderate urgency." + "definition": "Provider has assessed the impact of this vulnerability as having a moderate urgency." }, "R": { "key": "R", "name": "Red", - "description": "Provider has assessed the impact of this vulnerability as having the highest urgency." + "definition": "Provider has assessed the impact of this vulnerability as having the highest urgency." } } } @@ -3634,28 +3634,28 @@ "key": "R", "version": "1.0.0", "name": "Recovery", - "description": "The Recovery metric describes the resilience of a system to recover services, in terms of performance and availability, after an attack has been performed.", + "definition": "The Recovery metric describes the resilience of a system to recover services, in terms of performance and availability, after an attack has been performed.", "schemaVersion": "2.0.0", "values": [ { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, { "key": "A", "name": "Automatic", - "description": "The system recovers services automatically after an attack has been performed." + "definition": "The system recovers services automatically after an attack has been performed." }, { "key": "U", "name": "User", - "description": "The system requires manual intervention by the user to recover services, after an attack has been performed." + "definition": "The system requires manual intervention by the user to recover services, after an attack has been performed." }, { "key": "I", "name": "Irrecoverable", - "description": "The system services are irrecoverable by the user, after an attack has been performed." + "definition": "The system services are irrecoverable by the user, after an attack has been performed." } ] }, @@ -3663,22 +3663,22 @@ "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, "A": { "key": "A", "name": "Automatic", - "description": "The system recovers services automatically after an attack has been performed." + "definition": "The system recovers services automatically after an attack has been performed." }, "U": { "key": "U", "name": "User", - "description": "The system requires manual intervention by the user to recover services, after an attack has been performed." + "definition": "The system requires manual intervention by the user to recover services, after an attack has been performed." }, "I": { "key": "I", "name": "Irrecoverable", - "description": "The system services are irrecoverable by the user, after an attack has been performed." + "definition": "The system services are irrecoverable by the user, after an attack has been performed." } } } @@ -3694,23 +3694,23 @@ "key": "SF", "version": "1.0.0", "name": "Safety", - "description": "The Safety decision point is a measure of the potential for harm to humans or the environment.", + "definition": "The Safety decision point is a measure of the potential for harm to humans or the environment.", "schemaVersion": "2.0.0", "values": [ { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, { "key": "P", "name": "Present", - "description": "Consequences of the vulnerability meet definition of IEC 61508 consequence categories of \"marginal,\" \"critical,\" or \"catastrophic.\"" + "definition": "Consequences of the vulnerability meet definition of IEC 61508 consequence categories of \"marginal,\" \"critical,\" or \"catastrophic.\"" }, { "key": "N", "name": "Negligible", - "description": "Consequences of the vulnerability meet definition of IEC 61508 consequence category \"negligible.\"" + "definition": "Consequences of the vulnerability meet definition of IEC 61508 consequence category \"negligible.\"" } ] }, @@ -3718,17 +3718,17 @@ "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, "P": { "key": "P", "name": "Present", - "description": "Consequences of the vulnerability meet definition of IEC 61508 consequence categories of \"marginal,\" \"critical,\" or \"catastrophic.\"" + "definition": "Consequences of the vulnerability meet definition of IEC 61508 consequence categories of \"marginal,\" \"critical,\" or \"catastrophic.\"" }, "N": { "key": "N", "name": "Negligible", - "description": "Consequences of the vulnerability meet definition of IEC 61508 consequence category \"negligible.\"" + "definition": "Consequences of the vulnerability meet definition of IEC 61508 consequence category \"negligible.\"" } } } @@ -3744,23 +3744,23 @@ "key": "V", "version": "1.0.0", "name": "Value Density", - "description": "Value Density describes the resources that the attacker will gain control over with a single exploitation event. It has two possible values, diffuse and concentrated.", + "definition": "Value Density describes the resources that the attacker will gain control over with a single exploitation event. It has two possible values, diffuse and concentrated.", "schemaVersion": "2.0.0", "values": [ { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, { "key": "D", "name": "Diffuse", - "description": "The vulnerable system has limited resources. That is, the resources that the attacker will gain control over with a single exploitation event are relatively small." + "definition": "The vulnerable system has limited resources. That is, the resources that the attacker will gain control over with a single exploitation event are relatively small." }, { "key": "C", "name": "Concentrated", - "description": "The vulnerable system is rich in resources. Heuristically, such systems are often the direct responsibility of \"system operators\" rather than users." + "definition": "The vulnerable system is rich in resources. Heuristically, such systems are often the direct responsibility of \"system operators\" rather than users." } ] }, @@ -3768,17 +3768,17 @@ "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, "D": { "key": "D", "name": "Diffuse", - "description": "The vulnerable system has limited resources. That is, the resources that the attacker will gain control over with a single exploitation event are relatively small." + "definition": "The vulnerable system has limited resources. That is, the resources that the attacker will gain control over with a single exploitation event are relatively small." }, "C": { "key": "C", "name": "Concentrated", - "description": "The vulnerable system is rich in resources. Heuristically, such systems are often the direct responsibility of \"system operators\" rather than users." + "definition": "The vulnerable system is rich in resources. Heuristically, such systems are often the direct responsibility of \"system operators\" rather than users." } } } @@ -3794,28 +3794,28 @@ "key": "RE", "version": "1.0.0", "name": "Vulnerability Response Effort", - "description": "The intention of the Vulnerability Response Effort metric is to provide supplemental information on how difficult it is for consumers to provide an initial response to the impact of vulnerabilities for deployed products and services in their infrastructure. The consumer can then take this additional information on effort required into consideration when applying mitigations and/or scheduling remediation.", + "definition": "The intention of the Vulnerability Response Effort metric is to provide supplemental information on how difficult it is for consumers to provide an initial response to the impact of vulnerabilities for deployed products and services in their infrastructure. The consumer can then take this additional information on effort required into consideration when applying mitigations and/or scheduling remediation.", "schemaVersion": "2.0.0", "values": [ { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, { "key": "L", "name": "Low", - "description": "The effort required to respond to a vulnerability is low/trivial." + "definition": "The effort required to respond to a vulnerability is low/trivial." }, { "key": "M", "name": "Moderate", - "description": "The actions required to respond to a vulnerability require some effort on behalf of the consumer and could cause minimal service impact to implement." + "definition": "The actions required to respond to a vulnerability require some effort on behalf of the consumer and could cause minimal service impact to implement." }, { "key": "H", "name": "High", - "description": "The actions required to respond to a vulnerability are significant and/or difficult, and may possibly lead to an extended, scheduled service impact. This would need to be considered for scheduling purposes including honoring any embargo on deployment of the selected response. Alternatively, response to the vulnerability in the field is not possible remotely. The only resolution to the vulnerability involves physical replacement (e.g. units deployed would have to be recalled for a depot level repair or replacement)." + "definition": "The actions required to respond to a vulnerability are significant and/or difficult, and may possibly lead to an extended, scheduled service impact. This would need to be considered for scheduling purposes including honoring any embargo on deployment of the selected response. Alternatively, response to the vulnerability in the field is not possible remotely. The only resolution to the vulnerability involves physical replacement (e.g. units deployed would have to be recalled for a depot level repair or replacement)." } ] }, @@ -3823,22 +3823,22 @@ "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." }, "L": { "key": "L", "name": "Low", - "description": "The effort required to respond to a vulnerability is low/trivial." + "definition": "The effort required to respond to a vulnerability is low/trivial." }, "M": { "key": "M", "name": "Moderate", - "description": "The actions required to respond to a vulnerability require some effort on behalf of the consumer and could cause minimal service impact to implement." + "definition": "The actions required to respond to a vulnerability require some effort on behalf of the consumer and could cause minimal service impact to implement." }, "H": { "key": "H", "name": "High", - "description": "The actions required to respond to a vulnerability are significant and/or difficult, and may possibly lead to an extended, scheduled service impact. This would need to be considered for scheduling purposes including honoring any embargo on deployment of the selected response. Alternatively, response to the vulnerability in the field is not possible remotely. The only resolution to the vulnerability involves physical replacement (e.g. units deployed would have to be recalled for a depot level repair or replacement)." + "definition": "The actions required to respond to a vulnerability are significant and/or difficult, and may possibly lead to an extended, scheduled service impact. This would need to be considered for scheduling purposes including honoring any embargo on deployment of the selected response. Alternatively, response to the vulnerability in the field is not possible remotely. The only resolution to the vulnerability involves physical replacement (e.g. units deployed would have to be recalled for a depot level repair or replacement)." } } } @@ -3854,28 +3854,28 @@ "key": "TD", "version": "1.0.0", "name": "Target Distribution", - "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", + "definition": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." + "definition": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." }, { "key": "L", "name": "Low", - "description": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + "definition": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." }, { "key": "M", "name": "Medium", - "description": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + "definition": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." }, { "key": "H", "name": "High", - "description": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + "definition": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." } ] }, @@ -3883,22 +3883,22 @@ "N": { "key": "N", "name": "None", - "description": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." + "definition": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." }, "L": { "key": "L", "name": "Low", - "description": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + "definition": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." }, "M": { "key": "M", "name": "Medium", - "description": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + "definition": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." }, "H": { "key": "H", "name": "High", - "description": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + "definition": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." } } }, @@ -3909,33 +3909,33 @@ "key": "TD", "version": "1.1.0", "name": "Target Distribution", - "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", + "definition": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." + "definition": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." }, { "key": "L", "name": "Low", - "description": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + "definition": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." }, { "key": "M", "name": "Medium", - "description": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + "definition": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." }, { "key": "H", "name": "High", - "description": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + "definition": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -3943,27 +3943,27 @@ "N": { "key": "N", "name": "None", - "description": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." + "definition": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." }, "L": { "key": "L", "name": "Low", - "description": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + "definition": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." }, "M": { "key": "M", "name": "Medium", - "description": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + "definition": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." }, "H": { "key": "H", "name": "High", - "description": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + "definition": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -3979,18 +3979,18 @@ "key": "UI", "version": "1.0.0", "name": "User Interaction", - "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", + "definition": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", "schemaVersion": "2.0.0", "values": [ { "key": "R", "name": "Required", - "description": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + "definition": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." }, { "key": "N", "name": "None", - "description": "The vulnerable system can be exploited without interaction from any user." + "definition": "The vulnerable system can be exploited without interaction from any user." } ] }, @@ -3998,12 +3998,12 @@ "R": { "key": "R", "name": "Required", - "description": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + "definition": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." }, "N": { "key": "N", "name": "None", - "description": "The vulnerable system can be exploited without interaction from any user." + "definition": "The vulnerable system can be exploited without interaction from any user." } } }, @@ -4014,23 +4014,23 @@ "key": "UI", "version": "2.0.0", "name": "User Interaction", - "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", + "definition": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "schemaVersion": "2.0.0", "values": [ { "key": "A", "name": "Active", - "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + "definition": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." }, { "key": "P", "name": "Passive", - "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + "definition": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." }, { "key": "N", "name": "None", - "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + "definition": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." } ] }, @@ -4038,17 +4038,17 @@ "A": { "key": "A", "name": "Active", - "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + "definition": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." }, "P": { "key": "P", "name": "Passive", - "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + "definition": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." }, "N": { "key": "N", "name": "None", - "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + "definition": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." } } } @@ -4064,33 +4064,33 @@ "key": "CVSS", "version": "1.0.0", "name": "CVSS Qualitative Severity Rating Scale", - "description": "The CVSS Qualitative Severity Rating Scale group.", + "definition": "The CVSS Qualitative Severity Rating Scale group.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "None (0.0)" + "definition": "None (0.0)" }, { "key": "L", "name": "Low", - "description": "Low (0.1-3.9)" + "definition": "Low (0.1-3.9)" }, { "key": "M", "name": "Medium", - "description": "Medium (4.0-6.9)" + "definition": "Medium (4.0-6.9)" }, { "key": "H", "name": "High", - "description": "High (7.0-8.9)" + "definition": "High (7.0-8.9)" }, { "key": "C", "name": "Critical", - "description": "Critical (9.0-10.0)" + "definition": "Critical (9.0-10.0)" } ] }, @@ -4098,27 +4098,27 @@ "N": { "key": "N", "name": "None", - "description": "None (0.0)" + "definition": "None (0.0)" }, "L": { "key": "L", "name": "Low", - "description": "Low (0.1-3.9)" + "definition": "Low (0.1-3.9)" }, "M": { "key": "M", "name": "Medium", - "description": "Medium (4.0-6.9)" + "definition": "Medium (4.0-6.9)" }, "H": { "key": "H", "name": "High", - "description": "High (7.0-8.9)" + "definition": "High (7.0-8.9)" }, "C": { "key": "C", "name": "Critical", - "description": "Critical (9.0-10.0)" + "definition": "Critical (9.0-10.0)" } } } @@ -4134,33 +4134,33 @@ "key": "MAV", "version": "3.0.0", "name": "Modified Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. ", + "definition": "This metric reflects the context by which vulnerability exploitation is possible. ", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Physical", - "description": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." + "definition": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." }, { "key": "L", "name": "Local", - "description": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." + "definition": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." }, { "key": "A", "name": "Adjacent", - "description": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + "definition": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." }, { "key": "N", "name": "Network", - "description": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." + "definition": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -4168,27 +4168,27 @@ "P": { "key": "P", "name": "Physical", - "description": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." + "definition": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." }, "L": { "key": "L", "name": "Local", - "description": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." + "definition": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." }, "A": { "key": "A", "name": "Adjacent", - "description": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + "definition": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." }, "N": { "key": "N", "name": "Network", - "description": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." + "definition": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -4199,33 +4199,33 @@ "key": "MAV", "version": "3.0.1", "name": "Modified Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", + "definition": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Physical", - "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + "definition": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." }, { "key": "L", "name": "Local", - "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + "definition": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." }, { "key": "A", "name": "Adjacent", - "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + "definition": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." }, { "key": "N", "name": "Network", - "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + "definition": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -4233,27 +4233,27 @@ "P": { "key": "P", "name": "Physical", - "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + "definition": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." }, "L": { "key": "L", "name": "Local", - "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + "definition": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." }, "A": { "key": "A", "name": "Adjacent", - "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + "definition": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." }, "N": { "key": "N", "name": "Network", - "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + "definition": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -4269,23 +4269,23 @@ "key": "MAC", "version": "3.0.0", "name": "Modified Attack Complexity", - "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", + "definition": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "A successful attack depends on conditions beyond the attacker's control." + "definition": "A successful attack depends on conditions beyond the attacker's control." }, { "key": "L", "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." + "definition": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -4293,17 +4293,17 @@ "H": { "key": "H", "name": "High", - "description": "A successful attack depends on conditions beyond the attacker's control." + "definition": "A successful attack depends on conditions beyond the attacker's control." }, "L": { "key": "L", "name": "Low", - "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." + "definition": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -4314,23 +4314,23 @@ "key": "MAC", "version": "3.0.1", "name": "Modified Attack Complexity", - "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", + "definition": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + "definition": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." }, { "key": "L", "name": "Low", - "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + "definition": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -4338,17 +4338,17 @@ "H": { "key": "H", "name": "High", - "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + "definition": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." }, "L": { "key": "L", "name": "Low", - "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + "definition": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -4364,28 +4364,28 @@ "key": "MPR", "version": "1.0.0", "name": "Modified Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", + "definition": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." + "definition": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." }, { "key": "L", "name": "Low", - "description": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." + "definition": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." }, { "key": "N", "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -4393,22 +4393,22 @@ "H": { "key": "H", "name": "High", - "description": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." + "definition": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." }, "L": { "key": "L", "name": "Low", - "description": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." + "definition": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." }, "N": { "key": "N", "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -4419,28 +4419,28 @@ "key": "MPR", "version": "1.0.1", "name": "Modified Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", + "definition": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + "definition": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." }, { "key": "L", "name": "Low", - "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + "definition": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." }, { "key": "N", "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -4448,22 +4448,22 @@ "H": { "key": "H", "name": "High", - "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + "definition": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." }, "L": { "key": "L", "name": "Low", - "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + "definition": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." }, "N": { "key": "N", "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -4479,23 +4479,23 @@ "key": "MUI", "version": "1.0.0", "name": "Modified User Interaction", - "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", + "definition": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", "schemaVersion": "2.0.0", "values": [ { "key": "R", "name": "Required", - "description": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + "definition": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." }, { "key": "N", "name": "None", - "description": "The vulnerable system can be exploited without interaction from any user." + "definition": "The vulnerable system can be exploited without interaction from any user." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -4503,17 +4503,17 @@ "R": { "key": "R", "name": "Required", - "description": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + "definition": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." }, "N": { "key": "N", "name": "None", - "description": "The vulnerable system can be exploited without interaction from any user." + "definition": "The vulnerable system can be exploited without interaction from any user." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -4524,28 +4524,28 @@ "key": "MUI", "version": "2.0.0", "name": "Modified User Interaction", - "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", + "definition": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "schemaVersion": "2.0.0", "values": [ { "key": "A", "name": "Active", - "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + "definition": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." }, { "key": "P", "name": "Passive", - "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + "definition": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." }, { "key": "N", "name": "None", - "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + "definition": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -4553,22 +4553,22 @@ "A": { "key": "A", "name": "Active", - "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + "definition": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." }, "P": { "key": "P", "name": "Passive", - "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + "definition": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." }, "N": { "key": "N", "name": "None", - "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + "definition": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -4584,23 +4584,23 @@ "key": "MS", "version": "1.0.0", "name": "Modified Scope", - "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", + "definition": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", "schemaVersion": "2.0.0", "values": [ { "key": "U", "name": "Unchanged", - "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + "definition": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." }, { "key": "C", "name": "Changed", - "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + "definition": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -4608,17 +4608,17 @@ "U": { "key": "U", "name": "Unchanged", - "description": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + "definition": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." }, "C": { "key": "C", "name": "Changed", - "description": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + "definition": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -4634,28 +4634,28 @@ "key": "MC", "version": "2.0.0", "name": "Modified Confidentiality Impact", - "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "definition": "There is no loss of confidentiality within the impacted component." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, { "key": "H", "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -4663,22 +4663,22 @@ "N": { "key": "N", "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "definition": "There is no loss of confidentiality within the impacted component." }, "L": { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, "H": { "key": "H", "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -4694,28 +4694,28 @@ "key": "MI", "version": "2.0.0", "name": "Modified Integrity Impact", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to the integrity of the system." + "definition": "There is no impact to the integrity of the system." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "definition": "There is a total loss of integrity, or a complete loss of protection." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -4723,22 +4723,22 @@ "N": { "key": "N", "name": "None", - "description": "There is no impact to the integrity of the system." + "definition": "There is no impact to the integrity of the system." }, "L": { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "definition": "There is a total loss of integrity, or a complete loss of protection." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -4754,28 +4754,28 @@ "key": "MA", "version": "2.0.0", "name": "Modified Availability Impact", - "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to availability of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to the availability of the system." + "definition": "There is no impact to the availability of the system." }, { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability." + "definition": "There is reduced performance or interruptions in resource availability." }, { "key": "H", "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -4783,22 +4783,22 @@ "N": { "key": "N", "name": "None", - "description": "There is no impact to the availability of the system." + "definition": "There is no impact to the availability of the system." }, "L": { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability." + "definition": "There is reduced performance or interruptions in resource availability." }, "H": { "key": "H", "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -4814,23 +4814,23 @@ "key": "MAT", "version": "1.0.0", "name": "Modified Attack Requirements", - "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", + "definition": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Present", - "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + "definition": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." }, { "key": "N", "name": "None", - "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + "definition": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -4838,17 +4838,17 @@ "P": { "key": "P", "name": "Present", - "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + "definition": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." }, "N": { "key": "N", "name": "None", - "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + "definition": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -4864,28 +4864,28 @@ "key": "MVC", "version": "3.0.0", "name": "Modified Confidentiality Impact to the Vulnerable System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "definition": "There is no loss of confidentiality within the impacted component." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, { "key": "H", "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -4893,22 +4893,22 @@ "N": { "key": "N", "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "definition": "There is no loss of confidentiality within the impacted component." }, "L": { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, "H": { "key": "H", "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -4924,28 +4924,28 @@ "key": "MVI", "version": "3.0.0", "name": "Modified Integrity Impact to the Vulnerable System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of integrity within the Vulnerable System." + "definition": "There is no loss of integrity within the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "definition": "There is a total loss of integrity, or a complete loss of protection." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -4953,22 +4953,22 @@ "N": { "key": "N", "name": "None", - "description": "There is no loss of integrity within the Vulnerable System." + "definition": "There is no loss of integrity within the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "definition": "There is a total loss of integrity, or a complete loss of protection." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -4984,28 +4984,28 @@ "key": "MVA", "version": "3.0.0", "name": "Modified Availability Impact to the Vulnerable System", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to availability within the Vulnerable System." + "definition": "There is no impact to availability within the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + "definition": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." }, { "key": "H", "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -5013,22 +5013,22 @@ "N": { "key": "N", "name": "None", - "description": "There is no impact to availability within the Vulnerable System." + "definition": "There is no impact to availability within the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + "definition": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." }, "H": { "key": "H", "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -5044,28 +5044,28 @@ "key": "MSC", "version": "1.0.0", "name": "Modified Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "definition": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -5073,22 +5073,22 @@ "N": { "key": "N", "name": "Negligible", - "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "definition": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -5099,28 +5099,28 @@ "key": "MSC", "version": "1.0.1", "name": "Modified Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "definition": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." }, { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -5128,22 +5128,22 @@ "N": { "key": "N", "name": "Negligible", - "description": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "definition": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, "H": { "key": "H", "name": "High", - "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." }, "X": { "key": "X", "name": "Not Defined", - "description": "This metric value is not defined. See CVSS documentation for details." + "definition": "This metric value is not defined. See CVSS documentation for details." } } } @@ -5164,18 +5164,18 @@ "key": "V", "version": "1.0.0", "name": "Virulence", - "description": "The speed at which the vulnerability can be exploited.", + "definition": "The speed at which the vulnerability can be exploited.", "schemaVersion": "2.0.0", "values": [ { "key": "S", "name": "Slow", - "description": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + "definition": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." }, { "key": "R", "name": "Rapid", - "description": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote code execution or command injection, the default response should be rapid." + "definition": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote code execution or command injection, the default response should be rapid." } ] }, @@ -5183,12 +5183,12 @@ "S": { "key": "S", "name": "Slow", - "description": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + "definition": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." }, "R": { "key": "R", "name": "Rapid", - "description": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote code execution or command injection, the default response should be rapid." + "definition": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote code execution or command injection, the default response should be rapid." } } } @@ -5204,18 +5204,18 @@ "key": "A", "version": "2.0.0", "name": "Automatable", - "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "definition": "Can an attacker reliably automate creating exploitation events for this vulnerability?", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + "definition": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." }, { "key": "Y", "name": "Yes", - "description": "Attackers can reliably automate steps 1-4 of the kill chain." + "definition": "Attackers can reliably automate steps 1-4 of the kill chain." } ] }, @@ -5223,12 +5223,12 @@ "N": { "key": "N", "name": "No", - "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + "definition": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." }, "Y": { "key": "Y", "name": "Yes", - "description": "Attackers can reliably automate steps 1-4 of the kill chain." + "definition": "Attackers can reliably automate steps 1-4 of the kill chain." } } } @@ -5244,18 +5244,18 @@ "key": "CS", "version": "1.0.0", "name": "Critical Software", - "description": "Denotes whether a system meets a critical software definition.", + "definition": "Denotes whether a system meets a critical software definition.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "System does not meet a critical software definition." + "definition": "System does not meet a critical software definition." }, { "key": "Y", "name": "Yes", - "description": "System meets a critical software definition." + "definition": "System meets a critical software definition." } ] }, @@ -5263,12 +5263,12 @@ "N": { "key": "N", "name": "No", - "description": "System does not meet a critical software definition." + "definition": "System does not meet a critical software definition." }, "Y": { "key": "Y", "name": "Yes", - "description": "System meets a critical software definition." + "definition": "System meets a critical software definition." } } } @@ -5284,23 +5284,23 @@ "key": "E", "version": "1.0.0", "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", + "definition": "The present state of exploitation of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, { "key": "P", "name": "PoC", - "description": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation." + "definition": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation." }, { "key": "A", "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } ] }, @@ -5308,17 +5308,17 @@ "N": { "key": "N", "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, "P": { "key": "P", "name": "PoC", - "description": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation." + "definition": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation." }, "A": { "key": "A", "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } } }, @@ -5329,23 +5329,23 @@ "key": "E", "version": "1.1.0", "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", + "definition": "The present state of exploitation of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, { "key": "P", "name": "Public PoC", - "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + "definition": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." }, { "key": "A", "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } ] }, @@ -5353,17 +5353,17 @@ "N": { "key": "N", "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, "P": { "key": "P", "name": "Public PoC", - "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + "definition": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." }, "A": { "key": "A", "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } } } @@ -5379,18 +5379,18 @@ "key": "HVA", "version": "1.0.0", "name": "High Value Asset", - "description": "Denotes whether a system meets a high value asset definition.", + "definition": "Denotes whether a system meets a high value asset definition.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "System does not meet a high value asset definition." + "definition": "System does not meet a high value asset definition." }, { "key": "Y", "name": "Yes", - "description": "System meets a high value asset definition." + "definition": "System meets a high value asset definition." } ] }, @@ -5398,12 +5398,12 @@ "N": { "key": "N", "name": "No", - "description": "System does not meet a high value asset definition." + "definition": "System does not meet a high value asset definition." }, "Y": { "key": "Y", "name": "Yes", - "description": "System meets a high value asset definition." + "definition": "System meets a high value asset definition." } } } @@ -5419,23 +5419,23 @@ "key": "MWI", "version": "1.0.0", "name": "Mission and Well-Being Impact", - "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", + "definition": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" + "definition": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" }, { "key": "M", "name": "Medium", - "description": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" + "definition": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" }, { "key": "H", "name": "High", - "description": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" + "definition": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" } ] }, @@ -5443,17 +5443,17 @@ "L": { "key": "L", "name": "Low", - "description": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" + "definition": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" }, "M": { "key": "M", "name": "Medium", - "description": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" + "definition": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" }, "H": { "key": "H", "name": "High", - "description": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" + "definition": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" } } } @@ -5469,28 +5469,28 @@ "key": "HI", "version": "2.0.0", "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", + "definition": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)" + "definition": "Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)" }, { "key": "M", "name": "Medium", - "description": "(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))" + "definition": "(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))" }, { "key": "H", "name": "High", - "description": "(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)" + "definition": "(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)" }, { "key": "VH", "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } ] }, @@ -5498,22 +5498,22 @@ "L": { "key": "L", "name": "Low", - "description": "Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)" + "definition": "Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)" }, "M": { "key": "M", "name": "Medium", - "description": "(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))" + "definition": "(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))" }, "H": { "key": "H", "name": "High", - "description": "(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)" + "definition": "(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)" }, "VH": { "key": "VH", "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } } }, @@ -5524,28 +5524,28 @@ "key": "HI", "version": "2.0.1", "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", + "definition": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + "definition": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" }, { "key": "M", "name": "Medium", - "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" }, { "key": "H", "name": "High", - "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + "definition": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" }, { "key": "VH", "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } ] }, @@ -5553,22 +5553,22 @@ "L": { "key": "L", "name": "Low", - "description": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + "definition": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" }, "M": { "key": "M", "name": "Medium", - "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" }, "H": { "key": "H", "name": "High", - "description": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + "definition": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" }, "VH": { "key": "VH", "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } } }, @@ -5579,28 +5579,28 @@ "key": "HI", "version": "2.0.2", "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", + "definition": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" + "definition": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" }, { "key": "M", "name": "Medium", - "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" + "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" }, { "key": "H", "name": "High", - "description": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + "definition": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" }, { "key": "VH", "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } ] }, @@ -5608,22 +5608,22 @@ "L": { "key": "L", "name": "Low", - "description": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" + "definition": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" }, "M": { "key": "M", "name": "Medium", - "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" + "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" }, "H": { "key": "H", "name": "High", - "description": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + "definition": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" }, "VH": { "key": "VH", "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } } } @@ -5639,33 +5639,33 @@ "key": "MI", "version": "1.0.0", "name": "Mission Impact", - "description": "Impact on Mission Essential Functions of the Organization", + "definition": "Impact on Mission Essential Functions of the Organization", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "Little to no impact" + "definition": "Little to no impact" }, { "key": "NED", "name": "Non-Essential Degraded", - "description": "Degradation of non-essential functions; chronic degradation would eventually harm essential functions" + "definition": "Degradation of non-essential functions; chronic degradation would eventually harm essential functions" }, { "key": "MSC", "name": "MEF Support Crippled", - "description": "Activities that directly support essential functions are crippled; essential functions continue for a time" + "definition": "Activities that directly support essential functions are crippled; essential functions continue for a time" }, { "key": "MEF", "name": "MEF Failure", - "description": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + "definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" }, { "key": "MF", "name": "Mission Failure", - "description": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + "definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" } ] }, @@ -5673,27 +5673,27 @@ "N": { "key": "N", "name": "None", - "description": "Little to no impact" + "definition": "Little to no impact" }, "NED": { "key": "NED", "name": "Non-Essential Degraded", - "description": "Degradation of non-essential functions; chronic degradation would eventually harm essential functions" + "definition": "Degradation of non-essential functions; chronic degradation would eventually harm essential functions" }, "MSC": { "key": "MSC", "name": "MEF Support Crippled", - "description": "Activities that directly support essential functions are crippled; essential functions continue for a time" + "definition": "Activities that directly support essential functions are crippled; essential functions continue for a time" }, "MEF": { "key": "MEF", "name": "MEF Failure", - "description": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + "definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" }, "MF": { "key": "MF", "name": "Mission Failure", - "description": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + "definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" } } }, @@ -5704,28 +5704,28 @@ "key": "MI", "version": "2.0.0", "name": "Mission Impact", - "description": "Impact on Mission Essential Functions of the Organization", + "definition": "Impact on Mission Essential Functions of the Organization", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Degraded", - "description": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" + "definition": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" }, { "key": "MSC", "name": "MEF Support Crippled", - "description": "Activities that directly support essential functions are crippled; essential functions continue for a time" + "definition": "Activities that directly support essential functions are crippled; essential functions continue for a time" }, { "key": "MEF", "name": "MEF Failure", - "description": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + "definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" }, { "key": "MF", "name": "Mission Failure", - "description": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + "definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" } ] }, @@ -5733,22 +5733,22 @@ "D": { "key": "D", "name": "Degraded", - "description": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" + "definition": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" }, "MSC": { "key": "MSC", "name": "MEF Support Crippled", - "description": "Activities that directly support essential functions are crippled; essential functions continue for a time" + "definition": "Activities that directly support essential functions are crippled; essential functions continue for a time" }, "MEF": { "key": "MEF", "name": "MEF Failure", - "description": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + "definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" }, "MF": { "key": "MF", "name": "Mission Failure", - "description": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + "definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" } } } @@ -5764,23 +5764,23 @@ "key": "PWI", "version": "1.1.0", "name": "Public Well-Being Impact", - "description": "A coarse-grained representation of impact to public well-being.", + "definition": "A coarse-grained representation of impact to public well-being.", "schemaVersion": "2.0.0", "values": [ { "key": "M", "name": "Minimal", - "description": "The effect is below the threshold for all aspects described in material. " + "definition": "The effect is below the threshold for all aspects described in material. " }, { "key": "MA", "name": "Material", - "description": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. " + "definition": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. " }, { "key": "I", "name": "Irreversible", - "description": "Any one or more of these conditions hold. Physical harm: One or both of the following are true: (a) Multiple fatalities are likely.(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) are imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse. Psychological: N/A " + "definition": "Any one or more of these conditions hold. Physical harm: One or both of the following are true: (a) Multiple fatalities are likely.(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) are imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse. Psychological: N/A " } ] }, @@ -5788,17 +5788,17 @@ "M": { "key": "M", "name": "Minimal", - "description": "The effect is below the threshold for all aspects described in material. " + "definition": "The effect is below the threshold for all aspects described in material. " }, "MA": { "key": "MA", "name": "Material", - "description": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. " + "definition": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. " }, "I": { "key": "I", "name": "Irreversible", - "description": "Any one or more of these conditions hold. Physical harm: One or both of the following are true: (a) Multiple fatalities are likely.(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) are imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse. Psychological: N/A " + "definition": "Any one or more of these conditions hold. Physical harm: One or both of the following are true: (a) Multiple fatalities are likely.(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) are imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse. Psychological: N/A " } } } @@ -5814,18 +5814,18 @@ "key": "PSI", "version": "2.0.0", "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", + "definition": "A coarse-grained representation of impact to public safety.", "schemaVersion": "2.0.0", "values": [ { "key": "M", "name": "Minimal", - "description": "Safety Impact:(None OR Minor)" + "definition": "Safety Impact:(None OR Minor)" }, { "key": "S", "name": "Significant", - "description": "Safety Impact:(Major OR Hazardous OR Catastrophic)" + "definition": "Safety Impact:(Major OR Hazardous OR Catastrophic)" } ] }, @@ -5833,12 +5833,12 @@ "M": { "key": "M", "name": "Minimal", - "description": "Safety Impact:(None OR Minor)" + "definition": "Safety Impact:(None OR Minor)" }, "S": { "key": "S", "name": "Significant", - "description": "Safety Impact:(Major OR Hazardous OR Catastrophic)" + "definition": "Safety Impact:(Major OR Hazardous OR Catastrophic)" } } }, @@ -5849,18 +5849,18 @@ "key": "PSI", "version": "2.0.1", "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", + "definition": "A coarse-grained representation of impact to public safety.", "schemaVersion": "2.0.0", "values": [ { "key": "M", "name": "Minimal", - "description": "Safety Impact:Negligible" + "definition": "Safety Impact:Negligible" }, { "key": "S", "name": "Significant", - "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + "definition": "Safety Impact:(Marginal OR Critical OR Catastrophic)" } ] }, @@ -5868,12 +5868,12 @@ "M": { "key": "M", "name": "Minimal", - "description": "Safety Impact:Negligible" + "definition": "Safety Impact:Negligible" }, "S": { "key": "S", "name": "Significant", - "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + "definition": "Safety Impact:(Marginal OR Critical OR Catastrophic)" } } } @@ -5889,23 +5889,23 @@ "key": "PVA", "version": "1.0.0", "name": "Public Value Added", - "description": "How much value would a publication from the coordinator benefit the broader community?", + "definition": "How much value would a publication from the coordinator benefit the broader community?", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Limited", - "description": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." + "definition": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." }, { "key": "A", "name": "Ampliative", - "description": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." + "definition": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." }, { "key": "P", "name": "Precedence", - "description": "The publication would be the first publicly available, or be coincident with the first publicly available." + "definition": "The publication would be the first publicly available, or be coincident with the first publicly available." } ] }, @@ -5913,17 +5913,17 @@ "L": { "key": "L", "name": "Limited", - "description": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." + "definition": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." }, "A": { "key": "A", "name": "Ampliative", - "description": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." + "definition": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." }, "P": { "key": "P", "name": "Precedence", - "description": "The publication would be the first publicly available, or be coincident with the first publicly available." + "definition": "The publication would be the first publicly available, or be coincident with the first publicly available." } } } @@ -5939,18 +5939,18 @@ "key": "RC", "version": "1.0.0", "name": "Report Credibility", - "description": "Is the report credible?", + "definition": "Is the report credible?", "schemaVersion": "2.0.0", "values": [ { "key": "NC", "name": "Not Credible", - "description": "The report is not credible." + "definition": "The report is not credible." }, { "key": "C", "name": "Credible", - "description": "The report is credible." + "definition": "The report is credible." } ] }, @@ -5958,12 +5958,12 @@ "NC": { "key": "NC", "name": "Not Credible", - "description": "The report is not credible." + "definition": "The report is not credible." }, "C": { "key": "C", "name": "Credible", - "description": "The report is credible." + "definition": "The report is credible." } } } @@ -5979,18 +5979,18 @@ "key": "RP", "version": "1.0.0", "name": "Report Public", - "description": "Is a viable report of the details of the vulnerability already publicly available?", + "definition": "Is a viable report of the details of the vulnerability already publicly available?", "schemaVersion": "2.0.0", "values": [ { "key": "Y", "name": "Yes", - "description": "A public report of the vulnerability exists." + "definition": "A public report of the vulnerability exists." }, { "key": "N", "name": "No", - "description": "No public report of the vulnerability exists." + "definition": "No public report of the vulnerability exists." } ] }, @@ -5998,12 +5998,12 @@ "Y": { "key": "Y", "name": "Yes", - "description": "A public report of the vulnerability exists." + "definition": "A public report of the vulnerability exists." }, "N": { "key": "N", "name": "No", - "description": "No public report of the vulnerability exists." + "definition": "No public report of the vulnerability exists." } } } @@ -6019,33 +6019,33 @@ "key": "SI", "version": "1.0.0", "name": "Safety Impact", - "description": "The safety impact of the vulnerability.", + "definition": "The safety impact of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "The effect is below the threshold for all aspects described in Minor." + "definition": "The effect is below the threshold for all aspects described in Minor." }, { "key": "M", "name": "Minor", - "description": "Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + "definition": "Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." }, { "key": "J", "name": "Major", - "description": "Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + "definition": "Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." }, { "key": "H", "name": "Hazardous", - "description": "Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A." + "definition": "Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A." }, { "key": "C", "name": "Catastrophic", - "description": "Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A." + "definition": "Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A." } ] }, @@ -6053,27 +6053,27 @@ "N": { "key": "N", "name": "None", - "description": "The effect is below the threshold for all aspects described in Minor." + "definition": "The effect is below the threshold for all aspects described in Minor." }, "M": { "key": "M", "name": "Minor", - "description": "Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + "definition": "Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." }, "J": { "key": "J", "name": "Major", - "description": "Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + "definition": "Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." }, "H": { "key": "H", "name": "Hazardous", - "description": "Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A." + "definition": "Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A." }, "C": { "key": "C", "name": "Catastrophic", - "description": "Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A." + "definition": "Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A." } } }, @@ -6084,28 +6084,28 @@ "key": "SI", "version": "2.0.0", "name": "Safety Impact", - "description": "The safety impact of the vulnerability. (based on IEC 61508)", + "definition": "The safety impact of the vulnerability. (based on IEC 61508)", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." }, { "key": "M", "name": "Marginal", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." }, { "key": "R", "name": "Critical", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." }, { "key": "C", "name": "Catastrophic", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." } ] }, @@ -6113,22 +6113,22 @@ "N": { "key": "N", "name": "Negligible", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." }, "M": { "key": "M", "name": "Marginal", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." }, "R": { "key": "R", "name": "Critical", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." }, "C": { "key": "C", "name": "Catastrophic", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." } } } @@ -6144,18 +6144,18 @@ "key": "SC", "version": "1.0.0", "name": "Supplier Cardinality", - "description": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", + "definition": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", "schemaVersion": "2.0.0", "values": [ { "key": "O", "name": "One", - "description": "There is only one supplier of the vulnerable component." + "definition": "There is only one supplier of the vulnerable component." }, { "key": "M", "name": "Multiple", - "description": "There are multiple suppliers of the vulnerable component." + "definition": "There are multiple suppliers of the vulnerable component." } ] }, @@ -6163,12 +6163,12 @@ "O": { "key": "O", "name": "One", - "description": "There is only one supplier of the vulnerable component." + "definition": "There is only one supplier of the vulnerable component." }, "M": { "key": "M", "name": "Multiple", - "description": "There are multiple suppliers of the vulnerable component." + "definition": "There are multiple suppliers of the vulnerable component." } } } @@ -6184,18 +6184,18 @@ "key": "SCON", "version": "1.0.0", "name": "Supplier Contacted", - "description": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", + "definition": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "The supplier has not been contacted." + "definition": "The supplier has not been contacted." }, { "key": "Y", "name": "Yes", - "description": "The supplier has been contacted." + "definition": "The supplier has been contacted." } ] }, @@ -6203,12 +6203,12 @@ "N": { "key": "N", "name": "No", - "description": "The supplier has not been contacted." + "definition": "The supplier has not been contacted." }, "Y": { "key": "Y", "name": "Yes", - "description": "The supplier has been contacted." + "definition": "The supplier has been contacted." } } } @@ -6224,18 +6224,18 @@ "key": "SE", "version": "1.0.0", "name": "Supplier Engagement", - "description": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", + "definition": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", "schemaVersion": "2.0.0", "values": [ { "key": "A", "name": "Active", - "description": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." + "definition": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." }, { "key": "U", "name": "Unresponsive", - "description": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." + "definition": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." } ] }, @@ -6243,12 +6243,12 @@ "A": { "key": "A", "name": "Active", - "description": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." + "definition": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." }, "U": { "key": "U", "name": "Unresponsive", - "description": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." + "definition": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." } } } @@ -6264,23 +6264,23 @@ "key": "SINV", "version": "1.0.0", "name": "Supplier Involvement", - "description": "What is the state of the supplier’s work on addressing the vulnerability?", + "definition": "What is the state of the supplier’s work on addressing the vulnerability?", "schemaVersion": "2.0.0", "values": [ { "key": "FR", "name": "Fix Ready", - "description": "The supplier has provided a patch or fix." + "definition": "The supplier has provided a patch or fix." }, { "key": "C", "name": "Cooperative", - "description": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." + "definition": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." }, { "key": "UU", "name": "Uncooperative/Unresponsive", - "description": "The supplier has not responded, declined to generate a remediation, or no longer exists." + "definition": "The supplier has not responded, declined to generate a remediation, or no longer exists." } ] }, @@ -6288,17 +6288,17 @@ "FR": { "key": "FR", "name": "Fix Ready", - "description": "The supplier has provided a patch or fix." + "definition": "The supplier has provided a patch or fix." }, "C": { "key": "C", "name": "Cooperative", - "description": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." + "definition": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." }, "UU": { "key": "UU", "name": "Uncooperative/Unresponsive", - "description": "The supplier has not responded, declined to generate a remediation, or no longer exists." + "definition": "The supplier has not responded, declined to generate a remediation, or no longer exists." } } } @@ -6314,23 +6314,23 @@ "key": "EXP", "version": "1.0.0", "name": "System Exposure", - "description": "The Accessible Attack Surface of the Affected System or Service", + "definition": "The Accessible Attack Surface of the Affected System or Service", "schemaVersion": "2.0.0", "values": [ { "key": "S", "name": "Small", - "description": "Local service or program; highly controlled network" + "definition": "Local service or program; highly controlled network" }, { "key": "C", "name": "Controlled", - "description": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + "definition": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." }, { "key": "U", "name": "Unavoidable", - "description": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + "definition": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" } ] }, @@ -6338,17 +6338,17 @@ "S": { "key": "S", "name": "Small", - "description": "Local service or program; highly controlled network" + "definition": "Local service or program; highly controlled network" }, "C": { "key": "C", "name": "Controlled", - "description": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + "definition": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." }, "U": { "key": "U", "name": "Unavoidable", - "description": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + "definition": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" } } }, @@ -6359,23 +6359,23 @@ "key": "EXP", "version": "1.0.1", "name": "System Exposure", - "description": "The Accessible Attack Surface of the Affected System or Service", + "definition": "The Accessible Attack Surface of the Affected System or Service", "schemaVersion": "2.0.0", "values": [ { "key": "S", "name": "Small", - "description": "Local service or program; highly controlled network" + "definition": "Local service or program; highly controlled network" }, { "key": "C", "name": "Controlled", - "description": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + "definition": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." }, { "key": "O", "name": "Open", - "description": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + "definition": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" } ] }, @@ -6383,17 +6383,17 @@ "S": { "key": "S", "name": "Small", - "description": "Local service or program; highly controlled network" + "definition": "Local service or program; highly controlled network" }, "C": { "key": "C", "name": "Controlled", - "description": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + "definition": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." }, "O": { "key": "O", "name": "Open", - "description": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + "definition": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" } } } @@ -6409,18 +6409,18 @@ "key": "TI", "version": "1.0.0", "name": "Technical Impact", - "description": "The technical impact of the vulnerability.", + "definition": "The technical impact of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Partial", - "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." + "definition": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." }, { "key": "T", "name": "Total", - "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." + "definition": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." } ] }, @@ -6428,12 +6428,12 @@ "P": { "key": "P", "name": "Partial", - "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." + "definition": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." }, "T": { "key": "T", "name": "Total", - "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." + "definition": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." } } } @@ -6449,23 +6449,23 @@ "key": "U", "version": "1.0.0", "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", + "definition": "The Usefulness of the Exploit to the Adversary", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Laborious", - "description": "Virulence:Slow and Value Density:Diffuse" + "definition": "Virulence:Slow and Value Density:Diffuse" }, { "key": "E", "name": "Efficient", - "description": "Virulence:Rapid and Value Density:Diffuse OR Virulence:Slow and Value Density:Concentrated" + "definition": "Virulence:Rapid and Value Density:Diffuse OR Virulence:Slow and Value Density:Concentrated" }, { "key": "S", "name": "Super Effective", - "description": "Virulence:Rapid and Value Density:Concentrated" + "definition": "Virulence:Rapid and Value Density:Concentrated" } ] }, @@ -6473,17 +6473,17 @@ "L": { "key": "L", "name": "Laborious", - "description": "Virulence:Slow and Value Density:Diffuse" + "definition": "Virulence:Slow and Value Density:Diffuse" }, "E": { "key": "E", "name": "Efficient", - "description": "Virulence:Rapid and Value Density:Diffuse OR Virulence:Slow and Value Density:Concentrated" + "definition": "Virulence:Rapid and Value Density:Diffuse OR Virulence:Slow and Value Density:Concentrated" }, "S": { "key": "S", "name": "Super Effective", - "description": "Virulence:Rapid and Value Density:Concentrated" + "definition": "Virulence:Rapid and Value Density:Concentrated" } } }, @@ -6494,23 +6494,23 @@ "key": "U", "version": "1.0.1", "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", + "definition": "The Usefulness of the Exploit to the Adversary", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Laborious", - "description": "Automatable:No AND Value Density:Diffuse" + "definition": "Automatable:No AND Value Density:Diffuse" }, { "key": "E", "name": "Efficient", - "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + "definition": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" }, { "key": "S", "name": "Super Effective", - "description": "Automatable:Yes AND Value Density:Concentrated" + "definition": "Automatable:Yes AND Value Density:Concentrated" } ] }, @@ -6518,17 +6518,17 @@ "L": { "key": "L", "name": "Laborious", - "description": "Automatable:No AND Value Density:Diffuse" + "definition": "Automatable:No AND Value Density:Diffuse" }, "E": { "key": "E", "name": "Efficient", - "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + "definition": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" }, "S": { "key": "S", "name": "Super Effective", - "description": "Automatable:Yes AND Value Density:Concentrated" + "definition": "Automatable:Yes AND Value Density:Concentrated" } } } @@ -6544,18 +6544,18 @@ "key": "VD", "version": "1.0.0", "name": "Value Density", - "description": "The concentration of value in the target", + "definition": "The concentration of value in the target", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Diffuse", - "description": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." + "definition": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." }, { "key": "C", "name": "Concentrated", - "description": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." + "definition": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." } ] }, @@ -6563,12 +6563,12 @@ "D": { "key": "D", "name": "Diffuse", - "description": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." + "definition": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." }, "C": { "key": "C", "name": "Concentrated", - "description": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." + "definition": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." } } } @@ -6584,23 +6584,23 @@ "key": "COORDINATE", "version": "1.0.0", "name": "Decline, Track, Coordinate", - "description": "The coordinate outcome group.", + "definition": "The coordinate outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Decline", - "description": "Decline" + "definition": "Decline" }, { "key": "T", "name": "Track", - "description": "Track" + "definition": "Track" }, { "key": "C", "name": "Coordinate", - "description": "Coordinate" + "definition": "Coordinate" } ] }, @@ -6608,17 +6608,17 @@ "D": { "key": "D", "name": "Decline", - "description": "Decline" + "definition": "Decline" }, "T": { "key": "T", "name": "Track", - "description": "Track" + "definition": "Track" }, "C": { "key": "C", "name": "Coordinate", - "description": "Coordinate" + "definition": "Coordinate" } } }, @@ -6629,23 +6629,23 @@ "key": "COORDINATE", "version": "1.0.1", "name": "Decline, Track, Coordinate", - "description": "The coordinate outcome group.", + "definition": "The coordinate outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Decline", - "description": "Do not act on the report." + "definition": "Do not act on the report." }, { "key": "T", "name": "Track", - "description": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." + "definition": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." }, { "key": "C", "name": "Coordinate", - "description": "Take action on the report." + "definition": "Take action on the report." } ] }, @@ -6653,17 +6653,17 @@ "D": { "key": "D", "name": "Decline", - "description": "Do not act on the report." + "definition": "Do not act on the report." }, "T": { "key": "T", "name": "Track", - "description": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." + "definition": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." }, "C": { "key": "C", "name": "Coordinate", - "description": "Take action on the report." + "definition": "Take action on the report." } } } @@ -6679,28 +6679,28 @@ "key": "DSOI", "version": "1.0.0", "name": "Defer, Scheduled, Out-of-Cycle, Immediate", - "description": "The original SSVC outcome group.", + "definition": "The original SSVC outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Defer", - "description": "Defer" + "definition": "Defer" }, { "key": "S", "name": "Scheduled", - "description": "Scheduled" + "definition": "Scheduled" }, { "key": "O", "name": "Out-of-Cycle", - "description": "Out-of-Cycle" + "definition": "Out-of-Cycle" }, { "key": "I", "name": "Immediate", - "description": "Immediate" + "definition": "Immediate" } ] }, @@ -6708,22 +6708,22 @@ "D": { "key": "D", "name": "Defer", - "description": "Defer" + "definition": "Defer" }, "S": { "key": "S", "name": "Scheduled", - "description": "Scheduled" + "definition": "Scheduled" }, "O": { "key": "O", "name": "Out-of-Cycle", - "description": "Out-of-Cycle" + "definition": "Out-of-Cycle" }, "I": { "key": "I", "name": "Immediate", - "description": "Immediate" + "definition": "Immediate" } } } @@ -6739,18 +6739,18 @@ "key": "PUBLISH", "version": "1.0.0", "name": "Publish, Do Not Publish", - "description": "The publish outcome group.", + "definition": "The publish outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Do Not Publish", - "description": "Do Not Publish" + "definition": "Do Not Publish" }, { "key": "P", "name": "Publish", - "description": "Publish" + "definition": "Publish" } ] }, @@ -6758,12 +6758,12 @@ "N": { "key": "N", "name": "Do Not Publish", - "description": "Do Not Publish" + "definition": "Do Not Publish" }, "P": { "key": "P", "name": "Publish", - "description": "Publish" + "definition": "Publish" } } } @@ -6784,28 +6784,28 @@ "key": "IKE", "version": "1.0.0", "name": "Do, Schedule, Delegate, Delete", - "description": "The Eisenhower outcome group.", + "definition": "The Eisenhower outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Delete", - "description": "Delete" + "definition": "Delete" }, { "key": "G", "name": "Delegate", - "description": "Delegate" + "definition": "Delegate" }, { "key": "S", "name": "Schedule", - "description": "Schedule" + "definition": "Schedule" }, { "key": "O", "name": "Do", - "description": "Do" + "definition": "Do" } ] }, @@ -6813,22 +6813,22 @@ "D": { "key": "D", "name": "Delete", - "description": "Delete" + "definition": "Delete" }, "G": { "key": "G", "name": "Delegate", - "description": "Delegate" + "definition": "Delegate" }, "S": { "key": "S", "name": "Schedule", - "description": "Schedule" + "definition": "Schedule" }, "O": { "key": "O", "name": "Do", - "description": "Do" + "definition": "Do" } } } @@ -6844,28 +6844,28 @@ "key": "MSCW", "version": "1.0.0", "name": "MoSCoW", - "description": "The MoSCoW (Must, Should, Could, Won't) outcome group.", + "definition": "The MoSCoW (Must, Should, Could, Won't) outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "W", "name": "Won't", - "description": "Won't" + "definition": "Won't" }, { "key": "C", "name": "Could", - "description": "Could" + "definition": "Could" }, { "key": "S", "name": "Should", - "description": "Should" + "definition": "Should" }, { "key": "M", "name": "Must", - "description": "Must" + "definition": "Must" } ] }, @@ -6873,22 +6873,22 @@ "W": { "key": "W", "name": "Won't", - "description": "Won't" + "definition": "Won't" }, "C": { "key": "C", "name": "Could", - "description": "Could" + "definition": "Could" }, "S": { "key": "S", "name": "Should", - "description": "Should" + "definition": "Should" }, "M": { "key": "M", "name": "Must", - "description": "Must" + "definition": "Must" } } } @@ -6904,28 +6904,28 @@ "key": "VALUE_COMPLEXITY", "version": "1.0.0", "name": "Value, Complexity", - "description": "The Value/Complexity outcome group.", + "definition": "The Value/Complexity outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Drop", - "description": "Drop" + "definition": "Drop" }, { "key": "R", "name": "Reconsider Later", - "description": "Reconsider Later" + "definition": "Reconsider Later" }, { "key": "E", "name": "Easy Win", - "description": "Easy Win" + "definition": "Easy Win" }, { "key": "F", "name": "Do First", - "description": "Do First" + "definition": "Do First" } ] }, @@ -6933,22 +6933,22 @@ "D": { "key": "D", "name": "Drop", - "description": "Drop" + "definition": "Drop" }, "R": { "key": "R", "name": "Reconsider Later", - "description": "Reconsider Later" + "definition": "Reconsider Later" }, "E": { "key": "E", "name": "Easy Win", - "description": "Easy Win" + "definition": "Easy Win" }, "F": { "key": "F", "name": "Do First", - "description": "Do First" + "definition": "Do First" } } } @@ -6964,18 +6964,18 @@ "key": "YN", "version": "1.0.0", "name": "YesNo", - "description": "A Yes/No decision point / outcome group.", + "definition": "A Yes/No decision point / outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "No" + "definition": "No" }, { "key": "Y", "name": "Yes", - "description": "Yes" + "definition": "Yes" } ] }, @@ -6983,12 +6983,12 @@ "N": { "key": "N", "name": "No", - "description": "No" + "definition": "No" }, "Y": { "key": "Y", "name": "Yes", - "description": "Yes" + "definition": "Yes" } } } @@ -7004,23 +7004,23 @@ "key": "LMH", "version": "1.0.0", "name": "LowMediumHigh", - "description": "A Low/Medium/High decision point / outcome group.", + "definition": "A Low/Medium/High decision point / outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Low" + "definition": "Low" }, { "key": "M", "name": "Medium", - "description": "Medium" + "definition": "Medium" }, { "key": "H", "name": "High", - "description": "High" + "definition": "High" } ] }, @@ -7028,17 +7028,17 @@ "L": { "key": "L", "name": "Low", - "description": "Low" + "definition": "Low" }, "M": { "key": "M", "name": "Medium", - "description": "Medium" + "definition": "Medium" }, "H": { "key": "H", "name": "High", - "description": "High" + "definition": "High" } } } @@ -7059,38 +7059,38 @@ "key": "PARANOIDS", "version": "1.0.0", "name": "theParanoids", - "description": "PrioritizedRiskRemediation outcome group based on TheParanoids.", + "definition": "PrioritizedRiskRemediation outcome group based on TheParanoids.", "schemaVersion": "2.0.0", "values": [ { "key": "5", "name": "Track 5", - "description": "Track" + "definition": "Track" }, { "key": "4", "name": "Track Closely 4", - "description": "Track Closely" + "definition": "Track Closely" }, { "key": "3", "name": "Attend 3", - "description": "Attend" + "definition": "Attend" }, { "key": "2", "name": "Attend 2", - "description": "Attend" + "definition": "Attend" }, { "key": "1", "name": "Act 1", - "description": "Act" + "definition": "Act" }, { "key": "0", "name": "Act ASAP 0", - "description": "Act ASAP" + "definition": "Act ASAP" } ] }, @@ -7098,32 +7098,32 @@ "5": { "key": "5", "name": "Track 5", - "description": "Track" + "definition": "Track" }, "4": { "key": "4", "name": "Track Closely 4", - "description": "Track Closely" + "definition": "Track Closely" }, "3": { "key": "3", "name": "Attend 3", - "description": "Attend" + "definition": "Attend" }, "2": { "key": "2", "name": "Attend 2", - "description": "Attend" + "definition": "Attend" }, "1": { "key": "1", "name": "Act 1", - "description": "Act" + "definition": "Act" }, "0": { "key": "0", "name": "Act ASAP 0", - "description": "Act ASAP" + "definition": "Act ASAP" } } } @@ -7149,7 +7149,7 @@ "key": "DT_CO", "version": "2.0.3", "name": "CISA Coordinator", - "description": "CISA Coordinator decision table for SSVC", + "definition": "CISA Coordinator decision table for SSVC", "schemaVersion": "2.0.0", "decision_points": { "ssvc:E:1.1.0": { @@ -7157,23 +7157,23 @@ "key": "E", "version": "1.1.0", "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", + "definition": "The present state of exploitation of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, { "key": "P", "name": "Public PoC", - "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + "definition": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." }, { "key": "A", "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } ] }, @@ -7182,18 +7182,18 @@ "key": "A", "version": "2.0.0", "name": "Automatable", - "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "definition": "Can an attacker reliably automate creating exploitation events for this vulnerability?", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + "definition": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." }, { "key": "Y", "name": "Yes", - "description": "Attackers can reliably automate steps 1-4 of the kill chain." + "definition": "Attackers can reliably automate steps 1-4 of the kill chain." } ] }, @@ -7202,18 +7202,18 @@ "key": "TI", "version": "1.0.0", "name": "Technical Impact", - "description": "The technical impact of the vulnerability.", + "definition": "The technical impact of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Partial", - "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." + "definition": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." }, { "key": "T", "name": "Total", - "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." + "definition": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." } ] }, @@ -7222,23 +7222,23 @@ "key": "MWI", "version": "1.0.0", "name": "Mission and Well-Being Impact", - "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", + "definition": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" + "definition": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" }, { "key": "M", "name": "Medium", - "description": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" + "definition": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" }, { "key": "H", "name": "High", - "description": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" + "definition": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" } ] }, @@ -7247,28 +7247,28 @@ "key": "CISA", "version": "1.1.0", "name": "CISA Levels", - "description": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", + "definition": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", "schemaVersion": "2.0.0", "values": [ { "key": "T", "name": "Track", - "description": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." + "definition": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." }, { "key": "T*", "name": "Track*", - "description": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." + "definition": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." }, { "key": "AT", "name": "Attend", - "description": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." + "definition": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." }, { "key": "AC", "name": "Act", - "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." + "definition": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." } ] } @@ -7547,7 +7547,7 @@ "key": "DT_CVSS_EQ5", "version": "1.0.0", "name": "CVSS v4 Equivalence Set 5", - "description": "CVSS Equivalence Set 5 Decision Table", + "definition": "CVSS Equivalence Set 5 Decision Table", "schemaVersion": "2.0.0", "decision_points": { "cvss:E_NoX:2.0.0": { @@ -7555,23 +7555,23 @@ "key": "E_NoX", "version": "2.0.0", "name": "Exploit Maturity (without Not Defined)", - "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation. This version does not include the Not Defined (X) option.", + "definition": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "U", "name": "Unreported", - "description": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + "definition": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" }, { "key": "P", "name": "Proof-of-Concept", - "description": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + "definition": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" }, { "key": "A", "name": "Attacked", - "description": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + "definition": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" } ] }, @@ -7580,23 +7580,23 @@ "key": "EQ5", "version": "1.0.0", "name": "Equivalence Set 5", - "description": "E with 3 levels specified in Table 28", + "definition": "E with 3 levels specified in Table 28", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: E:U" + "definition": "2: E:U" }, { "key": "M", "name": "Medium", - "description": "1: E:P" + "definition": "1: E:P" }, { "key": "H", "name": "High", - "description": "0: E:A" + "definition": "0: E:A" } ] } @@ -7630,7 +7630,7 @@ "key": "DT_CVSS4_EQ4", "version": "1.0.0", "name": "CVSS v4 Equivalence Set 4", - "description": "This decision table models equivalence set 4 from CVSS v4.", + "definition": "This decision table models equivalence set 4 from CVSS v4.", "schemaVersion": "2.0.0", "decision_points": { "cvss:SC:1.0.0": { @@ -7638,23 +7638,23 @@ "key": "SC", "version": "1.0.0", "name": "Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "definition": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." } ] }, @@ -7663,28 +7663,28 @@ "key": "MSI_NoX", "version": "1.0.1", "name": "Modified Integrity Impact to the Subsequent System (without Not Defined)", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest. This version does not include the Not Defined (X) option.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "definition": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." }, { "key": "S", "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] }, @@ -7693,28 +7693,28 @@ "key": "MSA_NoX", "version": "1.0.1", "name": "Modified Availability Impact to the Subsequent System (without Not Defined)", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System. This version does not include the Not Defined (X) option.", + "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "definition": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { "key": "H", "name": "High", - "description": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, { "key": "S", "name": "Safety", - "description": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] }, @@ -7723,23 +7723,23 @@ "key": "EQ4", "version": "1.0.0", "name": "Equivalence Set 4", - "description": "SC/SI/SA with 3 levels specified in Table 27", + "definition": "SC/SI/SA with 3 levels specified in Table 27", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" + "definition": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" }, { "key": "M", "name": "Medium", - "description": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" + "definition": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" }, { "key": "H", "name": "High", - "description": "0: MSI:S or MSA:S" + "definition": "0: MSI:S or MSA:S" } ] } @@ -8049,7 +8049,7 @@ "key": "DT_CVSS4_EQ1", "version": "1.0.0", "name": "CVSS v4 Equivalence Set 1", - "description": "This decision table models equivalence set 1 from CVSS v4. Factors include Attack Vector (AV), Privileges Required (PR), and User Interaction (UI).", + "definition": "This decision table models equivalence set 1 from CVSS v4. Factors include Attack Vector (AV), Privileges Required (PR), and User Interaction (UI).", "schemaVersion": "2.0.0", "decision_points": { "cvss:AV:3.0.1": { @@ -8057,28 +8057,28 @@ "key": "AV", "version": "3.0.1", "name": "Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", + "definition": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Physical", - "description": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + "definition": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." }, { "key": "L", "name": "Local", - "description": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + "definition": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." }, { "key": "A", "name": "Adjacent", - "description": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + "definition": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." }, { "key": "N", "name": "Network", - "description": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + "definition": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." } ] }, @@ -8087,23 +8087,23 @@ "key": "PR", "version": "1.0.1", "name": "Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", + "definition": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + "definition": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." }, { "key": "L", "name": "Low", - "description": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + "definition": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." }, { "key": "N", "name": "None", - "description": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." } ] }, @@ -8112,23 +8112,23 @@ "key": "UI", "version": "2.0.0", "name": "User Interaction", - "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", + "definition": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "schemaVersion": "2.0.0", "values": [ { "key": "A", "name": "Active", - "description": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + "definition": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." }, { "key": "P", "name": "Passive", - "description": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + "definition": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." }, { "key": "N", "name": "None", - "description": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + "definition": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." } ] }, @@ -8137,23 +8137,23 @@ "key": "EQ1", "version": "1.0.0", "name": "Equivalence Set 1", - "description": "AV/PR/UI with 3 levels specified in Table 24", + "definition": "AV/PR/UI with 3 levels specified in Table 24", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: AV:P or not(AV:N or PR:N or UI:N)" + "definition": "2: AV:P or not(AV:N or PR:N or UI:N)" }, { "key": "M", "name": "Medium", - "description": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" + "definition": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" }, { "key": "H", "name": "High", - "description": "0: AV:N and PR:N and UI:N" + "definition": "0: AV:N and PR:N and UI:N" } ] } @@ -8391,7 +8391,7 @@ "key": "DT_CVSS4_EQ6", "version": "1.0.0", "name": "CVSS v4 Equivalence Set 6", - "description": "This decision table models equivalence set 6 from CVSS v4.", + "definition": "This decision table models equivalence set 6 from CVSS v4.", "schemaVersion": "2.0.0", "decision_points": { "cvss:CR_NoX:1.1.1": { @@ -8399,23 +8399,23 @@ "key": "CR_NoX", "version": "1.1.1", "name": "Confidentiality Requirement (without Not Defined)", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } ] }, @@ -8424,23 +8424,23 @@ "key": "VC", "version": "3.0.0", "name": "Confidentiality Impact to the Vulnerable System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "definition": "There is no loss of confidentiality within the impacted component." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, { "key": "H", "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." } ] }, @@ -8449,23 +8449,23 @@ "key": "IR_NoX", "version": "1.1.1", "name": "Integrity Requirement (without Not Defined)", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } ] }, @@ -8474,23 +8474,23 @@ "key": "VI", "version": "3.0.0", "name": "Integrity Impact to the Vulnerable System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of integrity within the Vulnerable System." + "definition": "There is no loss of integrity within the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "definition": "There is a total loss of integrity, or a complete loss of protection." } ] }, @@ -8499,23 +8499,23 @@ "key": "AR_NoX", "version": "1.1.1", "name": "Availability Requirement (without Not Defined)", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability. This version does not include the Not Defined (X) option.", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "description": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "description": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } ] }, @@ -8524,23 +8524,23 @@ "key": "VA", "version": "3.0.0", "name": "Availability Impact to the Vulnerable System", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to availability within the Vulnerable System." + "definition": "There is no impact to availability within the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + "definition": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." }, { "key": "H", "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } ] }, @@ -8549,18 +8549,18 @@ "key": "EQ6", "version": "1.0.0", "name": "Equivalence Set 6", - "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", + "definition": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" + "definition": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" }, { "key": "H", "name": "High", - "description": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" + "definition": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" } ] } @@ -15143,7 +15143,7 @@ "key": "DT_CVSS4_EQ3", "version": "1.0.0", "name": "CVSS v4 Equivalence Set 3", - "description": "This decision table models equivalence set 3 from CVSS v4.", + "definition": "This decision table models equivalence set 3 from CVSS v4.", "schemaVersion": "2.0.0", "decision_points": { "cvss:VC:3.0.0": { @@ -15151,23 +15151,23 @@ "key": "VC", "version": "3.0.0", "name": "Confidentiality Impact to the Vulnerable System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of confidentiality within the impacted component." + "definition": "There is no loss of confidentiality within the impacted component." }, { "key": "L", "name": "Low", - "description": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, { "key": "H", "name": "High", - "description": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." } ] }, @@ -15176,23 +15176,23 @@ "key": "VI", "version": "3.0.0", "name": "Integrity Impact to the Vulnerable System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no loss of integrity within the Vulnerable System." + "definition": "There is no loss of integrity within the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." }, { "key": "H", "name": "High", - "description": "There is a total loss of integrity, or a complete loss of protection." + "definition": "There is a total loss of integrity, or a complete loss of protection." } ] }, @@ -15201,23 +15201,23 @@ "key": "VA", "version": "3.0.0", "name": "Availability Impact to the Vulnerable System", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "definition": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no impact to availability within the Vulnerable System." + "definition": "There is no impact to availability within the Vulnerable System." }, { "key": "L", "name": "Low", - "description": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + "definition": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." }, { "key": "H", "name": "High", - "description": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } ] }, @@ -15226,23 +15226,23 @@ "key": "EQ3", "version": "1.0.0", "name": "Equivalence Set 3", - "description": "VC/VI/VA with 3 levels specified in Table 26", + "definition": "VC/VI/VA with 3 levels specified in Table 26", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: not (VC:H or VI:H or VA:H)" + "definition": "2: not (VC:H or VI:H or VA:H)" }, { "key": "M", "name": "Medium", - "description": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" + "definition": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" }, { "key": "H", "name": "High", - "description": "0: VC:H and VI:H" + "definition": "0: VC:H and VI:H" } ] } @@ -15426,7 +15426,7 @@ "key": "DT_CVSS4_EQ2", "version": "1.0.0", "name": "CVSS v4 Equivalence Set 2", - "description": "This decision table models equivalence set 2 from CVSS v4. Factors include Attack Complexity (AC) and Attack Requirements (AT).", + "definition": "This decision table models equivalence set 2 from CVSS v4. Factors include Attack Complexity (AC) and Attack Requirements (AT).", "schemaVersion": "2.0.0", "decision_points": { "cvss:AC:3.0.1": { @@ -15434,18 +15434,18 @@ "key": "AC", "version": "3.0.1", "name": "Attack Complexity", - "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", + "definition": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "schemaVersion": "2.0.0", "values": [ { "key": "H", "name": "High", - "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + "definition": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." }, { "key": "L", "name": "Low", - "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + "definition": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " } ] }, @@ -15454,18 +15454,18 @@ "key": "AT", "version": "1.0.0", "name": "Attack Requirements", - "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", + "definition": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Present", - "description": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + "definition": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." }, { "key": "N", "name": "None", - "description": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + "definition": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." } ] }, @@ -15474,18 +15474,18 @@ "key": "EQ2", "version": "1.0.0", "name": "Equivalence Set 2", - "description": "AC/AT with 2 levels specified in Table 25", + "definition": "AC/AT with 2 levels specified in Table 25", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "1: not (AC:L and AT:N)" + "definition": "1: not (AC:L and AT:N)" }, { "key": "H", "name": "High", - "description": "0: AC:L and AT:N" + "definition": "0: AC:L and AT:N" } ] } @@ -15527,7 +15527,7 @@ "key": "DT_CVSS_QSR", "version": "4.0.0", "name": "CVSS v4.0 Qualitative Severity Ratings", - "description": "CVSS v4.0 using MacroVectors and Interpolation. See https://www.first.org/cvss/specification-document#New-Scoring-System-Development for details", + "definition": "CVSS v4.0 using MacroVectors and Interpolation. See https://www.first.org/cvss/specification-document#New-Scoring-System-Development for details", "schemaVersion": "2.0.0", "decision_points": { "cvss:EQ1:1.0.0": { @@ -15535,23 +15535,23 @@ "key": "EQ1", "version": "1.0.0", "name": "Equivalence Set 1", - "description": "AV/PR/UI with 3 levels specified in Table 24", + "definition": "AV/PR/UI with 3 levels specified in Table 24", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: AV:P or not(AV:N or PR:N or UI:N)" + "definition": "2: AV:P or not(AV:N or PR:N or UI:N)" }, { "key": "M", "name": "Medium", - "description": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" + "definition": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" }, { "key": "H", "name": "High", - "description": "0: AV:N and PR:N and UI:N" + "definition": "0: AV:N and PR:N and UI:N" } ] }, @@ -15560,18 +15560,18 @@ "key": "EQ2", "version": "1.0.0", "name": "Equivalence Set 2", - "description": "AC/AT with 2 levels specified in Table 25", + "definition": "AC/AT with 2 levels specified in Table 25", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "1: not (AC:L and AT:N)" + "definition": "1: not (AC:L and AT:N)" }, { "key": "H", "name": "High", - "description": "0: AC:L and AT:N" + "definition": "0: AC:L and AT:N" } ] }, @@ -15580,23 +15580,23 @@ "key": "EQ3", "version": "1.0.0", "name": "Equivalence Set 3", - "description": "VC/VI/VA with 3 levels specified in Table 26", + "definition": "VC/VI/VA with 3 levels specified in Table 26", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: not (VC:H or VI:H or VA:H)" + "definition": "2: not (VC:H or VI:H or VA:H)" }, { "key": "M", "name": "Medium", - "description": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" + "definition": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" }, { "key": "H", "name": "High", - "description": "0: VC:H and VI:H" + "definition": "0: VC:H and VI:H" } ] }, @@ -15605,23 +15605,23 @@ "key": "EQ4", "version": "1.0.0", "name": "Equivalence Set 4", - "description": "SC/SI/SA with 3 levels specified in Table 27", + "definition": "SC/SI/SA with 3 levels specified in Table 27", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" + "definition": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" }, { "key": "M", "name": "Medium", - "description": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" + "definition": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" }, { "key": "H", "name": "High", - "description": "0: MSI:S or MSA:S" + "definition": "0: MSI:S or MSA:S" } ] }, @@ -15630,23 +15630,23 @@ "key": "EQ5", "version": "1.0.0", "name": "Equivalence Set 5", - "description": "E with 3 levels specified in Table 28", + "definition": "E with 3 levels specified in Table 28", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "2: E:U" + "definition": "2: E:U" }, { "key": "M", "name": "Medium", - "description": "1: E:P" + "definition": "1: E:P" }, { "key": "H", "name": "High", - "description": "0: E:A" + "definition": "0: E:A" } ] }, @@ -15655,18 +15655,18 @@ "key": "EQ6", "version": "1.0.0", "name": "Equivalence Set 6", - "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", + "definition": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" + "definition": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" }, { "key": "H", "name": "High", - "description": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" + "definition": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" } ] }, @@ -15675,33 +15675,33 @@ "key": "CVSS", "version": "1.0.0", "name": "CVSS Qualitative Severity Rating Scale", - "description": "The CVSS Qualitative Severity Rating Scale group.", + "definition": "The CVSS Qualitative Severity Rating Scale group.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "None (0.0)" + "definition": "None (0.0)" }, { "key": "L", "name": "Low", - "description": "Low (0.1-3.9)" + "definition": "Low (0.1-3.9)" }, { "key": "M", "name": "Medium", - "description": "Medium (4.0-6.9)" + "definition": "Medium (4.0-6.9)" }, { "key": "H", "name": "High", - "description": "High (7.0-8.9)" + "definition": "High (7.0-8.9)" }, { "key": "C", "name": "Critical", - "description": "Critical (9.0-10.0)" + "definition": "Critical (9.0-10.0)" } ] } @@ -18644,7 +18644,7 @@ "key": "DT_COORD_PUBLISH", "version": "1.0.0", "name": "Coordinator Publish Decision Table", - "description": "This decision table is used to determine the priority of a coordinator publish.", + "definition": "This decision table is used to determine the priority of a coordinator publish.", "schemaVersion": "2.0.0", "decision_points": { "ssvc:SINV:1.0.0": { @@ -18652,23 +18652,23 @@ "key": "SINV", "version": "1.0.0", "name": "Supplier Involvement", - "description": "What is the state of the supplier’s work on addressing the vulnerability?", + "definition": "What is the state of the supplier’s work on addressing the vulnerability?", "schemaVersion": "2.0.0", "values": [ { "key": "FR", "name": "Fix Ready", - "description": "The supplier has provided a patch or fix." + "definition": "The supplier has provided a patch or fix." }, { "key": "C", "name": "Cooperative", - "description": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." + "definition": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." }, { "key": "UU", "name": "Uncooperative/Unresponsive", - "description": "The supplier has not responded, declined to generate a remediation, or no longer exists." + "definition": "The supplier has not responded, declined to generate a remediation, or no longer exists." } ] }, @@ -18677,23 +18677,23 @@ "key": "E", "version": "1.1.0", "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", + "definition": "The present state of exploitation of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, { "key": "P", "name": "Public PoC", - "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + "definition": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." }, { "key": "A", "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } ] }, @@ -18702,23 +18702,23 @@ "key": "PVA", "version": "1.0.0", "name": "Public Value Added", - "description": "How much value would a publication from the coordinator benefit the broader community?", + "definition": "How much value would a publication from the coordinator benefit the broader community?", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Limited", - "description": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." + "definition": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." }, { "key": "A", "name": "Ampliative", - "description": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." + "definition": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." }, { "key": "P", "name": "Precedence", - "description": "The publication would be the first publicly available, or be coincident with the first publicly available." + "definition": "The publication would be the first publicly available, or be coincident with the first publicly available." } ] }, @@ -18727,18 +18727,18 @@ "key": "PUBLISH", "version": "1.0.0", "name": "Publish, Do Not Publish", - "description": "The publish outcome group.", + "definition": "The publish outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Do Not Publish", - "description": "Do Not Publish" + "definition": "Do Not Publish" }, { "key": "P", "name": "Publish", - "description": "Publish" + "definition": "Publish" } ] } @@ -18922,7 +18922,7 @@ "key": "DT_COORD_TRIAGE", "version": "1.0.0", "name": "Coordinator Triage", - "description": "Decision table for coordinator triage", + "definition": "Decision table for coordinator triage", "schemaVersion": "2.0.0", "decision_points": { "ssvc:RP:1.0.0": { @@ -18930,18 +18930,18 @@ "key": "RP", "version": "1.0.0", "name": "Report Public", - "description": "Is a viable report of the details of the vulnerability already publicly available?", + "definition": "Is a viable report of the details of the vulnerability already publicly available?", "schemaVersion": "2.0.0", "values": [ { "key": "Y", "name": "Yes", - "description": "A public report of the vulnerability exists." + "definition": "A public report of the vulnerability exists." }, { "key": "N", "name": "No", - "description": "No public report of the vulnerability exists." + "definition": "No public report of the vulnerability exists." } ] }, @@ -18950,18 +18950,18 @@ "key": "SCON", "version": "1.0.0", "name": "Supplier Contacted", - "description": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", + "definition": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "The supplier has not been contacted." + "definition": "The supplier has not been contacted." }, { "key": "Y", "name": "Yes", - "description": "The supplier has been contacted." + "definition": "The supplier has been contacted." } ] }, @@ -18970,18 +18970,18 @@ "key": "RC", "version": "1.0.0", "name": "Report Credibility", - "description": "Is the report credible?", + "definition": "Is the report credible?", "schemaVersion": "2.0.0", "values": [ { "key": "NC", "name": "Not Credible", - "description": "The report is not credible." + "definition": "The report is not credible." }, { "key": "C", "name": "Credible", - "description": "The report is credible." + "definition": "The report is credible." } ] }, @@ -18990,18 +18990,18 @@ "key": "SC", "version": "1.0.0", "name": "Supplier Cardinality", - "description": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", + "definition": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", "schemaVersion": "2.0.0", "values": [ { "key": "O", "name": "One", - "description": "There is only one supplier of the vulnerable component." + "definition": "There is only one supplier of the vulnerable component." }, { "key": "M", "name": "Multiple", - "description": "There are multiple suppliers of the vulnerable component." + "definition": "There are multiple suppliers of the vulnerable component." } ] }, @@ -19010,18 +19010,18 @@ "key": "SE", "version": "1.0.0", "name": "Supplier Engagement", - "description": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", + "definition": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", "schemaVersion": "2.0.0", "values": [ { "key": "A", "name": "Active", - "description": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." + "definition": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." }, { "key": "U", "name": "Unresponsive", - "description": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." + "definition": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." } ] }, @@ -19030,23 +19030,23 @@ "key": "U", "version": "1.0.1", "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", + "definition": "The Usefulness of the Exploit to the Adversary", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Laborious", - "description": "Automatable:No AND Value Density:Diffuse" + "definition": "Automatable:No AND Value Density:Diffuse" }, { "key": "E", "name": "Efficient", - "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + "definition": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" }, { "key": "S", "name": "Super Effective", - "description": "Automatable:Yes AND Value Density:Concentrated" + "definition": "Automatable:Yes AND Value Density:Concentrated" } ] }, @@ -19055,18 +19055,18 @@ "key": "PSI", "version": "2.0.1", "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", + "definition": "A coarse-grained representation of impact to public safety.", "schemaVersion": "2.0.0", "values": [ { "key": "M", "name": "Minimal", - "description": "Safety Impact:Negligible" + "definition": "Safety Impact:Negligible" }, { "key": "S", "name": "Significant", - "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + "definition": "Safety Impact:(Marginal OR Critical OR Catastrophic)" } ] }, @@ -19075,23 +19075,23 @@ "key": "COORDINATE", "version": "1.0.1", "name": "Decline, Track, Coordinate", - "description": "The coordinate outcome group.", + "definition": "The coordinate outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Decline", - "description": "Do not act on the report." + "definition": "Do not act on the report." }, { "key": "T", "name": "Track", - "description": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." + "definition": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." }, { "key": "C", "name": "Coordinate", - "description": "Take action on the report." + "definition": "Take action on the report." } ] } @@ -21033,7 +21033,7 @@ "key": "DT_DP", "version": "1.0.0", "name": "Deployer Patch Application Priority", - "description": "Decision table for evaluating deployer's patch application priority in SSVC", + "definition": "Decision table for evaluating deployer's patch application priority in SSVC", "schemaVersion": "2.0.0", "decision_points": { "ssvc:E:1.1.0": { @@ -21041,23 +21041,23 @@ "key": "E", "version": "1.1.0", "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", + "definition": "The present state of exploitation of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, { "key": "P", "name": "Public PoC", - "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + "definition": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." }, { "key": "A", "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } ] }, @@ -21066,23 +21066,23 @@ "key": "EXP", "version": "1.0.1", "name": "System Exposure", - "description": "The Accessible Attack Surface of the Affected System or Service", + "definition": "The Accessible Attack Surface of the Affected System or Service", "schemaVersion": "2.0.0", "values": [ { "key": "S", "name": "Small", - "description": "Local service or program; highly controlled network" + "definition": "Local service or program; highly controlled network" }, { "key": "C", "name": "Controlled", - "description": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + "definition": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." }, { "key": "O", "name": "Open", - "description": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + "definition": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" } ] }, @@ -21091,18 +21091,18 @@ "key": "A", "version": "2.0.0", "name": "Automatable", - "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "definition": "Can an attacker reliably automate creating exploitation events for this vulnerability?", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + "definition": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." }, { "key": "Y", "name": "Yes", - "description": "Attackers can reliably automate steps 1-4 of the kill chain." + "definition": "Attackers can reliably automate steps 1-4 of the kill chain." } ] }, @@ -21111,28 +21111,28 @@ "key": "HI", "version": "2.0.2", "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", + "definition": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" + "definition": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" }, { "key": "M", "name": "Medium", - "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" + "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" }, { "key": "H", "name": "High", - "description": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + "definition": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" }, { "key": "VH", "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } ] }, @@ -21141,28 +21141,28 @@ "key": "DSOI", "version": "1.0.0", "name": "Defer, Scheduled, Out-of-Cycle, Immediate", - "description": "The original SSVC outcome group.", + "definition": "The original SSVC outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Defer", - "description": "Defer" + "definition": "Defer" }, { "key": "S", "name": "Scheduled", - "description": "Scheduled" + "definition": "Scheduled" }, { "key": "O", "name": "Out-of-Cycle", - "description": "Out-of-Cycle" + "definition": "Out-of-Cycle" }, { "key": "I", "name": "Immediate", - "description": "Immediate" + "definition": "Immediate" } ] } @@ -21688,7 +21688,7 @@ "key": "DT_HI", "version": "1.0.0", "name": "Human Impact", - "description": "Human Impact decision table for SSVC", + "definition": "Human Impact decision table for SSVC", "schemaVersion": "2.0.0", "decision_points": { "ssvc:SI:2.0.0": { @@ -21696,28 +21696,28 @@ "key": "SI", "version": "2.0.0", "name": "Safety Impact", - "description": "The safety impact of the vulnerability. (based on IEC 61508)", + "definition": "The safety impact of the vulnerability. (based on IEC 61508)", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." }, { "key": "M", "name": "Marginal", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." }, { "key": "R", "name": "Critical", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." }, { "key": "C", "name": "Catastrophic", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." } ] }, @@ -21726,28 +21726,28 @@ "key": "MI", "version": "2.0.0", "name": "Mission Impact", - "description": "Impact on Mission Essential Functions of the Organization", + "definition": "Impact on Mission Essential Functions of the Organization", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Degraded", - "description": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" + "definition": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" }, { "key": "MSC", "name": "MEF Support Crippled", - "description": "Activities that directly support essential functions are crippled; essential functions continue for a time" + "definition": "Activities that directly support essential functions are crippled; essential functions continue for a time" }, { "key": "MEF", "name": "MEF Failure", - "description": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + "definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" }, { "key": "MF", "name": "Mission Failure", - "description": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + "definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" } ] }, @@ -21756,28 +21756,28 @@ "key": "HI", "version": "2.0.2", "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", + "definition": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "description": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" + "definition": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" }, { "key": "M", "name": "Medium", - "description": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" + "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" }, { "key": "H", "name": "High", - "description": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + "definition": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" }, { "key": "VH", "name": "Very High", - "description": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } ] } @@ -21879,7 +21879,7 @@ "key": "DT_PSI", "version": "1.0.0", "name": "Public Safety Impact", - "description": "Public Safety Impact Decision Table", + "definition": "Public Safety Impact Decision Table", "schemaVersion": "2.0.0", "decision_points": { "ssvc:SI:2.0.0": { @@ -21887,28 +21887,28 @@ "key": "SI", "version": "2.0.0", "name": "Safety Impact", - "description": "The safety impact of the vulnerability. (based on IEC 61508)", + "definition": "The safety impact of the vulnerability. (based on IEC 61508)", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." }, { "key": "M", "name": "Marginal", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." }, { "key": "R", "name": "Critical", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." }, { "key": "C", "name": "Catastrophic", - "description": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." } ] }, @@ -21917,18 +21917,18 @@ "key": "PSI", "version": "2.0.1", "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", + "definition": "A coarse-grained representation of impact to public safety.", "schemaVersion": "2.0.0", "values": [ { "key": "M", "name": "Minimal", - "description": "Safety Impact:Negligible" + "definition": "Safety Impact:Negligible" }, { "key": "S", "name": "Significant", - "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + "definition": "Safety Impact:(Marginal OR Critical OR Catastrophic)" } ] } @@ -21966,7 +21966,7 @@ "key": "DT_SP", "version": "1.0.0", "name": "Supplier Patch Development Priority", - "description": "Decision table for evaluating supplier patch development priority in SSVC", + "definition": "Decision table for evaluating supplier patch development priority in SSVC", "schemaVersion": "2.0.0", "decision_points": { "ssvc:E:1.1.0": { @@ -21974,23 +21974,23 @@ "key": "E", "version": "1.1.0", "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", + "definition": "The present state of exploitation of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, { "key": "P", "name": "Public PoC", - "description": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + "definition": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." }, { "key": "A", "name": "Active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } ] }, @@ -21999,23 +21999,23 @@ "key": "U", "version": "1.0.1", "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", + "definition": "The Usefulness of the Exploit to the Adversary", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Laborious", - "description": "Automatable:No AND Value Density:Diffuse" + "definition": "Automatable:No AND Value Density:Diffuse" }, { "key": "E", "name": "Efficient", - "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + "definition": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" }, { "key": "S", "name": "Super Effective", - "description": "Automatable:Yes AND Value Density:Concentrated" + "definition": "Automatable:Yes AND Value Density:Concentrated" } ] }, @@ -22024,18 +22024,18 @@ "key": "TI", "version": "1.0.0", "name": "Technical Impact", - "description": "The technical impact of the vulnerability.", + "definition": "The technical impact of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "P", "name": "Partial", - "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." + "definition": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." }, { "key": "T", "name": "Total", - "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." + "definition": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." } ] }, @@ -22044,18 +22044,18 @@ "key": "PSI", "version": "2.0.1", "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", + "definition": "A coarse-grained representation of impact to public safety.", "schemaVersion": "2.0.0", "values": [ { "key": "M", "name": "Minimal", - "description": "Safety Impact:Negligible" + "definition": "Safety Impact:Negligible" }, { "key": "S", "name": "Significant", - "description": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + "definition": "Safety Impact:(Marginal OR Critical OR Catastrophic)" } ] }, @@ -22064,28 +22064,28 @@ "key": "DSOI", "version": "1.0.0", "name": "Defer, Scheduled, Out-of-Cycle, Immediate", - "description": "The original SSVC outcome group.", + "definition": "The original SSVC outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Defer", - "description": "Defer" + "definition": "Defer" }, { "key": "S", "name": "Scheduled", - "description": "Scheduled" + "definition": "Scheduled" }, { "key": "O", "name": "Out-of-Cycle", - "description": "Out-of-Cycle" + "definition": "Out-of-Cycle" }, { "key": "I", "name": "Immediate", - "description": "Immediate" + "definition": "Immediate" } ] } @@ -22359,7 +22359,7 @@ "key": "DT_U", "version": "1.0.0", "name": "Utility", - "description": "Utility decision table for SSVC", + "definition": "Utility decision table for SSVC", "schemaVersion": "2.0.0", "decision_points": { "ssvc:A:2.0.0": { @@ -22367,18 +22367,18 @@ "key": "A", "version": "2.0.0", "name": "Automatable", - "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "definition": "Can an attacker reliably automate creating exploitation events for this vulnerability?", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "No", - "description": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + "definition": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." }, { "key": "Y", "name": "Yes", - "description": "Attackers can reliably automate steps 1-4 of the kill chain." + "definition": "Attackers can reliably automate steps 1-4 of the kill chain." } ] }, @@ -22387,18 +22387,18 @@ "key": "VD", "version": "1.0.0", "name": "Value Density", - "description": "The concentration of value in the target", + "definition": "The concentration of value in the target", "schemaVersion": "2.0.0", "values": [ { "key": "D", "name": "Diffuse", - "description": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." + "definition": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." }, { "key": "C", "name": "Concentrated", - "description": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." + "definition": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." } ] }, @@ -22407,23 +22407,23 @@ "key": "U", "version": "1.0.1", "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", + "definition": "The Usefulness of the Exploit to the Adversary", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Laborious", - "description": "Automatable:No AND Value Density:Diffuse" + "definition": "Automatable:No AND Value Density:Diffuse" }, { "key": "E", "name": "Efficient", - "description": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + "definition": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" }, { "key": "S", "name": "Super Effective", - "description": "Automatable:Yes AND Value Density:Concentrated" + "definition": "Automatable:Yes AND Value Density:Concentrated" } ] } diff --git a/data/schema/v2/Decision_Point-2-0-0.schema.json b/data/schema/v2/Decision_Point-2-0-0.schema.json index c5bd948a..63e87423 100644 --- a/data/schema/v2/Decision_Point-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point-2-0-0.schema.json @@ -28,15 +28,15 @@ "title": "Name", "type": "string" }, - "description": { - "title": "Description", + "definition": { + "title": "Definition", "type": "string" } }, "required": [ "key", "name", - "description" + "definition" ], "type": "object" } @@ -89,8 +89,8 @@ "title": "Name", "type": "string" }, - "description": { - "title": "Description", + "definition": { + "title": "Definition", "type": "string" }, "schemaVersion": { @@ -110,7 +110,7 @@ "namespace", "key", "name", - "description", + "definition", "schemaVersion", "values" ] diff --git a/data/schema/v2/Decision_Point_Group-2-0-0.schema.json b/data/schema/v2/Decision_Point_Group-2-0-0.schema.json index 38bb0c0b..345b5e33 100644 --- a/data/schema/v2/Decision_Point_Group-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Group-2-0-0.schema.json @@ -54,8 +54,8 @@ "title": "Name", "type": "string" }, - "description": { - "title": "Description", + "definition": { + "title": "Definition", "type": "string" }, "schemaVersion": { @@ -75,7 +75,7 @@ "namespace", "key", "name", - "description", + "definition", "schemaVersion", "values" ], @@ -106,15 +106,15 @@ "title": "Name", "type": "string" }, - "description": { - "title": "Description", + "definition": { + "title": "Definition", "type": "string" } }, "required": [ "key", "name", - "description" + "definition" ], "type": "object" } @@ -141,8 +141,8 @@ "title": "Name", "type": "string" }, - "description": { - "title": "Description", + "definition": { + "title": "Definition", "type": "string" }, "decision_points": { @@ -156,7 +156,7 @@ "required": [ "schemaVersion", "name", - "description", + "definition", "decision_points" ] } diff --git a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json index 2bc4052d..3323fedc 100644 --- a/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json +++ b/data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json @@ -14,8 +14,8 @@ "title": "Name", "type": "string" }, - "description": { - "title": "Description", + "definition": { + "title": "Definition", "type": "string" }, "key": { @@ -37,6 +37,7 @@ } }, "required": [ + "definition", "key" ], "type": "object" @@ -114,8 +115,8 @@ "title": "Name", "type": "string" }, - "description": { - "title": "Description", + "definition": { + "title": "Definition", "type": "string" }, "values": { @@ -153,6 +154,7 @@ "namespace", "key", "version", + "definition", "values" ], "type": "object" diff --git a/data/schema/v2/Decision_Table-2-0-0.schema.json b/data/schema/v2/Decision_Table-2-0-0.schema.json index 95870b27..5c8a0bdb 100644 --- a/data/schema/v2/Decision_Table-2-0-0.schema.json +++ b/data/schema/v2/Decision_Table-2-0-0.schema.json @@ -54,8 +54,8 @@ "title": "Name", "type": "string" }, - "description": { - "title": "Description", + "definition": { + "title": "Definition", "type": "string" }, "schemaVersion": { @@ -75,7 +75,7 @@ "namespace", "key", "name", - "description", + "definition", "schemaVersion", "values" ], @@ -106,15 +106,15 @@ "title": "Name", "type": "string" }, - "description": { - "title": "Description", + "definition": { + "title": "Definition", "type": "string" } }, "required": [ "key", "name", - "description" + "definition" ], "type": "object" } @@ -167,8 +167,8 @@ "title": "Name", "type": "string" }, - "description": { - "title": "Description", + "definition": { + "title": "Definition", "type": "string" }, "schemaVersion": { @@ -207,7 +207,7 @@ "namespace", "key", "name", - "description", + "definition", "schemaVersion", "decision_points", "outcome" diff --git a/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json b/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json index 0b00cf09..24bdfaef 100644 --- a/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json +++ b/data/schema/v2/Ssvc_Object_Registry-2-0-0.schema.json @@ -53,8 +53,8 @@ "title": "Name", "type": "string" }, - "description": { - "title": "Description", + "definition": { + "title": "Definition", "type": "string" }, "schemaVersion": { @@ -74,7 +74,7 @@ "namespace", "key", "name", - "description", + "definition", "schemaVersion", "values" ], @@ -105,15 +105,15 @@ "title": "Name", "type": "string" }, - "description": { - "title": "Description", + "definition": { + "title": "Definition", "type": "string" } }, "required": [ "key", "name", - "description" + "definition" ], "type": "object" }, @@ -168,8 +168,8 @@ "title": "Name", "type": "string" }, - "description": { - "title": "Description", + "definition": { + "title": "Definition", "type": "string" }, "schemaVersion": { @@ -208,7 +208,7 @@ "namespace", "key", "name", - "description", + "definition", "schemaVersion", "decision_points", "outcome" @@ -347,8 +347,8 @@ "title": "Name", "type": "string" }, - "description": { - "title": "Description", + "definition": { + "title": "Definition", "type": "string" }, "schemaVersion": { @@ -368,7 +368,7 @@ }, "required": [ "name", - "description", + "definition", "schemaVersion" ] } diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index ae82e0fb..07e1f3c1 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -201,7 +201,7 @@ class _Base(BaseModel): """ name: str - description: str + definition: str class _KeyedBaseModel(_Base, _Keyed, BaseModel): diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index f5ee3931..a1f0d093 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -158,13 +158,13 @@ def value_summaries(self) -> list[str]: def main(): opt_none = DecisionPointValue( - name="None", key="N", description="No exploit available" + name="None", key="N", definition="No exploit available" ) opt_poc = DecisionPointValue( - name="PoC", key="P", description="Proof of concept exploit available" + name="PoC", key="P", definition="Proof of concept exploit available" ) opt_active = DecisionPointValue( - name="Active", key="A", description="Active exploitation observed" + name="Active", key="A", definition="Active exploitation observed" ) opts = [opt_none, opt_poc, opt_active] @@ -172,7 +172,7 @@ def main(): _comment="This is an optional comment that will be included in the object.", values=opts, name="Exploitation", - description="Is there an exploit available?", + definition="Is there an exploit available?", key="E", version="1.0.0", ) diff --git a/src/ssvc/decision_points/cisa/in_kev.py b/src/ssvc/decision_points/cisa/in_kev.py index 8d6b366e..6051b9f8 100644 --- a/src/ssvc/decision_points/cisa/in_kev.py +++ b/src/ssvc/decision_points/cisa/in_kev.py @@ -28,18 +28,18 @@ YES = DecisionPointValue( name="Yes", key="Y", - description="Vulnerability is listed in KEV.", + definition="Vulnerability is listed in KEV.", ) NO = DecisionPointValue( name="No", key="N", - description="Vulnerability is not listed in KEV.", + definition="Vulnerability is not listed in KEV.", ) IN_KEV_1 = CisaDecisionPoint( name="In KEV", - description="Denotes whether a vulnerability is in the CISA Known Exploited Vulnerabilities (KEV) list.", + definition="Denotes whether a vulnerability is in the CISA Known Exploited Vulnerabilities (KEV) list.", key="KEV", version="1.0.0", values=( diff --git a/src/ssvc/decision_points/cisa/mission_prevalence.py b/src/ssvc/decision_points/cisa/mission_prevalence.py index 9e209c9e..24bb5474 100644 --- a/src/ssvc/decision_points/cisa/mission_prevalence.py +++ b/src/ssvc/decision_points/cisa/mission_prevalence.py @@ -31,26 +31,26 @@ MINIMAL = DecisionPointValue( name="Minimal", key="M", - description="Neither Support nor Essential apply. " + definition="Neither Support nor Essential apply. " "The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions.", ) SUPPORT = DecisionPointValue( name="Support", key="S", - description="The vulnerable component only supports MEFs for two or more entities.", + definition="The vulnerable component only supports MEFs for two or more entities.", ) ESSENTIAL = DecisionPointValue( name="Essential", key="E", - description="The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure.", + definition="The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure.", ) MISSION_PREVALENCE = CisaDecisionPoint( name="Mission Prevalence", - description="Prevalence of the mission essential functions", + definition="Prevalence of the mission essential functions", key="MP", version="1.0.0", values=( diff --git a/src/ssvc/decision_points/cvss/_not_defined.py b/src/ssvc/decision_points/cvss/_not_defined.py index 479c575b..c4031a1c 100644 --- a/src/ssvc/decision_points/cvss/_not_defined.py +++ b/src/ssvc/decision_points/cvss/_not_defined.py @@ -27,11 +27,11 @@ NOT_DEFINED_ND = DecisionPointValue( name="Not Defined", key="ND", - description="This metric value is not defined. See CVSS documentation for details.", + definition="This metric value is not defined. See CVSS documentation for details.", ) NOT_DEFINED_X = DecisionPointValue( name="Not Defined", key="X", - description="This metric value is not defined. See CVSS documentation for details.", + definition="This metric value is not defined. See CVSS documentation for details.", ) diff --git a/src/ssvc/decision_points/cvss/attack_complexity.py b/src/ssvc/decision_points/cvss/attack_complexity.py index 9f268644..be80091a 100644 --- a/src/ssvc/decision_points/cvss/attack_complexity.py +++ b/src/ssvc/decision_points/cvss/attack_complexity.py @@ -28,34 +28,34 @@ _HIGH_3 = DecisionPointValue( name="High", key="H", - description="A successful attack depends on conditions beyond the attacker's control.", + definition="A successful attack depends on conditions beyond the attacker's control.", ) _LOW_3 = DecisionPointValue( name="Low", key="L", - description="Specialized access conditions or extenuating circumstances do not exist. An attacker can expect " + definition="Specialized access conditions or extenuating circumstances do not exist. An attacker can expect " "repeatable success against the vulnerable component.", ) _HIGH_2 = DecisionPointValue( - name="High", key="H", description="Specialized access conditions exist." + name="High", key="H", definition="Specialized access conditions exist." ) _MEDIUM = DecisionPointValue( name="Medium", key="M", - description="The access conditions are somewhat specialized.", + definition="The access conditions are somewhat specialized.", ) _LOW_2 = DecisionPointValue( name="Low", key="L", - description="Specialized access conditions or extenuating circumstances do not exist.", + definition="Specialized access conditions or extenuating circumstances do not exist.", ) _HIGH = DecisionPointValue( name="High", key="H", - description="Specialized access conditions exist; for example: the system is exploitable during specific windows " + definition="Specialized access conditions exist; for example: the system is exploitable during specific windows " "of time (a race condition), the system is exploitable under specific circumstances (nondefault " "configurations), or the system is exploitable with victim interaction (vulnerability exploitable " "only if user opens e-mail)", @@ -63,12 +63,12 @@ _LOW = DecisionPointValue( name="Low", key="L", - description="Specialized access conditions or extenuating circumstances do not exist; the system is always " + definition="Specialized access conditions or extenuating circumstances do not exist; the system is always " "exploitable.", ) ACCESS_COMPLEXITY_1 = CvssDecisionPoint( name="Access Complexity", - description="This metric measures the complexity of the attack required to exploit the vulnerability once an " + definition="This metric measures the complexity of the attack required to exploit the vulnerability once an " "attacker has gained access to the target system.", key="AC", version="1.0.0", @@ -80,7 +80,7 @@ ACCESS_COMPLEXITY_2 = CvssDecisionPoint( name="Access Complexity", - description="This metric measures the complexity of the attack required to exploit the vulnerability once an " + definition="This metric measures the complexity of the attack required to exploit the vulnerability once an " "attacker has gained access to the target system.", key="AC", version="2.0.0", @@ -93,7 +93,7 @@ ATTACK_COMPLEXITY_3 = CvssDecisionPoint( name="Attack Complexity", - description="This metric describes the conditions beyond the attacker's control that must exist in order to " + definition="This metric describes the conditions beyond the attacker's control that must exist in order to " "exploit the vulnerability.", key="AC", version="3.0.0", @@ -109,7 +109,7 @@ LOW_4 = DecisionPointValue( name="Low", key="L", - description="The attacker must take no measurable action to exploit the vulnerability. The attack requires no " + definition="The attacker must take no measurable action to exploit the vulnerability. The attack requires no " "target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable " "success against the vulnerable system. ", ) @@ -117,7 +117,7 @@ HIGH_4 = DecisionPointValue( name="High", key="H", - description="The successful attack depends on the evasion or circumvention of security-enhancing " + definition="The successful attack depends on the evasion or circumvention of security-enhancing " "techniques in place that would otherwise hinder the attack. These include: Evasion of exploit " "mitigation techniques. The attacker must have additional methods available to bypass security " "measures in place.", @@ -125,7 +125,7 @@ ATTACK_COMPLEXITY_3_0_1 = CvssDecisionPoint( name="Attack Complexity", - description="This metric captures measurable actions that must be taken by the attacker to actively evade or " + definition="This metric captures measurable actions that must be taken by the attacker to actively evade or " "circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", key="AC", version="3.0.1", diff --git a/src/ssvc/decision_points/cvss/attack_requirements.py b/src/ssvc/decision_points/cvss/attack_requirements.py index e85b9e4f..d68e9f9b 100644 --- a/src/ssvc/decision_points/cvss/attack_requirements.py +++ b/src/ssvc/decision_points/cvss/attack_requirements.py @@ -28,7 +28,7 @@ _AT_NONE = DecisionPointValue( name="None", key="N", - description="The successful attack does not depend on the deployment and execution conditions of the vulnerable " + definition="The successful attack does not depend on the deployment and execution conditions of the vulnerable " "system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or " "most instances of the vulnerability.", ) @@ -37,7 +37,7 @@ _PRESENT = DecisionPointValue( name="Present", key="P", - description="The successful attack depends on the presence of specific deployment and execution conditions of " + definition="The successful attack depends on the presence of specific deployment and execution conditions of " "the vulnerable system that enable the attack.", ) @@ -45,7 +45,7 @@ name="Attack Requirements", key="AT", version="1.0.0", - description="This metric captures the prerequisite deployment and execution conditions or variables of the " + definition="This metric captures the prerequisite deployment and execution conditions or variables of the " "vulnerable system that enable the attack.", values=( _PRESENT, diff --git a/src/ssvc/decision_points/cvss/attack_vector.py b/src/ssvc/decision_points/cvss/attack_vector.py index 9bdb1e34..01c98107 100644 --- a/src/ssvc/decision_points/cvss/attack_vector.py +++ b/src/ssvc/decision_points/cvss/attack_vector.py @@ -28,19 +28,19 @@ _REMOTE = DecisionPointValue( name="Remote", key="R", - description="The vulnerability is exploitable remotely.", + definition="The vulnerability is exploitable remotely.", ) _LOCAL = DecisionPointValue( name="Local", key="L", - description="The vulnerability is only exploitable locally (i.e., it requires physical access or authenticated " + definition="The vulnerability is only exploitable locally (i.e., it requires physical access or authenticated " "login to the target system)", ) ACCESS_VECTOR_1 = CvssDecisionPoint( name="Access Vector", - description="This metric measures whether or not the vulnerability is exploitable locally or remotely.", + definition="This metric measures whether or not the vulnerability is exploitable locally or remotely.", key="AV", version="1.0.0", values=( @@ -55,7 +55,7 @@ _NETWORK = DecisionPointValue( name="Network", key="N", - description="A vulnerability exploitable with network access means the vulnerable software is bound to the " + definition="A vulnerability exploitable with network access means the vulnerable software is bound to the " "network stack and the attacker does not require local network access or local access. Such a " "vulnerability is often termed 'remotely exploitable'.", ) @@ -63,21 +63,21 @@ _ADJACENT = DecisionPointValue( name="Adjacent Network", key="A", - description="A vulnerability exploitable with adjacent network access requires the attacker to have access to " + definition="A vulnerability exploitable with adjacent network access requires the attacker to have access to " "either the broadcast or collision domain of the vulnerable software.", ) _LOCAL_2 = DecisionPointValue( name="Local", key="L", - description="A vulnerability exploitable with only local access requires the attacker to have either physical " + definition="A vulnerability exploitable with only local access requires the attacker to have either physical " "access to the vulnerable system or a local (shell) account.", ) ACCESS_VECTOR_2 = CvssDecisionPoint( name="Access Vector", - description="This metric reflects the context by which vulnerability exploitation is possible.", + definition="This metric reflects the context by which vulnerability exploitation is possible.", key="AV", version="2.0.0", values=( @@ -94,7 +94,7 @@ _NETWORK_2 = DecisionPointValue( name="Network", key="N", - description="A vulnerability exploitable with network access means the vulnerable component is bound to the " + definition="A vulnerability exploitable with network access means the vulnerable component is bound to the " "network stack and the attacker's path is through OSI layer 3 (the network layer). Such a " "vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being " "exploitable one or more network hops away (e.g. across layer 3 boundaries from routers).", @@ -103,7 +103,7 @@ _ADJACENT_2 = DecisionPointValue( name="Adjacent", key="A", - description="A vulnerability exploitable with adjacent network access means the vulnerable component is bound to " + definition="A vulnerability exploitable with adjacent network access means the vulnerable component is bound to " "the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, " "IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer " "3 boundary (e.g. a router).", @@ -112,7 +112,7 @@ _LOCAL_3 = DecisionPointValue( name="Local", key="L", - description="A vulnerability exploitable with Local access means that the vulnerable component is not bound to " + definition="A vulnerability exploitable with Local access means that the vulnerable component is not bound to " "the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, " "the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely " "on User Interaction to execute a malicious file.", @@ -121,14 +121,14 @@ _PHYSICAL_2 = DecisionPointValue( name="Physical", key="P", - description="A vulnerability exploitable with Physical access requires the attacker to physically touch or " + definition="A vulnerability exploitable with Physical access requires the attacker to physically touch or " "manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) " "or persistent.", ) ATTACK_VECTOR_3 = CvssDecisionPoint( name="Attack Vector", - description="This metric reflects the context by which vulnerability exploitation is possible. ", + definition="This metric reflects the context by which vulnerability exploitation is possible. ", key="AV", version="3.0.0", values=( @@ -147,7 +147,7 @@ _NETWORK_3 = DecisionPointValue( name="Network", key="N", - description="The vulnerable system is bound to the network stack and the set of possible attackers extends beyond " + definition="The vulnerable system is bound to the network stack and the set of possible attackers extends beyond " "the other options listed below, up to and including the entire Internet. Such a vulnerability is " "often termed “remotely exploitable” and can be thought of as an attack being exploitable at the " "protocol level one or more network hops away (e.g., across one or more routers).", @@ -156,7 +156,7 @@ _ADJACENT_3 = DecisionPointValue( name="Adjacent", key="A", - description="The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level " + definition="The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level " "to a logically adjacent topology. This can mean an attack must be launched from the same shared " "proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from " "within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an " @@ -166,7 +166,7 @@ _LOCAL_4 = DecisionPointValue( name="Local", key="L", - description="The vulnerable system is not bound to the network stack and the attacker’s path is via " + definition="The vulnerable system is not bound to the network stack and the attacker’s path is via " "read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the " "target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the " "attacker relies on User Interaction by another person to perform actions required to exploit the " @@ -177,14 +177,14 @@ _PHYSICAL_3 = DecisionPointValue( name="Physical", key="P", - description="The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical " + definition="The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical " "interaction may be brief (e.g., evil maid attack1) or persistent.", ) # updates descriptions of NETWORK, ADJACENT, LOCAL, and PHYSICAL values for CVSS Attack Vector ATTACK_VECTOR_3_0_1 = CvssDecisionPoint( name="Attack Vector", - description="This metric reflects the context by which vulnerability exploitation is possible. This metric value " + definition="This metric reflects the context by which vulnerability exploitation is possible. This metric value " "(and consequently the resulting severity) will be larger the more remote (logically, and physically) " "an attacker can be in order to exploit the vulnerable system. The assumption is that the number of " "potential attackers for a vulnerability that could be exploited from across a network is larger than " diff --git a/src/ssvc/decision_points/cvss/authentication.py b/src/ssvc/decision_points/cvss/authentication.py index 5f8eae2d..e52c28f8 100644 --- a/src/ssvc/decision_points/cvss/authentication.py +++ b/src/ssvc/decision_points/cvss/authentication.py @@ -29,36 +29,36 @@ _AUTH_NONE = DecisionPointValue( name="None", key="N", - description="Authentication is not required to exploit the vulnerability.", + definition="Authentication is not required to exploit the vulnerability.", ) _SINGLE = DecisionPointValue( name="Single", key="S", - description="The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface).", + definition="The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface).", ) _MULTIPLE = DecisionPointValue( name="Multiple", key="M", - description="Exploiting the vulnerability requires that the attacker authenticate two or more times, even if the same credentials are used each time.", + definition="Exploiting the vulnerability requires that the attacker authenticate two or more times, even if the same credentials are used each time.", ) _REQUIRED = DecisionPointValue( name="Required", key="R", - description="Authentication is required to access and exploit the vulnerability.", + definition="Authentication is required to access and exploit the vulnerability.", ) _NOT_REQUIRED = DecisionPointValue( name="Not Required", key="N", - description="Authentication is not required to access or exploit the vulnerability.", + definition="Authentication is not required to access or exploit the vulnerability.", ) AUTHENTICATION_1 = CvssDecisionPoint( name="Authentication", - description="This metric measures whether or not an attacker needs to be authenticated to the target system in order to exploit the vulnerability.", + definition="This metric measures whether or not an attacker needs to be authenticated to the target system in order to exploit the vulnerability.", key="Au", version="1.0.0", values=( @@ -72,7 +72,7 @@ AUTHENTICATION_2 = CvssDecisionPoint( name="Authentication", - description="This metric measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability. This metric does not gauge the strength or complexity of the authentication process, only that an attacker is required to provide credentials before an exploit may occur. The possible values for this metric are listed in Table 3. The fewer authentication instances that are required, the higher the vulnerability score.", + definition="This metric measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability. This metric does not gauge the strength or complexity of the authentication process, only that an attacker is required to provide credentials before an exploit may occur. The possible values for this metric are listed in Table 3. The fewer authentication instances that are required, the higher the vulnerability score.", key="Au", version="2.0.0", values=( diff --git a/src/ssvc/decision_points/cvss/availability_impact.py b/src/ssvc/decision_points/cvss/availability_impact.py index b7c5ed33..3b340c08 100644 --- a/src/ssvc/decision_points/cvss/availability_impact.py +++ b/src/ssvc/decision_points/cvss/availability_impact.py @@ -29,7 +29,7 @@ _HIGH = DecisionPointValue( name="High", key="H", - description="There is total loss of availability, resulting in the attacker being able to fully deny access to " + definition="There is total loss of availability, resulting in the attacker being able to fully deny access to " "resources in the impacted component; this loss is either sustained (while the attacker continues to " "deliver the attack) or persistent (the condition persists even after the attack has completed).", ) @@ -37,36 +37,36 @@ _LOW = DecisionPointValue( name="Low", key="L", - description="There is reduced performance or interruptions in resource availability.", + definition="There is reduced performance or interruptions in resource availability.", ) _NONE_2 = DecisionPointValue( name="None", key="N", - description="There is no impact to the availability of the system.", + definition="There is no impact to the availability of the system.", ) _COMPLETE = DecisionPointValue( name="Complete", key="C", - description="Total shutdown of the affected resource. The attacker can render the resource completely unavailable.", + definition="Total shutdown of the affected resource. The attacker can render the resource completely unavailable.", ) _PARTIAL = DecisionPointValue( name="Partial", key="P", - description="Considerable lag in or interruptions in resource availability. For example, a network-based flood " + definition="Considerable lag in or interruptions in resource availability. For example, a network-based flood " "attack that reduces available bandwidth to a web server farm to such an extent that only a small " "number of connections successfully complete.", ) _NONE_1 = DecisionPointValue( - name="None", key="N", description="No impact on availability." + name="None", key="N", definition="No impact on availability." ) AVAILABILITY_IMPACT_1 = CvssDecisionPoint( name="Availability Impact", - description="This metric measures the impact on availability a successful exploit of the vulnerability will have " + definition="This metric measures the impact on availability a successful exploit of the vulnerability will have " "on the target system.", key="A", version="1.0.0", @@ -82,7 +82,7 @@ AVAILABILITY_IMPACT_2 = CvssDecisionPoint( name="Availability Impact", - description="This metric measures the impact to availability of a successfully exploited vulnerability.", + definition="This metric measures the impact to availability of a successfully exploited vulnerability.", key="A", version="2.0.0", values=( @@ -98,7 +98,7 @@ _HIGH_2 = DecisionPointValue( name="High", key="H", - description="There is total loss of availability, resulting in the attacker being able to fully deny access to " + definition="There is total loss of availability, resulting in the attacker being able to fully deny access to " "resources in the impacted component; this loss is either sustained (while the attacker continues to " "deliver the attack) or persistent (the condition persists even after the attack has completed).", ) @@ -106,7 +106,7 @@ _LOW_2 = DecisionPointValue( name="Low", key="L", - description="There is reduced performance or interruptions in resource availability. Even if repeated " + definition="There is reduced performance or interruptions in resource availability. Even if repeated " "exploitation of the vulnerability is possible, the attacker does not have the ability to completely " "deny service to legitimate users. The resources in the Vulnerable System are either partially " "available all of the time, or fully available only some of the time, but overall there is no direct, " @@ -116,13 +116,13 @@ _NONE_3 = DecisionPointValue( name="None", key="N", - description="There is no impact to availability within the Vulnerable System.", + definition="There is no impact to availability within the Vulnerable System.", ) AVAILABILITY_IMPACT_3_0_0 = CvssDecisionPoint( name="Availability Impact to the Vulnerable System", - description="This metric measures the impact to the availability of the impacted system resulting from a " + definition="This metric measures the impact to the availability of the impacted system resulting from a " "successfully exploited vulnerability.", key="VA", version="3.0.0", diff --git a/src/ssvc/decision_points/cvss/availability_requirement.py b/src/ssvc/decision_points/cvss/availability_requirement.py index 6b282cb8..7e0e1553 100644 --- a/src/ssvc/decision_points/cvss/availability_requirement.py +++ b/src/ssvc/decision_points/cvss/availability_requirement.py @@ -35,28 +35,28 @@ _HIGH = DecisionPointValue( name="High", key="H", - description="Loss of availability is likely to have a catastrophic adverse effect on the organization or " + definition="Loss of availability is likely to have a catastrophic adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) _MEDIUM = DecisionPointValue( name="Medium", key="M", - description="Loss of availability is likely to have a serious adverse effect on the organization or individuals " + definition="Loss of availability is likely to have a serious adverse effect on the organization or individuals " "associated with the organization (e.g., employees, customers).", ) _LOW = DecisionPointValue( name="Low", key="L", - description="Loss of availability is likely to have only a limited adverse effect on the organization or " + definition="Loss of availability is likely to have only a limited adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) AVAILABILITY_REQUIREMENT_1 = CvssDecisionPoint( name="Availability Requirement", - description="This metric measures the impact to the availability of a successfully exploited vulnerability.", + definition="This metric measures the impact to the availability of a successfully exploited vulnerability.", key="AR", version="1.0.0", values=( @@ -72,7 +72,7 @@ AVAILABILITY_REQUIREMENT_1_1 = CvssDecisionPoint( name="Availability Requirement", - description="This metric measures the impact to the availability of a successfully exploited vulnerability.", + definition="This metric measures the impact to the availability of a successfully exploited vulnerability.", key="AR", version="1.1.0", values=( @@ -87,27 +87,27 @@ _HIGH_2 = DecisionPointValue( name="High", key="H", - description="Loss of availability is likely to have a catastrophic adverse effect on the organization or " + definition="Loss of availability is likely to have a catastrophic adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) _MEDIUM_2 = DecisionPointValue( name="Medium", key="M", - description="Loss of availability is likely to have a serious adverse effect on the organization or " + definition="Loss of availability is likely to have a serious adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) _LOW_2 = DecisionPointValue( name="Low", key="L", - description="Loss of availability is likely to have only a limited adverse effect on the organization or " + definition="Loss of availability is likely to have only a limited adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) AVAILABILITY_REQUIREMENT_1_1_1 = CvssDecisionPoint( name="Availability Requirement", - description="This metric enables the consumer to customize the assessment depending on the importance of the " + definition="This metric enables the consumer to customize the assessment depending on the importance of the " "affected IT asset to the analyst’s organization, measured in terms of Availability.", key="AR", version="1.1.1", diff --git a/src/ssvc/decision_points/cvss/collateral_damage_potential.py b/src/ssvc/decision_points/cvss/collateral_damage_potential.py index 3f4eb34c..7e11cbf7 100644 --- a/src/ssvc/decision_points/cvss/collateral_damage_potential.py +++ b/src/ssvc/decision_points/cvss/collateral_damage_potential.py @@ -31,49 +31,49 @@ _MEDIUM_HIGH = DecisionPointValue( name="Medium-High", key="MH", - description="A successful exploit of this vulnerability may result in significant physical or property damage or loss.", + definition="A successful exploit of this vulnerability may result in significant physical or property damage or loss.", ) _LOW_MEDIUM = DecisionPointValue( name="Low-Medium", key="LM", - description="A successful exploit of this vulnerability may result in moderate physical or property damage or loss.", + definition="A successful exploit of this vulnerability may result in moderate physical or property damage or loss.", ) _CDP_NONE_2 = DecisionPointValue( name="None", key="N", - description="There is no potential for loss of life, physical assets, productivity or revenue.", + definition="There is no potential for loss of life, physical assets, productivity or revenue.", ) _HIGH = DecisionPointValue( name="High", key="H", - description="A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area.", + definition="A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area.", ) _MEDIUM = DecisionPointValue( name="Medium", key="M", - description="A successful exploit of this vulnerability may result in significant physical or property damage or loss.", + definition="A successful exploit of this vulnerability may result in significant physical or property damage or loss.", ) _LOW = DecisionPointValue( name="Low", key="L", - description="A successful exploit of this vulnerability may result in light physical or property damage or loss. The system itself may be damaged or destroyed.", + definition="A successful exploit of this vulnerability may result in light physical or property damage or loss. The system itself may be damaged or destroyed.", ) _CDP_NONE = DecisionPointValue( name="None", key="N", - description="There is no potential for physical or property damage.", + definition="There is no potential for physical or property damage.", ) COLLATERAL_DAMAGE_POTENTIAL_1 = CvssDecisionPoint( name="Collateral Damage Potential", - description="This metric measures the potential for a loss in physical equipment, property damage or loss of life or limb.", + definition="This metric measures the potential for a loss in physical equipment, property damage or loss of life or limb.", key="CDP", version="1.0.0", values=( @@ -89,7 +89,7 @@ COLLATERAL_DAMAGE_POTENTIAL_2 = CvssDecisionPoint( name="Collateral Damage Potential", - description="This metric measures the potential for loss of life or physical assets.", + definition="This metric measures the potential for loss of life or physical assets.", key="CDP", version="2.0.0", values=( diff --git a/src/ssvc/decision_points/cvss/confidentiality_impact.py b/src/ssvc/decision_points/cvss/confidentiality_impact.py index c59512be..d7fd2f7f 100644 --- a/src/ssvc/decision_points/cvss/confidentiality_impact.py +++ b/src/ssvc/decision_points/cvss/confidentiality_impact.py @@ -28,7 +28,7 @@ _HIGH = DecisionPointValue( name="High", key="H", - description="There is total loss of confidentiality, resulting in all resources within the impacted component " + definition="There is total loss of confidentiality, resulting in all resources within the impacted component " "being divulged to the attacker. Alternatively, access to only some restricted information is " "obtained, but the disclosed information presents a direct, serious impact. For example, an attacker " "steals the administrator's password, or private encryption keys of a web server.", @@ -37,7 +37,7 @@ _LOW = DecisionPointValue( name="Low", key="L", - description="There is some loss of confidentiality. Access to some restricted information is obtained, " + definition="There is some loss of confidentiality. Access to some restricted information is obtained, " "but the attacker does not have control over what information is obtained, or the amount or kind of " "loss is constrained. The information disclosure does not cause a direct, serious loss to the " "impacted component.", @@ -46,13 +46,13 @@ _CI_NONE_2 = DecisionPointValue( name="None", key="N", - description="There is no loss of confidentiality within the impacted component.", + definition="There is no loss of confidentiality within the impacted component.", ) _COMPLETE = DecisionPointValue( name="Complete", key="C", - description="A total compromise of critical system information. A complete loss of system protection resulting in " + definition="A total compromise of critical system information. A complete loss of system protection resulting in " "all critical system files being revealed. The attacker has sovereign control to read all of the " "system's data (memory, files, etc).", ) @@ -60,7 +60,7 @@ _PARTIAL = DecisionPointValue( name="Partial", key="P", - description="There is considerable informational disclosure. Access to critical system files is possible. There " + definition="There is considerable informational disclosure. Access to critical system files is possible. There " "is a loss of important information, but the attacker doesn't have control over what is obtainable or " "the scope of the loss is constrained.", ) @@ -68,12 +68,12 @@ _CI_NONE = DecisionPointValue( name="None", key="N", - description="No impact on confidentiality.", + definition="No impact on confidentiality.", ) CONFIDENTIALITY_IMPACT_1 = CvssDecisionPoint( name="Confidentiality Impact", - description="This metric measures the impact on confidentiality of a successful exploit of the vulnerability on " + definition="This metric measures the impact on confidentiality of a successful exploit of the vulnerability on " "the target system.", key="C", version="1.0.0", @@ -89,7 +89,7 @@ CONFIDENTIALITY_IMPACT_2 = CvssDecisionPoint( name="Confidentiality Impact", - description="This metric measures the impact to the confidentiality of the information resources managed by a " + definition="This metric measures the impact to the confidentiality of the information resources managed by a " "software component due to a successfully exploited vulnerability.", key="C", version="2.0.0", @@ -107,7 +107,7 @@ _HIGH_1 = DecisionPointValue( name="High", key="H", - description="There is total loss of confidentiality, resulting in all resources within the impacted component " + definition="There is total loss of confidentiality, resulting in all resources within the impacted component " "being divulged to the attacker. Alternatively, access to only some restricted information is " "obtained, but the disclosed information presents a direct, serious impact. For example, an attacker " "steals the administrator's password, or private encryption keys of a web server.", @@ -116,7 +116,7 @@ _LOW_1 = DecisionPointValue( name="Low", key="L", - description="There is some loss of confidentiality. Access to some restricted information is obtained, " + definition="There is some loss of confidentiality. Access to some restricted information is obtained, " "but the attacker does not have control over what information is obtained, or the amount or kind of " "loss is constrained. The information disclosure does not cause a direct, serious loss to the " "impacted component.", @@ -125,12 +125,12 @@ _CI_NONE_3 = DecisionPointValue( name="None", key="N", - description="There is no loss of confidentiality within the impacted component.", + definition="There is no loss of confidentiality within the impacted component.", ) CONFIDENTIALITY_IMPACT_3_0_0 = CvssDecisionPoint( name="Confidentiality Impact to the Vulnerable System", - description="This metric measures the impact to the confidentiality of the information managed by the system due " + definition="This metric measures the impact to the confidentiality of the information managed by the system due " "to a successfully exploited vulnerability. Confidentiality refers to limiting information access " "and disclosure to only authorized users, as well as preventing access by, or disclosure to, " "unauthorized ones.", diff --git a/src/ssvc/decision_points/cvss/confidentiality_requirement.py b/src/ssvc/decision_points/cvss/confidentiality_requirement.py index a86e2558..a5b84b96 100644 --- a/src/ssvc/decision_points/cvss/confidentiality_requirement.py +++ b/src/ssvc/decision_points/cvss/confidentiality_requirement.py @@ -34,27 +34,27 @@ _HIGH = DecisionPointValue( name="High", key="H", - description="Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or " + definition="Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) _MEDIUM = DecisionPointValue( name="Medium", key="M", - description="Loss of confidentiality is likely to have a serious adverse effect on the organization or " + definition="Loss of confidentiality is likely to have a serious adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) _LOW = DecisionPointValue( name="Low", key="L", - description="Loss of confidentiality is likely to have only a limited adverse effect on the organization or " + definition="Loss of confidentiality is likely to have only a limited adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) CONFIDENTIALITY_REQUIREMENT_1 = CvssDecisionPoint( name="Confidentiality Requirement", - description="This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", + definition="This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", key="CR", version="1.0.0", values=( @@ -70,7 +70,7 @@ CONFIDENTIALITY_REQUIREMENT_1_1 = CvssDecisionPoint( name="Confidentiality Requirement", - description="This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", + definition="This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", key="CR", version="1.1.0", values=( @@ -85,27 +85,27 @@ _HIGH_2 = DecisionPointValue( name="High", key="H", - description="Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or " + definition="Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) _MEDIUM_2 = DecisionPointValue( name="Medium", key="M", - description="Loss of confidentiality is likely to have a serious adverse effect on the organization or " + definition="Loss of confidentiality is likely to have a serious adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) _LOW_2 = DecisionPointValue( name="Low", key="L", - description="Loss of confidentiality is likely to have only a limited adverse effect on the organization or " + definition="Loss of confidentiality is likely to have only a limited adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) CONFIDENTIALITY_REQUIREMENT_1_1_1 = CvssDecisionPoint( name="Confidentiality Requirement", - description="This metric enables the consumer to customize the assessment depending on the importance of the " + definition="This metric enables the consumer to customize the assessment depending on the importance of the " "affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", key="CR", version="1.1.1", diff --git a/src/ssvc/decision_points/cvss/equivalence_set_1.py b/src/ssvc/decision_points/cvss/equivalence_set_1.py index 41a7de9e..91af8d97 100644 --- a/src/ssvc/decision_points/cvss/equivalence_set_1.py +++ b/src/ssvc/decision_points/cvss/equivalence_set_1.py @@ -28,19 +28,19 @@ TWO = DecisionPointValue( name="Low", key="L", - description="2: AV:P or not(AV:N or PR:N or UI:N)", + definition="2: AV:P or not(AV:N or PR:N or UI:N)", ) ONE = DecisionPointValue( name="Medium", key="M", - description="1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P", + definition="1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P", ) ZERO = DecisionPointValue( name="High", key="H", - description="0: AV:N and PR:N and UI:N", + definition="0: AV:N and PR:N and UI:N", ) # EQ1 → AV/PR/UI with 3 levels specified in Table 24 @@ -51,7 +51,7 @@ EQ1 = CvssDecisionPoint( name="Equivalence Set 1", key="EQ1", - description="AV/PR/UI with 3 levels specified in Table 24", + definition="AV/PR/UI with 3 levels specified in Table 24", version="1.0.0", values=( TWO, diff --git a/src/ssvc/decision_points/cvss/equivalence_set_2.py b/src/ssvc/decision_points/cvss/equivalence_set_2.py index 0e94a396..8772624d 100644 --- a/src/ssvc/decision_points/cvss/equivalence_set_2.py +++ b/src/ssvc/decision_points/cvss/equivalence_set_2.py @@ -32,18 +32,18 @@ ONE = DecisionPointValue( name="Low", key="L", - description="1: not (AC:L and AT:N)", + definition="1: not (AC:L and AT:N)", ) ZERO = DecisionPointValue( name="High", key="H", - description="0: AC:L and AT:N", + definition="0: AC:L and AT:N", ) EQ2 = CvssDecisionPoint( name="Equivalence Set 2", key="EQ2", - description="AC/AT with 2 levels specified in Table 25", + definition="AC/AT with 2 levels specified in Table 25", version="1.0.0", values=( ONE, diff --git a/src/ssvc/decision_points/cvss/equivalence_set_3.py b/src/ssvc/decision_points/cvss/equivalence_set_3.py index 4b1f8492..5fbc4159 100644 --- a/src/ssvc/decision_points/cvss/equivalence_set_3.py +++ b/src/ssvc/decision_points/cvss/equivalence_set_3.py @@ -33,23 +33,23 @@ TWO = DecisionPointValue( name="Low", key="L", - description="2: not (VC:H or VI:H or VA:H)", + definition="2: not (VC:H or VI:H or VA:H)", ) ONE = DecisionPointValue( name="Medium", key="M", - description="1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)", + definition="1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)", ) ZERO = DecisionPointValue( name="High", key="H", - description="0: VC:H and VI:H", + definition="0: VC:H and VI:H", ) EQ3 = CvssDecisionPoint( name="Equivalence Set 3", key="EQ3", - description="VC/VI/VA with 3 levels specified in Table 26", + definition="VC/VI/VA with 3 levels specified in Table 26", version="1.0.0", values=( TWO, diff --git a/src/ssvc/decision_points/cvss/equivalence_set_4.py b/src/ssvc/decision_points/cvss/equivalence_set_4.py index f57ed0a1..d980a100 100644 --- a/src/ssvc/decision_points/cvss/equivalence_set_4.py +++ b/src/ssvc/decision_points/cvss/equivalence_set_4.py @@ -32,22 +32,22 @@ TWO = DecisionPointValue( name="Low", key="L", - description="2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)", + definition="2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)", ) ONE = DecisionPointValue( name="Medium", key="M", - description="1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)", + definition="1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)", ) ZERO = DecisionPointValue( name="High", key="H", - description="0: MSI:S or MSA:S", + definition="0: MSI:S or MSA:S", ) EQ4 = CvssDecisionPoint( name="Equivalence Set 4", key="EQ4", - description="SC/SI/SA with 3 levels specified in Table 27", + definition="SC/SI/SA with 3 levels specified in Table 27", version="1.0.0", values=( TWO, diff --git a/src/ssvc/decision_points/cvss/equivalence_set_5.py b/src/ssvc/decision_points/cvss/equivalence_set_5.py index fff4ebc9..6aeab253 100644 --- a/src/ssvc/decision_points/cvss/equivalence_set_5.py +++ b/src/ssvc/decision_points/cvss/equivalence_set_5.py @@ -32,22 +32,22 @@ TWO = DecisionPointValue( name="Low", key="L", - description="2: E:U", + definition="2: E:U", ) ONE = DecisionPointValue( name="Medium", key="M", - description="1: E:P", + definition="1: E:P", ) ZERO = DecisionPointValue( name="High", key="H", - description="0: E:A", + definition="0: E:A", ) EQ5 = CvssDecisionPoint( name="Equivalence Set 5", key="EQ5", - description="E with 3 levels specified in Table 28", + definition="E with 3 levels specified in Table 28", version="1.0.0", values=( TWO, diff --git a/src/ssvc/decision_points/cvss/equivalence_set_6.py b/src/ssvc/decision_points/cvss/equivalence_set_6.py index eecb8d69..07287f50 100644 --- a/src/ssvc/decision_points/cvss/equivalence_set_6.py +++ b/src/ssvc/decision_points/cvss/equivalence_set_6.py @@ -31,17 +31,17 @@ ONE = DecisionPointValue( name="Low", key="L", - description="1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)", + definition="1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)", ) ZERO = DecisionPointValue( name="High", key="H", - description="0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)", + definition="0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)", ) EQ6 = CvssDecisionPoint( name="Equivalence Set 6", key="EQ6", - description="VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", + definition="VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", version="1.0.0", values=( ONE, diff --git a/src/ssvc/decision_points/cvss/exploit_maturity.py b/src/ssvc/decision_points/cvss/exploit_maturity.py index e19464fe..d98e8b0e 100644 --- a/src/ssvc/decision_points/cvss/exploit_maturity.py +++ b/src/ssvc/decision_points/cvss/exploit_maturity.py @@ -34,7 +34,7 @@ _HIGH_2 = DecisionPointValue( name="High", key="H", - description="Functional autonomous code exists, or no exploit is required (manual trigger) and details are widely " + definition="Functional autonomous code exists, or no exploit is required (manual trigger) and details are widely " "available. Exploit code works in every situation, or is actively being delivered via an autonomous " "agent (such as a worm or virus). Network-connected systems are likely to encounter scanning or " "exploitation attempts. Exploit development has reached the level of reliable, widely-available, " @@ -44,14 +44,14 @@ _FUNCTIONAL_2 = DecisionPointValue( name="Functional", key="F", - description="Functional exploit code is available. The code works in most situations where the vulnerability " + definition="Functional exploit code is available. The code works in most situations where the vulnerability " "exists.", ) _PROOF_OF_CONCEPT_2 = DecisionPointValue( name="Proof-of-Concept", key="POC", - description="Proof-of-concept exploit code is available, or an attack demonstration is not practical for most " + definition="Proof-of-concept exploit code is available, or an attack demonstration is not practical for most " "systems. The code or technique is not functional in all situations and may require substantial " "modification by a skilled attacker.", ) @@ -59,13 +59,13 @@ _UNPROVEN_2 = DecisionPointValue( name="Unproven", key="U", - description="No exploit code is available, or an exploit is theoretical.", + definition="No exploit code is available, or an exploit is theoretical.", ) _HIGH = DecisionPointValue( name="High", key="H", - description="Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is " + definition="Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is " "required (manual trigger) and the details for the manual technique are widely available. The code " "works in every situation where the vulnerability is exploitable and/or is actively being delivered " "via a mobile autonomous agent (a worm or virus).", @@ -74,14 +74,14 @@ _FUNCTIONAL = DecisionPointValue( name="Functional", key="F", - description="Functional exploit code is available. The code works in most situations where the vulnerability is " + definition="Functional exploit code is available. The code works in most situations where the vulnerability is " "exploitable.", ) _PROOF_OF_CONCEPT = DecisionPointValue( name="Proof of Concept", key="P", - description="Proof of concept exploit code or an attack demonstration that is not practically applicable to " + definition="Proof of concept exploit code or an attack demonstration that is not practically applicable to " "deployed systems is available. The code or technique is not functional in all situations and may " "require substantial hand tuning by a skilled attacker for use against deployed systems.", ) @@ -89,12 +89,12 @@ _UNPROVEN = DecisionPointValue( name="Unproven", key="U", - description="No exploit code is yet available or an exploit method is entirely theoretical.", + definition="No exploit code is yet available or an exploit method is entirely theoretical.", ) EXPLOITABILITY_1 = CvssDecisionPoint( name="Exploitability", - description="This metric measures the current state of exploit technique or code availability and suggests a " + definition="This metric measures the current state of exploit technique or code availability and suggests a " "likelihood of exploitation.", key="E", version="1.0.0", @@ -111,7 +111,7 @@ EXPLOITABILITY_1_1 = CvssDecisionPoint( name="Exploitability", - description="This metric measures the current state of exploit technique or code availability and suggests a " + definition="This metric measures the current state of exploit technique or code availability and suggests a " "likelihood of exploitation.", key="E", version="1.1.0", @@ -130,7 +130,7 @@ EXPLOIT_CODE_MATURITY_1_2 = CvssDecisionPoint( name="Exploit Code Maturity", - description="measures the likelihood of the vulnerability being attacked, and is typically based on the current " + definition="measures the likelihood of the vulnerability being attacked, and is typically based on the current " "state of exploit techniques, exploit code availability, or active, 'in-the-wild' exploitation", key="E", version="1.2.0", @@ -150,7 +150,7 @@ _ATTACKED = DecisionPointValue( name="Attacked", key="A", - description="Based on available threat intelligence either of the following must apply: Attacks targeting " + definition="Based on available threat intelligence either of the following must apply: Attacks targeting " "this vulnerability (attempted or successful) have been reported Solutions to simplify attempts " "to exploit the vulnerability are publicly or privately available (such as exploit toolkits)", ) @@ -158,7 +158,7 @@ _PROOF_OF_CONCEPT_3 = DecisionPointValue( name="Proof-of-Concept", key="P", - description="Based on available threat intelligence each of the following must apply: Proof-of-concept exploit " + definition="Based on available threat intelligence each of the following must apply: Proof-of-concept exploit " "code is publicly available No knowledge of reported attempts to exploit this vulnerability No " "knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability " "(i.e., the “Attacked” value does not apply)", @@ -167,7 +167,7 @@ _UNREPORTED = DecisionPointValue( name="Unreported", key="U", - description="Based on available threat intelligence each of the following must apply: No knowledge of publicly " + definition="Based on available threat intelligence each of the following must apply: No knowledge of publicly " "available proof-of-concept exploit code No knowledge of reported attempts to exploit this " "vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit " "the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)", @@ -176,7 +176,7 @@ EXPLOIT_MATURITY_2 = CvssDecisionPoint( name="Exploit Maturity", key="E", - description="This metric measures the likelihood of the vulnerability being attacked, and is based on the current " + definition="This metric measures the likelihood of the vulnerability being attacked, and is based on the current " "state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation.", version="2.0.0", values=( diff --git a/src/ssvc/decision_points/cvss/helpers.py b/src/ssvc/decision_points/cvss/helpers.py index 46cddec0..8ce75663 100644 --- a/src/ssvc/decision_points/cvss/helpers.py +++ b/src/ssvc/decision_points/cvss/helpers.py @@ -97,7 +97,7 @@ def _modify_4(dp: DecisionPoint): for v in _dp_dict["values"]: if v["key"] == "N": v["name"] = "Negligible" - v["description"] = v["description"].replace( + v["definition"] = v["definition"].replace( " no ", " negligible " ) # we need to bump the version for this change @@ -112,7 +112,7 @@ def _modify_4(dp: DecisionPoint): _SAFETY = DecisionPointValue( name="Safety", key="S", - description="The Safety metric value measures the impact regarding the Safety of a human actor or " + definition="The Safety metric value measures the impact regarding the Safety of a human actor or " "participant that can be predictably injured as a result of the vulnerability being exploited.", ) values = list(_dp_dict["values"]) @@ -139,8 +139,8 @@ def no_x(dp: CvssDecisionPoint) -> CvssDecisionPoint: key=f"{dp.key}_NoX", version=dp.version, name=f"{dp.name} (without Not Defined)", - description=( - f"{dp.description} This version does not include the Not Defined (X) option." + definition=( + f"{dp.definition} This version does not include the Not Defined (X) option." ), values=tuple([v for v in dp.values if v.key != "X"]), ) diff --git a/src/ssvc/decision_points/cvss/impact_bias.py b/src/ssvc/decision_points/cvss/impact_bias.py index bf9b4a92..8b8c6d5e 100644 --- a/src/ssvc/decision_points/cvss/impact_bias.py +++ b/src/ssvc/decision_points/cvss/impact_bias.py @@ -28,30 +28,30 @@ _AVAILABILITY = DecisionPointValue( name="Availability", key="A", - description="Availability Impact is assigned greater weight than Confidentiality Impact or Integrity Impact.", + definition="Availability Impact is assigned greater weight than Confidentiality Impact or Integrity Impact.", ) _INTEGRITY = DecisionPointValue( name="Integrity", key="I", - description="Integrity Impact is assigned greater weight than Confidentiality Impact or Availability Impact.", + definition="Integrity Impact is assigned greater weight than Confidentiality Impact or Availability Impact.", ) _CONFIDENTIALITY = DecisionPointValue( name="Confidentiality", key="C", - description="Confidentiality impact is assigned greater weight than Integrity Impact or Availability Impact.", + definition="Confidentiality impact is assigned greater weight than Integrity Impact or Availability Impact.", ) _NORMAL = DecisionPointValue( name="Normal", key="N", - description="Confidentiality Impact, Integrity Impact, and Availability Impact are all assigned the same weight.", + definition="Confidentiality Impact, Integrity Impact, and Availability Impact are all assigned the same weight.", ) IMPACT_BIAS_1 = CvssDecisionPoint( name="Impact Bias", - description="This metric measures the impact bias of the vulnerability.", + definition="This metric measures the impact bias of the vulnerability.", key="IB", version="1.0.0", values=( diff --git a/src/ssvc/decision_points/cvss/integrity_impact.py b/src/ssvc/decision_points/cvss/integrity_impact.py index 1d45a906..d27d5618 100644 --- a/src/ssvc/decision_points/cvss/integrity_impact.py +++ b/src/ssvc/decision_points/cvss/integrity_impact.py @@ -30,13 +30,13 @@ _II_HIGH = DecisionPointValue( name="High", key="H", - description="There is a total loss of integrity, or a complete loss of protection.", + definition="There is a total loss of integrity, or a complete loss of protection.", ) _II_LOW = DecisionPointValue( name="Low", key="L", - description="Modification of data is possible, but the attacker does not have control over the consequence of a " + definition="Modification of data is possible, but the attacker does not have control over the consequence of a " "modification, or the amount of modification is constrained. The data modification does not have a " "direct, serious impact on the impacted component.", ) @@ -44,31 +44,31 @@ _II_NONE_2 = DecisionPointValue( name="None", key="N", - description="There is no impact to the integrity of the system.", + definition="There is no impact to the integrity of the system.", ) _COMPLETE = DecisionPointValue( name="Complete", key="C", - description="A total compromise of system integrity. There is a complete loss of system protection resulting in " + definition="A total compromise of system integrity. There is a complete loss of system protection resulting in " "the entire system being compromised. The attacker has sovereign control to modify any system files.", ) _PARTIAL = DecisionPointValue( name="Partial", key="P", - description="Considerable breach in integrity. Modification of critical system files or information is possible, " + definition="Considerable breach in integrity. Modification of critical system files or information is possible, " "but the attacker does not have control over what can be modified, or the scope of what the attacker " "can affect is constrained. For example, key system or program files may be overwritten or modified, " "but at random or in a limited context or scope.", ) _II_NONE = DecisionPointValue( - name="None", key="N", description="No impact on integrity." + name="None", key="N", definition="No impact on integrity." ) INTEGRITY_IMPACT_1 = CvssDecisionPoint( name="Integrity Impact", - description="This metric measures the impact on integrity a successful exploit of the vulnerability will have on " + definition="This metric measures the impact on integrity a successful exploit of the vulnerability will have on " "the target system.", key="I", version="1.0.0", @@ -84,7 +84,7 @@ INTEGRITY_IMPACT_2 = CvssDecisionPoint( name="Integrity Impact", - description="This metric measures the impact to integrity of a successfully exploited vulnerability.", + definition="This metric measures the impact to integrity of a successfully exploited vulnerability.", key="I", version="2.0.0", values=( @@ -100,13 +100,13 @@ _II_HIGH_2 = DecisionPointValue( name="High", key="H", - description="There is a total loss of integrity, or a complete loss of protection.", + definition="There is a total loss of integrity, or a complete loss of protection.", ) _II_LOW_2 = DecisionPointValue( name="Low", key="L", - description="Modification of data is possible, but the attacker does not have control over the consequence of a " + definition="Modification of data is possible, but the attacker does not have control over the consequence of a " "modification, or the amount of modification is limited. The data modification does not have a direct, " "serious impact to the Vulnerable System.", ) @@ -115,13 +115,13 @@ _II_NONE_3 = DecisionPointValue( name="None", key="N", - description="There is no loss of integrity within the Vulnerable System.", + definition="There is no loss of integrity within the Vulnerable System.", ) INTEGRITY_IMPACT_3_0_0 = CvssDecisionPoint( name="Integrity Impact to the Vulnerable System", - description="This metric measures the impact to integrity of a successfully exploited vulnerability.", + definition="This metric measures the impact to integrity of a successfully exploited vulnerability.", key="VI", version="3.0.0", values=( diff --git a/src/ssvc/decision_points/cvss/integrity_requirement.py b/src/ssvc/decision_points/cvss/integrity_requirement.py index 3611465f..9dc2a3ee 100644 --- a/src/ssvc/decision_points/cvss/integrity_requirement.py +++ b/src/ssvc/decision_points/cvss/integrity_requirement.py @@ -34,27 +34,27 @@ _HIGH = DecisionPointValue( name="High", key="H", - description="Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals " + definition="Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals " "associated with the organization (e.g., employees, customers).", ) _MEDIUM = DecisionPointValue( name="Medium", key="M", - description="Loss of integrity is likely to have a serious adverse effect on the organization or individuals " + definition="Loss of integrity is likely to have a serious adverse effect on the organization or individuals " "associated with the organization (e.g., employees, customers).", ) _LOW = DecisionPointValue( name="Low", key="L", - description="Loss of integrity is likely to have only a limited adverse effect on the organization or individuals " + definition="Loss of integrity is likely to have only a limited adverse effect on the organization or individuals " "associated with the organization (e.g., employees, customers).", ) INTEGRITY_REQUIREMENT_1 = CvssDecisionPoint( name="Integrity Requirement", - description="This metric measures the impact to the integrity of a successfully exploited vulnerability.", + definition="This metric measures the impact to the integrity of a successfully exploited vulnerability.", key="IR", version="1.0.0", values=( @@ -70,7 +70,7 @@ INTEGRITY_REQUIREMENT_1_1 = CvssDecisionPoint( name="Integrity Requirement", - description="This metric measures the impact to the integrity of a successfully exploited vulnerability.", + definition="This metric measures the impact to the integrity of a successfully exploited vulnerability.", key="IR", version="1.1.0", values=( @@ -85,27 +85,27 @@ _HIGH_2 = DecisionPointValue( name="High", key="H", - description="Loss of integrity is likely to have a catastrophic adverse effect on the organization or " + definition="Loss of integrity is likely to have a catastrophic adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) _MEDIUM_2 = DecisionPointValue( name="Medium", key="M", - description="Loss of integrity is likely to have a serious adverse effect on the organization or " + definition="Loss of integrity is likely to have a serious adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) _LOW_2 = DecisionPointValue( name="Low", key="L", - description="Loss of integrity is likely to have only a limited adverse effect on the organization or " + definition="Loss of integrity is likely to have only a limited adverse effect on the organization or " "individuals associated with the organization (e.g., employees, customers).", ) INTEGRITY_REQUIREMENT_1_1_1 = CvssDecisionPoint( name="Integrity Requirement", - description="This metric enables the consumer to customize the assessment depending on the importance of the " + definition="This metric enables the consumer to customize the assessment depending on the importance of the " "affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", key="IR", version="1.1.1", diff --git a/src/ssvc/decision_points/cvss/privileges_required.py b/src/ssvc/decision_points/cvss/privileges_required.py index 92ab7667..52669a26 100644 --- a/src/ssvc/decision_points/cvss/privileges_required.py +++ b/src/ssvc/decision_points/cvss/privileges_required.py @@ -28,7 +28,7 @@ _HIGH = DecisionPointValue( name="High", key="H", - description="The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. " + definition="The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. " "administrative) control over the vulnerable component that could affect component-wide settings and " "files.", ) @@ -36,7 +36,7 @@ _LOW = DecisionPointValue( name="Low", key="L", - description="The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that " + definition="The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that " "could normally affect only settings and files owned by a user. Alternatively, an attacker with Low " "privileges may have the ability to cause an impact only to non-sensitive resources.", ) @@ -44,7 +44,7 @@ _PR_NONE = DecisionPointValue( name="None", key="N", - description="The attacker is unauthorized prior to attack, and therefore does not require any access to settings " + definition="The attacker is unauthorized prior to attack, and therefore does not require any access to settings " "or files to carry out an attack.", ) @@ -53,7 +53,7 @@ # therefore High < Low < None PRIVILEGES_REQUIRED_1 = CvssDecisionPoint( name="Privileges Required", - description="This metric describes the level of privileges an attacker must possess before successfully " + definition="This metric describes the level of privileges an attacker must possess before successfully " "exploiting the vulnerability.", key="PR", version="1.0.0", @@ -71,14 +71,14 @@ _PR_NONE_2 = DecisionPointValue( name="None", key="N", - description="The attacker is unauthorized prior to attack, and therefore does not require any access to settings " + definition="The attacker is unauthorized prior to attack, and therefore does not require any access to settings " "or files to carry out an attack.", ) _LOW_2 = DecisionPointValue( name="Low", key="L", - description="The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that " + definition="The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that " "are typically limited to settings and resources owned by a single low-privileged user. Alternatively, " "an attacker with Low privileges has the ability to access only non-sensitive resources.", ) @@ -86,14 +86,14 @@ _HIGH_2 = DecisionPointValue( name="High", key="H", - description="The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., " + definition="The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., " "administrative) control over the vulnerable system allowing full access to the vulnerable system’s " "settings and files.", ) PRIVILEGES_REQUIRED_1_0_1 = CvssDecisionPoint( name="Privileges Required", - description="This metric describes the level of privileges an attacker must possess prior to successfully " + definition="This metric describes the level of privileges an attacker must possess prior to successfully " "exploiting the vulnerability. The method by which the attacker obtains privileged credentials " "prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, " "self-service provisioned accounts do not constitute a privilege requirement if the attacker can " diff --git a/src/ssvc/decision_points/cvss/qualitative_severity.py b/src/ssvc/decision_points/cvss/qualitative_severity.py index 553fef6b..f9ea9686 100644 --- a/src/ssvc/decision_points/cvss/qualitative_severity.py +++ b/src/ssvc/decision_points/cvss/qualitative_severity.py @@ -28,34 +28,34 @@ QS_NONE = DecisionPointValue( name="None", key="N", - description="No severity rating (0.0)", + definition="No severity rating (0.0)", ) LOW = DecisionPointValue( name="Low", key="L", - description="Low (0.1 - 3.9)", + definition="Low (0.1 - 3.9)", ) MEDIUM = DecisionPointValue( name="Medium", key="M", - description="Medium (4.0 - 6.9)", + definition="Medium (4.0 - 6.9)", ) HIGH = DecisionPointValue( name="High", key="H", - description="High (7.0 - 8.9)", + definition="High (7.0 - 8.9)", ) CRITICAL = DecisionPointValue( name="Critical", key="C", - description="Critical (9.0 - 10.0)", + definition="Critical (9.0 - 10.0)", ) QUALITATIVE_SEVERITY = CvssDecisionPoint( name="CVSS Qualitative Severity Rating Scale", key="QS", - description="The CVSS Qualitative Severity Rating Scale provides " + definition="The CVSS Qualitative Severity Rating Scale provides " "a categorical representation of a CVSS Score.", version="1.0.0", values=( diff --git a/src/ssvc/decision_points/cvss/remediation_level.py b/src/ssvc/decision_points/cvss/remediation_level.py index 090d3eae..9b3a8f69 100644 --- a/src/ssvc/decision_points/cvss/remediation_level.py +++ b/src/ssvc/decision_points/cvss/remediation_level.py @@ -31,13 +31,13 @@ _UNAVAILABLE = DecisionPointValue( name="Unavailable", key="U", - description="There is either no solution available or it is impossible to apply.", + definition="There is either no solution available or it is impossible to apply.", ) _WORKAROUND = DecisionPointValue( name="Workaround", key="W", - description="There is an unofficial, non-vendor solution available. In some cases, users of the affected " + definition="There is an unofficial, non-vendor solution available. In some cases, users of the affected " "technology will create a patch of their own or provide steps to work around or otherwise mitigate " "against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in " "plugging the hole for the mean time and no official remediation is available, this value can be set.", @@ -46,20 +46,20 @@ _TEMPORARY_FIX = DecisionPointValue( name="Temporary Fix", key="TF", - description="There is an official but temporary fix available. This includes instances where the vendor issues a " + definition="There is an official but temporary fix available. This includes instances where the vendor issues a " "temporary hotfix, tool or official workaround.", ) _OFFICIAL_FIX = DecisionPointValue( name="Official Fix", key="OF", - description="A complete vendor solution is available. Either the vendor has issued the final, official patch " + definition="A complete vendor solution is available. Either the vendor has issued the final, official patch " "which eliminates the vulnerability or an upgrade that is not vulnerable is available.", ) REMEDIATION_LEVEL_1 = CvssDecisionPoint( name="Remediation Level", - description="This metric measures the remediation status of a vulnerability.", + definition="This metric measures the remediation status of a vulnerability.", key="RL", version="1.0.0", values=( @@ -75,7 +75,7 @@ REMEDIATION_LEVEL_1_1 = CvssDecisionPoint( name="Remediation Level", - description="This metric measures the remediation status of a vulnerability.", + definition="This metric measures the remediation status of a vulnerability.", key="RL", version="1.1.0", values=( diff --git a/src/ssvc/decision_points/cvss/report_confidence.py b/src/ssvc/decision_points/cvss/report_confidence.py index 5501363d..12731de4 100644 --- a/src/ssvc/decision_points/cvss/report_confidence.py +++ b/src/ssvc/decision_points/cvss/report_confidence.py @@ -33,7 +33,7 @@ _CONFIRMED_2 = DecisionPointValue( name="Confirmed", key="C", - description="Detailed reports exist, or functional reproduction is possible (functional exploits may provide " + definition="Detailed reports exist, or functional reproduction is possible (functional exploits may provide " "this). Source code is available to independently verify the assertions of the research, " "or the author or vendor of the affected code has confirmed the presence of the vulnerability.", ) @@ -41,7 +41,7 @@ _REASONABLE = DecisionPointValue( name="Reasonable", key="R", - description="Significant details are published, but researchers either do not have full confidence in the root " + definition="Significant details are published, but researchers either do not have full confidence in the root " "cause, or do not have access to source code to fully confirm all of the interactions that may lead " "to the result. Reasonable confidence exists, however, that the bug is reproducible and at least one " "impact is able to be verified (proof-of-concept exploits may provide this).", @@ -50,7 +50,7 @@ _UNKNOWN = DecisionPointValue( name="Unknown", key="U", - description="There are reports of impacts that indicate a vulnerability is present. The reports indicate that the " + definition="There are reports of impacts that indicate a vulnerability is present. The reports indicate that the " "cause of the vulnerability is unknown, or reports may differ on the cause or impacts of the " "vulnerability. Reporters are uncertain of the true nature of the vulnerability, and there is little " "confidence in the validity of the reports or whether a static Base score can be applied given the " @@ -60,7 +60,7 @@ _CONFIRMED = DecisionPointValue( name="Confirmed", key="C", - description="Vendor or author of the affected technology has acknowledged that the vulnerability exists. This " + definition="Vendor or author of the affected technology has acknowledged that the vulnerability exists. This " "value may also be set when existence of a vulnerability is confirmed with absolute confidence " "through some other event, such as publication of functional proof of concept exploit code or " "widespread exploitation.", @@ -69,7 +69,7 @@ _UNCORROBORATED = DecisionPointValue( name="Uncorroborated", key="UR", - description="Multiple non-official sources; possibily including independent security companies or research " + definition="Multiple non-official sources; possibily including independent security companies or research " "organizations. At this point there may be conflicting technical details or some other lingering " "ambiguity.", ) @@ -77,13 +77,13 @@ _UNCONFIRMED = DecisionPointValue( name="Unconfirmed", key="UC", - description="A single unconfirmed source or possibly several conflicting reports. There is little confidence in " + definition="A single unconfirmed source or possibly several conflicting reports. There is little confidence in " "the validity of the report.", ) REPORT_CONFIDENCE_1 = CvssDecisionPoint( name="Report Confidence", - description="This metric measures the degree of confidence in the existence of the vulnerability and the " + definition="This metric measures the degree of confidence in the existence of the vulnerability and the " "credibility of the known technical details.", key="RC", version="1.0.0", @@ -99,7 +99,7 @@ REPORT_CONFIDENCE_1_1 = CvssDecisionPoint( name="Report Confidence", - description="This metric measures the degree of confidence in the existence of the vulnerability and the " + definition="This metric measures the degree of confidence in the existence of the vulnerability and the " "credibility of the known technical details.", key="RC", version="1.1.0", @@ -116,7 +116,7 @@ REPORT_CONFIDENCE_2 = CvssDecisionPoint( name="Report Confidence", - description="This metric measures the degree of confidence in the existence of the vulnerability and the " + definition="This metric measures the degree of confidence in the existence of the vulnerability and the " "credibility of the known technical details.", key="RC", version="2.0.0", diff --git a/src/ssvc/decision_points/cvss/scope.py b/src/ssvc/decision_points/cvss/scope.py index ecf89588..74ed3b76 100644 --- a/src/ssvc/decision_points/cvss/scope.py +++ b/src/ssvc/decision_points/cvss/scope.py @@ -29,20 +29,20 @@ _CHANGED = DecisionPointValue( name="Changed", key="C", - description="An exploited vulnerability can affect resources beyond the authorization privileges intended by the " + definition="An exploited vulnerability can affect resources beyond the authorization privileges intended by the " "vulnerable component. In this case the vulnerable component and the impacted component are different.", ) _UNCHANGED = DecisionPointValue( name="Unchanged", key="U", - description="An exploited vulnerability can only affect resources managed by the same authority. In this case the " + definition="An exploited vulnerability can only affect resources managed by the same authority. In this case the " "vulnerable component and the impacted component are the same.", ) SCOPE_1 = CvssDecisionPoint( name="Scope", - description="the ability for a vulnerability in one software component to impact resources beyond its means, " + definition="the ability for a vulnerability in one software component to impact resources beyond its means, " "or privileges", key="S", version="1.0.0", diff --git a/src/ssvc/decision_points/cvss/subsequent_availability_impact.py b/src/ssvc/decision_points/cvss/subsequent_availability_impact.py index aa73c348..3e15615f 100644 --- a/src/ssvc/decision_points/cvss/subsequent_availability_impact.py +++ b/src/ssvc/decision_points/cvss/subsequent_availability_impact.py @@ -28,7 +28,7 @@ _SA_HIGH = DecisionPointValue( name="High", key="H", - description="There is a total loss of availability, resulting in the attacker being able to fully deny access to " + definition="There is a total loss of availability, resulting in the attacker being able to fully deny access to " "resources in the Subsequent System; this loss is either sustained (while the attacker continues to " "deliver the attack) or persistent (the condition persists even after the attack has completed).", ) @@ -36,7 +36,7 @@ _SA_LOW = DecisionPointValue( name="Low", key="L", - description="Performance is reduced or there are interruptions in resource availability. Even if repeated " + definition="Performance is reduced or there are interruptions in resource availability. Even if repeated " "exploitation of the vulnerability is possible, the attacker does not have the ability to completely " "deny service to legitimate users.", ) @@ -44,14 +44,14 @@ _SA_NONE = DecisionPointValue( name="None", key="N", - description="There is no impact to availability within the Subsequent System or all availability impact is " + definition="There is no impact to availability within the Subsequent System or all availability impact is " "constrained to the Vulnerable System.", ) SUBSEQUENT_AVAILABILITY_IMPACT_1 = CvssDecisionPoint( name="Availability Impact to the Subsequent System", - description="This metric measures the impact on availability a successful exploit of the vulnerability will have " + definition="This metric measures the impact on availability a successful exploit of the vulnerability will have " "on the Subsequent System.", key="SA", version="1.0.0", diff --git a/src/ssvc/decision_points/cvss/subsequent_confidentiality_impact.py b/src/ssvc/decision_points/cvss/subsequent_confidentiality_impact.py index d61d91fc..0025c8fb 100644 --- a/src/ssvc/decision_points/cvss/subsequent_confidentiality_impact.py +++ b/src/ssvc/decision_points/cvss/subsequent_confidentiality_impact.py @@ -28,14 +28,14 @@ NEGLIGIBLE = DecisionPointValue( name="Negligible", key="N", - description="There is no loss of confidentiality within the Subsequent System or all confidentiality impact is " + definition="There is no loss of confidentiality within the Subsequent System or all confidentiality impact is " "constrained to the Vulnerable System.", ) LOW = DecisionPointValue( name="Low", key="L", - description="There is some loss of confidentiality. Access to some restricted information is obtained, but the " + definition="There is some loss of confidentiality. Access to some restricted information is obtained, but the " "attacker does not have control over what information is obtained, or the amount or kind of loss is " "limited. The information disclosure does not cause a direct, serious loss to the Subsequent System.", ) @@ -43,7 +43,7 @@ HIGH = DecisionPointValue( name="High", key="H", - description="There is a total loss of confidentiality, resulting in all resources within the Subsequent System " + definition="There is a total loss of confidentiality, resulting in all resources within the Subsequent System " "being divulged to the attacker. Alternatively, access to only some restricted information is obtained, " "but the disclosed information presents a direct, serious impact.", ) @@ -51,7 +51,7 @@ SUBSEQUENT_CONFIDENTIALITY_IMPACT_1 = CvssDecisionPoint( name="Confidentiality Impact to the Subsequent System", key="SC", - description="This metric measures the impact to the confidentiality of the information managed by the system due " + definition="This metric measures the impact to the confidentiality of the information managed by the system due " "to a successfully exploited vulnerability. Confidentiality refers to limiting information access and " "disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized " "ones. The resulting score is greatest when the loss to the system is highest.", diff --git a/src/ssvc/decision_points/cvss/subsequent_integrity_impact.py b/src/ssvc/decision_points/cvss/subsequent_integrity_impact.py index dbf53244..cbcddf59 100644 --- a/src/ssvc/decision_points/cvss/subsequent_integrity_impact.py +++ b/src/ssvc/decision_points/cvss/subsequent_integrity_impact.py @@ -28,7 +28,7 @@ SI_HIGH = DecisionPointValue( name="High", key="H", - description="There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able " + definition="There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able " "to modify any/all files protected by the Subsequent System. Alternatively, only some files can be " "modified, but malicious modification would present a direct, serious consequence to the Subsequent " "System.", @@ -37,7 +37,7 @@ SI_LOW = DecisionPointValue( name="Low", key="L", - description="Modification of data is possible, but the attacker does not have control over the consequence of a " + definition="Modification of data is possible, but the attacker does not have control over the consequence of a " "modification, or the amount of modification is limited. The data modification does not have a direct, " "serious impact to the Subsequent System.", ) @@ -45,14 +45,14 @@ SI_NONE = DecisionPointValue( name="None", key="N", - description="There is no loss of integrity within the Subsequent System or all integrity impact is constrained to " + definition="There is no loss of integrity within the Subsequent System or all integrity impact is constrained to " "the Vulnerable System.", ) SUBSEQUENT_INTEGRITY_IMPACT_1 = CvssDecisionPoint( name="Integrity Impact to the Subsequent System", key="SI", - description="This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity " + definition="This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity " "refers to the trustworthiness and veracity of information. Integrity of a system is impacted when " "an attacker causes unauthorized modification of system data. Integrity is also impacted when a " "system user can repudiate critical actions taken in the context of the system (e.g. due to " diff --git a/src/ssvc/decision_points/cvss/supplemental/automatable.py b/src/ssvc/decision_points/cvss/supplemental/automatable.py index 5d430ca5..469421ba 100644 --- a/src/ssvc/decision_points/cvss/supplemental/automatable.py +++ b/src/ssvc/decision_points/cvss/supplemental/automatable.py @@ -29,19 +29,19 @@ NO = DecisionPointValue( name="No", key="N", - description="Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for " + definition="Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for " "some reason. These steps are reconnaissance, weaponization, delivery, and exploitation.", ) YES = DecisionPointValue( name="Yes", key="Y", - description="Attackers can reliably automate all 4 steps of the kill chain. These steps are " + definition="Attackers can reliably automate all 4 steps of the kill chain. These steps are " "reconnaissance, weaponization, delivery, and exploitation (e.g., the vulnerability is " '"wormable").', ) AUTOMATABLE_1 = CvssDecisionPoint( name="Automatable", - description='The "Automatable" metric captures the answer to the question "Can an attacker automate exploitation ' + definition='The "Automatable" metric captures the answer to the question "Can an attacker automate exploitation ' 'events for this vulnerability across multiple targets?" based on steps 1-4 of the kill chain.', key="AU", version="1.0.0", diff --git a/src/ssvc/decision_points/cvss/supplemental/provider_urgency.py b/src/ssvc/decision_points/cvss/supplemental/provider_urgency.py index 97968101..051a3ef8 100644 --- a/src/ssvc/decision_points/cvss/supplemental/provider_urgency.py +++ b/src/ssvc/decision_points/cvss/supplemental/provider_urgency.py @@ -29,26 +29,26 @@ RED = DecisionPointValue( name="Red", key="R", - description="Provider has assessed the impact of this vulnerability as having the highest urgency.", + definition="Provider has assessed the impact of this vulnerability as having the highest urgency.", ) AMBER = DecisionPointValue( name="Amber", key="A", - description="Provider has assessed the impact of this vulnerability as having a moderate urgency.", + definition="Provider has assessed the impact of this vulnerability as having a moderate urgency.", ) GREEN = DecisionPointValue( name="Green", key="G", - description="Provider has assessed the impact of this vulnerability as having a reduced urgency.", + definition="Provider has assessed the impact of this vulnerability as having a reduced urgency.", ) CLEAR = DecisionPointValue( name="Clear", key="C", - description="Provider has assessed the impact of this vulnerability as having no urgency (Informational).", + definition="Provider has assessed the impact of this vulnerability as having no urgency (Informational).", ) PROVIDER_URGENCY_1 = CvssDecisionPoint( name="Provider Urgency", - description="Many vendors currently provide supplemental severity ratings to consumers via product security " + definition="Many vendors currently provide supplemental severity ratings to consumers via product security " "advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document " "in their advisories. To facilitate a standardized method to incorporate additional provider-supplied " 'assessment, an optional "pass-through" Supplemental Metric called Provider Urgency is available.', diff --git a/src/ssvc/decision_points/cvss/supplemental/recovery.py b/src/ssvc/decision_points/cvss/supplemental/recovery.py index eaa58959..9f027dc9 100644 --- a/src/ssvc/decision_points/cvss/supplemental/recovery.py +++ b/src/ssvc/decision_points/cvss/supplemental/recovery.py @@ -29,22 +29,22 @@ AUTOMATIC = DecisionPointValue( name="Automatic", key="A", - description="The system recovers services automatically after an attack has been performed.", + definition="The system recovers services automatically after an attack has been performed.", ) USER = DecisionPointValue( name="User", key="U", - description="The system requires manual intervention by the user to recover services, after an attack has " + definition="The system requires manual intervention by the user to recover services, after an attack has " "been performed.", ) IRRECOVERABLE = DecisionPointValue( name="Irrecoverable", key="I", - description="The system services are irrecoverable by the user, after an attack has been performed.", + definition="The system services are irrecoverable by the user, after an attack has been performed.", ) RECOVERY_1 = CvssDecisionPoint( name="Recovery", - description="The Recovery metric describes the resilience of a system to recover services, in terms of performance " + definition="The Recovery metric describes the resilience of a system to recover services, in terms of performance " "and availability, after an attack has been performed.", key="R", version="1.0.0", diff --git a/src/ssvc/decision_points/cvss/supplemental/safety.py b/src/ssvc/decision_points/cvss/supplemental/safety.py index c05d62cf..a330fb61 100644 --- a/src/ssvc/decision_points/cvss/supplemental/safety.py +++ b/src/ssvc/decision_points/cvss/supplemental/safety.py @@ -30,18 +30,18 @@ PRESENT = DecisionPointValue( name="Present", key="P", - description="Consequences of the vulnerability meet definition of IEC 61508 consequence categories of " + definition="Consequences of the vulnerability meet definition of IEC 61508 consequence categories of " '"marginal," "critical," or "catastrophic."', ) NEGLIGIBLE = DecisionPointValue( name="Negligible", key="N", - description="Consequences of the vulnerability meet definition of IEC 61508 consequence category " + definition="Consequences of the vulnerability meet definition of IEC 61508 consequence category " '"negligible."', ) SAFETY_1 = CvssDecisionPoint( name="Safety", - description="The Safety decision point is a measure of the potential for harm to humans or the environment.", + definition="The Safety decision point is a measure of the potential for harm to humans or the environment.", key="SF", version="1.0.0", values=( diff --git a/src/ssvc/decision_points/cvss/supplemental/value_density.py b/src/ssvc/decision_points/cvss/supplemental/value_density.py index 784b0bca..43b1d786 100644 --- a/src/ssvc/decision_points/cvss/supplemental/value_density.py +++ b/src/ssvc/decision_points/cvss/supplemental/value_density.py @@ -29,18 +29,18 @@ DIFFUSE = DecisionPointValue( name="Diffuse", key="D", - description="The vulnerable system has limited resources. That is, the resources that the attacker will " + definition="The vulnerable system has limited resources. That is, the resources that the attacker will " "gain control over with a single exploitation event are relatively small.", ) CONCENTRATED = DecisionPointValue( name="Concentrated", key="C", - description="The vulnerable system is rich in resources. Heuristically, such systems are often the direct " + definition="The vulnerable system is rich in resources. Heuristically, such systems are often the direct " 'responsibility of "system operators" rather than users.', ) VALUE_DENSITY_1 = CvssDecisionPoint( name="Value Density", - description="Value Density describes the resources that the attacker will gain control over with a single " + definition="Value Density describes the resources that the attacker will gain control over with a single " "exploitation event. It has two possible values, diffuse and concentrated.", key="V", version="1.0.0", diff --git a/src/ssvc/decision_points/cvss/supplemental/vulnerability_response_effort.py b/src/ssvc/decision_points/cvss/supplemental/vulnerability_response_effort.py index b19f1799..2b466d18 100644 --- a/src/ssvc/decision_points/cvss/supplemental/vulnerability_response_effort.py +++ b/src/ssvc/decision_points/cvss/supplemental/vulnerability_response_effort.py @@ -29,18 +29,18 @@ LOW = DecisionPointValue( name="Low", key="L", - description="The effort required to respond to a vulnerability is low/trivial.", + definition="The effort required to respond to a vulnerability is low/trivial.", ) MODERATE = DecisionPointValue( name="Moderate", key="M", - description="The actions required to respond to a vulnerability require some effort on behalf of the " + definition="The actions required to respond to a vulnerability require some effort on behalf of the " "consumer and could cause minimal service impact to implement.", ) HIGH = DecisionPointValue( name="High", key="H", - description="The actions required to respond to a vulnerability are significant and/or difficult, and may " + definition="The actions required to respond to a vulnerability are significant and/or difficult, and may " "possibly lead to an extended, scheduled service impact. This would need to be considered for scheduling " "purposes including honoring any embargo on deployment of the selected response. Alternatively, response " "to the vulnerability in the field is not possible remotely. The only resolution to the vulnerability " @@ -49,7 +49,7 @@ ) VULNERABILITY_RESPONSE_EFFORT_1 = CvssDecisionPoint( name="Vulnerability Response Effort", - description="The intention of the Vulnerability Response Effort metric is to provide supplemental information on " + definition="The intention of the Vulnerability Response Effort metric is to provide supplemental information on " "how difficult it is for consumers to provide an initial response to the impact of vulnerabilities for deployed " "products and services in their infrastructure. The consumer can then take this additional information on effort " "required into consideration when applying mitigations and/or scheduling remediation.", diff --git a/src/ssvc/decision_points/cvss/target_distribution.py b/src/ssvc/decision_points/cvss/target_distribution.py index 5cd78d88..7e07a66e 100644 --- a/src/ssvc/decision_points/cvss/target_distribution.py +++ b/src/ssvc/decision_points/cvss/target_distribution.py @@ -31,34 +31,34 @@ _HIGH = DecisionPointValue( name="High", key="H", - description="Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total " + definition="Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total " "environment is considered at risk.", ) _MEDIUM = DecisionPointValue( name="Medium", key="M", - description="Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total " + definition="Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total " "environment is at risk.", ) _LOW = DecisionPointValue( name="Low", key="L", - description="Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total " + definition="Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total " "environment is at risk.", ) _TD_NONE = DecisionPointValue( name="None", key="N", - description="No target systems exist, or targets are so highly specialized that they only exist in a laboratory " + definition="No target systems exist, or targets are so highly specialized that they only exist in a laboratory " "setting. Effectively 0% of the environment is at risk.", ) TARGET_DISTRIBUTION_1 = CvssDecisionPoint( name="Target Distribution", - description="This metric measures the relative size of the field of target systems susceptible to the " + definition="This metric measures the relative size of the field of target systems susceptible to the " "vulnerability. It is meant as an environment-specific indicator in order to approximate the " "percentage of systems within the environment that could be affected by the vulnerability.", key="TD", @@ -76,7 +76,7 @@ TARGET_DISTRIBUTION_1_1 = CvssDecisionPoint( name="Target Distribution", - description="This metric measures the relative size of the field of target systems susceptible to the " + definition="This metric measures the relative size of the field of target systems susceptible to the " "vulnerability. It is meant as an environment-specific indicator in order to approximate the " "percentage of systems within the environment that could be affected by the vulnerability.", key="TD", diff --git a/src/ssvc/decision_points/cvss/user_interaction.py b/src/ssvc/decision_points/cvss/user_interaction.py index a5e24477..b09afe0b 100644 --- a/src/ssvc/decision_points/cvss/user_interaction.py +++ b/src/ssvc/decision_points/cvss/user_interaction.py @@ -29,20 +29,20 @@ _REQUIRED = DecisionPointValue( name="Required", key="R", - description="Successful exploitation of this vulnerability requires a user to take some action before the " + definition="Successful exploitation of this vulnerability requires a user to take some action before the " "vulnerability can be exploited.", ) _UI_NONE = DecisionPointValue( name="None", key="N", - description="The vulnerable system can be exploited without interaction from any user.", + definition="The vulnerable system can be exploited without interaction from any user.", ) USER_INTERACTION_1 = CvssDecisionPoint( name="User Interaction", - description="This metric captures the requirement for a user, other than the attacker, to participate in the " + definition="This metric captures the requirement for a user, other than the attacker, to participate in the " "successful compromise of the vulnerable component.", key="UI", version="1.0.0", @@ -58,14 +58,14 @@ _UI_NONE_2 = DecisionPointValue( name="None", key="N", - description="The vulnerable system can be exploited without interaction from any human user, other than the " + definition="The vulnerable system can be exploited without interaction from any human user, other than the " "attacker.", ) _PASSIVE = DecisionPointValue( name="Passive", key="P", - description="Successful exploitation of this vulnerability requires limited interaction by the targeted user with " + definition="Successful exploitation of this vulnerability requires limited interaction by the targeted user with " "the vulnerable system and the attacker’s payload. These interactions would be considered involuntary " "and do not require that the user actively subvert protections built into the vulnerable system.", ) @@ -73,7 +73,7 @@ _ACTIVE = DecisionPointValue( name="Active", key="A", - description="Successful exploitation of this vulnerability requires a targeted user to perform specific, " + definition="Successful exploitation of this vulnerability requires a targeted user to perform specific, " "conscious interactions with the vulnerable system and the attacker’s payload, or the user’s " "interactions would actively subvert protection mechanisms which would lead to exploitation of the " "vulnerability.", @@ -82,7 +82,7 @@ USER_INTERACTION_2 = CvssDecisionPoint( name="User Interaction", key="UI", - description="This metric captures the requirement for a human user, other than the attacker, to participate " + definition="This metric captures the requirement for a human user, other than the attacker, to participate " "in the successful compromise of the vulnerable system. This metric determines whether the " "vulnerability can be exploited solely at the will of the attacker, or whether a separate user " "(or user-initiated process) must participate in some manner. The resulting score is greatest " diff --git a/src/ssvc/decision_points/helpers.py b/src/ssvc/decision_points/helpers.py index 5ecec020..71d54874 100644 --- a/src/ssvc/decision_points/helpers.py +++ b/src/ssvc/decision_points/helpers.py @@ -73,8 +73,8 @@ def dp_diff(dp1: DecisionPoint, dp2: DecisionPoint) -> list[str]: maybe_minor = True # did the description change? - desc1 = dp1.description.strip() - desc2 = dp2.description.strip() + desc1 = dp1.definition.strip() + desc2 = dp2.definition.strip() if desc1 != desc2: diffs.append(f"(patch) {dp2.name} v{dp2.version} description changed") @@ -152,13 +152,13 @@ def dp_diff(dp1: DecisionPoint, dp2: DecisionPoint) -> list[str]: # did the value descriptions change? for name in intersection: v1 = { - value["name"]: value["description"] + value["name"]: value["definition"] for value in dp1.model_dump()["values"] } v1 = v1[name] v2 = { - value["name"]: value["description"] + value["name"]: value["definition"] for value in dp2.model_dump()["values"] } v2 = v2[name] diff --git a/src/ssvc/decision_points/ssvc/automatable.py b/src/ssvc/decision_points/ssvc/automatable.py index 3ebe61ff..c49506c1 100644 --- a/src/ssvc/decision_points/ssvc/automatable.py +++ b/src/ssvc/decision_points/ssvc/automatable.py @@ -29,19 +29,19 @@ RAPID = DecisionPointValue( name="Rapid", key="R", - description="Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote " + definition="Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote " "code execution or command injection, the default response should be rapid.", ) SLOW = DecisionPointValue( name="Slow", key="S", - description="Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. " + definition="Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. " "These steps are reconnaissance, weaponization, delivery, and exploitation.", ) VIRULENCE_1 = SsvcDecisionPoint( name="Virulence", - description="The speed at which the vulnerability can be exploited.", + definition="The speed at which the vulnerability can be exploited.", key="V", version="1.0.0", values=( @@ -54,19 +54,19 @@ AUT_NO = DecisionPointValue( name="No", key="N", - description="Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. " + definition="Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. " "These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation.", ) AUT_YES = DecisionPointValue( name="Yes", key="Y", - description="Attackers can reliably automate steps 1-4 of the kill chain.", + definition="Attackers can reliably automate steps 1-4 of the kill chain.", ) AUTOMATABLE_2 = SsvcDecisionPoint( name="Automatable", - description="Can an attacker reliably automate creating exploitation events for this vulnerability?", + definition="Can an attacker reliably automate creating exploitation events for this vulnerability?", key="A", version="2.0.0", values=(AUT_NO, AUT_YES), diff --git a/src/ssvc/decision_points/ssvc/critical_software.py b/src/ssvc/decision_points/ssvc/critical_software.py index 6fad730c..1e12e9c6 100644 --- a/src/ssvc/decision_points/ssvc/critical_software.py +++ b/src/ssvc/decision_points/ssvc/critical_software.py @@ -29,18 +29,18 @@ YES = DecisionPointValue( name="Yes", key="Y", - description="System meets a critical software definition.", + definition="System meets a critical software definition.", ) NO = DecisionPointValue( name="No", key="N", - description="System does not meet a critical software definition.", + definition="System does not meet a critical software definition.", ) CRITICAL_SOFTWARE_1 = SsvcDecisionPoint( name="Critical Software", - description="Denotes whether a system meets a critical software definition.", + definition="Denotes whether a system meets a critical software definition.", key="CS", version="1.0.0", values=( diff --git a/src/ssvc/decision_points/ssvc/exploitation.py b/src/ssvc/decision_points/ssvc/exploitation.py index c4a4ccc8..faade969 100644 --- a/src/ssvc/decision_points/ssvc/exploitation.py +++ b/src/ssvc/decision_points/ssvc/exploitation.py @@ -28,14 +28,14 @@ ACTIVE = DecisionPointValue( name="Active", key="A", - description="Shared, observable, reliable evidence that the exploit is being" + definition="Shared, observable, reliable evidence that the exploit is being" " used in the wild by real attackers; there is credible public reporting.", ) POC_1 = DecisionPointValue( name="PoC", key="P", - description="One of the following cases is true: (1) private evidence of exploitation is attested but not shared; " + definition="One of the following cases is true: (1) private evidence of exploitation is attested but not shared; " "(2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit" " or ExploitDB; or (4) the vulnerability has a well-known method of exploitation.", ) @@ -43,13 +43,13 @@ POC_2 = DecisionPointValue( name="Public PoC", key="P", - description="One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation.", + definition="One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation.", ) EXP_NONE = DecisionPointValue( name="None", key="N", - description="There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability.", + definition="There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability.", ) @@ -59,7 +59,7 @@ def _strip_spaces(s): EXPLOITATION_1 = SsvcDecisionPoint( name="Exploitation", - description="The present state of exploitation of the vulnerability.", + definition="The present state of exploitation of the vulnerability.", key="E", version="1.0.0", values=( @@ -71,7 +71,7 @@ def _strip_spaces(s): EXPLOITATION_1_1_0 = SsvcDecisionPoint( name="Exploitation", - description="The present state of exploitation of the vulnerability.", + definition="The present state of exploitation of the vulnerability.", key="E", version="1.1.0", values=( diff --git a/src/ssvc/decision_points/ssvc/high_value_asset.py b/src/ssvc/decision_points/ssvc/high_value_asset.py index 3612b094..32ce690a 100644 --- a/src/ssvc/decision_points/ssvc/high_value_asset.py +++ b/src/ssvc/decision_points/ssvc/high_value_asset.py @@ -29,18 +29,18 @@ YES = DecisionPointValue( name="Yes", key="Y", - description="System meets a high value asset definition.", + definition="System meets a high value asset definition.", ) NO = DecisionPointValue( name="No", key="N", - description="System does not meet a high value asset definition.", + definition="System does not meet a high value asset definition.", ) HIGH_VALUE_ASSET_1 = SsvcDecisionPoint( name="High Value Asset", - description="Denotes whether a system meets a high value asset definition.", + definition="Denotes whether a system meets a high value asset definition.", key="HVA", version="1.0.0", values=( diff --git a/src/ssvc/decision_points/ssvc/human_impact.py b/src/ssvc/decision_points/ssvc/human_impact.py index b22819e0..b79b8501 100644 --- a/src/ssvc/decision_points/ssvc/human_impact.py +++ b/src/ssvc/decision_points/ssvc/human_impact.py @@ -29,88 +29,88 @@ LOW_1 = DecisionPointValue( name="Low", key="L", - description="Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal", + definition="Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal", ) LOW_2 = DecisionPointValue( name="Low", key="L", - description="Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)", + definition="Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)", ) LOW_3 = DecisionPointValue( name="Low", key="L", - description="Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)", + definition="Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)", ) LOW_4 = DecisionPointValue( name="Low", key="L", - description="Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)", + definition="Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)", ) MEDIUM_1 = DecisionPointValue( name="Medium", key="M", - description="Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)", + definition="Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)", ) MEDIUM_2 = DecisionPointValue( name="Medium", key="M", - description="(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))", + definition="(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))", ) MEDIUM_3 = DecisionPointValue( name="Medium", key="M", - description="(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))", + definition="(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))", ) MEDIUM_4 = DecisionPointValue( name="Medium", key="M", - description="(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))", + definition="(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))", ) HIGH_1 = DecisionPointValue( name="High", key="H", - description="Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)", + definition="Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)", ) HIGH_2 = DecisionPointValue( name="High", key="H", - description="(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)", + definition="(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)", ) HIGH_3 = DecisionPointValue( name="High", key="H", - description="(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)", + definition="(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)", ) HIGH_4 = DecisionPointValue( name="High", key="H", - description="(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)", + definition="(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)", ) VERY_HIGH_1 = DecisionPointValue( name="Very High", key="VH", - description="Safety Impact:Catastrophic OR Mission Impact:Mission Failure", + definition="Safety Impact:Catastrophic OR Mission Impact:Mission Failure", ) MISSION_AND_WELL_BEING_IMPACT_1 = SsvcDecisionPoint( name="Mission and Well-Being Impact", - description="Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", + definition="Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", key="MWI", version="1.0.0", values=( @@ -123,7 +123,7 @@ HUMAN_IMPACT_2 = SsvcDecisionPoint( name="Human Impact", - description="Human Impact is a combination of Safety and Mission impacts.", + definition="Human Impact is a combination of Safety and Mission impacts.", key="HI", version="2.0.0", values=( @@ -136,7 +136,7 @@ HUMAN_IMPACT_2_0_1 = SsvcDecisionPoint( name="Human Impact", - description="Human Impact is a combination of Safety and Mission impacts.", + definition="Human Impact is a combination of Safety and Mission impacts.", key="HI", version="2.0.1", values=( @@ -149,7 +149,7 @@ HUMAN_IMPACT_2_0_2 = SsvcDecisionPoint( name="Human Impact", - description="Human Impact is a combination of Safety and Mission impacts.", + definition="Human Impact is a combination of Safety and Mission impacts.", key="HI", version="2.0.2", values=( diff --git a/src/ssvc/decision_points/ssvc/mission_impact.py b/src/ssvc/decision_points/ssvc/mission_impact.py index 9faad217..12273a35 100644 --- a/src/ssvc/decision_points/ssvc/mission_impact.py +++ b/src/ssvc/decision_points/ssvc/mission_impact.py @@ -30,43 +30,43 @@ MISSION_FAILURE = DecisionPointValue( name="Mission Failure", key="MF", - description="Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails", + definition="Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails", ) MEF_FAILURE = DecisionPointValue( name="MEF Failure", key="MEF", - description="Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time", + definition="Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time", ) MEF_CRIPPLED = DecisionPointValue( name="MEF Support Crippled", key="MSC", - description="Activities that directly support essential functions are crippled; essential functions continue for a time", + definition="Activities that directly support essential functions are crippled; essential functions continue for a time", ) MI_NED = DecisionPointValue( name="Non-Essential Degraded", key="NED", - description="Degradation of non-essential functions; chronic degradation would eventually harm essential functions", + definition="Degradation of non-essential functions; chronic degradation would eventually harm essential functions", ) MI_NONE = DecisionPointValue( - name="None", key="N", description="Little to no impact" + name="None", key="N", definition="Little to no impact" ) # combine MI_NONE and MI_NED into a single value DEGRADED = DecisionPointValue( name="Degraded", key="D", - description="Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions", + definition="Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions", ) MISSION_IMPACT_1 = SsvcDecisionPoint( name="Mission Impact", - description="Impact on Mission Essential Functions of the Organization", + definition="Impact on Mission Essential Functions of the Organization", key="MI", version="1.0.0", values=( @@ -81,7 +81,7 @@ # SSVC v2.1 combined None and Non-Essential Degraded into a single value MISSION_IMPACT_2 = SsvcDecisionPoint( name="Mission Impact", - description="Impact on Mission Essential Functions of the Organization", + definition="Impact on Mission Essential Functions of the Organization", key="MI", version="2.0.0", values=(DEGRADED, MEF_CRIPPLED, MEF_FAILURE, MISSION_FAILURE), diff --git a/src/ssvc/decision_points/ssvc/public_safety_impact.py b/src/ssvc/decision_points/ssvc/public_safety_impact.py index 46f22a94..e8b06704 100644 --- a/src/ssvc/decision_points/ssvc/public_safety_impact.py +++ b/src/ssvc/decision_points/ssvc/public_safety_impact.py @@ -29,13 +29,13 @@ MINIMAL_1 = DecisionPointValue( name="Minimal", - description="The effect is below the threshold for all aspects described in material. ", + definition="The effect is below the threshold for all aspects described in material. ", key="M", ) MATERIAL = DecisionPointValue( name="Material", - description="Any one or more of these conditions hold. " + definition="Any one or more of these conditions hold. " "Physical harm: Does one or more of the following: " "(a) Causes physical distress or injury to system users. " "(b) Introduces occupational safety hazards. " @@ -50,7 +50,7 @@ MATERIAL_1 = DecisionPointValue( name="Material", - description="Any one or more of these conditions hold. " + definition="Any one or more of these conditions hold. " "Physical harm: Does one or more of the following: " "(a) Causes physical distress or injury to system users. " "(b) Introduces occupational safety hazards. " @@ -66,7 +66,7 @@ IRREVERSIBLE = DecisionPointValue( name="Irreversible", - description="Any one or more of these conditions hold. " + definition="Any one or more of these conditions hold. " "Physical harm: One or both of the following are true: (a) Multiple fatalities are likely." "(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. " " Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small " @@ -79,22 +79,22 @@ SIGNIFICANT = DecisionPointValue( name="Significant", - description="Safety Impact:(Major OR Hazardous OR Catastrophic)", + definition="Safety Impact:(Major OR Hazardous OR Catastrophic)", key="S", ) MINIMAL_2 = DecisionPointValue( - name="Minimal", description="Safety Impact:(None OR Minor)", key="M" + name="Minimal", definition="Safety Impact:(None OR Minor)", key="M" ) SIGNIFICANT_1 = DecisionPointValue( name="Significant", - description="Safety Impact:(Marginal OR Critical OR Catastrophic)", + definition="Safety Impact:(Marginal OR Critical OR Catastrophic)", key="S", ) MINIMAL_3 = DecisionPointValue( - name="Minimal", description="Safety Impact:Negligible", key="M" + name="Minimal", definition="Safety Impact:Negligible", key="M" ) # This version is deprecated because it had two values with the same key. @@ -113,7 +113,7 @@ PUBLIC_WELL_BEING_IMPACT_1_1 = SsvcDecisionPoint( name="Public Well-Being Impact", - description="A coarse-grained representation of impact to public well-being.", + definition="A coarse-grained representation of impact to public well-being.", key="PWI", version="1.1.0", values=( @@ -126,7 +126,7 @@ PUBLIC_SAFETY_IMPACT_2 = SsvcDecisionPoint( name="Public Safety Impact", - description="A coarse-grained representation of impact to public safety.", + definition="A coarse-grained representation of impact to public safety.", key="PSI", version="2.0.0", values=( @@ -137,7 +137,7 @@ PUBLIC_SAFETY_IMPACT_2_0_1 = SsvcDecisionPoint( name="Public Safety Impact", - description="A coarse-grained representation of impact to public safety.", + definition="A coarse-grained representation of impact to public safety.", key="PSI", version="2.0.1", values=( diff --git a/src/ssvc/decision_points/ssvc/public_value_added.py b/src/ssvc/decision_points/ssvc/public_value_added.py index eac5543b..dd8403a7 100644 --- a/src/ssvc/decision_points/ssvc/public_value_added.py +++ b/src/ssvc/decision_points/ssvc/public_value_added.py @@ -30,24 +30,24 @@ LIMITED = DecisionPointValue( name="Limited", key="L", - description="Minimal value added to the existing public information because existing information is already high quality and in multiple outlets.", + definition="Minimal value added to the existing public information because existing information is already high quality and in multiple outlets.", ) AMPLIATIVE = DecisionPointValue( name="Ampliative", key="A", - description="Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc.", + definition="Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc.", ) PRECEDENCE = DecisionPointValue( name="Precedence", key="P", - description="The publication would be the first publicly available, or be coincident with the first publicly available.", + definition="The publication would be the first publicly available, or be coincident with the first publicly available.", ) PUBLIC_VALUE_ADDED_1 = SsvcDecisionPoint( name="Public Value Added", - description="How much value would a publication from the coordinator benefit the broader community?", + definition="How much value would a publication from the coordinator benefit the broader community?", key="PVA", version="1.0.0", values=(LIMITED, AMPLIATIVE, PRECEDENCE), diff --git a/src/ssvc/decision_points/ssvc/report_credibility.py b/src/ssvc/decision_points/ssvc/report_credibility.py index e74218ce..2391a1c3 100644 --- a/src/ssvc/decision_points/ssvc/report_credibility.py +++ b/src/ssvc/decision_points/ssvc/report_credibility.py @@ -30,18 +30,18 @@ NOT_CREDIBLE = DecisionPointValue( name="Not Credible", key="NC", - description="The report is not credible.", + definition="The report is not credible.", ) CREDIBLE = DecisionPointValue( name="Credible", key="C", - description="The report is credible.", + definition="The report is credible.", ) REPORT_CREDIBILITY_1 = SsvcDecisionPoint( name="Report Credibility", - description="Is the report credible?", + definition="Is the report credible?", key="RC", version="1.0.0", values=( diff --git a/src/ssvc/decision_points/ssvc/report_public.py b/src/ssvc/decision_points/ssvc/report_public.py index 73cccfee..7ffe3198 100644 --- a/src/ssvc/decision_points/ssvc/report_public.py +++ b/src/ssvc/decision_points/ssvc/report_public.py @@ -29,18 +29,18 @@ YES = DecisionPointValue( name="Yes", key="Y", - description="A public report of the vulnerability exists.", + definition="A public report of the vulnerability exists.", ) NO = DecisionPointValue( name="No", key="N", - description="No public report of the vulnerability exists.", + definition="No public report of the vulnerability exists.", ) REPORT_PUBLIC_1 = SsvcDecisionPoint( name="Report Public", - description="Is a viable report of the details of the vulnerability already publicly available?", + definition="Is a viable report of the details of the vulnerability already publicly available?", key="RP", version="1.0.0", values=( diff --git a/src/ssvc/decision_points/ssvc/safety_impact.py b/src/ssvc/decision_points/ssvc/safety_impact.py index 5db63999..bbe794bc 100644 --- a/src/ssvc/decision_points/ssvc/safety_impact.py +++ b/src/ssvc/decision_points/ssvc/safety_impact.py @@ -30,7 +30,7 @@ CATASTROPHIC = DecisionPointValue( name="Catastrophic", key="C", - description="Any one or more of these conditions hold. " + definition="Any one or more of these conditions hold. " "Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) " "Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). " "System resiliency: Total loss of whole cyber-physical system, of which the software is a part. " @@ -42,7 +42,7 @@ HAZARDOUS = DecisionPointValue( name="Hazardous", key="H", - description="Any one or more of these conditions hold. " + definition="Any one or more of these conditions hold. " "Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. " "Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. " "System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. " @@ -54,7 +54,7 @@ MAJOR = DecisionPointValue( name="Major", key="J", - description="Any one or more of these conditions hold. " + definition="Any one or more of these conditions hold. " "Physical harm: Physical distress and injuries for users (not operators) of the system. " "Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the " "vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. " @@ -67,7 +67,7 @@ MINOR = DecisionPointValue( name="Minor", key="M", - description="Any one or more of these conditions hold. " + definition="Any one or more of these conditions hold. " "Physical harm: Physical discomfort for users (not operators) of the system. " "Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the " "vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. " @@ -80,7 +80,7 @@ SAF_NONE = DecisionPointValue( name="None", key="N", - description="The effect is below the threshold for all aspects described in Minor.", + definition="The effect is below the threshold for all aspects described in Minor.", ) ## Based on the IEC 61508 standard @@ -89,7 +89,7 @@ CATASTROPHIC_2 = DecisionPointValue( name="Catastrophic", key="C", - description="Any one or more of these conditions hold.

" + definition="Any one or more of these conditions hold.

" "- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
" "- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
" "- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
" @@ -101,7 +101,7 @@ CRITICAL = DecisionPointValue( name="Critical", key="R", - description="Any one or more of these conditions hold.

" + definition="Any one or more of these conditions hold.

" "- *Physical harm*: Loss of life (IEC 61508 Critical).
" "- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
" "- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
" @@ -113,7 +113,7 @@ MARGINAL = DecisionPointValue( name="Marginal", key="M", - description="Any one or more of these conditions hold.

" + definition="Any one or more of these conditions hold.

" "- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
" "- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the " "vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
" @@ -126,7 +126,7 @@ NEGLIGIBLE = DecisionPointValue( name="Negligible", key="N", - description="Any one or more of these conditions hold.

" + definition="Any one or more of these conditions hold.

" "- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
" "- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the " "vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
" @@ -139,7 +139,7 @@ SAFETY_IMPACT_1 = SsvcDecisionPoint( name="Safety Impact", - description="The safety impact of the vulnerability.", + definition="The safety impact of the vulnerability.", key="SI", version="1.0.0", values=( @@ -154,7 +154,7 @@ SAFETY_IMPACT_2 = SsvcDecisionPoint( name="Safety Impact", - description="The safety impact of the vulnerability. (based on IEC 61508)", + definition="The safety impact of the vulnerability. (based on IEC 61508)", key="SI", version="2.0.0", values=( diff --git a/src/ssvc/decision_points/ssvc/supplier_cardinality.py b/src/ssvc/decision_points/ssvc/supplier_cardinality.py index c78167f6..ed1653f3 100644 --- a/src/ssvc/decision_points/ssvc/supplier_cardinality.py +++ b/src/ssvc/decision_points/ssvc/supplier_cardinality.py @@ -29,18 +29,18 @@ MULTIPLE = DecisionPointValue( name="Multiple", key="M", - description="There are multiple suppliers of the vulnerable component.", + definition="There are multiple suppliers of the vulnerable component.", ) ONE = DecisionPointValue( name="One", key="O", - description="There is only one supplier of the vulnerable component.", + definition="There is only one supplier of the vulnerable component.", ) SUPPLIER_CARDINALITY_1 = SsvcDecisionPoint( name="Supplier Cardinality", - description="How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", + definition="How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", key="SC", version="1.0.0", values=( diff --git a/src/ssvc/decision_points/ssvc/supplier_contacted.py b/src/ssvc/decision_points/ssvc/supplier_contacted.py index 2b6d16d9..1a19b4ee 100644 --- a/src/ssvc/decision_points/ssvc/supplier_contacted.py +++ b/src/ssvc/decision_points/ssvc/supplier_contacted.py @@ -28,18 +28,18 @@ YES = DecisionPointValue( name="Yes", key="Y", - description="The supplier has been contacted.", + definition="The supplier has been contacted.", ) NO = DecisionPointValue( name="No", key="N", - description="The supplier has not been contacted.", + definition="The supplier has not been contacted.", ) SUPPLIER_CONTACTED_1 = SsvcDecisionPoint( name="Supplier Contacted", - description="Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", + definition="Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", key="SCON", version="1.0.0", values=( diff --git a/src/ssvc/decision_points/ssvc/supplier_engagement.py b/src/ssvc/decision_points/ssvc/supplier_engagement.py index ed9660fb..ae0a2d3d 100644 --- a/src/ssvc/decision_points/ssvc/supplier_engagement.py +++ b/src/ssvc/decision_points/ssvc/supplier_engagement.py @@ -30,18 +30,18 @@ UNRESPONSIVE = DecisionPointValue( name="Unresponsive", key="U", - description="The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort.", + definition="The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort.", ) ACTIVE = DecisionPointValue( name="Active", key="A", - description="The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort.", + definition="The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort.", ) SUPPLIER_ENGAGEMENT_1 = SsvcDecisionPoint( name="Supplier Engagement", - description="Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", + definition="Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", key="SE", version="1.0.0", values=( diff --git a/src/ssvc/decision_points/ssvc/supplier_involvement.py b/src/ssvc/decision_points/ssvc/supplier_involvement.py index 253620d9..f3e131c5 100644 --- a/src/ssvc/decision_points/ssvc/supplier_involvement.py +++ b/src/ssvc/decision_points/ssvc/supplier_involvement.py @@ -29,24 +29,24 @@ UNCOOPERATIVE = DecisionPointValue( name="Uncooperative/Unresponsive", key="UU", - description="The supplier has not responded, declined to generate a remediation, or no longer exists.", + definition="The supplier has not responded, declined to generate a remediation, or no longer exists.", ) COOPERATIVE = DecisionPointValue( name="Cooperative", key="C", - description="The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time.", + definition="The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time.", ) FIX_READY = DecisionPointValue( name="Fix Ready", key="FR", - description="The supplier has provided a patch or fix.", + definition="The supplier has provided a patch or fix.", ) SUPPLIER_INVOLVEMENT_1 = SsvcDecisionPoint( name="Supplier Involvement", - description="What is the state of the supplier’s work on addressing the vulnerability?", + definition="What is the state of the supplier’s work on addressing the vulnerability?", key="SINV", version="1.0.0", values=( diff --git a/src/ssvc/decision_points/ssvc/system_exposure.py b/src/ssvc/decision_points/ssvc/system_exposure.py index 06b87b82..0c23cfc6 100644 --- a/src/ssvc/decision_points/ssvc/system_exposure.py +++ b/src/ssvc/decision_points/ssvc/system_exposure.py @@ -29,14 +29,14 @@ EXP_UNAVOIDABLE = DecisionPointValue( name="Unavoidable", key="U", - description="Internet or another widely accessible network where access cannot plausibly be restricted or " + definition="Internet or another widely accessible network where access cannot plausibly be restricted or " "controlled (e.g., DNS servers, web servers, VOIP servers, email servers)", ) EXP_CONTROLLED = DecisionPointValue( name="Controlled", key="C", - description="Networked service with some access restrictions or mitigations already in place (whether locally or on the network). " + definition="Networked service with some access restrictions or mitigations already in place (whether locally or on the network). " "A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable " "both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be " "exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the " @@ -47,13 +47,13 @@ EXP_SMALL = DecisionPointValue( name="Small", key="S", - description="Local service or program; highly controlled network", + definition="Local service or program; highly controlled network", ) SYSTEM_EXPOSURE_1 = SsvcDecisionPoint( name="System Exposure", - description="The Accessible Attack Surface of the Affected System or Service", + definition="The Accessible Attack Surface of the Affected System or Service", key="EXP", version="1.0.0", values=( @@ -67,14 +67,14 @@ EXP_OPEN = DecisionPointValue( name="Open", key="O", - description="Internet or another widely accessible network where access cannot plausibly be restricted or " + definition="Internet or another widely accessible network where access cannot plausibly be restricted or " "controlled (e.g., DNS servers, web servers, VOIP servers, email servers)", ) SYSTEM_EXPOSURE_1_0_1 = SsvcDecisionPoint( name="System Exposure", - description="The Accessible Attack Surface of the Affected System or Service", + definition="The Accessible Attack Surface of the Affected System or Service", key="EXP", version="1.0.1", values=( diff --git a/src/ssvc/decision_points/ssvc/technical_impact.py b/src/ssvc/decision_points/ssvc/technical_impact.py index e2bd46dd..742f0a16 100644 --- a/src/ssvc/decision_points/ssvc/technical_impact.py +++ b/src/ssvc/decision_points/ssvc/technical_impact.py @@ -30,18 +30,18 @@ TOTAL = DecisionPointValue( name="Total", key="T", - description="The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability.", + definition="The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability.", ) PARTIAL = DecisionPointValue( name="Partial", key="P", - description="The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control.", + definition="The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control.", ) TECHNICAL_IMPACT_1 = SsvcDecisionPoint( name="Technical Impact", - description="The technical impact of the vulnerability.", + definition="The technical impact of the vulnerability.", key="TI", version="1.0.0", values=( diff --git a/src/ssvc/decision_points/ssvc/utility.py b/src/ssvc/decision_points/ssvc/utility.py index f83518c3..d7a774c6 100644 --- a/src/ssvc/decision_points/ssvc/utility.py +++ b/src/ssvc/decision_points/ssvc/utility.py @@ -30,42 +30,42 @@ SUPER_EFFECTIVE_2 = DecisionPointValue( name="Super Effective", key="S", - description="Automatable:Yes AND Value Density:Concentrated", + definition="Automatable:Yes AND Value Density:Concentrated", ) EFFICIENT_2 = DecisionPointValue( name="Efficient", key="E", - description="(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)", + definition="(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)", ) LABORIOUS_2 = DecisionPointValue( name="Laborious", key="L", - description="Automatable:No AND Value Density:Diffuse", + definition="Automatable:No AND Value Density:Diffuse", ) SUPER_EFFECTIVE = DecisionPointValue( name="Super Effective", key="S", - description="Virulence:Rapid and Value Density:Concentrated", + definition="Virulence:Rapid and Value Density:Concentrated", ) EFFICIENT = DecisionPointValue( name="Efficient", key="E", - description="Virulence:Rapid and Value Density:Diffuse OR Virulence:Slow and Value Density:Concentrated", + definition="Virulence:Rapid and Value Density:Diffuse OR Virulence:Slow and Value Density:Concentrated", ) LABORIOUS = DecisionPointValue( name="Laborious", key="L", - description="Virulence:Slow and Value Density:Diffuse", + definition="Virulence:Slow and Value Density:Diffuse", ) UTILITY_1 = SsvcDecisionPoint( name="Utility", - description="The Usefulness of the Exploit to the Adversary", + definition="The Usefulness of the Exploit to the Adversary", key="U", version="1.0.0", values=( @@ -77,7 +77,7 @@ UTILITY_1_0_1 = SsvcDecisionPoint( name="Utility", - description="The Usefulness of the Exploit to the Adversary", + definition="The Usefulness of the Exploit to the Adversary", key="U", version="1.0.1", values=( diff --git a/src/ssvc/decision_points/ssvc/value_density.py b/src/ssvc/decision_points/ssvc/value_density.py index 610291a8..6cecd8cf 100644 --- a/src/ssvc/decision_points/ssvc/value_density.py +++ b/src/ssvc/decision_points/ssvc/value_density.py @@ -29,18 +29,18 @@ CONCENTRATED = DecisionPointValue( name="Concentrated", key="C", - description="The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users.", + definition="The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users.", ) DIFFUSE = DecisionPointValue( name="Diffuse", key="D", - description="The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small.", + definition="The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small.", ) VALUE_DENSITY_1 = SsvcDecisionPoint( name="Value Density", - description="The concentration of value in the target", + definition="The concentration of value in the target", key="VD", version="1.0.0", values=( diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index 1417b56d..76745262 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -731,7 +731,7 @@ def main() -> None: table = DecisionTable( name="Test Table", - description="A test decision table", + definition="A test decision table", namespace="x_example.test#test-table", decision_points=dpg.decision_points, outcome=outcomes.id, diff --git a/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py b/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py index 39666a4d..449b6a1d 100644 --- a/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py +++ b/src/ssvc/decision_tables/cisa/cisa_coordinate_dt.py @@ -44,7 +44,7 @@ key="CO", version="2.0.3", name="CISA Coordinator", - description="CISA Coordinator decision table for SSVC", + definition="CISA Coordinator decision table for SSVC", outcome=Priority.id, decision_points={ dp.id: dp diff --git a/src/ssvc/decision_tables/cvss/equivalence_set_five.py b/src/ssvc/decision_tables/cvss/equivalence_set_five.py index 0eb8463b..15ba75d6 100644 --- a/src/ssvc/decision_tables/cvss/equivalence_set_five.py +++ b/src/ssvc/decision_tables/cvss/equivalence_set_five.py @@ -41,7 +41,7 @@ key="CVSS_EQ5", version="1.0.0", name="CVSS v4 Equivalence Set 5", - description="CVSS Equivalence Set 5 Decision Table", + definition="CVSS Equivalence Set 5 Decision Table", decision_points={dp.id: dp for dp in [E, EQ5]}, outcome=EQ5.id, mapping=[ diff --git a/src/ssvc/decision_tables/cvss/equivalence_set_four.py b/src/ssvc/decision_tables/cvss/equivalence_set_four.py index 554e9b35..e2523034 100644 --- a/src/ssvc/decision_tables/cvss/equivalence_set_four.py +++ b/src/ssvc/decision_tables/cvss/equivalence_set_four.py @@ -48,7 +48,7 @@ key="CVSS4_EQ4", version="1.0.0", name="CVSS v4 Equivalence Set 4", - description="This decision table models equivalence set 4 from CVSS v4.", + definition="This decision table models equivalence set 4 from CVSS v4.", decision_points={dp.id: dp for dp in (SC, MSI, MSA, EQ4)}, outcome=EQ4.id, mapping=[ diff --git a/src/ssvc/decision_tables/cvss/equivalence_set_one.py b/src/ssvc/decision_tables/cvss/equivalence_set_one.py index 41b227d7..3c35c51b 100644 --- a/src/ssvc/decision_tables/cvss/equivalence_set_one.py +++ b/src/ssvc/decision_tables/cvss/equivalence_set_one.py @@ -43,7 +43,7 @@ key="CVSS4_EQ1", version="1.0.0", name="CVSS v4 Equivalence Set 1", - description="This decision table models equivalence set 1 from CVSS v4. Factors include Attack Vector (AV), Privileges Required (PR), and User Interaction (UI).", + definition="This decision table models equivalence set 1 from CVSS v4. Factors include Attack Vector (AV), Privileges Required (PR), and User Interaction (UI).", decision_points={dp.id: dp for dp in (AV, PR, UI, EQ1)}, outcome=EQ1.id, mapping=[ diff --git a/src/ssvc/decision_tables/cvss/equivalence_set_six.py b/src/ssvc/decision_tables/cvss/equivalence_set_six.py index c5fc4a96..97a28c2f 100644 --- a/src/ssvc/decision_tables/cvss/equivalence_set_six.py +++ b/src/ssvc/decision_tables/cvss/equivalence_set_six.py @@ -58,7 +58,7 @@ key="CVSS4_EQ6", version="1.0.0", name="CVSS v4 Equivalence Set 6", - description="This decision table models equivalence set 6 from CVSS v4.", + definition="This decision table models equivalence set 6 from CVSS v4.", decision_points={dp.id: dp for dp in (CR, VC, IR, VI, AR, VA, EQ6)}, outcome=EQ6.id, mapping=[ diff --git a/src/ssvc/decision_tables/cvss/equivalence_set_three.py b/src/ssvc/decision_tables/cvss/equivalence_set_three.py index e6b2757c..a7d878bd 100644 --- a/src/ssvc/decision_tables/cvss/equivalence_set_three.py +++ b/src/ssvc/decision_tables/cvss/equivalence_set_three.py @@ -47,7 +47,7 @@ key="CVSS4_EQ3", version="1.0.0", name="CVSS v4 Equivalence Set 3", - description="This decision table models equivalence set 3 from CVSS v4.", + definition="This decision table models equivalence set 3 from CVSS v4.", decision_points={dp.id: dp for dp in (VC, VI, VA, EQ3)}, outcome=EQ3.id, mapping=[ diff --git a/src/ssvc/decision_tables/cvss/equivalence_set_two.py b/src/ssvc/decision_tables/cvss/equivalence_set_two.py index 38a748c2..eb42a352 100644 --- a/src/ssvc/decision_tables/cvss/equivalence_set_two.py +++ b/src/ssvc/decision_tables/cvss/equivalence_set_two.py @@ -44,7 +44,7 @@ key="CVSS4_EQ2", version="1.0.0", name="CVSS v4 Equivalence Set 2", - description="This decision table models equivalence set 2 from CVSS v4. Factors include Attack Complexity (AC) and Attack Requirements (AT).", + definition="This decision table models equivalence set 2 from CVSS v4. Factors include Attack Complexity (AC) and Attack Requirements (AT).", decision_points={dp.id: dp for dp in (AC, AT, EQ2)}, outcome=EQ2.id, mapping=[ diff --git a/src/ssvc/decision_tables/cvss/qualitative_severity.py b/src/ssvc/decision_tables/cvss/qualitative_severity.py index 9e6f21f1..e808b302 100644 --- a/src/ssvc/decision_tables/cvss/qualitative_severity.py +++ b/src/ssvc/decision_tables/cvss/qualitative_severity.py @@ -39,7 +39,7 @@ key="CVSS_QSR", version="4.0.0", namespace="cvss", - description="CVSS v4.0 using MacroVectors and Interpolation. See https://www.first.org/cvss/specification-document#New-Scoring-System-Development for details", + definition="CVSS v4.0 using MacroVectors and Interpolation. See https://www.first.org/cvss/specification-document#New-Scoring-System-Development for details", decision_points=dp_dict, outcome=LMHC.id, mapping=[ diff --git a/src/ssvc/decision_tables/ssvc/coord_pub_dt.py b/src/ssvc/decision_tables/ssvc/coord_pub_dt.py index 9a9697ea..6c204919 100644 --- a/src/ssvc/decision_tables/ssvc/coord_pub_dt.py +++ b/src/ssvc/decision_tables/ssvc/coord_pub_dt.py @@ -39,7 +39,7 @@ key="COORD_PUBLISH", version="1.0.0", name="Coordinator Publish Decision Table", - description="This decision table is used to determine the priority of a coordinator publish.", + definition="This decision table is used to determine the priority of a coordinator publish.", decision_points={ dp.id: dp for dp in [ diff --git a/src/ssvc/decision_tables/ssvc/coord_triage.py b/src/ssvc/decision_tables/ssvc/coord_triage.py index ce8a7131..3e621a70 100644 --- a/src/ssvc/decision_tables/ssvc/coord_triage.py +++ b/src/ssvc/decision_tables/ssvc/coord_triage.py @@ -49,7 +49,7 @@ key="COORD_TRIAGE", version="1.0.0", name="Coordinator Triage", - description="Decision table for coordinator triage", + definition="Decision table for coordinator triage", decision_points={ dp.id: dp for dp in [ diff --git a/src/ssvc/decision_tables/ssvc/deployer_dt.py b/src/ssvc/decision_tables/ssvc/deployer_dt.py index 0d19c1f5..dfac0231 100644 --- a/src/ssvc/decision_tables/ssvc/deployer_dt.py +++ b/src/ssvc/decision_tables/ssvc/deployer_dt.py @@ -44,7 +44,7 @@ key="DP", version="1.0.0", name="Deployer Patch Application Priority", - description="Decision table for evaluating deployer's patch application priority in SSVC", + definition="Decision table for evaluating deployer's patch application priority in SSVC", decision_points={ dp.id: dp for dp in [Exploitation, Exposure, Automatable, HumanImpact, DSOI] diff --git a/src/ssvc/decision_tables/ssvc/human_impact.py b/src/ssvc/decision_tables/ssvc/human_impact.py index 9ba1e432..9a8fb056 100644 --- a/src/ssvc/decision_tables/ssvc/human_impact.py +++ b/src/ssvc/decision_tables/ssvc/human_impact.py @@ -42,7 +42,7 @@ key="HI", version="1.0.0", name="Human Impact", - description="Human Impact decision table for SSVC", + definition="Human Impact decision table for SSVC", decision_points={ dp.id: dp for dp in [SituatedSafetyImpact, MissionImpact, HumanImpact] }, diff --git a/src/ssvc/decision_tables/ssvc/public_safety_impact.py b/src/ssvc/decision_tables/ssvc/public_safety_impact.py index a93f1c93..af6ffb6c 100644 --- a/src/ssvc/decision_tables/ssvc/public_safety_impact.py +++ b/src/ssvc/decision_tables/ssvc/public_safety_impact.py @@ -53,7 +53,7 @@ key="DT_PSI", version="1.0.0", name="Public Safety Impact", - description="Public Safety Impact Decision Table", + definition="Public Safety Impact Decision Table", decision_points={dp.id: dp for dp in [SI, PSI]}, outcome=PSI.id, mapping=[ diff --git a/src/ssvc/decision_tables/ssvc/supplier_dt.py b/src/ssvc/decision_tables/ssvc/supplier_dt.py index e91cb77e..9f6c2514 100644 --- a/src/ssvc/decision_tables/ssvc/supplier_dt.py +++ b/src/ssvc/decision_tables/ssvc/supplier_dt.py @@ -44,7 +44,7 @@ key="SP", version="1.0.0", name="Supplier Patch Development Priority", - description="Decision table for evaluating supplier patch development priority in SSVC", + definition="Decision table for evaluating supplier patch development priority in SSVC", decision_points={ dp.id: dp for dp in [ diff --git a/src/ssvc/decision_tables/ssvc/utility.py b/src/ssvc/decision_tables/ssvc/utility.py index fb51aac1..830003ed 100644 --- a/src/ssvc/decision_tables/ssvc/utility.py +++ b/src/ssvc/decision_tables/ssvc/utility.py @@ -37,7 +37,7 @@ key="U", version="1.0.0", name="Utility", - description="Utility decision table for SSVC", + definition="Utility decision table for SSVC", decision_points={dp.id: dp for dp in [Automatable, ValueDensity, Utility]}, outcome=Utility.id, mapping=[ diff --git a/src/ssvc/doc_helpers.py b/src/ssvc/doc_helpers.py index a78a6fee..0f842352 100644 --- a/src/ssvc/doc_helpers.py +++ b/src/ssvc/doc_helpers.py @@ -25,7 +25,7 @@ from ssvc.decision_points.ssvc.base import SsvcDecisionPoint -MD_TABLE_ROW_TEMPLATE = "| {value.name} ({value.key}) | {value.description} |" +MD_TABLE_ROW_TEMPLATE = "| {value.name} ({value.key}) | {value.definition} |" def markdown_table(dp: SsvcDecisionPoint, indent: int = 0) -> str: @@ -41,7 +41,7 @@ def markdown_table(dp: SsvcDecisionPoint, indent: int = 0) -> str: rows = [] # prepend the header _indent = " " * indent - rows.append(f"{_indent}{dp.description}") + rows.append(f"{_indent}{dp.definition}") rows.append("") rows.append(f"{_indent}| Value | Definition |") rows.append(f"{_indent}|:-----|:-----------|") diff --git a/src/ssvc/dp_groups/cvss/collections.py b/src/ssvc/dp_groups/cvss/collections.py index e345adb0..651ff7f2 100644 --- a/src/ssvc/dp_groups/cvss/collections.py +++ b/src/ssvc/dp_groups/cvss/collections.py @@ -159,7 +159,7 @@ CVSSv1_B = DecisionPointGroup( name="CVSS", version="1.0.0", - description="CVSS v1 decision points", + definition="CVSS v1 decision points", decision_points=tuple(BASE_1), ) """CVSS v1 Base Metrics""" @@ -167,7 +167,7 @@ CVSSv1_BT = DecisionPointGroup( name="CVSS", version="1.0.0", - description="CVSS v1 decision points", + definition="CVSS v1 decision points", decision_points=tuple(BASE_1 + TEMPORAL_1), ) """CVSS v1 Base and Temporal Metrics""" @@ -175,7 +175,7 @@ CVSSv1_BTE = DecisionPointGroup( name="CVSS", version="1.0.0", - description="CVSS v1 decision points", + definition="CVSS v1 decision points", decision_points=tuple(BASE_1 + TEMPORAL_1 + ENVIRONMENTAL_1), ) """CVSS v1 Base, Temporal, and Environmental Metrics""" @@ -212,7 +212,7 @@ CVSSv2_B = DecisionPointGroup( name="CVSS Version 2 Base Metrics", - description="Base metrics for CVSS v2", + definition="Base metrics for CVSS v2", version="2.0.0", decision_points=tuple(BASE_2), ) @@ -220,7 +220,7 @@ CVSSv2_BT = DecisionPointGroup( name="CVSS Version 2 Base and Temporal Metrics", - description="Base and Temporal metrics for CVSS v2", + definition="Base and Temporal metrics for CVSS v2", version="2.0.0", decision_points=tuple(BASE_2 + TEMPORAL_2), ) @@ -228,7 +228,7 @@ CVSSv2_BTE = DecisionPointGroup( name="CVSS Version 2 Base, Temporal, and Environmental Metrics", - description="Base, Temporal, and Environmental metrics for CVSS v2", + definition="Base, Temporal, and Environmental metrics for CVSS v2", version="2.0.0", decision_points=tuple(BASE_2 + TEMPORAL_2 + ENVIRONMENTAL_2), ) @@ -266,7 +266,7 @@ CVSSv3_B = DecisionPointGroup( name="CVSS Version 3 Base Metrics", - description="Base metrics for CVSS v3", + definition="Base metrics for CVSS v3", version="3.0.0", decision_points=tuple(BASE_3), ) @@ -274,7 +274,7 @@ CVSSv3_BT = DecisionPointGroup( name="CVSS Version 3 Base and Temporal Metrics", - description="Base and Temporal metrics for CVSS v3", + definition="Base and Temporal metrics for CVSS v3", version="3.0.0", decision_points=tuple(BASE_3 + TEMPORAL_3), ) @@ -282,7 +282,7 @@ CVSSv3_BTE = DecisionPointGroup( name="CVSS Version 3 Base, Temporal, and Environmental Metrics", - description="Base, Temporal, and Environmental metrics for CVSS v3", + definition="Base, Temporal, and Environmental metrics for CVSS v3", version="3.0.0", decision_points=tuple(BASE_3 + TEMPORAL_3 + ENVIRONMENTAL_3), ) @@ -340,7 +340,7 @@ # CVSS-B Base metrics CVSSv4_B = DecisionPointGroup( name="CVSSv4 Base Metrics", - description="Base metrics for CVSS v4", + definition="Base metrics for CVSS v4", version="4.0.0", decision_points=tuple(BASE_4), ) @@ -349,7 +349,7 @@ # CVSS-BE Base and Environmental metrics CVSSv4_BE = DecisionPointGroup( name="CVSSv4 Base and Environmental Metrics", - description="Base and Environmental metrics for CVSS v4", + definition="Base and Environmental metrics for CVSS v4", version="4.0.0", decision_points=tuple(BASE_4 + ENVIRONMENTAL_4), ) @@ -358,7 +358,7 @@ # CVSS-BT Base and Threat metrics CVSSv4_BT = DecisionPointGroup( name="CVSSv4 Base and Threat Metrics", - description="Base and Threat metrics for CVSS v4", + definition="Base and Threat metrics for CVSS v4", version="4.0.0", decision_points=tuple(BASE_4 + THREAT_4), ) @@ -367,7 +367,7 @@ # CVSS-BTE CVSSv4_BTE = DecisionPointGroup( name="CVSSv4 Base, Threat, and Environmental Metrics", - description="Base, Threat, and Environmental metrics for CVSS v4", + definition="Base, Threat, and Environmental metrics for CVSS v4", version="4.0.0", decision_points=tuple(BASE_4 + THREAT_4 + ENVIRONMENTAL_4), ) @@ -375,7 +375,7 @@ CVSSv4 = DecisionPointGroup( name="CVSSv4", - description="All decision points for CVSS v4 (including supplemental metrics)", + definition="All decision points for CVSS v4 (including supplemental metrics)", version="4.0.0", decision_points=tuple( BASE_4 + THREAT_4 + ENVIRONMENTAL_4 + SUPPLEMENTAL_4 @@ -385,7 +385,7 @@ CVSSv4_Equivalence_Sets = DecisionPointGroup( name="CVSSv4 EQ Sets", - description="Equivalence Sets for CVSS v4", + definition="Equivalence Sets for CVSS v4", version="4.0.0", decision_points=( EQ1, diff --git a/src/ssvc/dp_groups/ssvc/collections.py b/src/ssvc/dp_groups/ssvc/collections.py index 05f20da0..e0570d10 100644 --- a/src/ssvc/dp_groups/ssvc/collections.py +++ b/src/ssvc/dp_groups/ssvc/collections.py @@ -40,7 +40,7 @@ SSVCv1 = DecisionPointGroup( name="SSVCv1", - description="The first version of the SSVC.", + definition="The first version of the SSVC.", version="1.0.0", decision_points=get_all_decision_points_from( PATCH_APPLIER_1, PATCH_DEVELOPER_1 @@ -50,7 +50,7 @@ SSVCv2 = DecisionPointGroup( name="SSVCv2", - description="The second version of the SSVC.", + definition="The second version of the SSVC.", version="2.0.0", decision_points=get_all_decision_points_from( COORDINATOR_PUBLICATION_1, COORDINATOR_TRIAGE_1, DEPLOYER_2, SUPPLIER_2 @@ -60,7 +60,7 @@ SSVCv2_1 = DecisionPointGroup( name="SSVCv2.1", - description="The second version of the SSVC.", + definition="The second version of the SSVC.", version="2.1.0", decision_points=get_all_decision_points_from( COORDINATOR_PUBLICATION_1, COORDINATOR_TRIAGE_1, DEPLOYER_3, SUPPLIER_2 diff --git a/src/ssvc/dp_groups/ssvc/coordinator_publication.py b/src/ssvc/dp_groups/ssvc/coordinator_publication.py index 1a90aad1..2881a0eb 100644 --- a/src/ssvc/dp_groups/ssvc/coordinator_publication.py +++ b/src/ssvc/dp_groups/ssvc/coordinator_publication.py @@ -33,7 +33,7 @@ COORDINATOR_PUBLICATION_1 = DecisionPointGroup( name="Coordinator Publication", - description="The decision points used by the coordinator during publication.", + definition="The decision points used by the coordinator during publication.", version="1.0.0", decision_points=( SUPPLIER_INVOLVEMENT_1, diff --git a/src/ssvc/dp_groups/ssvc/coordinator_triage.py b/src/ssvc/dp_groups/ssvc/coordinator_triage.py index fa0f1e8d..b24a5e74 100644 --- a/src/ssvc/dp_groups/ssvc/coordinator_triage.py +++ b/src/ssvc/dp_groups/ssvc/coordinator_triage.py @@ -41,7 +41,7 @@ COORDINATOR_TRIAGE_1 = DecisionPointGroup( name="Coordinator Triage", - description="The decision points used by the coordinator during triage.", + definition="The decision points used by the coordinator during triage.", version="1.0.0", decision_points=( REPORT_PUBLIC_1, diff --git a/src/ssvc/dp_groups/ssvc/deployer.py b/src/ssvc/dp_groups/ssvc/deployer.py index 4473746c..80654d15 100644 --- a/src/ssvc/dp_groups/ssvc/deployer.py +++ b/src/ssvc/dp_groups/ssvc/deployer.py @@ -42,7 +42,7 @@ PATCH_APPLIER_1 = DecisionPointGroup( name="SSVC Patch Applier", - description="The decision points used by the patch applier.", + definition="The decision points used by the patch applier.", version="1.0.0", decision_points=( EXPLOITATION_1, @@ -68,7 +68,7 @@ # SSVC v2 DEPLOYER_2 = DecisionPointGroup( name="SSVC Deployer", - description="The decision points used by the deployer.", + definition="The decision points used by the deployer.", version="2.0.0", decision_points=( EXPLOITATION_1, @@ -102,7 +102,7 @@ DEPLOYER_3 = DecisionPointGroup( name="SSVC Deployer", - description="The decision points used by the deployer.", + definition="The decision points used by the deployer.", version="3.0.0", decision_points=( EXPLOITATION_1, diff --git a/src/ssvc/dp_groups/ssvc/supplier.py b/src/ssvc/dp_groups/ssvc/supplier.py index f7a73c13..28557a2e 100644 --- a/src/ssvc/dp_groups/ssvc/supplier.py +++ b/src/ssvc/dp_groups/ssvc/supplier.py @@ -34,7 +34,7 @@ PATCH_DEVELOPER_1 = DecisionPointGroup( name="SSVC Patch Developer", - description="The decision points used by the patch developer.", + definition="The decision points used by the patch developer.", version="1.0.0", decision_points=( EXPLOITATION_1, @@ -64,7 +64,7 @@ # SSVC v2 renamed to SSVC Supplier SUPPLIER_2 = DecisionPointGroup( name="SSVC Supplier", - description="The decision points used by the supplier.", + definition="The decision points used by the supplier.", version="2.0.0", decision_points=( EXPLOITATION_1, diff --git a/src/ssvc/outcomes/basic/ike.py b/src/ssvc/outcomes/basic/ike.py index e18f3c7e..1f669d78 100644 --- a/src/ssvc/outcomes/basic/ike.py +++ b/src/ssvc/outcomes/basic/ike.py @@ -29,22 +29,18 @@ from ssvc.decision_points.helpers import print_versions_and_diffs from ssvc.namespaces import NameSpace -_DELETE = DecisionPointValue(name="Delete", key="D", description="Delete") +_DELETE = DecisionPointValue(name="Delete", key="D", definition="Delete") -_DELEGATE = DecisionPointValue( - name="Delegate", key="G", description="Delegate" -) +_DELEGATE = DecisionPointValue(name="Delegate", key="G", definition="Delegate") -_SCHEDULE = DecisionPointValue( - name="Schedule", key="S", description="Schedule" -) +_SCHEDULE = DecisionPointValue(name="Schedule", key="S", definition="Schedule") -_DO = DecisionPointValue(name="Do", key="O", description="Do") +_DO = DecisionPointValue(name="Do", key="O", definition="Do") EISENHOWER = DecisionPoint( name="Do, Schedule, Delegate, Delete", key="IKE", - description="The Eisenhower outcome group.", + definition="The Eisenhower outcome group.", namespace=NameSpace.BASIC, version="1.0.0", values=( diff --git a/src/ssvc/outcomes/basic/lmh.py b/src/ssvc/outcomes/basic/lmh.py index 943b91d6..e9cf759f 100644 --- a/src/ssvc/outcomes/basic/lmh.py +++ b/src/ssvc/outcomes/basic/lmh.py @@ -25,14 +25,14 @@ from ssvc.decision_points.helpers import print_versions_and_diffs from ssvc.namespaces import NameSpace -_LOW = DecisionPointValue(name="Low", key="L", description="Low") -_MEDIUM = DecisionPointValue(name="Medium", key="M", description="Medium") -_HIGH = DecisionPointValue(name="High", key="H", description="High") +_LOW = DecisionPointValue(name="Low", key="L", definition="Low") +_MEDIUM = DecisionPointValue(name="Medium", key="M", definition="Medium") +_HIGH = DecisionPointValue(name="High", key="H", definition="High") V1_0_0 = DecisionPoint( name="LowMediumHigh", key="LMH", - description="A Low/Medium/High decision point / outcome group.", + definition="A Low/Medium/High decision point / outcome group.", version="1.0.0", namespace=NameSpace.BASIC, values=( diff --git a/src/ssvc/outcomes/basic/mscw.py b/src/ssvc/outcomes/basic/mscw.py index 45cb4501..f3d44346 100644 --- a/src/ssvc/outcomes/basic/mscw.py +++ b/src/ssvc/outcomes/basic/mscw.py @@ -28,18 +28,18 @@ from ssvc.decision_points.helpers import print_versions_and_diffs from ssvc.namespaces import NameSpace -_WONT = DecisionPointValue(name="Won't", key="W", description="Won't") +_WONT = DecisionPointValue(name="Won't", key="W", definition="Won't") -_COULD = DecisionPointValue(name="Could", key="C", description="Could") +_COULD = DecisionPointValue(name="Could", key="C", definition="Could") -_SHOULD = DecisionPointValue(name="Should", key="S", description="Should") +_SHOULD = DecisionPointValue(name="Should", key="S", definition="Should") -_MUST = DecisionPointValue(name="Must", key="M", description="Must") +_MUST = DecisionPointValue(name="Must", key="M", definition="Must") MSCW = DecisionPoint( name="MoSCoW", key="MSCW", - description="The MoSCoW (Must, Should, Could, Won't) outcome group.", + definition="The MoSCoW (Must, Should, Could, Won't) outcome group.", version="1.0.0", namespace=NameSpace.BASIC, values=( diff --git a/src/ssvc/outcomes/basic/value_complexity.py b/src/ssvc/outcomes/basic/value_complexity.py index 4d88f335..d197338d 100644 --- a/src/ssvc/outcomes/basic/value_complexity.py +++ b/src/ssvc/outcomes/basic/value_complexity.py @@ -29,24 +29,20 @@ from ssvc.decision_points.helpers import print_versions_and_diffs from ssvc.namespaces import NameSpace -_DROP = DecisionPointValue(name="Drop", key="D", description="Drop") +_DROP = DecisionPointValue(name="Drop", key="D", definition="Drop") _RECONSIDER = DecisionPointValue( - name="Reconsider Later", key="R", description="Reconsider Later" + name="Reconsider Later", key="R", definition="Reconsider Later" ) -_EASY_WIN = DecisionPointValue( - name="Easy Win", key="E", description="Easy Win" -) +_EASY_WIN = DecisionPointValue(name="Easy Win", key="E", definition="Easy Win") -_DO_FIRST = DecisionPointValue( - name="Do First", key="F", description="Do First" -) +_DO_FIRST = DecisionPointValue(name="Do First", key="F", definition="Do First") VALUE_COMPLEXITY = DecisionPoint( name="Value, Complexity", key="VALUE_COMPLEXITY", - description="The Value/Complexity outcome group.", + definition="The Value/Complexity outcome group.", version="1.0.0", namespace=NameSpace.BASIC, values=( diff --git a/src/ssvc/outcomes/basic/yn.py b/src/ssvc/outcomes/basic/yn.py index 62b7d9c1..a947dd9c 100644 --- a/src/ssvc/outcomes/basic/yn.py +++ b/src/ssvc/outcomes/basic/yn.py @@ -25,14 +25,14 @@ from ssvc.decision_points.helpers import print_versions_and_diffs from ssvc.namespaces import NameSpace -_NO = DecisionPointValue(name="No", key="N", description="No") +_NO = DecisionPointValue(name="No", key="N", definition="No") -_YES = DecisionPointValue(name="Yes", key="Y", description="Yes") +_YES = DecisionPointValue(name="Yes", key="Y", definition="Yes") YES_NO = DecisionPoint( name="YesNo", key="YN", - description="A Yes/No decision point / outcome group.", + definition="A Yes/No decision point / outcome group.", version="1.0.0", namespace=NameSpace.BASIC, values=( diff --git a/src/ssvc/outcomes/cisa/scoring.py b/src/ssvc/outcomes/cisa/scoring.py index 3097061a..fedbca80 100644 --- a/src/ssvc/outcomes/cisa/scoring.py +++ b/src/ssvc/outcomes/cisa/scoring.py @@ -27,7 +27,7 @@ _TRACK = DecisionPointValue( name="Track", key="T", - description="The vulnerability does not require action at this time. " + definition="The vulnerability does not require action at this time. " "The organization would continue to track the vulnerability and reassess it if new information becomes available. " "CISA recommends remediating Track vulnerabilities within standard update timelines.", ) @@ -35,14 +35,14 @@ _TRACK_STAR = DecisionPointValue( name="Track*", key="T*", - description="The vulnerability contains specific characteristics that may require closer monitoring for changes. " + definition="The vulnerability contains specific characteristics that may require closer monitoring for changes. " "CISA recommends remediating Track* vulnerabilities within standard update timelines.", ) _ATTEND = DecisionPointValue( name="Attend", key="AT", - description="The vulnerability requires attention from the organization's internal, supervisory-level individuals. " + definition="The vulnerability requires attention from the organization's internal, supervisory-level individuals. " "Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. " "CISA recommends remediating Attend vulnerabilities sooner than standard update timelines.", ) @@ -50,7 +50,7 @@ _ACT = DecisionPointValue( name="Act", key="AC", - description="The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. " + definition="The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. " "Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. " "Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. " "CISA recommends remediating Act vulnerabilities as soon as possible.", @@ -59,7 +59,7 @@ CISA = CisaDecisionPoint( name="CISA Levels", key="CISA", - description="The CISA outcome group. " + definition="The CISA outcome group. " "CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", version="1.1.0", values=( diff --git a/src/ssvc/outcomes/cvss/lmhc.py b/src/ssvc/outcomes/cvss/lmhc.py index fae0aeec..e3c5ef79 100644 --- a/src/ssvc/outcomes/cvss/lmhc.py +++ b/src/ssvc/outcomes/cvss/lmhc.py @@ -20,24 +20,24 @@ from ssvc.decision_points.cvss.base import CvssDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -_NONE = DecisionPointValue(name="None", key="N", description="None (0.0)") +_NONE = DecisionPointValue(name="None", key="N", definition="None (0.0)") -_LOW = DecisionPointValue(name="Low", key="L", description="Low (0.1-3.9)") +_LOW = DecisionPointValue(name="Low", key="L", definition="Low (0.1-3.9)") _MEDIUM = DecisionPointValue( - name="Medium", key="M", description="Medium (4.0-6.9)" + name="Medium", key="M", definition="Medium (4.0-6.9)" ) -_HIGH = DecisionPointValue(name="High", key="H", description="High (7.0-8.9)") +_HIGH = DecisionPointValue(name="High", key="H", definition="High (7.0-8.9)") _CRITICAL = DecisionPointValue( - name="Critical", key="C", description="Critical (9.0-10.0)" + name="Critical", key="C", definition="Critical (9.0-10.0)" ) LMHC = CvssDecisionPoint( name="CVSS Qualitative Severity Rating Scale", key="CVSS", - description="The CVSS Qualitative Severity Rating Scale group.", + definition="The CVSS Qualitative Severity Rating Scale group.", version="1.0.0", values=( _NONE, diff --git a/src/ssvc/outcomes/ssvc/coordinate.py b/src/ssvc/outcomes/ssvc/coordinate.py index 4a6705ff..f0dd396b 100644 --- a/src/ssvc/outcomes/ssvc/coordinate.py +++ b/src/ssvc/outcomes/ssvc/coordinate.py @@ -20,33 +20,33 @@ from ssvc.decision_points.helpers import print_versions_and_diffs from ssvc.decision_points.ssvc.base import SsvcDecisionPoint -_DECLINE = DecisionPointValue(name="Decline", key="D", description="Decline") +_DECLINE = DecisionPointValue(name="Decline", key="D", definition="Decline") -_TRACK = DecisionPointValue(name="Track", key="T", description="Track") +_TRACK = DecisionPointValue(name="Track", key="T", definition="Track") _COORDINATE = DecisionPointValue( - name="Coordinate", key="C", description="Coordinate" + name="Coordinate", key="C", definition="Coordinate" ) _DECLINE_2 = DecisionPointValue( - name="Decline", key="D", description="Do not act on the report." + name="Decline", key="D", definition="Do not act on the report." ) _TRACK_2 = DecisionPointValue( name="Track", key="T", - description="Receive information about the vulnerability and monitor for status changes but do not take any overt actions.", + definition="Receive information about the vulnerability and monitor for status changes but do not take any overt actions.", ) _COORDINATE_2 = DecisionPointValue( name="Coordinate", key="C", - description="Take action on the report.", + definition="Take action on the report.", ) COORDINATE = SsvcDecisionPoint( name="Decline, Track, Coordinate", key="COORDINATE", - description="The coordinate outcome group.", + definition="The coordinate outcome group.", version="1.0.0", values=( _DECLINE, @@ -62,7 +62,7 @@ COORDINATE_1_0_1 = SsvcDecisionPoint( name="Decline, Track, Coordinate", key="COORDINATE", - description="The coordinate outcome group.", + definition="The coordinate outcome group.", version="1.0.1", values=( _DECLINE_2, diff --git a/src/ssvc/outcomes/ssvc/dsoi.py b/src/ssvc/outcomes/ssvc/dsoi.py index 0f6cc8f5..fbfc407a 100644 --- a/src/ssvc/outcomes/ssvc/dsoi.py +++ b/src/ssvc/outcomes/ssvc/dsoi.py @@ -25,24 +25,24 @@ from ssvc.decision_points.helpers import print_versions_and_diffs from ssvc.decision_points.ssvc.base import SsvcDecisionPoint -_DEFER = DecisionPointValue(name="Defer", key="D", description="Defer") +_DEFER = DecisionPointValue(name="Defer", key="D", definition="Defer") _SCHEDULED = DecisionPointValue( - name="Scheduled", key="S", description="Scheduled" + name="Scheduled", key="S", definition="Scheduled" ) _OUT_OF_CYCLE = DecisionPointValue( - name="Out-of-Cycle", key="O", description="Out-of-Cycle" + name="Out-of-Cycle", key="O", definition="Out-of-Cycle" ) _IMMEDIATE = DecisionPointValue( - name="Immediate", key="I", description="Immediate" + name="Immediate", key="I", definition="Immediate" ) DSOI = SsvcDecisionPoint( name="Defer, Scheduled, Out-of-Cycle, Immediate", key="DSOI", - description="The original SSVC outcome group.", + definition="The original SSVC outcome group.", version="1.0.0", values=( _DEFER, diff --git a/src/ssvc/outcomes/ssvc/publish.py b/src/ssvc/outcomes/ssvc/publish.py index bcc2eb13..ae93bd55 100644 --- a/src/ssvc/outcomes/ssvc/publish.py +++ b/src/ssvc/outcomes/ssvc/publish.py @@ -24,15 +24,15 @@ from ssvc.decision_points.ssvc.base import SsvcDecisionPoint _DO_NOT_PUBLISH = DecisionPointValue( - name="Do Not Publish", key="N", description="Do Not Publish" + name="Do Not Publish", key="N", definition="Do Not Publish" ) -_PUBLISH = DecisionPointValue(name="Publish", key="P", description="Publish") +_PUBLISH = DecisionPointValue(name="Publish", key="P", definition="Publish") PUBLISH = SsvcDecisionPoint( name="Publish, Do Not Publish", key="PUBLISH", - description="The publish outcome group.", + definition="The publish outcome group.", version="1.0.0", values=( _DO_NOT_PUBLISH, diff --git a/src/ssvc/outcomes/x_com_yahooinc/paranoids.py b/src/ssvc/outcomes/x_com_yahooinc/paranoids.py index 524cf2c5..55009742 100644 --- a/src/ssvc/outcomes/x_com_yahooinc/paranoids.py +++ b/src/ssvc/outcomes/x_com_yahooinc/paranoids.py @@ -29,26 +29,26 @@ ) from ssvc.decision_points.helpers import print_versions_and_diffs -_TRACK_5 = DecisionPointValue(name="Track 5", key="5", description="Track") +_TRACK_5 = DecisionPointValue(name="Track 5", key="5", definition="Track") _TRACK_CLOSELY_4 = DecisionPointValue( - name="Track Closely 4", key="4", description="Track Closely" + name="Track Closely 4", key="4", definition="Track Closely" ) -_ATTEND_3 = DecisionPointValue(name="Attend 3", key="3", description="Attend") +_ATTEND_3 = DecisionPointValue(name="Attend 3", key="3", definition="Attend") -_ATTEND_2 = DecisionPointValue(name="Attend 2", key="2", description="Attend") +_ATTEND_2 = DecisionPointValue(name="Attend 2", key="2", definition="Attend") -_ACT_1 = DecisionPointValue(name="Act 1", key="1", description="Act") +_ACT_1 = DecisionPointValue(name="Act 1", key="1", definition="Act") _ACT_ASAP_0 = DecisionPointValue( - name="Act ASAP 0", key="0", description="Act ASAP" + name="Act ASAP 0", key="0", definition="Act ASAP" ) THE_PARANOIDS = DecisionPoint( name="theParanoids", key="PARANOIDS", - description="PrioritizedRiskRemediation outcome group based on TheParanoids.", + definition="PrioritizedRiskRemediation outcome group based on TheParanoids.", namespace="x_com.yahooinc#prioritized-risk-remediation", version="1.0.0", values=( diff --git a/src/ssvc/policy_generator.py b/src/ssvc/policy_generator.py index b62302e8..7f4dba3e 100644 --- a/src/ssvc/policy_generator.py +++ b/src/ssvc/policy_generator.py @@ -360,7 +360,7 @@ def main(): dpg = DecisionPointGroup( name="Dummy Decision Point Group", - description="Dummy decision point group", + definition="Dummy decision point group", version="1.0.0", decision_points=( EXPLOITATION_1, diff --git a/src/ssvc/registry/__init__.py b/src/ssvc/registry/__init__.py index eb203c91..612c34e7 100644 --- a/src/ssvc/registry/__init__.py +++ b/src/ssvc/registry/__init__.py @@ -40,7 +40,7 @@ def get_registry() -> "SsvcObjectRegistry": if _REGISTRY is None: _REGISTRY = SsvcObjectRegistry( name="SSVC Object Registry", - description="A registry for SSVC objects organized by type, namespace, key, and version.", + definition="A registry for SSVC objects organized by type, namespace, key, and version.", ) return _REGISTRY diff --git a/src/ssvc/registry/base.py b/src/ssvc/registry/base.py index afc00faf..617180cb 100644 --- a/src/ssvc/registry/base.py +++ b/src/ssvc/registry/base.py @@ -354,9 +354,9 @@ def _compare(new: _RegisterableClass, existing: _RegisterableClass) -> None: else: should_be_version = True - if existing.description != new.description: + if existing.definition != new.definition: diffs.append( - f"Description mismatch: {existing.description} != {new.description}" + f"Description mismatch: {existing.definition} != {new.definition}" ) if hasattr(existing, "values") and hasattr(new, "values"): diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 6e8a09cd..766a398b 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -64,7 +64,7 @@ def set_optional_fields(cls, data): if "name" not in data: data["name"] = "" if "description" not in data: - data["description"] = "" + data["definition"] = "" return data @@ -76,8 +76,8 @@ def validate_values(cls, data): """ if not data.name: data.name = None - if not data.description: - data.description = None + if not data.definition: + data.definition = None return data @@ -141,15 +141,15 @@ def set_optional_fields(cls, data): if "name" not in data: data["name"] = "" if "description" not in data: - data["description"] = "" + data["definition"] = "" return data @model_validator(mode="after") def validate_values(cls, data): if not data.name: data.name = None - if not data.description: - data.description = None + if not data.definition: + data.definition = None return data def model_json_schema(cls, **kwargs): diff --git a/src/test/api/routers/test_decision_point.py b/src/test/api/routers/test_decision_point.py index efbdc7a1..6132f0f7 100644 --- a/src/test/api/routers/test_decision_point.py +++ b/src/test/api/routers/test_decision_point.py @@ -33,7 +33,7 @@ def setUp(self): # create a new registry for testing self.r = SsvcObjectRegistry( - name="test registry", description="test registry" + name="test registry", definition="test registry" ) self.r.reset(force=True) # make sure it's empty @@ -47,10 +47,10 @@ def setUp(self): key="A", version="1.0.0", name="Test Decision Point", - description="This is a test decision point.", + definition="This is a test decision point.", values=( - DecisionPointValue(name="value1", description=".", key="K1"), - DecisionPointValue(name="value2", description=".", key="K2"), + DecisionPointValue(name="value1", definition=".", key="K1"), + DecisionPointValue(name="value2", definition=".", key="K2"), ), registered=False, ) diff --git a/src/test/api/routers/test_decision_points.py b/src/test/api/routers/test_decision_points.py index 843fd95e..9aad4442 100644 --- a/src/test/api/routers/test_decision_points.py +++ b/src/test/api/routers/test_decision_points.py @@ -37,17 +37,17 @@ def setUp(self): key="key1", version="1.0.0", name="Test DP", - description="desc", + definition="desc", values=( DecisionPointValue( key="value1", name="Value 1", - description="Description for value 1", + definition="Description for value 1", ), DecisionPointValue( key="value2", name="Value 2", - description="Description for value 2", + definition="Description for value 2", ), ), ) diff --git a/src/test/api/routers/test_decision_table.py b/src/test/api/routers/test_decision_table.py index b605120f..f4a3c777 100644 --- a/src/test/api/routers/test_decision_table.py +++ b/src/test/api/routers/test_decision_table.py @@ -34,7 +34,7 @@ def setUp(self): # create a new registry for testing self.r = SsvcObjectRegistry( - name="test registry", description="test registry" + name="test registry", definition="test registry" ) self.r.reset(force=True) # make sure it's empty @@ -48,11 +48,11 @@ def setUp(self): key="A", version="1.0.0", name="Test Decision Point", - description="This is a test decision point.", + definition="This is a test decision point.", values=( - DecisionPointValue(name="value1", description=".", key="K1"), - DecisionPointValue(name="value2", description=".", key="K2"), - DecisionPointValue(name="value3", description=".", key="K3"), + DecisionPointValue(name="value1", definition=".", key="K1"), + DecisionPointValue(name="value2", definition=".", key="K2"), + DecisionPointValue(name="value3", definition=".", key="K3"), ), registered=False, ) @@ -61,10 +61,10 @@ def setUp(self): key="B", version="1.0.0", name="Test Decision Point", - description="This is a test decision point.", + definition="This is a test decision point.", values=( - DecisionPointValue(name="value1", description=".", key="K1"), - DecisionPointValue(name="value2", description=".", key="K2"), + DecisionPointValue(name="value1", definition=".", key="K1"), + DecisionPointValue(name="value2", definition=".", key="K2"), ), registered=False, ) @@ -73,7 +73,7 @@ def setUp(self): key="DT_1", version="1.0.0", name="Test Decision Table", - description="This is a test decision table.", + definition="This is a test decision table.", decision_points={dp.id: dp for dp in (self.dp1, self.dp2)}, outcome=self.dp2.id, registered=False, diff --git a/src/test/api/routers/test_decision_tables.py b/src/test/api/routers/test_decision_tables.py index 46159b5b..7330f3a7 100644 --- a/src/test/api/routers/test_decision_tables.py +++ b/src/test/api/routers/test_decision_tables.py @@ -37,7 +37,7 @@ def setUp(self): # create a new registry for testing self.r = SsvcObjectRegistry( - name="test registry", description="test registry" + name="test registry", definition="test registry" ) self.r.reset(force=True) # make sure it's empty @@ -50,11 +50,11 @@ def setUp(self): key="A", version="1.0.0", name="Test Decision Point", - description="This is a test decision point.", + definition="This is a test decision point.", values=( - DecisionPointValue(name="value1", description=".", key="K1"), - DecisionPointValue(name="value2", description=".", key="K2"), - DecisionPointValue(name="value3", description=".", key="K3"), + DecisionPointValue(name="value1", definition=".", key="K1"), + DecisionPointValue(name="value2", definition=".", key="K2"), + DecisionPointValue(name="value3", definition=".", key="K3"), ), registered=False, ) @@ -63,10 +63,10 @@ def setUp(self): key="B", version="1.0.0", name="Test Decision Point", - description="This is a test decision point.", + definition="This is a test decision point.", values=( - DecisionPointValue(name="value1", description=".", key="K1"), - DecisionPointValue(name="value2", description=".", key="K2"), + DecisionPointValue(name="value1", definition=".", key="K1"), + DecisionPointValue(name="value2", definition=".", key="K2"), ), registered=False, ) @@ -75,7 +75,7 @@ def setUp(self): key="DT_1", version="1.0.0", name="Test Decision Table", - description="This is a test decision table.", + definition="This is a test decision table.", decision_points={dp.id: dp for dp in (self.dp1, self.dp2)}, outcome=self.dp2.id, registered=False, diff --git a/src/test/api/routers/test_objects.py b/src/test/api/routers/test_objects.py index 5f6e2035..ca2386dd 100644 --- a/src/test/api/routers/test_objects.py +++ b/src/test/api/routers/test_objects.py @@ -41,17 +41,17 @@ def setUp(self): key="key1", version="1.0.0", name="Test DP 1", - description="desc1", + definition="desc1", values=( DecisionPointValue( key="value1", name="Value 1", - description="Description for value 1", + definition="Description for value 1", ), DecisionPointValue( key="value2", name="Value 2", - description="Description for value 2", + definition="Description for value 2", ), ), ) @@ -60,17 +60,17 @@ def setUp(self): key="key2", version="1.0.0", name="Test DP 2", - description="desc2", + definition="desc2", values=( DecisionPointValue( key="value1", name="Value 1", - description="Description for value 1", + definition="Description for value 1", ), DecisionPointValue( key="value2", name="Value 2", - description="Description for value 2", + definition="Description for value 2", ), ), ) @@ -79,22 +79,22 @@ def setUp(self): key="key3", version="1.0.0", name="Test DP 3", - description="desc3", + definition="desc3", values=( DecisionPointValue( key="value1", name="Value 1", - description="Description for value 1", + definition="Description for value 1", ), DecisionPointValue( key="value2", name="Value 2", - description="Description for value 2", + definition="Description for value 2", ), DecisionPointValue( key="value3", name="Value 3", - description="Description for value 3", + definition="Description for value 3", ), ), ) @@ -103,7 +103,7 @@ def setUp(self): key="key2", version="2.0.0", name="Test DT", - description="desc", + definition="desc", decision_points={ dp.id: dp for dp in (self.dp1, self.dp2, self.dp3) }, @@ -139,7 +139,7 @@ def test_get_decision_table_success(self, mock_lookup): self.assertEqual(response.json()["key"], dt.key) self.assertEqual(response.json()["version"], dt.version) self.assertEqual(response.json()["name"], dt.name) - self.assertEqual(response.json()["description"], dt.description) + self.assertEqual(response.json()["definition"], dt.definition) @patch("ssvc.api.routers.objects.lookup_by_id") def test_get_decision_table_not_found(self, mock_lookup): diff --git a/src/test/decision_points/test_cvss_helpers.py b/src/test/decision_points/test_cvss_helpers.py index 52eabd18..2937eac4 100644 --- a/src/test/decision_points/test_cvss_helpers.py +++ b/src/test/decision_points/test_cvss_helpers.py @@ -30,24 +30,24 @@ def fake_ms_impacts() -> list[CvssDecisionPoint]: for key in ["MSC", "MSI", "MSA"]: dp = CvssDecisionPoint( name=f"{key} test", - description=f"{key} test", + definition=f"{key} test", version="1.0.0", key=key, values=( DecisionPointValue( name="None", key="N", - description="No impact", + definition="No impact", ), DecisionPointValue( name="Low", key="L", - description="Low impact", + definition="Low impact", ), DecisionPointValue( name="High", key="H", - description="High impact", + definition="High impact", ), ), ) @@ -66,18 +66,18 @@ def setUp(self) -> None: for i in range(3): dp = CvssDecisionPoint( name=f"test_{i}", - description=f"test_{i}", + definition=f"test_{i}", version="1.0.0", key=f"TDP{i}", values=( DecisionPointValue( name=f"yes_{i}", - description=f"yes_{i}", + definition=f"yes_{i}", key=f"Y{i}", ), DecisionPointValue( name=f"no_{i}", - description=f"no_{i}", + definition=f"no_{i}", key=f"N{i}", ), ), diff --git a/src/test/decision_points/test_dp_base.py b/src/test/decision_points/test_dp_base.py index 20807d60..36e08f23 100644 --- a/src/test/decision_points/test_dp_base.py +++ b/src/test/decision_points/test_dp_base.py @@ -42,14 +42,14 @@ def setUp(self) -> None: for i in range(3): self.values.append( base.DecisionPointValue( - name=f"foo{i}", key=f"bar{i}", description=f"baz{i}" + name=f"foo{i}", key=f"bar{i}", definition=f"baz{i}" ) ) self.dp = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( name="foo", key="bar", - description="baz", + definition="baz", version="1.0.0", namespace="test", values=tuple(self.values), @@ -83,7 +83,7 @@ def test_registry(self): dp = ssvc.decision_points.ssvc.base.SsvcDecisionPoint( name="testdp", key="asdfasdf", - description="asdfasdf", + definition="asdfasdf", version="1.33.1", namespace="test", values=tuple(self.values), @@ -104,7 +104,7 @@ def test_ssvc_value(self): # should have name, key, description self.assertEqual(obj.name, f"foo{i}") self.assertEqual(obj.key, f"bar{i}") - self.assertEqual(obj.description, f"baz{i}") + self.assertEqual(obj.definition, f"baz{i}") # should not have namespace, version self.assertFalse(hasattr(obj, "namespace")) @@ -115,7 +115,7 @@ def test_ssvc_decision_point(self): # should have name, key, description, values, version, namespace self.assertEqual(obj.name, "foo") self.assertEqual(obj.key, "bar") - self.assertEqual(obj.description, "baz") + self.assertEqual(obj.definition, "baz") self.assertEqual(obj.version, "1.0.0") self.assertEqual(obj.namespace, "test") self.assertEqual(len(self.values), len(obj.values)) diff --git a/src/test/decision_points/test_dp_helpers.py b/src/test/decision_points/test_dp_helpers.py index 40b47276..a07f2df0 100644 --- a/src/test/decision_points/test_dp_helpers.py +++ b/src/test/decision_points/test_dp_helpers.py @@ -29,19 +29,19 @@ def setUp(self) -> None: self.dp1 = DecisionPoint( name="Test DP", key="test_dp", - description="This is a test decision point", + definition="This is a test decision point", version="1.0.0", namespace="test", values=( DecisionPointValue( name="Yes", key="yes", - description="Yes", + definition="Yes", ), DecisionPointValue( name="No", key="no", - description="No", + definition="No", ), ), ) @@ -54,7 +54,7 @@ def test_maybe_new_obj(self): # if name, key, and description are the same, then it's not a new object self.assertEqual(self.dp1.name, self.dp2.name) self.assertEqual(self.dp1.key, self.dp2.key) - self.assertEqual(self.dp1.description, self.dp2.description) + self.assertEqual(self.dp1.definition, self.dp2.definition) results = dp_diff(self.dp1, self.dp2) text = "\n".join(results) @@ -71,7 +71,7 @@ def test_maybe_new_obj(self): text = "\n".join(results) self.assertNotIn("new object", text) - self.dp2.description = "This is a new test decision point" + self.dp2.definition = "This is a new test decision point" results = dp_diff(self.dp1, self.dp2) text = "\n".join(results) @@ -101,7 +101,7 @@ def test_major_version(self): DecisionPointValue( name="Maybe", key="maybe", - description="Maybe", + definition="Maybe", ) ) self.dp2.values = tuple(vals) @@ -120,7 +120,7 @@ def test_minor_version_when_new_option_added(self): DecisionPointValue( name="Maybe", key="maybe", - description="Maybe", + definition="Maybe", ) ) self.dp2.values = tuple(vals) @@ -165,7 +165,7 @@ def test_patch_version_when_description_changes(self): # * the decision point description changes in a way that does not affect # semantics, _OR_ - self.dp2.description = "This is a new test decision point" + self.dp2.definition = "This is a new test decision point" results = dp_diff(self.dp1, self.dp2) text = "\n".join(results) self.assertIn("patch", text) @@ -173,7 +173,7 @@ def test_patch_version_when_description_changes(self): def test_patch_version_when_value_description_changes(self): # * a value description changes in a way that does not affect semantics self.dp2.values = deepcopy(self.dp1.values) - self.dp2.values[0].description = "New Yes" + self.dp2.values[0].definition = "New Yes" results = dp_diff(self.dp1, self.dp2) text = "\n".join(results) self.assertIn("patch", text) diff --git a/src/test/decision_tables/test_base.py b/src/test/decision_tables/test_base.py index d52172cb..e494a9cc 100644 --- a/src/test/decision_tables/test_base.py +++ b/src/test/decision_tables/test_base.py @@ -43,29 +43,29 @@ def setUp(self): # Create dummy decision point values self.dp1v1 = DecisionPointValue( - name="a", key="a", description="A value" + name="a", key="a", definition="A value" ) self.dp1v2 = DecisionPointValue( - name="b", key="b", description="B value" + name="b", key="b", definition="B value" ) self.dp2v1 = DecisionPointValue( - name="x", key="x", description="X value" + name="x", key="x", definition="X value" ) self.dp2v2 = DecisionPointValue( - name="y", key="y", description="Y value" + name="y", key="y", definition="Y value" ) self.dp2v3 = DecisionPointValue( - name="z", key="z", description="Z value" + name="z", key="z", definition="Z value" ) self.dp2v4 = DecisionPointValue( - name="w", key="w", description="W value" + name="w", key="w", definition="W value" ) # Create dummy decision points and group self.dp1 = DecisionPoint( name="dp1", - description="description for dp1", + definition="description for dp1", version="1.0.0", namespace="test", key="dp1", @@ -73,7 +73,7 @@ def setUp(self): ) self.dp2 = DecisionPoint( name="dp2", - description="description for dp2", + definition="description for dp2", version="1.0.0", namespace="test", key="dp2", @@ -81,18 +81,18 @@ def setUp(self): ) # Create dummy outcome group self.ogv1 = DecisionPointValue( - name="o1", key="o1", description="Outcome 1" + name="o1", key="o1", definition="Outcome 1" ) self.ogv2 = DecisionPointValue( - name="o2", key="o2", description="Outcome 2" + name="o2", key="o2", definition="Outcome 2" ) self.ogv3 = DecisionPointValue( - name="o3", key="o3", description="Outcome 3" + name="o3", key="o3", definition="Outcome 3" ) self.og = OutcomeGroup( name="outcome", - description="description for outcome", + definition="description for outcome", version="1.0.0", namespace="test", key="outcome", @@ -106,7 +106,7 @@ def setUp(self): key="TEST", namespace="test", name="Test Table", - description="Describes the test table", + definition="Describes the test table", decision_points=self.dpdict, outcome=self.og.id, ) @@ -355,7 +355,7 @@ def test_single_dp_dt(self): # Create a DecisionTable with a single DecisionPoint dp_in = DecisionPoint( name="dp_in", - description="A single decision point", + definition="A single decision point", version="1.0.0", namespace="test", key="dp", @@ -366,7 +366,7 @@ def test_single_dp_dt(self): namespace="test", key="outcome", name="Outcome", - description="Outcome for single DP test", + definition="Outcome for single DP test", version="1.0.0", values=(self.ogv1, self.ogv2, self.ogv3), registered=False, @@ -376,7 +376,7 @@ def test_single_dp_dt(self): key="SINGLE_TEST", namespace="test", name="Single DP Test Table", - description="Describes the single DP test table", + definition="Describes the single DP test table", decision_points={dp.id: dp for dp in [dp_in, dp_out]}, outcome=dp_out.id, registered=False, diff --git a/src/test/dp_groups/test_dp_groups.py b/src/test/dp_groups/test_dp_groups.py index 0894609e..4fe6c24f 100644 --- a/src/test/dp_groups/test_dp_groups.py +++ b/src/test/dp_groups/test_dp_groups.py @@ -32,17 +32,17 @@ def setUp(self) -> None: name=f"Decision Point {i}", key=f"DP_{i}", namespace="test", - description=f"Description of Decision Point {i}", + definition=f"Description of Decision Point {i}", version="1.0.0", values=( DecisionPointValue( - name="foo", key="FOO", description="foo" + name="foo", key="FOO", definition="foo" ), DecisionPointValue( - name="bar", key="BAR", description="bar" + name="bar", key="BAR", definition="bar" ), DecisionPointValue( - name="baz", key="BAZ", description="baz" + name="baz", key="BAZ", definition="baz" ), ), ) @@ -56,7 +56,7 @@ def test_iter(self): # add them to a decision point group g = dpg.DecisionPointGroup( name="Test Group", - description="Test Group", + definition="Test Group", decision_points=self.dps, ) @@ -70,7 +70,7 @@ def test_len(self): # add them to a decision point group g = dpg.DecisionPointGroup( name="Test Group", - description="Test Group", + definition="Test Group", decision_points=self.dps, ) @@ -82,7 +82,7 @@ def test_json_roundtrip(self): # add them to a decision point group g = dpg.DecisionPointGroup( name="Test Group", - description="Test Group", + definition="Test Group", decision_points=self.dps, ) @@ -98,7 +98,7 @@ def test_decision_points_dict(self): # add them to a decision point group g = dpg.DecisionPointGroup( name="Test Group", - description="Test Group", + definition="Test Group", decision_points=self.dps, ) diff --git a/src/test/outcomes/test_outcomes.py b/src/test/outcomes/test_outcomes.py index ee58e507..79b8545e 100644 --- a/src/test/outcomes/test_outcomes.py +++ b/src/test/outcomes/test_outcomes.py @@ -27,27 +27,27 @@ class MyTestCase(unittest.TestCase): def test_outcome_value(self): for x in ALPHABET: - ov = OutcomeValue(key=x, name=x, description=x) + ov = OutcomeValue(key=x, name=x, definition=x) self.assertEqual(ov.key, x) self.assertEqual(ov.name, x) - self.assertEqual(ov.description, x) + self.assertEqual(ov.definition, x) def test_outcome_group(self): values = [] for x in ALPHABET: - values.append(OutcomeValue(key=x, name=x, description=x)) + values.append(OutcomeValue(key=x, name=x, definition=x)) og = OutcomeGroup( name="Outcome Group", key="OGX", - description="an outcome group", + definition="an outcome group", namespace="test", values=tuple(values), ) self.assertEqual(og.name, "Outcome Group") self.assertEqual(og.key, "OGX") - self.assertEqual(og.description, "an outcome group") + self.assertEqual(og.definition, "an outcome group") self.assertEqual(len(og), len(ALPHABET)) @@ -55,7 +55,7 @@ def test_outcome_group(self): for i, letter in enumerate(ALPHABET): self.assertEqual(og_outcomes[i].key, letter) self.assertEqual(og_outcomes[i].name, letter) - self.assertEqual(og_outcomes[i].description, letter) + self.assertEqual(og_outcomes[i].definition, letter) if __name__ == "__main__": diff --git a/src/test/registry/test_base.py b/src/test/registry/test_base.py index 793a99fa..9f28ea61 100644 --- a/src/test/registry/test_base.py +++ b/src/test/registry/test_base.py @@ -33,7 +33,7 @@ class RegistryTestCase(unittest.TestCase): def setUp(self): self.registry = base.SsvcObjectRegistry( - name="test_registry", description="A test registry" + name="test_registry", definition="A test registry" ) main_reg = get_registry() main_reg.reset( @@ -45,7 +45,7 @@ def tearDown(self): def test_empty_init(self): self.assertEqual(self.registry.name, "test_registry") - self.assertEqual(self.registry.description, "A test registry") + self.assertEqual(self.registry.definition, "A test registry") self.assertFalse(self.registry.types) def test_lookup_type(self): @@ -71,16 +71,12 @@ class Dummy: # test with a known type obj = DecisionPoint( name="TestDP", - description="A test decision point", + definition="A test decision point", namespace="test", key="TEST", values=[ - DecisionPointValue( - key="A", name="AAA", description="Option A" - ), - DecisionPointValue( - key="B", name="BBB", description="Option B" - ), + DecisionPointValue(key="A", name="AAA", definition="Option A"), + DecisionPointValue(key="B", name="BBB", definition="Option B"), ], registered=False, ) @@ -91,19 +87,13 @@ class DpSubclass(DecisionPoint): obj2 = DpSubclass( name="TestDP2", - description="Another test decision point", + definition="Another test decision point", namespace="test", key="TEST2", values=[ - DecisionPointValue( - key="A", name="AAA", description="Option A" - ), - DecisionPointValue( - key="B", name="BBB", description="Option B" - ), - DecisionPointValue( - key="C", name="CCC", description="Option C" - ), + DecisionPointValue(key="A", name="AAA", definition="Option A"), + DecisionPointValue(key="B", name="BBB", definition="Option B"), + DecisionPointValue(key="C", name="CCC", definition="Option C"), ], registered=False, ) @@ -114,17 +104,13 @@ def test_valued_version(self): dp = DecisionPoint( name="TestDP", - description="A test decision point", + definition="A test decision point", namespace="test", version="2.0.0", key="TEST", values=[ - DecisionPointValue( - key="A", name="AAA", description="Option A" - ), - DecisionPointValue( - key="B", name="BBB", description="Option B" - ), + DecisionPointValue(key="A", name="AAA", definition="Option A"), + DecisionPointValue(key="B", name="BBB", definition="Option B"), ], registered=False, ) @@ -142,23 +128,13 @@ def test_nonvalued_version(self): key="TEST", version="2.0.0", name="TestDP", - description="A test decision point", + definition="A test decision point", values=( - DecisionPointValue( - key="A", name="AAA", description="Option A" - ), - DecisionPointValue( - key="B", name="BBB", description="Option B" - ), - DecisionPointValue( - key="C", name="CCC", description="Option C" - ), - DecisionPointValue( - key="D", name="DDD", description="Option D" - ), - DecisionPointValue( - key="E", name="EEE", description="Option E" - ), + DecisionPointValue(key="A", name="AAA", definition="Option A"), + DecisionPointValue(key="B", name="BBB", definition="Option B"), + DecisionPointValue(key="C", name="CCC", definition="Option C"), + DecisionPointValue(key="D", name="DDD", definition="Option D"), + DecisionPointValue(key="E", name="EEE", definition="Option E"), ), registered=False, ) @@ -167,17 +143,11 @@ def test_nonvalued_version(self): key="TEST2", version="2.0.0", name="TestDP", - description="A test decision point", + definition="A test decision point", values=( - DecisionPointValue( - key="A", name="AAA", description="Option A" - ), - DecisionPointValue( - key="B", name="BBB", description="Option B" - ), - DecisionPointValue( - key="C", name="CCC", description="Option C" - ), + DecisionPointValue(key="A", name="AAA", definition="Option A"), + DecisionPointValue(key="B", name="BBB", definition="Option B"), + DecisionPointValue(key="C", name="CCC", definition="Option C"), ), registered=False, ) @@ -187,10 +157,10 @@ def test_nonvalued_version(self): key="TEST3", version="2.0.0", name="TestDP2", - description="A test decision point", + definition="A test decision point", values=( - DecisionPointValue(key="A", name="A", description="Outcome A"), - DecisionPointValue(key="B", name="B", description="Outcome B"), + DecisionPointValue(key="A", name="A", definition="Outcome A"), + DecisionPointValue(key="B", name="B", definition="Outcome B"), ), registered=False, ) @@ -200,7 +170,7 @@ def test_nonvalued_version(self): key="TEST_DT", version="2.0.0", name="TestDT", - description="A test decision table", + definition="A test decision table", decision_points={dp.id: dp for dp in [dp1, dp2, dp3]}, outcome=dp3.id, ) @@ -227,7 +197,7 @@ def test_key(self, mock_valued_version, mock_nonvalued_version): mockobj1.namespace = "test" mockobj1.version = "1.0.0" mockobj1.name = "Test Object" - mockobj1.description = "A test object" + mockobj1.definition = "A test object" mockobj1.id = "test-id" mockobj1.model_dump_json.return_value = "{}" mockobj1.values = [] @@ -240,7 +210,7 @@ def test_key(self, mock_valued_version, mock_nonvalued_version): mockobj2.version = "2.0.0" mockobj2.namespace = "test" mockobj2.name = "Test Object" - mockobj2.description = "A test object" + mockobj2.definition = "A test object" mockobj2.id = "test-id" mockobj2.model_dump_json.return_value = "{}" mockobj2.values = [] @@ -268,16 +238,12 @@ def test__insert(self): dp = DecisionPoint( name="TestDP", - description="A test decision point", + definition="A test decision point", namespace="test", key="TEST", values=[ - DecisionPointValue( - key="A", name="AAA", description="Option A" - ), - DecisionPointValue( - key="B", name="BBB", description="Option B" - ), + DecisionPointValue(key="A", name="AAA", definition="Option A"), + DecisionPointValue(key="B", name="BBB", definition="Option B"), ], registered=False, ) @@ -302,32 +268,26 @@ def test__compare(self): dp1 = DecisionPoint( name="TestDP", - description="A test decision point", + definition="A test decision point", namespace="test", key="TEST", values=[ - DecisionPointValue( - key="A", name="AAA", description="Option A" - ), - DecisionPointValue( - key="B", name="BBB", description="Option B" - ), + DecisionPointValue(key="A", name="AAA", definition="Option A"), + DecisionPointValue(key="B", name="BBB", definition="Option B"), ], registered=False, ) dp2 = DecisionPoint( name="TestDP2", - description="A test decision point", + definition="A test decision point", namespace="test", key="TEST", values=[ DecisionPointValue( - key="AA", name="AAAA", description="Option A" - ), - DecisionPointValue( - key="B", name="BBB", description="Option B" + key="AA", name="AAAA", definition="Option A" ), + DecisionPointValue(key="B", name="BBB", definition="Option B"), ], registered=False, ) @@ -356,16 +316,16 @@ def test_lookup_latest(self): dp = DecisionPoint( name="TestDP", - description="A test decision point", + definition="A test decision point", namespace="test", key="TEST", version=version, values=[ DecisionPointValue( - key="A", name=f"AAA{v}", description="Option A" + key="A", name=f"AAA{v}", definition="Option A" ), DecisionPointValue( - key="B", name="BBB", description="Option B" + key="B", name="BBB", definition="Option B" ), ], registered=False, diff --git a/src/test/test_doc_helpers.py b/src/test/test_doc_helpers.py index 08309a07..3a139210 100644 --- a/src/test/test_doc_helpers.py +++ b/src/test/test_doc_helpers.py @@ -28,15 +28,15 @@ def setUp(self): self.dp = DecisionPoint( namespace="test", name="test name", - description="test description", + definition="test description", key="TK", version="1.0.0", values=( DecisionPointValue( - name="A", key="A", description="A Definition" + name="A", key="A", definition="A Definition" ), DecisionPointValue( - name="B", key="B", description="B Definition" + name="B", key="B", definition="B Definition" ), ), ) @@ -84,7 +84,7 @@ def test_example_block(self): for value in self.dp.values: self.assertIn(value.name, result) - self.assertIn(value.description, result) + self.assertIn(value.definition, result) if __name__ == "__main__": diff --git a/src/test/test_doctools.py b/src/test/test_doctools.py index 49d579bf..895da687 100644 --- a/src/test/test_doctools.py +++ b/src/test/test_doctools.py @@ -36,10 +36,10 @@ "version": "1.0.0", "key": "DPT", "name": "Decision Point Test", - "description": "This is a test decision point.", + "definition": "This is a test decision point.", "values": ( - {"key": "N", "name": "No", "description": "No means no"}, - {"key": "Y", "name": "Yes", "description": "Yes means yes"}, + {"key": "N", "name": "No", "definition": "No means no"}, + {"key": "Y", "name": "Yes", "definition": "Yes means yes"}, ), } diff --git a/src/test/test_mixins.py b/src/test/test_mixins.py index e6db69fc..decba16f 100644 --- a/src/test/test_mixins.py +++ b/src/test/test_mixins.py @@ -30,17 +30,17 @@ _Versioned, ) from ssvc.namespaces import NameSpace -from ssvc.utils.defaults import DEFAULT_VERSION, MAX_NS_LENGTH +from ssvc.utils.defaults import DEFAULT_VERSION class TestMixins(unittest.TestCase): def setUp(self) -> None: - self.obj = _Base(name="foo", description="baz") + self.obj = _Base(name="foo", definition="baz") def test_ssvc_base_create(self): - obj = _Base(name="foo", description="baz") + obj = _Base(name="foo", definition="baz") self.assertEqual(obj.name, "foo") - self.assertEqual(obj.description, "baz") + self.assertEqual(obj.definition, "baz") # empty self.assertRaises(ValidationError, _Base) @@ -55,16 +55,16 @@ def test_json_roundtrip(self): # is it a string? self.assertIsInstance(json, str) # does it look right? - self.assertEqual(json, '{"name":"foo","description":"baz"}') + self.assertEqual(json, '{"name":"foo","definition":"baz"}') # modify the raw json string json = json.replace("foo", "quux") - self.assertEqual(json, '{"name":"quux","description":"baz"}') + self.assertEqual(json, '{"name":"quux","definition":"baz"}') # does it load? obj2 = _Base.model_validate_json(json) self.assertEqual(obj2.name, "quux") - self.assertEqual(obj2.description, "baz") + self.assertEqual(obj2.definition, "baz") def test_asdict_roundtrip(self): @@ -73,7 +73,7 @@ def test_asdict_roundtrip(self): self.assertIsInstance(d, dict) self.assertEqual(d["name"], "foo") - self.assertEqual(d["description"], "baz") + self.assertEqual(d["definition"], "baz") # modify the dict d["name"] = "quux" @@ -81,7 +81,7 @@ def test_asdict_roundtrip(self): # does it load? obj2 = _Base(**d) self.assertEqual(obj2.name, "quux") - self.assertEqual(obj2.description, "baz") + self.assertEqual(obj2.definition, "baz") def test_namespaced_create_errors(self): # error if no namespace given @@ -98,7 +98,6 @@ def test_namespaced_create_errors(self): with self.assertRaises(ValidationError): _Namespaced(namespace="x_") - def test_namespaced_create(self): # use the official namespace values for ns in NameSpace: @@ -213,7 +212,7 @@ class Foo(_Base, *classes, BaseModel): if k in keys_with_defaults: # expect success - obj = Foo(name="foo", description="baz", **args_copy) + obj = Foo(name="foo", definition="baz", **args_copy) # make sure the key is defaulted self.assertIsNotNone(getattr(obj, k)) else: @@ -226,9 +225,9 @@ class Foo(_Base, *classes, BaseModel): ) # instantiate the object - obj = Foo(name="foo", description="baz", **args) + obj = Foo(name="foo", definition="baz", **args) self.assertEqual(obj.name, "foo") - self.assertEqual(obj.description, "baz") + self.assertEqual(obj.definition, "baz") # make sure the args are set for k, v in args.items(): self.assertEqual(getattr(obj, k), v) @@ -239,7 +238,7 @@ class Foo(_Base, *classes, BaseModel): self.assertIsInstance(json, str) # does it look right? self.assertIn('"name":"foo"', json) - self.assertIn('"description":"baz"', json) + self.assertIn('"definition":"baz"', json) for k, v in args.items(): self.assertIn(f'"{k}":"{v}"', json) # change the name and description @@ -248,7 +247,7 @@ class Foo(_Base, *classes, BaseModel): # does it load? obj2 = Foo.model_validate_json(json) self.assertEqual(obj2.name, "quux") - self.assertEqual(obj2.description, "fizz") + self.assertEqual(obj2.definition, "fizz") # make sure the args are set for k, v in args.items(): self.assertEqual(getattr(obj2, k), v) diff --git a/src/test/test_policy_generator.py b/src/test/test_policy_generator.py index f4107456..b486700e 100644 --- a/src/test/test_policy_generator.py +++ b/src/test/test_policy_generator.py @@ -37,31 +37,29 @@ def setUp(self) -> None: self.og = DecisionPoint( name="test", - description="test", + definition="test", key="TEST", namespace="test", values=tuple( [ - DecisionPointValue(key=c, name=c, description=c) + DecisionPointValue(key=c, name=c, definition=c) for c in self.og_names ] ), ) self.dpg = DecisionPointGroup( name="test", - description="test", + definition="test", decision_points=tuple( [ DecisionPoint( name=c, - description=c, + definition=c, key=c, namespace="test", values=tuple( [ - DecisionPointValue( - name=v, key=v, description=v - ) + DecisionPointValue(name=v, key=v, definition=v) for v in self.dp_values ] ), diff --git a/src/test/test_selections.py b/src/test/test_selections.py index a2cf3e13..f548cb72 100644 --- a/src/test/test_selections.py +++ b/src/test/test_selections.py @@ -129,14 +129,14 @@ def test_minimal_decision_point_value_validators(self): # Test set_optional_fields validator value = MinimalDecisionPointValue(key="test_key") self.assertIsNone(value.name) - self.assertIsNone(value.description) + self.assertIsNone(value.definition) # Test with empty strings value_empty = MinimalDecisionPointValue( - key="test_key", name="", description="" + key="test_key", name="", definition="" ) self.assertIsNone(value_empty.name) - self.assertIsNone(value_empty.description) + self.assertIsNone(value_empty.definition) def test_selection_validators(self): """Test the model validators for Selection.""" @@ -148,7 +148,7 @@ def test_selection_validators(self): values=[{"key": "value1"}], ) self.assertIsNone(selection_minimal.name) - self.assertIsNone(selection_minimal.description) + self.assertIsNone(selection_minimal.definition) # Test with empty strings selection_empty = selection.Selection( @@ -157,10 +157,10 @@ def test_selection_validators(self): version="1.0.0", values=[{"key": "value1"}], name="", - description="", + definition="", ) self.assertIsNone(selection_empty.name) - self.assertIsNone(selection_empty.description) + self.assertIsNone(selection_empty.definition) def test_from_decision_point(self): """Test converting a decision point to a selection.""" @@ -288,7 +288,7 @@ def test_target_ids_validation(self): selections=[self.s1], timestamp=datetime.now(), # Invalid: due to duplicates - target_ids=["CVE-1900-1234","CVE-1900-1234"], + target_ids=["CVE-1900-1234", "CVE-1900-1234"], ) def test_add_selection_method(self): diff --git a/src/test/utils/test_toposort.py b/src/test/utils/test_toposort.py index 8f665d4d..52c6206b 100644 --- a/src/test/utils/test_toposort.py +++ b/src/test/utils/test_toposort.py @@ -76,13 +76,13 @@ def setUp(self): name="Decision Point 1", key="DP1", version="1.0.0", - description="Test DP 1", + definition="Test DP 1", values=[ DecisionPointValue( - name="Value 1", key="V1", description="value 1 description" + name="Value 1", key="V1", definition="value 1 description" ), DecisionPointValue( - name="Value 2", key="V2", description="value 2 description" + name="Value 2", key="V2", definition="value 2 description" ), ], ) @@ -91,13 +91,13 @@ def setUp(self): name="Decision Point 2", key="DP2", version="1.0.0", - description="Test DP 2", + definition="Test DP 2", values=[ DecisionPointValue( - name="Value A", key="VA", description="value A description" + name="Value A", key="VA", definition="value A description" ), DecisionPointValue( - name="Value B", key="VB", description="value B description" + name="Value B", key="VB", definition="value B description" ), ], ) From 7bcd925da9b3af074e81288fc21344f9978ee98e Mon Sep 17 00:00:00 2001 From: Bernhard Reiter Date: Wed, 27 Aug 2025 18:17:12 +0200 Subject: [PATCH 352/468] improve json schema pattern * fix use of `\d` in VERSION_PATTERN * remove superfluous comment * (checked against the list at https://pypi.org/project/js-regex/ that there is no python pattern used that javascript does not have) --- src/ssvc/utils/patterns.py | 1 - src/test/test_selections.py | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ssvc/utils/patterns.py b/src/ssvc/utils/patterns.py index c4d790fb..5e6ea5cd 100644 --- a/src/ssvc/utils/patterns.py +++ b/src/ssvc/utils/patterns.py @@ -82,5 +82,4 @@ # --- Combine all parts into the full namespace pattern --- NS_PATTERN_STR = rf"^{LENGTH_CHECK_PATTERN}" rf"{namespace}$" -# Compile the regex with verbose flag for readability (if needed) NS_PATTERN = re.compile(NS_PATTERN_STR) diff --git a/src/test/test_selections.py b/src/test/test_selections.py index a2cf3e13..b041451d 100644 --- a/src/test/test_selections.py +++ b/src/test/test_selections.py @@ -72,7 +72,8 @@ def test_minimal_selection_init(self): self.assertIsInstance(self.s1.version, str) self.assertRegex( self.s1.version, - VERSION_PATTERN, + # enable re.ASCII so that `\d` is interpreted like in Javascript + "(?a:" + VERSION_PATTERN + ")", "Version does not match the required pattern", ) From a7da9af2869507c9db7cecd381ed22d43938b76a Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 27 Aug 2025 14:48:16 -0400 Subject: [PATCH 353/468] relocate obsolete stuff --- issues/892.md | 5 ----- {src => obsolete}/SSVC_csv-to-latex.py | 0 {src => obsolete}/enumerate-coord-publish-options.sh | 0 {src => obsolete}/enumerate-coord-triage-options.sh | 0 {src => obsolete}/enumerate-deployer-options.sh | 0 {src => obsolete}/enumerate-supplier-options.sh | 0 {src => obsolete}/ssvc_v2.py | 0 7 files changed, 5 deletions(-) delete mode 100644 issues/892.md rename {src => obsolete}/SSVC_csv-to-latex.py (100%) rename {src => obsolete}/enumerate-coord-publish-options.sh (100%) rename {src => obsolete}/enumerate-coord-triage-options.sh (100%) rename {src => obsolete}/enumerate-deployer-options.sh (100%) rename {src => obsolete}/enumerate-supplier-options.sh (100%) rename {src => obsolete}/ssvc_v2.py (100%) diff --git a/issues/892.md b/issues/892.md deleted file mode 100644 index d4ea0492..00000000 --- a/issues/892.md +++ /dev/null @@ -1,5 +0,0 @@ -### Discussion on Introducing 'Scope' Concept in Selection Schema - -I would like to discuss the idea of introducing a 'scope' concept within the Selection Schema. This could help clarify the boundaries within which a decision or outcome is valid. By defining a scope, we can ensure better collaboration and contextual understanding among stakeholders. - -What are your thoughts on this? \ No newline at end of file diff --git a/src/SSVC_csv-to-latex.py b/obsolete/SSVC_csv-to-latex.py similarity index 100% rename from src/SSVC_csv-to-latex.py rename to obsolete/SSVC_csv-to-latex.py diff --git a/src/enumerate-coord-publish-options.sh b/obsolete/enumerate-coord-publish-options.sh similarity index 100% rename from src/enumerate-coord-publish-options.sh rename to obsolete/enumerate-coord-publish-options.sh diff --git a/src/enumerate-coord-triage-options.sh b/obsolete/enumerate-coord-triage-options.sh similarity index 100% rename from src/enumerate-coord-triage-options.sh rename to obsolete/enumerate-coord-triage-options.sh diff --git a/src/enumerate-deployer-options.sh b/obsolete/enumerate-deployer-options.sh similarity index 100% rename from src/enumerate-deployer-options.sh rename to obsolete/enumerate-deployer-options.sh diff --git a/src/enumerate-supplier-options.sh b/obsolete/enumerate-supplier-options.sh similarity index 100% rename from src/enumerate-supplier-options.sh rename to obsolete/enumerate-supplier-options.sh diff --git a/src/ssvc_v2.py b/obsolete/ssvc_v2.py similarity index 100% rename from src/ssvc_v2.py rename to obsolete/ssvc_v2.py From eed5c601c97d582e30fae56989a7cf64037e0602 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 27 Aug 2025 14:52:14 -0400 Subject: [PATCH 354/468] add readme to explain this dir --- obsolete/README.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 obsolete/README.md diff --git a/obsolete/README.md b/obsolete/README.md new file mode 100644 index 00000000..460f59b3 --- /dev/null +++ b/obsolete/README.md @@ -0,0 +1,7 @@ +# Obsoleted Files and Tools + +Items in this directory were once part of the tooling we used to produce +older PDF versions of the SSVC documentation. However, now that we're hosting +the site at https://certcc.github.io/SSVC/, we no longer need these tools. +We're keeping them here for historical reference just in case, but they +might be removed in the future. From 6b0286f6994cf7fc18c0ba35e9d39294493721bb Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 27 Aug 2025 15:02:53 -0400 Subject: [PATCH 355/468] add ssvc_doctools as script --- src/pyproject.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/src/pyproject.toml b/src/pyproject.toml index 3025fbb9..3320affd 100644 --- a/src/pyproject.toml +++ b/src/pyproject.toml @@ -55,6 +55,7 @@ dynamic = ["version",] [project.scripts] ssvc_csv_analyzer="ssvc.csv_analyzer:main" +ssvc_doctools="ssvc.doctools:main" [project.urls] "Homepage" = "https://certcc.github.io/SSVC" From 456a2cd8900225443103da2c0aff18b33f6a5877 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 27 Aug 2025 15:03:59 -0400 Subject: [PATCH 356/468] ignore $project/tmp --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 48187df3..b066ebee 100644 --- a/.gitignore +++ b/.gitignore @@ -131,3 +131,4 @@ dmypy.json ssvc2-applier-wip.xlsx _version.py node_modules +tmp From c5be80f180f031257b680c8f83e0e092387d29ef Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 27 Aug 2025 15:19:00 -0400 Subject: [PATCH 357/468] add csv dumper to doctools.py --- Makefile | 2 +- data/csv/cisa/cisa_coordinator_2_0_3.csv | 37 + ...4_0_qualitative_severity_ratings_4_0_0.csv | 325 ++++++++ .../cvss/cvss_v4_equivalence_set_1_1_0_0.csv | 37 + .../cvss/cvss_v4_equivalence_set_2_1_0_0.csv | 5 + .../cvss/cvss_v4_equivalence_set_3_1_0_0.csv | 28 + .../cvss/cvss_v4_equivalence_set_4_1_0_0.csv | 49 ++ .../cvss/cvss_v4_equivalence_set_5_1_0_0.csv | 4 + .../cvss/cvss_v4_equivalence_set_6_1_0_0.csv | 730 ++++++++++++++++++ ...ordinator_publish_decision_table_1_0_0.csv | 28 + data/csv/ssvc/coordinator_triage_1_0_0.csv | 193 +++++ ...loyer_patch_application_priority_1_0_0.csv | 73 ++ data/csv/ssvc/human_impact_1_0_0.csv | 17 + data/csv/ssvc/public_safety_impact_1_0_0.csv | 5 + ...plier_patch_development_priority_1_0_0.csv | 37 + data/csv/ssvc/utility_1_0_0.csv | 5 + data/csvs | 1 + data/csvs/README | 10 - data/csvs/child_trees/human-impact.csv | 21 - .../child_trees/mission-and-well-being.csv | 10 - data/csvs/child_trees/utility.csv | 5 - data/csvs/coord-publish-options.csv | 28 - data/csvs/coord-triage-options.csv | 85 -- data/csvs/deployer-options.csv | 73 -- .../mapped_trees/public-safety-impact.csv | 6 - data/csvs/supplier-options.csv | 37 - src/ssvc/doctools.py | 59 +- 27 files changed, 1623 insertions(+), 287 deletions(-) create mode 100644 data/csv/cisa/cisa_coordinator_2_0_3.csv create mode 100644 data/csv/cvss/cvss_v4_0_qualitative_severity_ratings_4_0_0.csv create mode 100644 data/csv/cvss/cvss_v4_equivalence_set_1_1_0_0.csv create mode 100644 data/csv/cvss/cvss_v4_equivalence_set_2_1_0_0.csv create mode 100644 data/csv/cvss/cvss_v4_equivalence_set_3_1_0_0.csv create mode 100644 data/csv/cvss/cvss_v4_equivalence_set_4_1_0_0.csv create mode 100644 data/csv/cvss/cvss_v4_equivalence_set_5_1_0_0.csv create mode 100644 data/csv/cvss/cvss_v4_equivalence_set_6_1_0_0.csv create mode 100644 data/csv/ssvc/coordinator_publish_decision_table_1_0_0.csv create mode 100644 data/csv/ssvc/coordinator_triage_1_0_0.csv create mode 100644 data/csv/ssvc/deployer_patch_application_priority_1_0_0.csv create mode 100644 data/csv/ssvc/human_impact_1_0_0.csv create mode 100644 data/csv/ssvc/public_safety_impact_1_0_0.csv create mode 100644 data/csv/ssvc/supplier_patch_development_priority_1_0_0.csv create mode 100644 data/csv/ssvc/utility_1_0_0.csv create mode 120000 data/csvs delete mode 100644 data/csvs/README delete mode 100644 data/csvs/child_trees/human-impact.csv delete mode 100644 data/csvs/child_trees/mission-and-well-being.csv delete mode 100644 data/csvs/child_trees/utility.csv delete mode 100644 data/csvs/coord-publish-options.csv delete mode 100644 data/csvs/coord-triage-options.csv delete mode 100644 data/csvs/deployer-options.csv delete mode 100644 data/csvs/mapped_trees/public-safety-impact.csv delete mode 100644 data/csvs/supplier-options.csv diff --git a/Makefile b/Makefile index a30b4f5f..1ae2d193 100644 --- a/Makefile +++ b/Makefile @@ -55,7 +55,7 @@ down: regenerate_json: @echo "Regenerating JSON files..." rm -rf data/json/decision_points - export PYTHONPATH=$(PWD)/src && ./src/ssvc/doctools.py --jsondir=./data/json/decision_points --overwrite + export PYTHONPATH=$(PWD)/src && ./src/ssvc/doctools.py --datadir=./data --overwrite clean: @echo "Cleaning up Docker resources..." diff --git a/data/csv/cisa/cisa_coordinator_2_0_3.csv b/data/csv/cisa/cisa_coordinator_2_0_3.csv new file mode 100644 index 00000000..e24d6a0e --- /dev/null +++ b/data/csv/cisa/cisa_coordinator_2_0_3.csv @@ -0,0 +1,37 @@ +row,Exploitation v1.1.0,Automatable v2.0.0,Technical Impact v1.0.0,Mission and Well-Being Impact v1.0.0,CISA Levels v1.1.0 (cisa) +0,none,no,partial,low,track +1,none,no,partial,medium,track +2,none,no,partial,high,track +3,none,no,total,low,track +4,none,no,total,medium,track +5,none,no,total,high,track* +6,none,yes,partial,low,track +7,none,yes,partial,medium,track +8,none,yes,partial,high,attend +9,none,yes,total,low,track +10,none,yes,total,medium,track +11,none,yes,total,high,attend +12,public poc,no,partial,low,track +13,public poc,no,partial,medium,track +14,public poc,no,partial,high,track* +15,public poc,no,total,low,track +16,public poc,no,total,medium,track* +17,public poc,no,total,high,attend +18,public poc,yes,partial,low,track +19,public poc,yes,partial,medium,track +20,public poc,yes,partial,high,attend +21,public poc,yes,total,low,track +22,public poc,yes,total,medium,track* +23,public poc,yes,total,high,attend +24,active,no,partial,low,track +25,active,no,partial,medium,track +26,active,no,partial,high,attend +27,active,no,total,low,track +28,active,no,total,medium,attend +29,active,no,total,high,act +30,active,yes,partial,low,attend +31,active,yes,partial,medium,attend +32,active,yes,partial,high,act +33,active,yes,total,low,attend +34,active,yes,total,medium,act +35,active,yes,total,high,act diff --git a/data/csv/cvss/cvss_v4_0_qualitative_severity_ratings_4_0_0.csv b/data/csv/cvss/cvss_v4_0_qualitative_severity_ratings_4_0_0.csv new file mode 100644 index 00000000..bb0b1a7a --- /dev/null +++ b/data/csv/cvss/cvss_v4_0_qualitative_severity_ratings_4_0_0.csv @@ -0,0 +1,325 @@ +row,Equivalence Set 1 v1.0.0 (cvss),Equivalence Set 2 v1.0.0 (cvss),Equivalence Set 3 v1.0.0 (cvss),Equivalence Set 4 v1.0.0 (cvss),Equivalence Set 5 v1.0.0 (cvss),Equivalence Set 6 v1.0.0 (cvss),CVSS Qualitative Severity Rating Scale v1.0.0 (cvss) +0,low,low,low,low,low,low,low +1,medium,low,low,low,low,low,low +2,low,high,low,low,low,low,low +3,low,low,medium,low,low,low,low +4,low,low,low,medium,low,low,low +5,low,low,low,low,medium,low,low +6,low,low,low,low,low,high,low +7,high,low,low,low,low,low,low +8,medium,high,low,low,low,low,low +9,medium,low,medium,low,low,low,low +10,low,high,medium,low,low,low,low +11,low,low,high,low,low,low,low +12,medium,low,low,medium,low,low,low +13,low,high,low,medium,low,low,low +14,low,low,medium,medium,low,low,low +15,low,low,low,high,low,low,low +16,medium,low,low,low,medium,low,low +17,low,high,low,low,medium,low,low +18,low,low,medium,low,medium,low,low +19,low,low,low,medium,medium,low,low +20,low,low,low,low,high,low,low +21,medium,low,low,low,low,high,low +22,low,high,low,low,low,high,low +23,low,low,medium,low,low,high,low +24,low,low,low,medium,low,high,low +25,low,low,low,low,medium,high,low +26,high,high,low,low,low,low,low +27,high,low,medium,low,low,low,low +28,medium,high,medium,low,low,low,low +29,medium,low,high,low,low,low,low +30,low,high,high,low,low,low,low +31,high,low,low,medium,low,low,low +32,medium,high,low,medium,low,low,low +33,medium,low,medium,medium,low,low,low +34,low,high,medium,medium,low,low,low +35,low,low,high,medium,low,low,low +36,medium,low,low,high,low,low,low +37,low,high,low,high,low,low,low +38,low,low,medium,high,low,low,low +39,high,low,low,low,medium,low,low +40,medium,high,low,low,medium,low,low +41,medium,low,medium,low,medium,low,low +42,low,high,medium,low,medium,low,low +43,low,low,high,low,medium,low,low +44,medium,low,low,medium,medium,low,low +45,low,high,low,medium,medium,low,low +46,low,low,medium,medium,medium,low,low +47,low,low,low,high,medium,low,low +48,medium,low,low,low,high,low,low +49,low,high,low,low,high,low,low +50,low,low,medium,low,high,low,low +51,low,low,low,medium,high,low,low +52,high,low,low,low,low,high,low +53,medium,high,low,low,low,high,low +54,medium,low,medium,low,low,high,low +55,low,high,medium,low,low,high,low +56,low,low,high,low,low,high,low +57,medium,low,low,medium,low,high,low +58,low,high,low,medium,low,high,low +59,low,low,medium,medium,low,high,low +60,low,low,low,high,low,high,low +61,medium,low,low,low,medium,high,low +62,low,high,low,low,medium,high,low +63,low,low,medium,low,medium,high,low +64,low,low,low,medium,medium,high,low +65,low,low,low,low,high,high,low +66,high,high,medium,low,low,low,medium +67,high,low,high,low,low,low,medium +68,medium,high,high,low,low,low,medium +69,high,high,low,medium,low,low,medium +70,high,low,medium,medium,low,low,medium +71,medium,high,medium,medium,low,low,medium +72,medium,low,high,medium,low,low,medium +73,low,high,high,medium,low,low,low +74,high,low,low,high,low,low,medium +75,medium,high,low,high,low,low,medium +76,medium,low,medium,high,low,low,medium +77,low,high,medium,high,low,low,medium +78,low,low,high,high,low,low,medium +79,high,high,low,low,medium,low,medium +80,high,low,medium,low,medium,low,medium +81,medium,high,medium,low,medium,low,medium +82,medium,low,high,low,medium,low,medium +83,low,high,high,low,medium,low,medium +84,high,low,low,medium,medium,low,medium +85,medium,high,low,medium,medium,low,medium +86,medium,low,medium,medium,medium,low,medium +87,low,high,medium,medium,medium,low,medium +88,low,low,high,medium,medium,low,medium +89,medium,low,low,high,medium,low,medium +90,low,high,low,high,medium,low,medium +91,low,low,medium,high,medium,low,medium +92,high,low,low,low,high,low,medium +93,medium,high,low,low,high,low,medium +94,medium,low,medium,low,high,low,medium +95,low,high,medium,low,high,low,low +96,low,low,high,low,high,low,medium +97,medium,low,low,medium,high,low,medium +98,low,high,low,medium,high,low,medium +99,low,low,medium,medium,high,low,medium +100,low,low,low,high,high,low,medium +101,high,high,low,low,low,high,low +102,high,low,medium,low,low,high,medium +103,medium,high,medium,low,low,high,medium +104,medium,low,high,low,low,high,medium +105,low,high,high,low,low,high,medium +106,high,low,low,medium,low,high,low +107,medium,high,low,medium,low,high,low +108,medium,low,medium,medium,low,high,medium +109,low,high,medium,medium,low,high,medium +110,low,low,high,medium,low,high,medium +111,medium,low,low,high,low,high,low +112,low,high,low,high,low,high,low +113,low,low,medium,high,low,high,medium +114,high,low,low,low,medium,high,low +115,medium,high,low,low,medium,high,low +116,medium,low,medium,low,medium,high,medium +117,low,high,medium,low,medium,high,low +118,low,low,high,low,medium,high,medium +119,medium,low,low,medium,medium,high,low +120,low,high,low,medium,medium,high,low +121,low,low,medium,medium,medium,high,medium +122,low,low,low,high,medium,high,low +123,medium,low,low,low,high,high,low +124,low,high,low,low,high,high,low +125,low,low,medium,low,high,high,medium +126,low,low,low,medium,high,high,low +127,high,high,high,low,low,low,medium +128,high,high,medium,medium,low,low,medium +129,high,low,high,medium,low,low,high +130,medium,high,high,medium,low,low,medium +131,high,high,low,high,low,low,high +132,high,low,medium,high,low,low,high +133,medium,high,medium,high,low,low,medium +134,medium,low,high,high,low,low,high +135,low,high,high,high,low,low,medium +136,high,high,medium,low,medium,low,high +137,high,low,high,low,medium,low,high +138,medium,high,high,low,medium,low,medium +139,high,high,low,medium,medium,low,medium +140,high,low,medium,medium,medium,low,high +141,medium,high,medium,medium,medium,low,medium +142,medium,low,high,medium,medium,low,medium +143,low,high,high,medium,medium,low,medium +144,high,low,low,high,medium,low,high +145,medium,high,low,high,medium,low,high +146,medium,low,medium,high,medium,low,medium +147,low,high,medium,high,medium,low,medium +148,low,low,high,high,medium,low,medium +149,high,high,low,low,high,low,medium +150,high,low,medium,low,high,low,high +151,medium,high,medium,low,high,low,medium +152,medium,low,high,low,high,low,medium +153,low,high,high,low,high,low,medium +154,high,low,low,medium,high,low,high +155,medium,high,low,medium,high,low,medium +156,medium,low,medium,medium,high,low,medium +157,low,high,medium,medium,high,low,medium +158,low,low,high,medium,high,low,medium +159,medium,low,low,high,high,low,high +160,low,high,low,high,high,low,medium +161,low,low,medium,high,high,low,medium +162,high,high,medium,low,low,high,medium +163,high,low,high,low,low,high,high +164,medium,high,high,low,low,high,medium +165,high,high,low,medium,low,high,medium +166,high,low,medium,medium,low,high,high +167,medium,high,medium,medium,low,high,medium +168,medium,low,high,medium,low,high,medium +169,low,high,high,medium,low,high,medium +170,high,low,low,high,low,high,medium +171,medium,high,low,high,low,high,medium +172,medium,low,medium,high,low,high,medium +173,low,high,medium,high,low,high,medium +174,low,low,high,high,low,high,medium +175,high,high,low,low,medium,high,medium +176,high,low,medium,low,medium,high,high +177,medium,high,medium,low,medium,high,medium +178,medium,low,high,low,medium,high,medium +179,low,high,high,low,medium,high,medium +180,high,low,low,medium,medium,high,medium +181,medium,high,low,medium,medium,high,medium +182,medium,low,medium,medium,medium,high,medium +183,low,high,medium,medium,medium,high,medium +184,low,low,high,medium,medium,high,medium +185,medium,low,low,high,medium,high,medium +186,low,high,low,high,medium,high,medium +187,low,low,medium,high,medium,high,medium +188,high,low,low,low,high,high,medium +189,medium,high,low,low,high,high,medium +190,medium,low,medium,low,high,high,medium +191,low,high,medium,low,high,high,medium +192,low,low,high,low,high,high,medium +193,medium,low,low,medium,high,high,medium +194,low,high,low,medium,high,high,medium +195,low,low,medium,medium,high,high,medium +196,low,low,low,high,high,high,medium +197,high,high,high,medium,low,low,high +198,high,high,medium,high,low,low,high +199,high,low,high,high,low,low,high +200,medium,high,high,high,low,low,high +201,high,high,high,low,medium,low,high +202,high,high,medium,medium,medium,low,high +203,high,low,high,medium,medium,low,high +204,medium,high,high,medium,medium,low,high +205,high,high,low,high,medium,low,high +206,high,low,medium,high,medium,low,high +207,medium,high,medium,high,medium,low,high +208,medium,low,high,high,medium,low,high +209,low,high,high,high,medium,low,high +210,high,high,medium,low,high,low,high +211,high,low,high,low,high,low,high +212,medium,high,high,low,high,low,high +213,high,high,low,medium,high,low,high +214,high,low,medium,medium,high,low,high +215,medium,high,medium,medium,high,low,high +216,medium,low,high,medium,high,low,high +217,low,high,high,medium,high,low,high +218,high,low,low,high,high,low,high +219,medium,high,low,high,high,low,high +220,medium,low,medium,high,high,low,high +221,low,high,medium,high,high,low,high +222,low,low,high,high,high,low,high +223,high,high,high,low,low,high,high +224,high,high,medium,medium,low,high,high +225,high,low,high,medium,low,high,high +226,medium,high,high,medium,low,high,high +227,high,high,low,high,low,high,high +228,high,low,medium,high,low,high,high +229,medium,high,medium,high,low,high,high +230,medium,low,high,high,low,high,high +231,low,high,high,high,low,high,high +232,high,high,medium,low,medium,high,high +233,high,low,high,low,medium,high,high +234,medium,high,high,low,medium,high,high +235,high,high,low,medium,medium,high,medium +236,high,low,medium,medium,medium,high,high +237,medium,high,medium,medium,medium,high,high +238,medium,low,high,medium,medium,high,high +239,low,high,high,medium,medium,high,high +240,high,low,low,high,medium,high,high +241,medium,high,low,high,medium,high,high +242,medium,low,medium,high,medium,high,high +243,low,high,medium,high,medium,high,high +244,low,low,high,high,medium,high,high +245,high,high,low,low,high,high,medium +246,high,low,medium,low,high,high,high +247,medium,high,medium,low,high,high,high +248,medium,low,high,low,high,high,high +249,low,high,high,low,high,high,high +250,high,low,low,medium,high,high,high +251,medium,high,low,medium,high,high,medium +252,medium,low,medium,medium,high,high,high +253,low,high,medium,medium,high,high,high +254,low,low,high,medium,high,high,high +255,medium,low,low,high,high,high,high +256,low,high,low,high,high,high,medium +257,low,low,medium,high,high,high,high +258,high,high,high,high,low,low,critical +259,high,high,high,medium,medium,low,high +260,high,high,medium,high,medium,low,critical +261,high,low,high,high,medium,low,critical +262,medium,high,high,high,medium,low,high +263,high,high,high,low,high,low,critical +264,high,high,medium,medium,high,low,critical +265,high,low,high,medium,high,low,critical +266,medium,high,high,medium,high,low,high +267,high,high,low,high,high,low,critical +268,high,low,medium,high,high,low,critical +269,medium,high,medium,high,high,low,high +270,medium,low,high,high,high,low,critical +271,low,high,high,high,high,low,high +272,high,high,high,medium,low,high,critical +273,high,high,medium,high,low,high,critical +274,high,low,high,high,low,high,critical +275,medium,high,high,high,low,high,critical +276,high,high,high,low,medium,high,high +277,high,high,medium,medium,medium,high,high +278,high,low,high,medium,medium,high,critical +279,medium,high,high,medium,medium,high,high +280,high,high,low,high,medium,high,high +281,high,low,medium,high,medium,high,critical +282,medium,high,medium,high,medium,high,high +283,medium,low,high,high,medium,high,high +284,low,high,high,high,medium,high,high +285,high,high,medium,low,high,high,high +286,high,low,high,low,high,high,critical +287,medium,high,high,low,high,high,high +288,high,high,low,medium,high,high,high +289,high,low,medium,medium,high,high,critical +290,medium,high,medium,medium,high,high,high +291,medium,low,high,medium,high,high,critical +292,low,high,high,medium,high,high,high +293,high,low,low,high,high,high,high +294,medium,high,low,high,high,high,high +295,medium,low,medium,high,high,high,high +296,low,high,medium,high,high,high,high +297,low,low,high,high,high,high,high +298,high,high,high,high,medium,low,critical +299,high,high,high,medium,high,low,critical +300,high,high,medium,high,high,low,critical +301,high,low,high,high,high,low,critical +302,medium,high,high,high,high,low,critical +303,high,high,high,high,low,high,critical +304,high,high,high,medium,medium,high,critical +305,high,high,medium,high,medium,high,critical +306,high,low,high,high,medium,high,critical +307,medium,high,high,high,medium,high,critical +308,high,high,high,low,high,high,critical +309,high,high,medium,medium,high,high,critical +310,high,low,high,medium,high,high,critical +311,medium,high,high,medium,high,high,critical +312,high,high,low,high,high,high,critical +313,high,low,medium,high,high,high,critical +314,medium,high,medium,high,high,high,critical +315,medium,low,high,high,high,high,critical +316,low,high,high,high,high,high,critical +317,high,high,high,high,high,low,critical +318,high,high,high,high,medium,high,critical +319,high,high,high,medium,high,high,critical +320,high,high,medium,high,high,high,critical +321,high,low,high,high,high,high,critical +322,medium,high,high,high,high,high,critical +323,high,high,high,high,high,high,critical diff --git a/data/csv/cvss/cvss_v4_equivalence_set_1_1_0_0.csv b/data/csv/cvss/cvss_v4_equivalence_set_1_1_0_0.csv new file mode 100644 index 00000000..d80c1fe2 --- /dev/null +++ b/data/csv/cvss/cvss_v4_equivalence_set_1_1_0_0.csv @@ -0,0 +1,37 @@ +row,Attack Vector v3.0.1 (cvss),Privileges Required v1.0.1 (cvss),User Interaction v2.0.0 (cvss),Equivalence Set 1 v1.0.0 (cvss) +0,physical,high,active,low +1,local,high,active,low +2,physical,low,active,low +3,physical,high,passive,low +4,adjacent,high,active,low +5,local,low,active,low +6,physical,none,active,low +7,local,high,passive,low +8,physical,low,passive,low +9,physical,high,none,low +10,network,high,active,medium +11,adjacent,low,active,low +12,local,none,active,medium +13,adjacent,high,passive,low +14,local,low,passive,low +15,physical,none,passive,low +16,local,high,none,medium +17,physical,low,none,low +18,network,low,active,medium +19,adjacent,none,active,medium +20,network,high,passive,medium +21,adjacent,low,passive,low +22,local,none,passive,medium +23,adjacent,high,none,medium +24,local,low,none,medium +25,physical,none,none,low +26,network,none,active,medium +27,network,low,passive,medium +28,adjacent,none,passive,medium +29,network,high,none,medium +30,adjacent,low,none,medium +31,local,none,none,medium +32,network,none,passive,medium +33,network,low,none,medium +34,adjacent,none,none,medium +35,network,none,none,high diff --git a/data/csv/cvss/cvss_v4_equivalence_set_2_1_0_0.csv b/data/csv/cvss/cvss_v4_equivalence_set_2_1_0_0.csv new file mode 100644 index 00000000..1ce2c02c --- /dev/null +++ b/data/csv/cvss/cvss_v4_equivalence_set_2_1_0_0.csv @@ -0,0 +1,5 @@ +row,Attack Complexity v3.0.1 (cvss),Attack Requirements v1.0.0 (cvss),Equivalence Set 2 v1.0.0 (cvss) +0,high,present,low +1,low,present,low +2,high,none,low +3,low,none,high diff --git a/data/csv/cvss/cvss_v4_equivalence_set_3_1_0_0.csv b/data/csv/cvss/cvss_v4_equivalence_set_3_1_0_0.csv new file mode 100644 index 00000000..f28168a0 --- /dev/null +++ b/data/csv/cvss/cvss_v4_equivalence_set_3_1_0_0.csv @@ -0,0 +1,28 @@ +row,Confidentiality Impact to the Vulnerable System v3.0.0 (cvss),Integrity Impact to the Vulnerable System v3.0.0 (cvss),Availability Impact to the Vulnerable System v3.0.0 (cvss),Equivalence Set 3 v1.0.0 (cvss) +0,none,none,none,low +1,low,none,none,low +2,none,low,none,low +3,none,none,low,low +4,high,none,none,medium +5,low,low,none,low +6,none,high,none,medium +7,low,none,low,low +8,none,low,low,low +9,none,none,high,medium +10,high,low,none,medium +11,low,high,none,medium +12,high,none,low,medium +13,low,low,low,low +14,none,high,low,medium +15,low,none,high,medium +16,none,low,high,medium +17,high,high,none,high +18,high,low,low,medium +19,low,high,low,medium +20,high,none,high,medium +21,low,low,high,medium +22,none,high,high,medium +23,high,high,low,high +24,high,low,high,medium +25,low,high,high,medium +26,high,high,high,high diff --git a/data/csv/cvss/cvss_v4_equivalence_set_4_1_0_0.csv b/data/csv/cvss/cvss_v4_equivalence_set_4_1_0_0.csv new file mode 100644 index 00000000..42ba3391 --- /dev/null +++ b/data/csv/cvss/cvss_v4_equivalence_set_4_1_0_0.csv @@ -0,0 +1,49 @@ +row,Confidentiality Impact to the Subsequent System v1.0.0 (cvss),Modified Integrity Impact to the Subsequent System (without Not Defined) v1.0.1 (cvss),Modified Availability Impact to the Subsequent System (without Not Defined) v1.0.1 (cvss),Equivalence Set 4 v1.0.0 (cvss) +0,negligible,negligible,negligible,low +1,low,negligible,negligible,low +2,negligible,low,negligible,low +3,negligible,negligible,low,low +4,high,negligible,negligible,medium +5,low,low,negligible,low +6,negligible,high,negligible,medium +7,low,negligible,low,low +8,negligible,low,low,low +9,negligible,negligible,high,medium +10,high,low,negligible,medium +11,low,high,negligible,medium +12,negligible,safety,negligible,high +13,high,negligible,low,medium +14,low,low,low,low +15,negligible,high,low,medium +16,low,negligible,high,medium +17,negligible,low,high,medium +18,negligible,negligible,safety,high +19,high,high,negligible,medium +20,low,safety,negligible,high +21,high,low,low,medium +22,low,high,low,medium +23,negligible,safety,low,high +24,high,negligible,high,medium +25,low,low,high,medium +26,negligible,high,high,medium +27,low,negligible,safety,high +28,negligible,low,safety,high +29,high,safety,negligible,high +30,high,high,low,medium +31,low,safety,low,high +32,high,low,high,medium +33,low,high,high,medium +34,negligible,safety,high,high +35,high,negligible,safety,high +36,low,low,safety,high +37,negligible,high,safety,high +38,high,safety,low,high +39,high,high,high,medium +40,low,safety,high,high +41,high,low,safety,high +42,low,high,safety,high +43,negligible,safety,safety,high +44,high,safety,high,high +45,high,high,safety,high +46,low,safety,safety,high +47,high,safety,safety,high diff --git a/data/csv/cvss/cvss_v4_equivalence_set_5_1_0_0.csv b/data/csv/cvss/cvss_v4_equivalence_set_5_1_0_0.csv new file mode 100644 index 00000000..7daa47d7 --- /dev/null +++ b/data/csv/cvss/cvss_v4_equivalence_set_5_1_0_0.csv @@ -0,0 +1,4 @@ +row,Exploit Maturity (without Not Defined) v2.0.0 (cvss),Equivalence Set 5 v1.0.0 (cvss) +0,unreported,low +1,proof-of-concept,medium +2,attacked,high diff --git a/data/csv/cvss/cvss_v4_equivalence_set_6_1_0_0.csv b/data/csv/cvss/cvss_v4_equivalence_set_6_1_0_0.csv new file mode 100644 index 00000000..22664e9f --- /dev/null +++ b/data/csv/cvss/cvss_v4_equivalence_set_6_1_0_0.csv @@ -0,0 +1,730 @@ +row,Confidentiality Requirement (without Not Defined) v1.1.1 (cvss),Confidentiality Impact to the Vulnerable System v3.0.0 (cvss),Integrity Requirement (without Not Defined) v1.1.1 (cvss),Integrity Impact to the Vulnerable System v3.0.0 (cvss),Availability Requirement (without Not Defined) v1.1.1 (cvss),Availability Impact to the Vulnerable System v3.0.0 (cvss),Equivalence Set 6 v1.0.0 (cvss) +0,low,none,low,none,low,none,low +1,medium,none,low,none,low,none,low +2,low,low,low,none,low,none,low +3,low,none,medium,none,low,none,low +4,low,none,low,low,low,none,low +5,low,none,low,none,medium,none,low +6,low,none,low,none,low,low,low +7,high,none,low,none,low,none,low +8,medium,low,low,none,low,none,low +9,low,high,low,none,low,none,low +10,medium,none,medium,none,low,none,low +11,low,low,medium,none,low,none,low +12,low,none,high,none,low,none,low +13,medium,none,low,low,low,none,low +14,low,low,low,low,low,none,low +15,low,none,medium,low,low,none,low +16,low,none,low,high,low,none,low +17,medium,none,low,none,medium,none,low +18,low,low,low,none,medium,none,low +19,low,none,medium,none,medium,none,low +20,low,none,low,low,medium,none,low +21,low,none,low,none,high,none,low +22,medium,none,low,none,low,low,low +23,low,low,low,none,low,low,low +24,low,none,medium,none,low,low,low +25,low,none,low,low,low,low,low +26,low,none,low,none,medium,low,low +27,low,none,low,none,low,high,low +28,high,low,low,none,low,none,low +29,medium,high,low,none,low,none,low +30,high,none,medium,none,low,none,low +31,medium,low,medium,none,low,none,low +32,low,high,medium,none,low,none,low +33,medium,none,high,none,low,none,low +34,low,low,high,none,low,none,low +35,high,none,low,low,low,none,low +36,medium,low,low,low,low,none,low +37,low,high,low,low,low,none,low +38,medium,none,medium,low,low,none,low +39,low,low,medium,low,low,none,low +40,low,none,high,low,low,none,low +41,medium,none,low,high,low,none,low +42,low,low,low,high,low,none,low +43,low,none,medium,high,low,none,low +44,high,none,low,none,medium,none,low +45,medium,low,low,none,medium,none,low +46,low,high,low,none,medium,none,low +47,medium,none,medium,none,medium,none,low +48,low,low,medium,none,medium,none,low +49,low,none,high,none,medium,none,low +50,medium,none,low,low,medium,none,low +51,low,low,low,low,medium,none,low +52,low,none,medium,low,medium,none,low +53,low,none,low,high,medium,none,low +54,medium,none,low,none,high,none,low +55,low,low,low,none,high,none,low +56,low,none,medium,none,high,none,low +57,low,none,low,low,high,none,low +58,high,none,low,none,low,low,low +59,medium,low,low,none,low,low,low +60,low,high,low,none,low,low,low +61,medium,none,medium,none,low,low,low +62,low,low,medium,none,low,low,low +63,low,none,high,none,low,low,low +64,medium,none,low,low,low,low,low +65,low,low,low,low,low,low,low +66,low,none,medium,low,low,low,low +67,low,none,low,high,low,low,low +68,medium,none,low,none,medium,low,low +69,low,low,low,none,medium,low,low +70,low,none,medium,none,medium,low,low +71,low,none,low,low,medium,low,low +72,low,none,low,none,high,low,low +73,medium,none,low,none,low,high,low +74,low,low,low,none,low,high,low +75,low,none,medium,none,low,high,low +76,low,none,low,low,low,high,low +77,low,none,low,none,medium,high,low +78,high,high,low,none,low,none,high +79,high,low,medium,none,low,none,low +80,medium,high,medium,none,low,none,low +81,high,none,high,none,low,none,low +82,medium,low,high,none,low,none,low +83,low,high,high,none,low,none,low +84,high,low,low,low,low,none,low +85,medium,high,low,low,low,none,low +86,high,none,medium,low,low,none,low +87,medium,low,medium,low,low,none,low +88,low,high,medium,low,low,none,low +89,medium,none,high,low,low,none,low +90,low,low,high,low,low,none,low +91,high,none,low,high,low,none,low +92,medium,low,low,high,low,none,low +93,low,high,low,high,low,none,low +94,medium,none,medium,high,low,none,low +95,low,low,medium,high,low,none,low +96,low,none,high,high,low,none,high +97,high,low,low,none,medium,none,low +98,medium,high,low,none,medium,none,low +99,high,none,medium,none,medium,none,low +100,medium,low,medium,none,medium,none,low +101,low,high,medium,none,medium,none,low +102,medium,none,high,none,medium,none,low +103,low,low,high,none,medium,none,low +104,high,none,low,low,medium,none,low +105,medium,low,low,low,medium,none,low +106,low,high,low,low,medium,none,low +107,medium,none,medium,low,medium,none,low +108,low,low,medium,low,medium,none,low +109,low,none,high,low,medium,none,low +110,medium,none,low,high,medium,none,low +111,low,low,low,high,medium,none,low +112,low,none,medium,high,medium,none,low +113,high,none,low,none,high,none,low +114,medium,low,low,none,high,none,low +115,low,high,low,none,high,none,low +116,medium,none,medium,none,high,none,low +117,low,low,medium,none,high,none,low +118,low,none,high,none,high,none,low +119,medium,none,low,low,high,none,low +120,low,low,low,low,high,none,low +121,low,none,medium,low,high,none,low +122,low,none,low,high,high,none,low +123,high,low,low,none,low,low,low +124,medium,high,low,none,low,low,low +125,high,none,medium,none,low,low,low +126,medium,low,medium,none,low,low,low +127,low,high,medium,none,low,low,low +128,medium,none,high,none,low,low,low +129,low,low,high,none,low,low,low +130,high,none,low,low,low,low,low +131,medium,low,low,low,low,low,low +132,low,high,low,low,low,low,low +133,medium,none,medium,low,low,low,low +134,low,low,medium,low,low,low,low +135,low,none,high,low,low,low,low +136,medium,none,low,high,low,low,low +137,low,low,low,high,low,low,low +138,low,none,medium,high,low,low,low +139,high,none,low,none,medium,low,low +140,medium,low,low,none,medium,low,low +141,low,high,low,none,medium,low,low +142,medium,none,medium,none,medium,low,low +143,low,low,medium,none,medium,low,low +144,low,none,high,none,medium,low,low +145,medium,none,low,low,medium,low,low +146,low,low,low,low,medium,low,low +147,low,none,medium,low,medium,low,low +148,low,none,low,high,medium,low,low +149,medium,none,low,none,high,low,low +150,low,low,low,none,high,low,low +151,low,none,medium,none,high,low,low +152,low,none,low,low,high,low,low +153,high,none,low,none,low,high,low +154,medium,low,low,none,low,high,low +155,low,high,low,none,low,high,low +156,medium,none,medium,none,low,high,low +157,low,low,medium,none,low,high,low +158,low,none,high,none,low,high,low +159,medium,none,low,low,low,high,low +160,low,low,low,low,low,high,low +161,low,none,medium,low,low,high,low +162,low,none,low,high,low,high,low +163,medium,none,low,none,medium,high,low +164,low,low,low,none,medium,high,low +165,low,none,medium,none,medium,high,low +166,low,none,low,low,medium,high,low +167,low,none,low,none,high,high,high +168,high,high,medium,none,low,none,high +169,high,low,high,none,low,none,low +170,medium,high,high,none,low,none,low +171,high,high,low,low,low,none,high +172,high,low,medium,low,low,none,low +173,medium,high,medium,low,low,none,low +174,high,none,high,low,low,none,low +175,medium,low,high,low,low,none,low +176,low,high,high,low,low,none,low +177,high,low,low,high,low,none,low +178,medium,high,low,high,low,none,low +179,high,none,medium,high,low,none,low +180,medium,low,medium,high,low,none,low +181,low,high,medium,high,low,none,low +182,medium,none,high,high,low,none,high +183,low,low,high,high,low,none,high +184,high,high,low,none,medium,none,high +185,high,low,medium,none,medium,none,low +186,medium,high,medium,none,medium,none,low +187,high,none,high,none,medium,none,low +188,medium,low,high,none,medium,none,low +189,low,high,high,none,medium,none,low +190,high,low,low,low,medium,none,low +191,medium,high,low,low,medium,none,low +192,high,none,medium,low,medium,none,low +193,medium,low,medium,low,medium,none,low +194,low,high,medium,low,medium,none,low +195,medium,none,high,low,medium,none,low +196,low,low,high,low,medium,none,low +197,high,none,low,high,medium,none,low +198,medium,low,low,high,medium,none,low +199,low,high,low,high,medium,none,low +200,medium,none,medium,high,medium,none,low +201,low,low,medium,high,medium,none,low +202,low,none,high,high,medium,none,high +203,high,low,low,none,high,none,low +204,medium,high,low,none,high,none,low +205,high,none,medium,none,high,none,low +206,medium,low,medium,none,high,none,low +207,low,high,medium,none,high,none,low +208,medium,none,high,none,high,none,low +209,low,low,high,none,high,none,low +210,high,none,low,low,high,none,low +211,medium,low,low,low,high,none,low +212,low,high,low,low,high,none,low +213,medium,none,medium,low,high,none,low +214,low,low,medium,low,high,none,low +215,low,none,high,low,high,none,low +216,medium,none,low,high,high,none,low +217,low,low,low,high,high,none,low +218,low,none,medium,high,high,none,low +219,high,high,low,none,low,low,high +220,high,low,medium,none,low,low,low +221,medium,high,medium,none,low,low,low +222,high,none,high,none,low,low,low +223,medium,low,high,none,low,low,low +224,low,high,high,none,low,low,low +225,high,low,low,low,low,low,low +226,medium,high,low,low,low,low,low +227,high,none,medium,low,low,low,low +228,medium,low,medium,low,low,low,low +229,low,high,medium,low,low,low,low +230,medium,none,high,low,low,low,low +231,low,low,high,low,low,low,low +232,high,none,low,high,low,low,low +233,medium,low,low,high,low,low,low +234,low,high,low,high,low,low,low +235,medium,none,medium,high,low,low,low +236,low,low,medium,high,low,low,low +237,low,none,high,high,low,low,high +238,high,low,low,none,medium,low,low +239,medium,high,low,none,medium,low,low +240,high,none,medium,none,medium,low,low +241,medium,low,medium,none,medium,low,low +242,low,high,medium,none,medium,low,low +243,medium,none,high,none,medium,low,low +244,low,low,high,none,medium,low,low +245,high,none,low,low,medium,low,low +246,medium,low,low,low,medium,low,low +247,low,high,low,low,medium,low,low +248,medium,none,medium,low,medium,low,low +249,low,low,medium,low,medium,low,low +250,low,none,high,low,medium,low,low +251,medium,none,low,high,medium,low,low +252,low,low,low,high,medium,low,low +253,low,none,medium,high,medium,low,low +254,high,none,low,none,high,low,low +255,medium,low,low,none,high,low,low +256,low,high,low,none,high,low,low +257,medium,none,medium,none,high,low,low +258,low,low,medium,none,high,low,low +259,low,none,high,none,high,low,low +260,medium,none,low,low,high,low,low +261,low,low,low,low,high,low,low +262,low,none,medium,low,high,low,low +263,low,none,low,high,high,low,low +264,high,low,low,none,low,high,low +265,medium,high,low,none,low,high,low +266,high,none,medium,none,low,high,low +267,medium,low,medium,none,low,high,low +268,low,high,medium,none,low,high,low +269,medium,none,high,none,low,high,low +270,low,low,high,none,low,high,low +271,high,none,low,low,low,high,low +272,medium,low,low,low,low,high,low +273,low,high,low,low,low,high,low +274,medium,none,medium,low,low,high,low +275,low,low,medium,low,low,high,low +276,low,none,high,low,low,high,low +277,medium,none,low,high,low,high,low +278,low,low,low,high,low,high,low +279,low,none,medium,high,low,high,low +280,high,none,low,none,medium,high,low +281,medium,low,low,none,medium,high,low +282,low,high,low,none,medium,high,low +283,medium,none,medium,none,medium,high,low +284,low,low,medium,none,medium,high,low +285,low,none,high,none,medium,high,low +286,medium,none,low,low,medium,high,low +287,low,low,low,low,medium,high,low +288,low,none,medium,low,medium,high,low +289,low,none,low,high,medium,high,low +290,medium,none,low,none,high,high,high +291,low,low,low,none,high,high,high +292,low,none,medium,none,high,high,high +293,low,none,low,low,high,high,high +294,high,high,high,none,low,none,high +295,high,high,medium,low,low,none,high +296,high,low,high,low,low,none,low +297,medium,high,high,low,low,none,low +298,high,high,low,high,low,none,high +299,high,low,medium,high,low,none,low +300,medium,high,medium,high,low,none,low +301,high,none,high,high,low,none,high +302,medium,low,high,high,low,none,high +303,low,high,high,high,low,none,high +304,high,high,medium,none,medium,none,high +305,high,low,high,none,medium,none,low +306,medium,high,high,none,medium,none,low +307,high,high,low,low,medium,none,high +308,high,low,medium,low,medium,none,low +309,medium,high,medium,low,medium,none,low +310,high,none,high,low,medium,none,low +311,medium,low,high,low,medium,none,low +312,low,high,high,low,medium,none,low +313,high,low,low,high,medium,none,low +314,medium,high,low,high,medium,none,low +315,high,none,medium,high,medium,none,low +316,medium,low,medium,high,medium,none,low +317,low,high,medium,high,medium,none,low +318,medium,none,high,high,medium,none,high +319,low,low,high,high,medium,none,high +320,high,high,low,none,high,none,high +321,high,low,medium,none,high,none,low +322,medium,high,medium,none,high,none,low +323,high,none,high,none,high,none,low +324,medium,low,high,none,high,none,low +325,low,high,high,none,high,none,low +326,high,low,low,low,high,none,low +327,medium,high,low,low,high,none,low +328,high,none,medium,low,high,none,low +329,medium,low,medium,low,high,none,low +330,low,high,medium,low,high,none,low +331,medium,none,high,low,high,none,low +332,low,low,high,low,high,none,low +333,high,none,low,high,high,none,low +334,medium,low,low,high,high,none,low +335,low,high,low,high,high,none,low +336,medium,none,medium,high,high,none,low +337,low,low,medium,high,high,none,low +338,low,none,high,high,high,none,high +339,high,high,medium,none,low,low,high +340,high,low,high,none,low,low,low +341,medium,high,high,none,low,low,low +342,high,high,low,low,low,low,high +343,high,low,medium,low,low,low,low +344,medium,high,medium,low,low,low,low +345,high,none,high,low,low,low,low +346,medium,low,high,low,low,low,low +347,low,high,high,low,low,low,low +348,high,low,low,high,low,low,low +349,medium,high,low,high,low,low,low +350,high,none,medium,high,low,low,low +351,medium,low,medium,high,low,low,low +352,low,high,medium,high,low,low,low +353,medium,none,high,high,low,low,high +354,low,low,high,high,low,low,high +355,high,high,low,none,medium,low,high +356,high,low,medium,none,medium,low,low +357,medium,high,medium,none,medium,low,low +358,high,none,high,none,medium,low,low +359,medium,low,high,none,medium,low,low +360,low,high,high,none,medium,low,low +361,high,low,low,low,medium,low,low +362,medium,high,low,low,medium,low,low +363,high,none,medium,low,medium,low,low +364,medium,low,medium,low,medium,low,low +365,low,high,medium,low,medium,low,low +366,medium,none,high,low,medium,low,low +367,low,low,high,low,medium,low,low +368,high,none,low,high,medium,low,low +369,medium,low,low,high,medium,low,low +370,low,high,low,high,medium,low,low +371,medium,none,medium,high,medium,low,low +372,low,low,medium,high,medium,low,low +373,low,none,high,high,medium,low,high +374,high,low,low,none,high,low,low +375,medium,high,low,none,high,low,low +376,high,none,medium,none,high,low,low +377,medium,low,medium,none,high,low,low +378,low,high,medium,none,high,low,low +379,medium,none,high,none,high,low,low +380,low,low,high,none,high,low,low +381,high,none,low,low,high,low,low +382,medium,low,low,low,high,low,low +383,low,high,low,low,high,low,low +384,medium,none,medium,low,high,low,low +385,low,low,medium,low,high,low,low +386,low,none,high,low,high,low,low +387,medium,none,low,high,high,low,low +388,low,low,low,high,high,low,low +389,low,none,medium,high,high,low,low +390,high,high,low,none,low,high,high +391,high,low,medium,none,low,high,low +392,medium,high,medium,none,low,high,low +393,high,none,high,none,low,high,low +394,medium,low,high,none,low,high,low +395,low,high,high,none,low,high,low +396,high,low,low,low,low,high,low +397,medium,high,low,low,low,high,low +398,high,none,medium,low,low,high,low +399,medium,low,medium,low,low,high,low +400,low,high,medium,low,low,high,low +401,medium,none,high,low,low,high,low +402,low,low,high,low,low,high,low +403,high,none,low,high,low,high,low +404,medium,low,low,high,low,high,low +405,low,high,low,high,low,high,low +406,medium,none,medium,high,low,high,low +407,low,low,medium,high,low,high,low +408,low,none,high,high,low,high,high +409,high,low,low,none,medium,high,low +410,medium,high,low,none,medium,high,low +411,high,none,medium,none,medium,high,low +412,medium,low,medium,none,medium,high,low +413,low,high,medium,none,medium,high,low +414,medium,none,high,none,medium,high,low +415,low,low,high,none,medium,high,low +416,high,none,low,low,medium,high,low +417,medium,low,low,low,medium,high,low +418,low,high,low,low,medium,high,low +419,medium,none,medium,low,medium,high,low +420,low,low,medium,low,medium,high,low +421,low,none,high,low,medium,high,low +422,medium,none,low,high,medium,high,low +423,low,low,low,high,medium,high,low +424,low,none,medium,high,medium,high,low +425,high,none,low,none,high,high,high +426,medium,low,low,none,high,high,high +427,low,high,low,none,high,high,high +428,medium,none,medium,none,high,high,high +429,low,low,medium,none,high,high,high +430,low,none,high,none,high,high,high +431,medium,none,low,low,high,high,high +432,low,low,low,low,high,high,high +433,low,none,medium,low,high,high,high +434,low,none,low,high,high,high,high +435,high,high,high,low,low,none,high +436,high,high,medium,high,low,none,high +437,high,low,high,high,low,none,high +438,medium,high,high,high,low,none,high +439,high,high,high,none,medium,none,high +440,high,high,medium,low,medium,none,high +441,high,low,high,low,medium,none,low +442,medium,high,high,low,medium,none,low +443,high,high,low,high,medium,none,high +444,high,low,medium,high,medium,none,low +445,medium,high,medium,high,medium,none,low +446,high,none,high,high,medium,none,high +447,medium,low,high,high,medium,none,high +448,low,high,high,high,medium,none,high +449,high,high,medium,none,high,none,high +450,high,low,high,none,high,none,low +451,medium,high,high,none,high,none,low +452,high,high,low,low,high,none,high +453,high,low,medium,low,high,none,low +454,medium,high,medium,low,high,none,low +455,high,none,high,low,high,none,low +456,medium,low,high,low,high,none,low +457,low,high,high,low,high,none,low +458,high,low,low,high,high,none,low +459,medium,high,low,high,high,none,low +460,high,none,medium,high,high,none,low +461,medium,low,medium,high,high,none,low +462,low,high,medium,high,high,none,low +463,medium,none,high,high,high,none,high +464,low,low,high,high,high,none,high +465,high,high,high,none,low,low,high +466,high,high,medium,low,low,low,high +467,high,low,high,low,low,low,low +468,medium,high,high,low,low,low,low +469,high,high,low,high,low,low,high +470,high,low,medium,high,low,low,low +471,medium,high,medium,high,low,low,low +472,high,none,high,high,low,low,high +473,medium,low,high,high,low,low,high +474,low,high,high,high,low,low,high +475,high,high,medium,none,medium,low,high +476,high,low,high,none,medium,low,low +477,medium,high,high,none,medium,low,low +478,high,high,low,low,medium,low,high +479,high,low,medium,low,medium,low,low +480,medium,high,medium,low,medium,low,low +481,high,none,high,low,medium,low,low +482,medium,low,high,low,medium,low,low +483,low,high,high,low,medium,low,low +484,high,low,low,high,medium,low,low +485,medium,high,low,high,medium,low,low +486,high,none,medium,high,medium,low,low +487,medium,low,medium,high,medium,low,low +488,low,high,medium,high,medium,low,low +489,medium,none,high,high,medium,low,high +490,low,low,high,high,medium,low,high +491,high,high,low,none,high,low,high +492,high,low,medium,none,high,low,low +493,medium,high,medium,none,high,low,low +494,high,none,high,none,high,low,low +495,medium,low,high,none,high,low,low +496,low,high,high,none,high,low,low +497,high,low,low,low,high,low,low +498,medium,high,low,low,high,low,low +499,high,none,medium,low,high,low,low +500,medium,low,medium,low,high,low,low +501,low,high,medium,low,high,low,low +502,medium,none,high,low,high,low,low +503,low,low,high,low,high,low,low +504,high,none,low,high,high,low,low +505,medium,low,low,high,high,low,low +506,low,high,low,high,high,low,low +507,medium,none,medium,high,high,low,low +508,low,low,medium,high,high,low,low +509,low,none,high,high,high,low,high +510,high,high,medium,none,low,high,high +511,high,low,high,none,low,high,low +512,medium,high,high,none,low,high,low +513,high,high,low,low,low,high,high +514,high,low,medium,low,low,high,low +515,medium,high,medium,low,low,high,low +516,high,none,high,low,low,high,low +517,medium,low,high,low,low,high,low +518,low,high,high,low,low,high,low +519,high,low,low,high,low,high,low +520,medium,high,low,high,low,high,low +521,high,none,medium,high,low,high,low +522,medium,low,medium,high,low,high,low +523,low,high,medium,high,low,high,low +524,medium,none,high,high,low,high,high +525,low,low,high,high,low,high,high +526,high,high,low,none,medium,high,high +527,high,low,medium,none,medium,high,low +528,medium,high,medium,none,medium,high,low +529,high,none,high,none,medium,high,low +530,medium,low,high,none,medium,high,low +531,low,high,high,none,medium,high,low +532,high,low,low,low,medium,high,low +533,medium,high,low,low,medium,high,low +534,high,none,medium,low,medium,high,low +535,medium,low,medium,low,medium,high,low +536,low,high,medium,low,medium,high,low +537,medium,none,high,low,medium,high,low +538,low,low,high,low,medium,high,low +539,high,none,low,high,medium,high,low +540,medium,low,low,high,medium,high,low +541,low,high,low,high,medium,high,low +542,medium,none,medium,high,medium,high,low +543,low,low,medium,high,medium,high,low +544,low,none,high,high,medium,high,high +545,high,low,low,none,high,high,high +546,medium,high,low,none,high,high,high +547,high,none,medium,none,high,high,high +548,medium,low,medium,none,high,high,high +549,low,high,medium,none,high,high,high +550,medium,none,high,none,high,high,high +551,low,low,high,none,high,high,high +552,high,none,low,low,high,high,high +553,medium,low,low,low,high,high,high +554,low,high,low,low,high,high,high +555,medium,none,medium,low,high,high,high +556,low,low,medium,low,high,high,high +557,low,none,high,low,high,high,high +558,medium,none,low,high,high,high,high +559,low,low,low,high,high,high,high +560,low,none,medium,high,high,high,high +561,high,high,high,high,low,none,high +562,high,high,high,low,medium,none,high +563,high,high,medium,high,medium,none,high +564,high,low,high,high,medium,none,high +565,medium,high,high,high,medium,none,high +566,high,high,high,none,high,none,high +567,high,high,medium,low,high,none,high +568,high,low,high,low,high,none,low +569,medium,high,high,low,high,none,low +570,high,high,low,high,high,none,high +571,high,low,medium,high,high,none,low +572,medium,high,medium,high,high,none,low +573,high,none,high,high,high,none,high +574,medium,low,high,high,high,none,high +575,low,high,high,high,high,none,high +576,high,high,high,low,low,low,high +577,high,high,medium,high,low,low,high +578,high,low,high,high,low,low,high +579,medium,high,high,high,low,low,high +580,high,high,high,none,medium,low,high +581,high,high,medium,low,medium,low,high +582,high,low,high,low,medium,low,low +583,medium,high,high,low,medium,low,low +584,high,high,low,high,medium,low,high +585,high,low,medium,high,medium,low,low +586,medium,high,medium,high,medium,low,low +587,high,none,high,high,medium,low,high +588,medium,low,high,high,medium,low,high +589,low,high,high,high,medium,low,high +590,high,high,medium,none,high,low,high +591,high,low,high,none,high,low,low +592,medium,high,high,none,high,low,low +593,high,high,low,low,high,low,high +594,high,low,medium,low,high,low,low +595,medium,high,medium,low,high,low,low +596,high,none,high,low,high,low,low +597,medium,low,high,low,high,low,low +598,low,high,high,low,high,low,low +599,high,low,low,high,high,low,low +600,medium,high,low,high,high,low,low +601,high,none,medium,high,high,low,low +602,medium,low,medium,high,high,low,low +603,low,high,medium,high,high,low,low +604,medium,none,high,high,high,low,high +605,low,low,high,high,high,low,high +606,high,high,high,none,low,high,high +607,high,high,medium,low,low,high,high +608,high,low,high,low,low,high,low +609,medium,high,high,low,low,high,low +610,high,high,low,high,low,high,high +611,high,low,medium,high,low,high,low +612,medium,high,medium,high,low,high,low +613,high,none,high,high,low,high,high +614,medium,low,high,high,low,high,high +615,low,high,high,high,low,high,high +616,high,high,medium,none,medium,high,high +617,high,low,high,none,medium,high,low +618,medium,high,high,none,medium,high,low +619,high,high,low,low,medium,high,high +620,high,low,medium,low,medium,high,low +621,medium,high,medium,low,medium,high,low +622,high,none,high,low,medium,high,low +623,medium,low,high,low,medium,high,low +624,low,high,high,low,medium,high,low +625,high,low,low,high,medium,high,low +626,medium,high,low,high,medium,high,low +627,high,none,medium,high,medium,high,low +628,medium,low,medium,high,medium,high,low +629,low,high,medium,high,medium,high,low +630,medium,none,high,high,medium,high,high +631,low,low,high,high,medium,high,high +632,high,high,low,none,high,high,high +633,high,low,medium,none,high,high,high +634,medium,high,medium,none,high,high,high +635,high,none,high,none,high,high,high +636,medium,low,high,none,high,high,high +637,low,high,high,none,high,high,high +638,high,low,low,low,high,high,high +639,medium,high,low,low,high,high,high +640,high,none,medium,low,high,high,high +641,medium,low,medium,low,high,high,high +642,low,high,medium,low,high,high,high +643,medium,none,high,low,high,high,high +644,low,low,high,low,high,high,high +645,high,none,low,high,high,high,high +646,medium,low,low,high,high,high,high +647,low,high,low,high,high,high,high +648,medium,none,medium,high,high,high,high +649,low,low,medium,high,high,high,high +650,low,none,high,high,high,high,high +651,high,high,high,high,medium,none,high +652,high,high,high,low,high,none,high +653,high,high,medium,high,high,none,high +654,high,low,high,high,high,none,high +655,medium,high,high,high,high,none,high +656,high,high,high,high,low,low,high +657,high,high,high,low,medium,low,high +658,high,high,medium,high,medium,low,high +659,high,low,high,high,medium,low,high +660,medium,high,high,high,medium,low,high +661,high,high,high,none,high,low,high +662,high,high,medium,low,high,low,high +663,high,low,high,low,high,low,low +664,medium,high,high,low,high,low,low +665,high,high,low,high,high,low,high +666,high,low,medium,high,high,low,low +667,medium,high,medium,high,high,low,low +668,high,none,high,high,high,low,high +669,medium,low,high,high,high,low,high +670,low,high,high,high,high,low,high +671,high,high,high,low,low,high,high +672,high,high,medium,high,low,high,high +673,high,low,high,high,low,high,high +674,medium,high,high,high,low,high,high +675,high,high,high,none,medium,high,high +676,high,high,medium,low,medium,high,high +677,high,low,high,low,medium,high,low +678,medium,high,high,low,medium,high,low +679,high,high,low,high,medium,high,high +680,high,low,medium,high,medium,high,low +681,medium,high,medium,high,medium,high,low +682,high,none,high,high,medium,high,high +683,medium,low,high,high,medium,high,high +684,low,high,high,high,medium,high,high +685,high,high,medium,none,high,high,high +686,high,low,high,none,high,high,high +687,medium,high,high,none,high,high,high +688,high,high,low,low,high,high,high +689,high,low,medium,low,high,high,high +690,medium,high,medium,low,high,high,high +691,high,none,high,low,high,high,high +692,medium,low,high,low,high,high,high +693,low,high,high,low,high,high,high +694,high,low,low,high,high,high,high +695,medium,high,low,high,high,high,high +696,high,none,medium,high,high,high,high +697,medium,low,medium,high,high,high,high +698,low,high,medium,high,high,high,high +699,medium,none,high,high,high,high,high +700,low,low,high,high,high,high,high +701,high,high,high,high,high,none,high +702,high,high,high,high,medium,low,high +703,high,high,high,low,high,low,high +704,high,high,medium,high,high,low,high +705,high,low,high,high,high,low,high +706,medium,high,high,high,high,low,high +707,high,high,high,high,low,high,high +708,high,high,high,low,medium,high,high +709,high,high,medium,high,medium,high,high +710,high,low,high,high,medium,high,high +711,medium,high,high,high,medium,high,high +712,high,high,high,none,high,high,high +713,high,high,medium,low,high,high,high +714,high,low,high,low,high,high,high +715,medium,high,high,low,high,high,high +716,high,high,low,high,high,high,high +717,high,low,medium,high,high,high,high +718,medium,high,medium,high,high,high,high +719,high,none,high,high,high,high,high +720,medium,low,high,high,high,high,high +721,low,high,high,high,high,high,high +722,high,high,high,high,high,low,high +723,high,high,high,high,medium,high,high +724,high,high,high,low,high,high,high +725,high,high,medium,high,high,high,high +726,high,low,high,high,high,high,high +727,medium,high,high,high,high,high,high +728,high,high,high,high,high,high,high diff --git a/data/csv/ssvc/coordinator_publish_decision_table_1_0_0.csv b/data/csv/ssvc/coordinator_publish_decision_table_1_0_0.csv new file mode 100644 index 00000000..60b8b32a --- /dev/null +++ b/data/csv/ssvc/coordinator_publish_decision_table_1_0_0.csv @@ -0,0 +1,28 @@ +row,Supplier Involvement v1.0.0,Exploitation v1.1.0,Public Value Added v1.0.0,"Publish, Do Not Publish v1.0.0" +0,fix ready,none,limited,do not publish +1,cooperative,none,limited,do not publish +2,fix ready,public poc,limited,do not publish +3,fix ready,none,ampliative,do not publish +4,uncooperative/unresponsive,none,limited,do not publish +5,cooperative,public poc,limited,do not publish +6,fix ready,active,limited,do not publish +7,cooperative,none,ampliative,do not publish +8,fix ready,public poc,ampliative,do not publish +9,fix ready,none,precedence,publish +10,uncooperative/unresponsive,public poc,limited,do not publish +11,cooperative,active,limited,do not publish +12,uncooperative/unresponsive,none,ampliative,do not publish +13,cooperative,public poc,ampliative,do not publish +14,fix ready,active,ampliative,publish +15,cooperative,none,precedence,publish +16,fix ready,public poc,precedence,publish +17,uncooperative/unresponsive,active,limited,publish +18,uncooperative/unresponsive,public poc,ampliative,publish +19,cooperative,active,ampliative,publish +20,uncooperative/unresponsive,none,precedence,publish +21,cooperative,public poc,precedence,publish +22,fix ready,active,precedence,publish +23,uncooperative/unresponsive,active,ampliative,publish +24,uncooperative/unresponsive,public poc,precedence,publish +25,cooperative,active,precedence,publish +26,uncooperative/unresponsive,active,precedence,publish diff --git a/data/csv/ssvc/coordinator_triage_1_0_0.csv b/data/csv/ssvc/coordinator_triage_1_0_0.csv new file mode 100644 index 00000000..5d5c8ee8 --- /dev/null +++ b/data/csv/ssvc/coordinator_triage_1_0_0.csv @@ -0,0 +1,193 @@ +row,Report Public v1.0.0,Supplier Contacted v1.0.0,Report Credibility v1.0.0,Supplier Cardinality v1.0.0,Supplier Engagement v1.0.0,Utility v1.0.1,Public Safety Impact v2.0.1,"Decline, Track, Coordinate v1.0.1" +0,yes,no,not credible,one,active,laborious,minimal,decline +1,no,no,not credible,one,active,laborious,minimal,decline +2,yes,yes,not credible,one,active,laborious,minimal,decline +3,yes,no,credible,one,active,laborious,minimal,decline +4,yes,no,not credible,multiple,active,laborious,minimal,decline +5,yes,no,not credible,one,unresponsive,laborious,minimal,decline +6,yes,no,not credible,one,active,efficient,minimal,decline +7,yes,no,not credible,one,active,laborious,significant,decline +8,no,yes,not credible,one,active,laborious,minimal,decline +9,no,no,credible,one,active,laborious,minimal,decline +10,yes,yes,credible,one,active,laborious,minimal,decline +11,no,no,not credible,multiple,active,laborious,minimal,decline +12,yes,yes,not credible,multiple,active,laborious,minimal,decline +13,yes,no,credible,multiple,active,laborious,minimal,decline +14,no,no,not credible,one,unresponsive,laborious,minimal,decline +15,yes,yes,not credible,one,unresponsive,laborious,minimal,decline +16,yes,no,credible,one,unresponsive,laborious,minimal,decline +17,yes,no,not credible,multiple,unresponsive,laborious,minimal,decline +18,no,no,not credible,one,active,efficient,minimal,decline +19,yes,yes,not credible,one,active,efficient,minimal,decline +20,yes,no,credible,one,active,efficient,minimal,decline +21,yes,no,not credible,multiple,active,efficient,minimal,decline +22,yes,no,not credible,one,unresponsive,efficient,minimal,decline +23,yes,no,not credible,one,active,super effective,minimal,decline +24,no,no,not credible,one,active,laborious,significant,decline +25,yes,yes,not credible,one,active,laborious,significant,decline +26,yes,no,credible,one,active,laborious,significant,decline +27,yes,no,not credible,multiple,active,laborious,significant,decline +28,yes,no,not credible,one,unresponsive,laborious,significant,decline +29,yes,no,not credible,one,active,efficient,significant,decline +30,no,yes,credible,one,active,laborious,minimal,decline +31,no,yes,not credible,multiple,active,laborious,minimal,decline +32,no,no,credible,multiple,active,laborious,minimal,decline +33,yes,yes,credible,multiple,active,laborious,minimal,decline +34,no,yes,not credible,one,unresponsive,laborious,minimal,decline +35,no,no,credible,one,unresponsive,laborious,minimal,decline +36,yes,yes,credible,one,unresponsive,laborious,minimal,decline +37,no,no,not credible,multiple,unresponsive,laborious,minimal,decline +38,yes,yes,not credible,multiple,unresponsive,laborious,minimal,decline +39,yes,no,credible,multiple,unresponsive,laborious,minimal,decline +40,no,yes,not credible,one,active,efficient,minimal,decline +41,no,no,credible,one,active,efficient,minimal,decline +42,yes,yes,credible,one,active,efficient,minimal,decline +43,no,no,not credible,multiple,active,efficient,minimal,decline +44,yes,yes,not credible,multiple,active,efficient,minimal,decline +45,yes,no,credible,multiple,active,efficient,minimal,decline +46,no,no,not credible,one,unresponsive,efficient,minimal,decline +47,yes,yes,not credible,one,unresponsive,efficient,minimal,decline +48,yes,no,credible,one,unresponsive,efficient,minimal,decline +49,yes,no,not credible,multiple,unresponsive,efficient,minimal,decline +50,no,no,not credible,one,active,super effective,minimal,decline +51,yes,yes,not credible,one,active,super effective,minimal,decline +52,yes,no,credible,one,active,super effective,minimal,decline +53,yes,no,not credible,multiple,active,super effective,minimal,decline +54,yes,no,not credible,one,unresponsive,super effective,minimal,decline +55,no,yes,not credible,one,active,laborious,significant,decline +56,no,no,credible,one,active,laborious,significant,decline +57,yes,yes,credible,one,active,laborious,significant,decline +58,no,no,not credible,multiple,active,laborious,significant,decline +59,yes,yes,not credible,multiple,active,laborious,significant,decline +60,yes,no,credible,multiple,active,laborious,significant,decline +61,no,no,not credible,one,unresponsive,laborious,significant,decline +62,yes,yes,not credible,one,unresponsive,laborious,significant,decline +63,yes,no,credible,one,unresponsive,laborious,significant,decline +64,yes,no,not credible,multiple,unresponsive,laborious,significant,decline +65,no,no,not credible,one,active,efficient,significant,decline +66,yes,yes,not credible,one,active,efficient,significant,decline +67,yes,no,credible,one,active,efficient,significant,decline +68,yes,no,not credible,multiple,active,efficient,significant,decline +69,yes,no,not credible,one,unresponsive,efficient,significant,decline +70,yes,no,not credible,one,active,super effective,significant,decline +71,no,yes,credible,multiple,active,laborious,minimal,decline +72,no,yes,credible,one,unresponsive,laborious,minimal,track +73,no,yes,not credible,multiple,unresponsive,laborious,minimal,decline +74,no,no,credible,multiple,unresponsive,laborious,minimal,decline +75,yes,yes,credible,multiple,unresponsive,laborious,minimal,decline +76,no,yes,credible,one,active,efficient,minimal,decline +77,no,yes,not credible,multiple,active,efficient,minimal,decline +78,no,no,credible,multiple,active,efficient,minimal,decline +79,yes,yes,credible,multiple,active,efficient,minimal,decline +80,no,yes,not credible,one,unresponsive,efficient,minimal,decline +81,no,no,credible,one,unresponsive,efficient,minimal,decline +82,yes,yes,credible,one,unresponsive,efficient,minimal,decline +83,no,no,not credible,multiple,unresponsive,efficient,minimal,decline +84,yes,yes,not credible,multiple,unresponsive,efficient,minimal,decline +85,yes,no,credible,multiple,unresponsive,efficient,minimal,decline +86,no,yes,not credible,one,active,super effective,minimal,decline +87,no,no,credible,one,active,super effective,minimal,decline +88,yes,yes,credible,one,active,super effective,minimal,decline +89,no,no,not credible,multiple,active,super effective,minimal,decline +90,yes,yes,not credible,multiple,active,super effective,minimal,decline +91,yes,no,credible,multiple,active,super effective,minimal,decline +92,no,no,not credible,one,unresponsive,super effective,minimal,decline +93,yes,yes,not credible,one,unresponsive,super effective,minimal,decline +94,yes,no,credible,one,unresponsive,super effective,minimal,decline +95,yes,no,not credible,multiple,unresponsive,super effective,minimal,decline +96,no,yes,credible,one,active,laborious,significant,decline +97,no,yes,not credible,multiple,active,laborious,significant,track +98,no,no,credible,multiple,active,laborious,significant,decline +99,yes,yes,credible,multiple,active,laborious,significant,decline +100,no,yes,not credible,one,unresponsive,laborious,significant,decline +101,no,no,credible,one,unresponsive,laborious,significant,decline +102,yes,yes,credible,one,unresponsive,laborious,significant,decline +103,no,no,not credible,multiple,unresponsive,laborious,significant,decline +104,yes,yes,not credible,multiple,unresponsive,laborious,significant,decline +105,yes,no,credible,multiple,unresponsive,laborious,significant,decline +106,no,yes,not credible,one,active,efficient,significant,track +107,no,no,credible,one,active,efficient,significant,decline +108,yes,yes,credible,one,active,efficient,significant,decline +109,no,no,not credible,multiple,active,efficient,significant,decline +110,yes,yes,not credible,multiple,active,efficient,significant,decline +111,yes,no,credible,multiple,active,efficient,significant,decline +112,no,no,not credible,one,unresponsive,efficient,significant,decline +113,yes,yes,not credible,one,unresponsive,efficient,significant,decline +114,yes,no,credible,one,unresponsive,efficient,significant,decline +115,yes,no,not credible,multiple,unresponsive,efficient,significant,decline +116,no,no,not credible,one,active,super effective,significant,decline +117,yes,yes,not credible,one,active,super effective,significant,decline +118,yes,no,credible,one,active,super effective,significant,decline +119,yes,no,not credible,multiple,active,super effective,significant,coordinate +120,yes,no,not credible,one,unresponsive,super effective,significant,decline +121,no,yes,credible,multiple,unresponsive,laborious,minimal,coordinate +122,no,yes,credible,multiple,active,efficient,minimal,decline +123,no,yes,credible,one,unresponsive,efficient,minimal,coordinate +124,no,yes,not credible,multiple,unresponsive,efficient,minimal,decline +125,no,no,credible,multiple,unresponsive,efficient,minimal,decline +126,yes,yes,credible,multiple,unresponsive,efficient,minimal,decline +127,no,yes,credible,one,active,super effective,minimal,decline +128,no,yes,not credible,multiple,active,super effective,minimal,track +129,no,no,credible,multiple,active,super effective,minimal,decline +130,yes,yes,credible,multiple,active,super effective,minimal,decline +131,no,yes,not credible,one,unresponsive,super effective,minimal,decline +132,no,no,credible,one,unresponsive,super effective,minimal,decline +133,yes,yes,credible,one,unresponsive,super effective,minimal,decline +134,no,no,not credible,multiple,unresponsive,super effective,minimal,decline +135,yes,yes,not credible,multiple,unresponsive,super effective,minimal,decline +136,yes,no,credible,multiple,unresponsive,super effective,minimal,decline +137,no,yes,credible,multiple,active,laborious,significant,track +138,no,yes,credible,one,unresponsive,laborious,significant,coordinate +139,no,yes,not credible,multiple,unresponsive,laborious,significant,track +140,no,no,credible,multiple,unresponsive,laborious,significant,decline +141,yes,yes,credible,multiple,unresponsive,laborious,significant,decline +142,no,yes,credible,one,active,efficient,significant,track +143,no,yes,not credible,multiple,active,efficient,significant,track +144,no,no,credible,multiple,active,efficient,significant,decline +145,yes,yes,credible,multiple,active,efficient,significant,decline +146,no,yes,not credible,one,unresponsive,efficient,significant,track +147,no,no,credible,one,unresponsive,efficient,significant,decline +148,yes,yes,credible,one,unresponsive,efficient,significant,decline +149,no,no,not credible,multiple,unresponsive,efficient,significant,decline +150,yes,yes,not credible,multiple,unresponsive,efficient,significant,decline +151,yes,no,credible,multiple,unresponsive,efficient,significant,decline +152,no,yes,not credible,one,active,super effective,significant,track +153,no,no,credible,one,active,super effective,significant,decline +154,yes,yes,credible,one,active,super effective,significant,decline +155,no,no,not credible,multiple,active,super effective,significant,coordinate +156,yes,yes,not credible,multiple,active,super effective,significant,coordinate +157,yes,no,credible,multiple,active,super effective,significant,coordinate +158,no,no,not credible,one,unresponsive,super effective,significant,decline +159,yes,yes,not credible,one,unresponsive,super effective,significant,decline +160,yes,no,credible,one,unresponsive,super effective,significant,decline +161,yes,no,not credible,multiple,unresponsive,super effective,significant,coordinate +162,no,yes,credible,multiple,unresponsive,efficient,minimal,coordinate +163,no,yes,credible,multiple,active,super effective,minimal,coordinate +164,no,yes,credible,one,unresponsive,super effective,minimal,coordinate +165,no,yes,not credible,multiple,unresponsive,super effective,minimal,track +166,no,no,credible,multiple,unresponsive,super effective,minimal,decline +167,yes,yes,credible,multiple,unresponsive,super effective,minimal,decline +168,no,yes,credible,multiple,unresponsive,laborious,significant,coordinate +169,no,yes,credible,multiple,active,efficient,significant,track +170,no,yes,credible,one,unresponsive,efficient,significant,coordinate +171,no,yes,not credible,multiple,unresponsive,efficient,significant,track +172,no,no,credible,multiple,unresponsive,efficient,significant,decline +173,yes,yes,credible,multiple,unresponsive,efficient,significant,decline +174,no,yes,credible,one,active,super effective,significant,track +175,no,yes,not credible,multiple,active,super effective,significant,coordinate +176,no,no,credible,multiple,active,super effective,significant,coordinate +177,yes,yes,credible,multiple,active,super effective,significant,coordinate +178,no,yes,not credible,one,unresponsive,super effective,significant,track +179,no,no,credible,one,unresponsive,super effective,significant,decline +180,yes,yes,credible,one,unresponsive,super effective,significant,decline +181,no,no,not credible,multiple,unresponsive,super effective,significant,coordinate +182,yes,yes,not credible,multiple,unresponsive,super effective,significant,coordinate +183,yes,no,credible,multiple,unresponsive,super effective,significant,coordinate +184,no,yes,credible,multiple,unresponsive,super effective,minimal,coordinate +185,no,yes,credible,multiple,unresponsive,efficient,significant,coordinate +186,no,yes,credible,multiple,active,super effective,significant,coordinate +187,no,yes,credible,one,unresponsive,super effective,significant,coordinate +188,no,yes,not credible,multiple,unresponsive,super effective,significant,coordinate +189,no,no,credible,multiple,unresponsive,super effective,significant,coordinate +190,yes,yes,credible,multiple,unresponsive,super effective,significant,coordinate +191,no,yes,credible,multiple,unresponsive,super effective,significant,coordinate diff --git a/data/csv/ssvc/deployer_patch_application_priority_1_0_0.csv b/data/csv/ssvc/deployer_patch_application_priority_1_0_0.csv new file mode 100644 index 00000000..345b4bf0 --- /dev/null +++ b/data/csv/ssvc/deployer_patch_application_priority_1_0_0.csv @@ -0,0 +1,73 @@ +row,Exploitation v1.1.0,System Exposure v1.0.1,Automatable v2.0.0,Human Impact v2.0.2,"Defer, Scheduled, Out-of-Cycle, Immediate v1.0.0" +0,none,small,no,low,defer +1,none,small,no,medium,defer +2,none,small,no,high,scheduled +3,none,small,no,very high,scheduled +4,none,small,yes,low,defer +5,none,small,yes,medium,scheduled +6,none,small,yes,high,scheduled +7,none,small,yes,very high,scheduled +8,none,controlled,no,low,defer +9,none,controlled,no,medium,scheduled +10,none,controlled,no,high,scheduled +11,none,controlled,no,very high,scheduled +12,none,controlled,yes,low,scheduled +13,none,controlled,yes,medium,scheduled +14,none,controlled,yes,high,scheduled +15,none,controlled,yes,very high,scheduled +16,none,open,no,low,defer +17,none,open,no,medium,scheduled +18,none,open,no,high,scheduled +19,none,open,no,very high,scheduled +20,none,open,yes,low,scheduled +21,none,open,yes,medium,scheduled +22,none,open,yes,high,scheduled +23,none,open,yes,very high,out-of-cycle +24,public poc,small,no,low,defer +25,public poc,small,no,medium,scheduled +26,public poc,small,no,high,scheduled +27,public poc,small,no,very high,scheduled +28,public poc,small,yes,low,scheduled +29,public poc,small,yes,medium,scheduled +30,public poc,small,yes,high,scheduled +31,public poc,small,yes,very high,scheduled +32,public poc,controlled,no,low,defer +33,public poc,controlled,no,medium,scheduled +34,public poc,controlled,no,high,scheduled +35,public poc,controlled,no,very high,scheduled +36,public poc,controlled,yes,low,scheduled +37,public poc,controlled,yes,medium,scheduled +38,public poc,controlled,yes,high,scheduled +39,public poc,controlled,yes,very high,out-of-cycle +40,public poc,open,no,low,scheduled +41,public poc,open,no,medium,scheduled +42,public poc,open,no,high,scheduled +43,public poc,open,no,very high,out-of-cycle +44,public poc,open,yes,low,scheduled +45,public poc,open,yes,medium,scheduled +46,public poc,open,yes,high,out-of-cycle +47,public poc,open,yes,very high,out-of-cycle +48,active,small,no,low,scheduled +49,active,small,no,medium,scheduled +50,active,small,no,high,out-of-cycle +51,active,small,no,very high,out-of-cycle +52,active,small,yes,low,scheduled +53,active,small,yes,medium,out-of-cycle +54,active,small,yes,high,out-of-cycle +55,active,small,yes,very high,out-of-cycle +56,active,controlled,no,low,scheduled +57,active,controlled,no,medium,scheduled +58,active,controlled,no,high,out-of-cycle +59,active,controlled,no,very high,out-of-cycle +60,active,controlled,yes,low,out-of-cycle +61,active,controlled,yes,medium,out-of-cycle +62,active,controlled,yes,high,out-of-cycle +63,active,controlled,yes,very high,out-of-cycle +64,active,open,no,low,scheduled +65,active,open,no,medium,out-of-cycle +66,active,open,no,high,out-of-cycle +67,active,open,no,very high,immediate +68,active,open,yes,low,out-of-cycle +69,active,open,yes,medium,out-of-cycle +70,active,open,yes,high,immediate +71,active,open,yes,very high,immediate diff --git a/data/csv/ssvc/human_impact_1_0_0.csv b/data/csv/ssvc/human_impact_1_0_0.csv new file mode 100644 index 00000000..b100b9c7 --- /dev/null +++ b/data/csv/ssvc/human_impact_1_0_0.csv @@ -0,0 +1,17 @@ +row,Safety Impact v2.0.0,Mission Impact v2.0.0,Human Impact v2.0.2 +0,negligible,degraded,low +1,negligible,mef support crippled,low +2,negligible,mef failure,medium +3,negligible,mission failure,very high +4,marginal,degraded,low +5,marginal,mef support crippled,low +6,marginal,mef failure,medium +7,marginal,mission failure,very high +8,critical,degraded,medium +9,critical,mef support crippled,high +10,critical,mef failure,high +11,critical,mission failure,very high +12,catastrophic,degraded,very high +13,catastrophic,mef support crippled,very high +14,catastrophic,mef failure,very high +15,catastrophic,mission failure,very high diff --git a/data/csv/ssvc/public_safety_impact_1_0_0.csv b/data/csv/ssvc/public_safety_impact_1_0_0.csv new file mode 100644 index 00000000..e515a840 --- /dev/null +++ b/data/csv/ssvc/public_safety_impact_1_0_0.csv @@ -0,0 +1,5 @@ +row,Safety Impact v2.0.0,Public Safety Impact v2.0.1 +0,negligible,minimal +1,marginal,significant +2,critical,significant +3,catastrophic,significant diff --git a/data/csv/ssvc/supplier_patch_development_priority_1_0_0.csv b/data/csv/ssvc/supplier_patch_development_priority_1_0_0.csv new file mode 100644 index 00000000..b3a02936 --- /dev/null +++ b/data/csv/ssvc/supplier_patch_development_priority_1_0_0.csv @@ -0,0 +1,37 @@ +row,Exploitation v1.1.0,Utility v1.0.1,Technical Impact v1.0.0,Public Safety Impact v2.0.1,"Defer, Scheduled, Out-of-Cycle, Immediate v1.0.0" +0,none,laborious,partial,minimal,defer +1,none,laborious,partial,significant,scheduled +2,none,laborious,total,minimal,scheduled +3,none,laborious,total,significant,out-of-cycle +4,none,efficient,partial,minimal,scheduled +5,none,efficient,partial,significant,out-of-cycle +6,none,efficient,total,minimal,scheduled +7,none,efficient,total,significant,out-of-cycle +8,none,super effective,partial,minimal,scheduled +9,none,super effective,partial,significant,out-of-cycle +10,none,super effective,total,minimal,out-of-cycle +11,none,super effective,total,significant,out-of-cycle +12,public poc,laborious,partial,minimal,scheduled +13,public poc,laborious,partial,significant,out-of-cycle +14,public poc,laborious,total,minimal,scheduled +15,public poc,laborious,total,significant,immediate +16,public poc,efficient,partial,minimal,scheduled +17,public poc,efficient,partial,significant,immediate +18,public poc,efficient,total,minimal,out-of-cycle +19,public poc,efficient,total,significant,immediate +20,public poc,super effective,partial,minimal,out-of-cycle +21,public poc,super effective,partial,significant,immediate +22,public poc,super effective,total,minimal,out-of-cycle +23,public poc,super effective,total,significant,immediate +24,active,laborious,partial,minimal,out-of-cycle +25,active,laborious,partial,significant,immediate +26,active,laborious,total,minimal,out-of-cycle +27,active,laborious,total,significant,immediate +28,active,efficient,partial,minimal,out-of-cycle +29,active,efficient,partial,significant,immediate +30,active,efficient,total,minimal,out-of-cycle +31,active,efficient,total,significant,immediate +32,active,super effective,partial,minimal,immediate +33,active,super effective,partial,significant,immediate +34,active,super effective,total,minimal,immediate +35,active,super effective,total,significant,immediate diff --git a/data/csv/ssvc/utility_1_0_0.csv b/data/csv/ssvc/utility_1_0_0.csv new file mode 100644 index 00000000..5bdd4fcc --- /dev/null +++ b/data/csv/ssvc/utility_1_0_0.csv @@ -0,0 +1,5 @@ +row,Automatable v2.0.0,Value Density v1.0.0,Utility v1.0.1 +0,no,diffuse,laborious +1,no,concentrated,efficient +2,yes,diffuse,efficient +3,yes,concentrated,super effective diff --git a/data/csvs b/data/csvs new file mode 120000 index 00000000..c3f45170 --- /dev/null +++ b/data/csvs @@ -0,0 +1 @@ +csv \ No newline at end of file diff --git a/data/csvs/README b/data/csvs/README deleted file mode 100644 index 6985a664..00000000 --- a/data/csvs/README +++ /dev/null @@ -1,10 +0,0 @@ -These delimter separated lists are for convenience. -If there is a conflict with an associated JSON schema, the JSON takes precedence. - -A skeleton for filling in a csv table can be generated using ../src/enumerate*.sh -That is mostly useful if you want to customize your risk posture by changing the priority for some situations. - -These CSV files are used as input to ../src/SSVC_csv-to-latex.py as part of the pipeline for creating the pretty static images of the trees used in the PDF document. - -The folder child_trees contain CSV files that contribute to a Combined Value of two child decision points for e.g., the Human Impact is a combination of Situated Safety Impact and Mission Impact. In the future these will be created a Child trees in SSVC schema. - diff --git a/data/csvs/child_trees/human-impact.csv b/data/csvs/child_trees/human-impact.csv deleted file mode 100644 index 03c75179..00000000 --- a/data/csvs/child_trees/human-impact.csv +++ /dev/null @@ -1,21 +0,0 @@ - Situated Safety Impact , Mission Impact , Human Impact - None , Degraded , Low - None , Crippled , Low - None , MEF Failure , Medium - None , Mission Failure , Very High - Minor , Degraded , Low - Minor , Crippled , Low - Minor , MEF Failure , Medium - Minor , Mission Failure , Very High - Major , Degraded , Medium - Major , Crippled , Medium - Major , MEF Failure , High - Major , Mission Failure , Very High - Hazardous , Degraded , High - Hazardous , Crippled , High - Hazardous , MEF Failure , High - Hazardous , Mission Failure , Very High - Catastrophic , Degraded , Very High - Catastrophic , Crippled , Very High - Catastrophic , MEF Failure , Very High - Catastrophic , Mission Failure , Very High diff --git a/data/csvs/child_trees/mission-and-well-being.csv b/data/csvs/child_trees/mission-and-well-being.csv deleted file mode 100644 index f24af30c..00000000 --- a/data/csvs/child_trees/mission-and-well-being.csv +++ /dev/null @@ -1,10 +0,0 @@ -Mission Prevalence , Public Well-being Impact , Mission and Well-being Impact -minimal , minimal , low -minimal , material , medium -minimal , irreversible, high -support , minimal , medium -support , material , medium -support , irreversible, high -essential , minimal , high -essential , material , high -essential , irreversible, high diff --git a/data/csvs/child_trees/utility.csv b/data/csvs/child_trees/utility.csv deleted file mode 100644 index 15b6e6e8..00000000 --- a/data/csvs/child_trees/utility.csv +++ /dev/null @@ -1,5 +0,0 @@ - Automatable , Value Density , Utility - no , diffuse , laborious - no , concentrated , efficient - yes , diffuse , efficient - yes , concentrated , super effective diff --git a/data/csvs/coord-publish-options.csv b/data/csvs/coord-publish-options.csv deleted file mode 100644 index 10da468e..00000000 --- a/data/csvs/coord-publish-options.csv +++ /dev/null @@ -1,28 +0,0 @@ -row,Supplier involvement,Exploitation,Value added,Priority -1,fix ready,none,precedence,publish -2,fix ready,none,ampliative,don't publish -3,fix ready,none,limited,don't publish -4,fix ready,PoC,precedence,publish -5,fix ready,PoC,ampliative,don't publish -6,fix ready,PoC,limited,don't publish -7,fix ready,active,precedence,publish -8,fix ready,active,ampliative,publish -9,fix ready,active,limited,don't publish -10,cooperative,none,precedence,publish -11,cooperative,none,ampliative,don't publish -12,cooperative,none,limited,don't publish -13,cooperative,PoC,precedence,publish -14,cooperative,PoC,ampliative,don't publish -15,cooperative,PoC,limited,don't publish -16,cooperative,active,precedence,publish -17,cooperative,active,ampliative,publish -18,cooperative,active,limited,don't publish -19,uncoop/unresponsive,none,precedence,publish -20,uncoop/unresponsive,none,ampliative,don't publish -21,uncoop/unresponsive,none,limited,don't publish -22,uncoop/unresponsive,PoC,precedence,publish -23,uncoop/unresponsive,PoC,ampliative,publish -24,uncoop/unresponsive,PoC,limited,don't publish -25,uncoop/unresponsive,active,precedence,publish -26,uncoop/unresponsive,active,ampliative,publish -27,uncoop/unresponsive,active,limited,publish diff --git a/data/csvs/coord-triage-options.csv b/data/csvs/coord-triage-options.csv deleted file mode 100644 index 4f40e1d1..00000000 --- a/data/csvs/coord-triage-options.csv +++ /dev/null @@ -1,85 +0,0 @@ -row,Public,Contacted,Report_Credibility,Cardinality,Engagement,Utility,Public_Safety_Impact,Priority -1,no,yes,no,one,active,laborious,minimal,decline -2,no,yes,no,one,active,laborious,significant,decline -3,no,yes,no,one,active,efficient,minimal,decline -4,no,yes,no,one,active,efficient,significant,track -5,no,yes,no,one,active,super effective,minimal,decline -6,no,yes,no,one,active,super effective,significant,track -7,no,yes,no,one,unresponsive,laborious,minimal,decline -8,no,yes,no,one,unresponsive,laborious,significant,decline -9,no,yes,no,one,unresponsive,efficient,minimal,decline -10,no,yes,no,one,unresponsive,efficient,significant,track -11,no,yes,no,one,unresponsive,super effective,minimal,decline -12,no,yes,no,one,unresponsive,super effective,significant,track -13,no,yes,no,multiple,active,laborious,minimal,decline -14,no,yes,no,multiple,active,laborious,significant,track -15,no,yes,no,multiple,active,efficient,minimal,decline -16,no,yes,no,multiple,active,efficient,significant,track -17,no,yes,no,multiple,active,super effective,minimal,track -18,no,yes,no,multiple,active,super effective,significant,coordinate -19,no,yes,no,multiple,unresponsive,laborious,minimal,decline -20,no,yes,no,multiple,unresponsive,laborious,significant,track -21,no,yes,no,multiple,unresponsive,efficient,minimal,decline -22,no,yes,no,multiple,unresponsive,efficient,significant,track -23,no,yes,no,multiple,unresponsive,super effective,minimal,track -24,no,yes,no,multiple,unresponsive,super effective,significant,coordinate -25,no,yes,yes,one,active,laborious,minimal,decline -26,no,yes,yes,one,active,laborious,significant,decline -27,no,yes,yes,one,active,efficient,minimal,decline -28,no,yes,yes,one,active,efficient,significant,track -29,no,yes,yes,one,active,super effective,minimal,decline -30,no,yes,yes,one,active,super effective,significant,track -31,no,yes,yes,one,unresponsive,laborious,minimal,track -32,no,yes,yes,one,unresponsive,laborious,significant,coordinate -33,no,yes,yes,one,unresponsive,efficient,minimal,coordinate -34,no,yes,yes,one,unresponsive,efficient,significant,coordinate -35,no,yes,yes,one,unresponsive,super effective,minimal,coordinate -36,no,yes,yes,one,unresponsive,super effective,significant,coordinate -37,no,yes,yes,multiple,active,laborious,minimal,decline -38,no,yes,yes,multiple,active,laborious,significant,track -39,no,yes,yes,multiple,active,efficient,minimal,decline -40,no,yes,yes,multiple,active,efficient,significant,track -41,no,yes,yes,multiple,active,super effective,minimal,coordinate -42,no,yes,yes,multiple,active,super effective,significant,coordinate -43,no,yes,yes,multiple,unresponsive,laborious,minimal,coordinate -44,no,yes,yes,multiple,unresponsive,laborious,significant,coordinate -45,no,yes,yes,multiple,unresponsive,efficient,minimal,coordinate -46,no,yes,yes,multiple,unresponsive,efficient,significant,coordinate -47,no,yes,yes,multiple,unresponsive,super effective,minimal,coordinate -48,no,yes,yes,multiple,unresponsive,super effective,significant,coordinate -49,yes,yes,no,multiple,active,super effective,significant,coordinate -50,yes,yes,no,multiple,unresponsive,super effective,significant,coordinate -51,yes,yes,yes,multiple,active,super effective,significant,coordinate -52,yes,yes,yes,multiple,unresponsive,super effective,significant,coordinate -53,yes,no,no,multiple,active,super effective,significant,coordinate -54,yes,no,no,multiple,unresponsive,super effective,significant,coordinate -55,yes,no,yes,multiple,active,super effective,significant,coordinate -56,yes,no,yes,multiple,unresponsive,super effective,significant,coordinate -57,yes,yes,no,one,active,laborious,minimal,decline -58,yes,yes,no,one,active,efficient,minimal,decline -59,yes,yes,no,one,unresponsive,laborious,minimal,decline -60,yes,yes,no,one,unresponsive,efficient,minimal,decline -61,yes,yes,yes,one,active,laborious,minimal,decline -62,yes,yes,yes,one,active,efficient,minimal,decline -63,yes,yes,yes,one,unresponsive,laborious,minimal,decline -64,yes,yes,yes,one,unresponsive,efficient,minimal,decline -65,yes,no,no,one,active,laborious,minimal,decline -66,yes,no,no,one,active,efficient,minimal,decline -67,yes,no,no,one,unresponsive,laborious,minimal,decline -68,yes,no,no,one,unresponsive,efficient,minimal,decline -69,yes,no,yes,one,active,laborious,minimal,decline -70,yes,no,yes,one,active,efficient,minimal,decline -71,yes,no,yes,one,unresponsive,laborious,minimal,decline -72,yes,no,yes,one,unresponsive,efficient,minimal,decline -73,no,no,no,multiple,active,super effective,significant,coordinate -74,no,no,no,multiple,unresponsive,super effective,significant,coordinate -75,no,no,yes,multiple,active,super effective,significant,coordinate -76,no,no,yes,multiple,unresponsive,super effective,significant,coordinate -77,no,no,no,one,active,laborious,minimal,decline -78,no,no,no,one,active,efficient,minimal,decline -79,no,no,no,one,unresponsive,laborious,minimal,decline -80,no,no,no,one,unresponsive,efficient,minimal,decline -81,no,no,yes,one,active,laborious,minimal,decline -82,no,no,yes,one,active,efficient,minimal,decline -83,no,no,yes,one,unresponsive,laborious,minimal,decline -84,no,no,yes,one,unresponsive,efficient,minimal,decline diff --git a/data/csvs/deployer-options.csv b/data/csvs/deployer-options.csv deleted file mode 100644 index 6b9a8791..00000000 --- a/data/csvs/deployer-options.csv +++ /dev/null @@ -1,73 +0,0 @@ -row,Exploitation,Exposure,Automatable,Human Impact,Priority -1,none,small,no,low,defer -2,none,small,no,medium,defer -3,none,small,no,high,scheduled -4,none,small,no,very high,scheduled -5,none,small,yes,low,defer -6,none,small,yes,medium,scheduled -7,none,small,yes,high,scheduled -8,none,small,yes,very high,scheduled -9,none,controlled,no,low,defer -10,none,controlled,no,medium,scheduled -11,none,controlled,no,high,scheduled -12,none,controlled,no,very high,scheduled -13,none,controlled,yes,low,scheduled -14,none,controlled,yes,medium,scheduled -15,none,controlled,yes,high,scheduled -16,none,controlled,yes,very high,scheduled -17,none,open,no,low,defer -18,none,open,no,medium,scheduled -19,none,open,no,high,scheduled -20,none,open,no,very high,scheduled -21,none,open,yes,low,scheduled -22,none,open,yes,medium,scheduled -23,none,open,yes,high,scheduled -24,none,open,yes,very high,out-of-cycle -25,PoC,small,no,low,defer -26,PoC,small,no,medium,scheduled -27,PoC,small,no,high,scheduled -28,PoC,small,no,very high,scheduled -29,PoC,small,yes,low,scheduled -30,PoC,small,yes,medium,scheduled -31,PoC,small,yes,high,scheduled -32,PoC,small,yes,very high,scheduled -33,PoC,controlled,no,low,defer -34,PoC,controlled,no,medium,scheduled -35,PoC,controlled,no,high,scheduled -36,PoC,controlled,no,very high,scheduled -37,PoC,controlled,yes,low,scheduled -38,PoC,controlled,yes,medium,scheduled -39,PoC,controlled,yes,high,scheduled -40,PoC,controlled,yes,very high,out-of-cycle -41,PoC,open,no,low,scheduled -42,PoC,open,no,medium,scheduled -43,PoC,open,no,high,scheduled -44,PoC,open,no,very high,out-of-cycle -45,PoC,open,yes,low,scheduled -46,PoC,open,yes,medium,scheduled -47,PoC,open,yes,high,out-of-cycle -48,PoC,open,yes,very high,out-of-cycle -49,active,small,no,low,scheduled -50,active,small,no,medium,scheduled -51,active,small,no,high,out-of-cycle -52,active,small,no,very high,out-of-cycle -53,active,small,yes,low,scheduled -54,active,small,yes,medium,out-of-cycle -55,active,small,yes,high,out-of-cycle -56,active,small,yes,very high,out-of-cycle -57,active,controlled,no,low,scheduled -58,active,controlled,no,medium,scheduled -59,active,controlled,no,high,out-of-cycle -60,active,controlled,no,very high,out-of-cycle -61,active,controlled,yes,low,out-of-cycle -62,active,controlled,yes,medium,out-of-cycle -63,active,controlled,yes,high,out-of-cycle -64,active,controlled,yes,very high,out-of-cycle -65,active,open,no,low,scheduled -66,active,open,no,medium,out-of-cycle -67,active,open,no,high,out-of-cycle -68,active,open,no,very high,immediate -69,active,open,yes,low,out-of-cycle -70,active,open,yes,medium,out-of-cycle -71,active,open,yes,high,immediate -72,active,open,yes,very high,immediate diff --git a/data/csvs/mapped_trees/public-safety-impact.csv b/data/csvs/mapped_trees/public-safety-impact.csv deleted file mode 100644 index fdf6859a..00000000 --- a/data/csvs/mapped_trees/public-safety-impact.csv +++ /dev/null @@ -1,6 +0,0 @@ -Safety Impact , Public Safety Impact -none , minimal -minor , minimal -major , significant -hazardous , significant -catastrophic , significant diff --git a/data/csvs/supplier-options.csv b/data/csvs/supplier-options.csv deleted file mode 100644 index 72148dd8..00000000 --- a/data/csvs/supplier-options.csv +++ /dev/null @@ -1,37 +0,0 @@ -row,Exploitation,Utility,Technical Impact,Public-Safety Impact,Priority -1,none,laborious,partial,minimal,defer -2,none,laborious,partial,significant,scheduled -3,none,laborious,total,minimal,scheduled -4,none,laborious,total,significant,out-of-cycle -5,none,efficient,partial,minimal,scheduled -6,none,efficient,partial,significant,out-of-cycle -7,none,efficient,total,minimal,scheduled -8,none,efficient,total,significant,out-of-cycle -9,none,super effective,partial,minimal,scheduled -10,none,super effective,partial,significant,out-of-cycle -11,none,super effective,total,minimal,out-of-cycle -12,none,super effective,total,significant,out-of-cycle -13,PoC,laborious,partial,minimal,scheduled -14,PoC,laborious,partial,significant,out-of-cycle -15,PoC,laborious,total,minimal,scheduled -16,PoC,laborious,total,significant,immediate -17,PoC,efficient,partial,minimal,scheduled -18,PoC,efficient,partial,significant,immediate -19,PoC,efficient,total,minimal,out-of-cycle -20,PoC,efficient,total,significant,immediate -21,PoC,super effective,partial,minimal,out-of-cycle -22,PoC,super effective,partial,significant,immediate -23,PoC,super effective,total,minimal,out-of-cycle -24,PoC,super effective,total,significant,immediate -25,active,laborious,partial,minimal,out-of-cycle -26,active,laborious,partial,significant,immediate -27,active,laborious,total,minimal,out-of-cycle -28,active,laborious,total,significant,immediate -29,active,efficient,partial,minimal,out-of-cycle -30,active,efficient,partial,significant,immediate -31,active,efficient,total,minimal,out-of-cycle -32,active,efficient,total,significant,immediate -33,active,super effective,partial,minimal,immediate -34,active,super effective,partial,significant,immediate -35,active,super effective,total,minimal,immediate -36,active,super effective,total,significant,immediate diff --git a/src/ssvc/doctools.py b/src/ssvc/doctools.py index 3d11b3fc..873a3df1 100755 --- a/src/ssvc/doctools.py +++ b/src/ssvc/doctools.py @@ -45,7 +45,10 @@ DecisionPoint, ) from ssvc.decision_points.ssvc.base import SsvcDecisionPoint -from ssvc.decision_tables.base import DecisionTable +from ssvc.decision_tables.base import ( + DecisionTable, + decision_table_to_longform_df, +) from ssvc.registry import get_registry from ssvc.registry.base import SsvcObjectRegistry, get_all from ssvc.selection import SelectionList @@ -306,21 +309,53 @@ def dump_decision_table( logger.warning( f"File {json_file} already exists, use --overwrite to replace" ) - return str(json_file) + + +def dump_decision_table_csv( + csvdir: str, dt: DecisionTable, overwrite: bool +) -> None: + basename = ( + _filename_friendly(dt.name) + f"_{_filename_friendly(dt.version)}" + ) + filename = f"{basename}.csv" + parts = [ + csvdir, + ] + parts.append(_filename_friendly(dt.namespace)) + dirname = os.path.join(*parts) + parts.append(filename) + csv_file = os.path.join(*parts) + if overwrite: + remove_if_exists(csv_file) + with EnsureDirExists(dirname): + try: + logger.info("Writing {csv_file}") + with open(csv_file, "x") as f: + df = decision_table_to_longform_df(dt=dt) + # set the index title + df.index.name = "row" + f.write(df.to_csv(index=True)) + except FileExistsError: + logger.warning( + f"File {csv_file} already exists, use --overwrite to replace" + ) def main(): - # we are going to generate three files for each decision point: - # - a markdown table that can be used in the decision point documentation - # - a json example that can be used in the decision point documentation - # - a markdown file that builds an mkdocs table to switch between the markdown description and the json - # example using markdown-include plugin of mkdocs + """Generate the json examples for decision points and decision tables. + + Emits the following files: + - json examples for each decision point in datadir/json/decision_points// + - json examples for each decision table in datadir/json/decision_tables// + - csv examples for each decision table in datadir/csv// + - the ssvc object registry in datadir/json/ssvc_object_registry.json + - the json schemas for decision points, decision tables, selection lists, and the registry in datadir/schema/v2/ + """ - # parse command line args import argparse parser = argparse.ArgumentParser( - description="Generate decision point documentation" + description="Generate json, json schema, and csv examples for SSVC Decision Points and Decision Tables" ) parser.add_argument( "--overwrite", @@ -330,12 +365,13 @@ def main(): ) parser.add_argument( - "--jsondir", help="json output directory", default="./tmp/json_out" + "--datadir", help="json output directory", default="./tmp" ) args = parser.parse_args() overwrite = args.overwrite - jsondir = args.jsondir + jsondir = os.path.join(os.path.abspath(args.datadir), "json") + csvdir = os.path.join(os.path.abspath(args.datadir), "csv") dp_dir = os.path.join(os.path.abspath(jsondir), "decision_points") dt_dir = os.path.join(os.path.abspath(jsondir), "decision_tables") @@ -357,6 +393,7 @@ def main(): # for each decision table: for dt in get_all("DecisionTable", registry=registry): dump_decision_table(dt_dir, dt, overwrite) + dump_decision_table_csv(csvdir, dt, overwrite) # dump the registry registry_json = os.path.join(jsondir, "ssvc_object_registry.json") From 9313182dfa47ecc4841e527932667e57c7979f08 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 27 Aug 2025 15:35:22 -0400 Subject: [PATCH 358/468] update readme --- README.md | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 770ee0fe..6c8354af 100644 --- a/README.md +++ b/README.md @@ -45,20 +45,22 @@ The data folder contains detailed data files that define suggested prioritizatio There are both `.csv` and `.json` files in this directory. -### `/data/csvs/*` +### `/data/csv/*` -The `.csv` files are the primary data files used by the `ssvc.py` module. +The `.csv` files are generated from the python `ssvc` module. -Also included in data are the lookup tables as csv files which `ssvc_v2.py` reads in. -These files define one row per possible path through the trees as described in the documentation. +These files define one row per possible path through the decision tables as described in the documentation. Customizing the "outcome" column in this csv is the primary recommended way that stakeholders might adapt SSVC to their environment. ### `/data/json/*` -These json files are generated examples from the python `ssvc` module. +These json files are generated examples from the python `ssvc` module, +which uses `pydantic` to define the data models. ### `/data/schema/*` and `/data/schema_examples/*` +These json schema files are used to validate the structure of the `.json` files in `/data/json/*`. +They are generated from the python `ssvc` module, which uses `pydantic` to define the data models. These files are used by the `ssvc-calc` module. ## `/docker/*` @@ -85,15 +87,6 @@ These modules are used to generate documentation for various [Decision Points](h Documentation for the `ssvc` module can be found at [https://certcc.github.io/SSVC/reference/code/](https://certcc.github.io/SSVC/reference/code/) -### `src/ssvc_v2.py` - -A basic Python module for interacting with the SSVC trees. `ssvc_v2.py` has -two methods: `applier_tree()` and `developer_tree()` - -The two methods just loop through their respective lookup tables until -they hit a match, then return the outcome. Maybe not the best implementation, -but it worked well enough for what was needed at the time. - ## Local development The simplest way to get started with local development is to use Docker. From 82ca7579fe4ac4622a54725b3d955d990e99ca47 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Wed, 27 Aug 2025 16:03:52 -0400 Subject: [PATCH 359/468] this `main` method was useful originally for development, but it's become broken as the object has evolved. So I'm just taking it out lest it lead others astray in troubleshooting. --- src/ssvc/decision_tables/base.py | 67 -------------------------------- 1 file changed, 67 deletions(-) diff --git a/src/ssvc/decision_tables/base.py b/src/ssvc/decision_tables/base.py index 76745262..9ef5d445 100644 --- a/src/ssvc/decision_tables/base.py +++ b/src/ssvc/decision_tables/base.py @@ -714,70 +714,3 @@ def check_topological_order(dt: DecisionTable) -> list[dict]: return check_topological_order( df, target=target, target_value_order=target_value_order ) - - -def main() -> None: - from ssvc.dp_groups.ssvc.coordinator_publication import LATEST as dpg - from ssvc.outcomes.basic.mscw import LATEST as outcomes - import os - import json - - rootlogger = logging.getLogger() - rootlogger.setLevel(logging.DEBUG) - hdlr = logging.StreamHandler() - rootlogger.addHandler(hdlr) - - dpg.add(outcomes) - - table = DecisionTable( - name="Test Table", - definition="A test decision table", - namespace="x_example.test#test-table", - decision_points=dpg.decision_points, - outcome=outcomes.id, - ) - - csv_str = decision_table_to_csv(table, index=False) - print("## Shortform CSV representation of the decision table:") - print() - print("```csv") - print(csv_str) - print("```") - - converted_df = decision_table_to_longform_df(table) - print("## Longform DataFrame representation of the decision table:") - print() - print("```csv") - print(converted_df.to_csv(index=True, index_label="row")) - print("```") - - print(feature_importance(table)) - print(interpret_feature_importance(table)) - print(check_topological_order(table)) - - print("## JSON representation of the decision table:") - print() - print("```json") - print(table.model_dump_json(indent=2)) - print("```") - - print("## Obfuscated JSON representation of the decision table:") - obfuscated = table.obfuscate() - print(obfuscated.model_dump_json(indent=2)) - - # write json schema to file - file_loc = os.path.dirname(__file__) - - schemafile = "../../../data/schema/v2/Decision_Table-2-0-0.schema.json" - schemafile = os.path.abspath(os.path.join(file_loc, schemafile)) - print("Writing JSON schema to file:", schemafile) - - if not os.path.exists(os.path.dirname(schemafile)): - os.makedirs(os.path.dirname(schemafile)) - - with open(schemafile, "w") as f: - json.dump(DecisionTable.model_json_schema(), f, indent=2) - - -if __name__ == "__main__": - main() From 2f85f81a6e84877f874163a3d641662ed6b9f813 Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli Date: Thu, 28 Aug 2025 10:57:44 -0400 Subject: [PATCH 360/468] Updates to deprecate more main() methods --- src/ssvc/decision_points/base.py | 22 +------------- src/ssvc/selection.py | 51 +------------------------------- 2 files changed, 2 insertions(+), 71 deletions(-) diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index a1f0d093..26429be6 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -157,27 +157,7 @@ def value_summaries(self) -> list[str]: def main(): - opt_none = DecisionPointValue( - name="None", key="N", definition="No exploit available" - ) - opt_poc = DecisionPointValue( - name="PoC", key="P", definition="Proof of concept exploit available" - ) - opt_active = DecisionPointValue( - name="Active", key="A", definition="Active exploitation observed" - ) - opts = [opt_none, opt_poc, opt_active] - - dp = DecisionPoint( - _comment="This is an optional comment that will be included in the object.", - values=opts, - name="Exploitation", - definition="Is there an exploit available?", - key="E", - version="1.0.0", - ) - - print(dp.model_dump_json(indent=2)) + print("Please use doctools.py for schema generation and unit tests for verification") if __name__ == "__main__": diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 766a398b..440834eb 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -360,56 +360,7 @@ def model_json_schema(cls, **kwargs): def main() -> None: - """ - Prints example selections and their schema in JSON format. - - Returns: - None - """ - from ssvc.decision_points.ssvc.automatable import LATEST as dp1 - from ssvc.decision_points.ssvc.safety_impact import LATEST as dp2 - import json - - a1 = Selection.from_decision_point(dp1) - a2 = Selection.from_decision_point(dp2) - selections = SelectionList( - schemaVersion=SCHEMA_VERSION, - selections=[a1, a2], - timestamp=datetime.now(), - target_ids=["CVE-1900-0001", "GHSA-0123-4567-89ab"], - references=[ - Reference( - uri="https://example.com/report", - summary="A report on which the selections were based", - ) - ], - ) - - print( - selections.model_dump_json( - indent=2, exclude_none=True, exclude_unset=True - ) - ) - - print("# Schema for SelectionList") - schema = SelectionList.model_json_schema() - - print(json.dumps(schema, indent=2)) - - # find local path to this file - import os - - current_dir = os.path.dirname(os.path.abspath(__file__)) - # construct the path to the schema file - schema_path = ( - "../../data/schema/v2/Decision_Point_Value_Selection-2-0-0.schema.json" - ) - schema_path = os.path.abspath(os.path.join(current_dir, schema_path)) - - with open(schema_path, "w") as f: - print(f"Writing schema to {schema_path}") - json.dump(schema, f, indent=2) - f.write("\n") # Ensure the file ends with a newline + print("Please use doctools.py for schema generation and unit tests for verification") if __name__ == "__main__": From 2f555c8d9f3cd6568a7aa350382ccd3c237b7c49 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 28 Aug 2025 12:24:59 -0400 Subject: [PATCH 361/468] add decision points to cover probability ranges and quantiles --- ...words_of_estimative_probability_1_0_0.json | 45 + .../basic/median_split_1_0_0.json | 20 + ...ale_in_2_equal_levels_ascending_1_0_0.json | 20 + ...ale_in_5_equal_levels_ascending_1_0_0.json | 35 + ..._in_5_weighted_levels_ascending_1_0_0.json | 35 + .../basic/quartiles_1_0_0.json | 30 + .../basic/quintiles_1_0_0.json | 35 + data/json/ssvc_object_registry.json | 8088 +++++++++-------- src/ssvc/decision_points/basic/__init__.py | 21 + src/ssvc/decision_points/basic/base.py | 32 + .../basic/probability/__init__.py | 21 + .../basic/probability/cis_wep.py | 95 + .../basic/probability/five_equal.py | 75 + .../basic/probability/five_weighted.py | 75 + .../basic/probability/nist5.py | 78 + .../basic/probability/two_equal.py | 57 + .../basic/quantiles/__init__.py | 21 + .../decision_points/basic/quantiles/median.py | 60 + .../basic/quantiles/quartiles.py | 71 + .../basic/quantiles/quintiles.py | 77 + src/ssvc/outcomes/basic/__init__.py | 1 + 21 files changed, 5203 insertions(+), 3789 deletions(-) create mode 100644 data/json/decision_points/basic/cis_cti_words_of_estimative_probability_1_0_0.json create mode 100644 data/json/decision_points/basic/median_split_1_0_0.json create mode 100644 data/json/decision_points/basic/probability_scale_in_2_equal_levels_ascending_1_0_0.json create mode 100644 data/json/decision_points/basic/probability_scale_in_5_equal_levels_ascending_1_0_0.json create mode 100644 data/json/decision_points/basic/probability_scale_in_5_weighted_levels_ascending_1_0_0.json create mode 100644 data/json/decision_points/basic/quartiles_1_0_0.json create mode 100644 data/json/decision_points/basic/quintiles_1_0_0.json create mode 100644 src/ssvc/decision_points/basic/__init__.py create mode 100644 src/ssvc/decision_points/basic/base.py create mode 100644 src/ssvc/decision_points/basic/probability/__init__.py create mode 100644 src/ssvc/decision_points/basic/probability/cis_wep.py create mode 100644 src/ssvc/decision_points/basic/probability/five_equal.py create mode 100644 src/ssvc/decision_points/basic/probability/five_weighted.py create mode 100644 src/ssvc/decision_points/basic/probability/nist5.py create mode 100644 src/ssvc/decision_points/basic/probability/two_equal.py create mode 100644 src/ssvc/decision_points/basic/quantiles/__init__.py create mode 100644 src/ssvc/decision_points/basic/quantiles/median.py create mode 100644 src/ssvc/decision_points/basic/quantiles/quartiles.py create mode 100644 src/ssvc/decision_points/basic/quantiles/quintiles.py diff --git a/data/json/decision_points/basic/cis_cti_words_of_estimative_probability_1_0_0.json b/data/json/decision_points/basic/cis_cti_words_of_estimative_probability_1_0_0.json new file mode 100644 index 00000000..58c79f61 --- /dev/null +++ b/data/json/decision_points/basic/cis_cti_words_of_estimative_probability_1_0_0.json @@ -0,0 +1,45 @@ +{ + "namespace": "basic", + "key": "CIS_WEP", + "version": "1.0.0", + "name": "CIS-CTI Words of Estimative Probability", + "definition": "A scale for expressing the likelihood of an event or outcome.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "ANC", + "name": "Almost No Chance", + "definition": "Probability < 0.05. Almost no chance, remote" + }, + { + "key": "VU", + "name": "Very Unlikely", + "definition": "0.05 <= Probability < 0.20. Very unlikely, highly improbable." + }, + { + "key": "U", + "name": "Unlikely", + "definition": "0.20 <= Probability < 0.45. Unlikely, improbable." + }, + { + "key": "REC", + "name": "Roughly Even Chance", + "definition": "0.45 <= Probability < 0.55. Roughly even chance, roughly even odds." + }, + { + "key": "L", + "name": "Likely", + "definition": "0.55 <= Probability < 0.80. Likely, probable." + }, + { + "key": "VL", + "name": "Very Likely", + "definition": "0.80 <= Probability < 0.95. Very likely, highly probable." + }, + { + "key": "AC", + "name": "Almost Certain", + "definition": "0.95 <= Probability. Almost certain, nearly certain." + } + ] +} diff --git a/data/json/decision_points/basic/median_split_1_0_0.json b/data/json/decision_points/basic/median_split_1_0_0.json new file mode 100644 index 00000000..b97933e8 --- /dev/null +++ b/data/json/decision_points/basic/median_split_1_0_0.json @@ -0,0 +1,20 @@ +{ + "namespace": "basic", + "key": "MEDIAN", + "version": "1.0.0", + "name": "Median Split", + "definition": "A median split divides a distribution into two equal parts, with 50% of the values falling below the median and 50% above it.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "B", + "name": "Below Median", + "definition": "Quantile < 0.50. The lower half of the range of possible values." + }, + { + "key": "A", + "name": "Above Median", + "definition": "0.50 <= Quantile <= 1.0. The upper half of the range of possible values." + } + ] +} diff --git a/data/json/decision_points/basic/probability_scale_in_2_equal_levels_ascending_1_0_0.json b/data/json/decision_points/basic/probability_scale_in_2_equal_levels_ascending_1_0_0.json new file mode 100644 index 00000000..b0ee12b3 --- /dev/null +++ b/data/json/decision_points/basic/probability_scale_in_2_equal_levels_ascending_1_0_0.json @@ -0,0 +1,20 @@ +{ + "namespace": "basic", + "key": "P_2A", + "version": "1.0.0", + "name": "Probability Scale in 2 equal levels, ascending", + "definition": "A probability scale that divides between less than 50% and greater than or equal to 50%", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "LT50", + "name": "Less than 50%", + "definition": "0.0 <= Probability < 0.5" + }, + { + "key": "GT50", + "name": "Greater than 50%", + "definition": "0.5 <= Probability <= 1.0" + } + ] +} diff --git a/data/json/decision_points/basic/probability_scale_in_5_equal_levels_ascending_1_0_0.json b/data/json/decision_points/basic/probability_scale_in_5_equal_levels_ascending_1_0_0.json new file mode 100644 index 00000000..0929b714 --- /dev/null +++ b/data/json/decision_points/basic/probability_scale_in_5_equal_levels_ascending_1_0_0.json @@ -0,0 +1,35 @@ +{ + "namespace": "basic", + "key": "P_5A", + "version": "1.0.0", + "name": "Probability Scale in 5 equal levels, ascending", + "definition": "A probability scale with 20% increments", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "P0_20", + "name": "Less than 20%", + "definition": "Probability < 0.2" + }, + { + "key": "P20_40", + "name": "20% to 40%", + "definition": "0.2 <= Probability < 0.4" + }, + { + "key": "P40_60", + "name": "40% to 60%", + "definition": "0.4 <= Probability < 0.6" + }, + { + "key": "P60_80", + "name": "60% to 80%", + "definition": "0.6 <= Probability < 0.8" + }, + { + "key": "P80_100", + "name": "Greater than 80%", + "definition": "0.8 <= Probability <= 1.0" + } + ] +} diff --git a/data/json/decision_points/basic/probability_scale_in_5_weighted_levels_ascending_1_0_0.json b/data/json/decision_points/basic/probability_scale_in_5_weighted_levels_ascending_1_0_0.json new file mode 100644 index 00000000..b9e5803a --- /dev/null +++ b/data/json/decision_points/basic/probability_scale_in_5_weighted_levels_ascending_1_0_0.json @@ -0,0 +1,35 @@ +{ + "namespace": "basic", + "key": "P_5X", + "version": "1.0.0", + "name": "Probability Scale in 5 weighted levels, ascending", + "definition": "A probability scale with finer resolution at both extremes", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "VL", + "name": "Very Low", + "definition": "0% <= Probability < 5%. Highly unlikely." + }, + { + "key": "L", + "name": "Low", + "definition": "5% <= Probability < 21%. Unlikely." + }, + { + "key": "M", + "name": "Moderate", + "definition": "21% <= Probability < 80%. Somewhat likely." + }, + { + "key": "H", + "name": "High", + "definition": "80% <= Probability < 96%. Highly likely." + }, + { + "key": "VH", + "name": "Very High", + "definition": "96% <= Probability <= 100%. Almost certain." + } + ] +} diff --git a/data/json/decision_points/basic/quartiles_1_0_0.json b/data/json/decision_points/basic/quartiles_1_0_0.json new file mode 100644 index 00000000..1766d02f --- /dev/null +++ b/data/json/decision_points/basic/quartiles_1_0_0.json @@ -0,0 +1,30 @@ +{ + "namespace": "basic", + "key": "QUARTILES", + "version": "1.0.0", + "name": "Quartiles", + "definition": "A quartile is one of four equal groups that a population can be divided into according to the distribution of values of a particular variable.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "Q1", + "name": "First Quartile", + "definition": "Quantile < 0.25. The lowest 25% of the range of possible values." + }, + { + "key": "Q2", + "name": "Second Quartile", + "definition": "0.25 <= Quantile < 0.50. The second lowest 25% of the range of possible values." + }, + { + "key": "Q3", + "name": "Third Quartile", + "definition": "0.50 <= Quantile < 0.75. The second highest 25% of the range of possible values." + }, + { + "key": "Q4", + "name": "Fourth Quartile", + "definition": "0.75 <= Quantile <= 1.0. The highest 25% of the range of possible values." + } + ] +} diff --git a/data/json/decision_points/basic/quintiles_1_0_0.json b/data/json/decision_points/basic/quintiles_1_0_0.json new file mode 100644 index 00000000..f044687c --- /dev/null +++ b/data/json/decision_points/basic/quintiles_1_0_0.json @@ -0,0 +1,35 @@ +{ + "namespace": "basic", + "key": "QUINTILES", + "version": "1.0.0", + "name": "Quintiles", + "definition": "A quintile is one of five equal groups that a population can be divided into according to the distribution of values of a particular variable.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "Q1", + "name": "First Quintile", + "definition": "Quantile < 0.20. The lowest 20% of the range of possible values." + }, + { + "key": "Q2", + "name": "Second Quintile", + "definition": "0.20 <= Quantile < 0.40. The second lowest 20% of the range of possible values." + }, + { + "key": "Q3", + "name": "Third Quintile", + "definition": "0.40 <= Quantile < 0.60. The middle 20% of the range of possible values." + }, + { + "key": "Q4", + "name": "Fourth Quintile", + "definition": "0.60 <= Quantile < 0.80. The second highest 20% of the range of possible values." + }, + { + "key": "Q5", + "name": "Fifth Quintile", + "definition": "0.80 <= Quantile <= 1.0. The highest 20% of the range of possible values." + } + ] +} diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index 70558bb9..a51bf86f 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -6,1059 +6,1179 @@ "DecisionPoint": { "type": "DecisionPoint", "namespaces": { - "cisa": { - "namespace": "cisa", + "basic": { + "namespace": "basic", "keys": { - "KEV": { - "key": "KEV", + "CIS_WEP": { + "key": "CIS_WEP", "versions": { "1.0.0": { "version": "1.0.0", "obj": { - "namespace": "cisa", - "key": "KEV", + "namespace": "basic", + "key": "CIS_WEP", "version": "1.0.0", - "name": "In KEV", - "definition": "Denotes whether a vulnerability is in the CISA Known Exploited Vulnerabilities (KEV) list.", + "name": "CIS-CTI Words of Estimative Probability", + "definition": "A scale for expressing the likelihood of an event or outcome.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "No", - "definition": "Vulnerability is not listed in KEV." + "key": "ANC", + "name": "Almost No Chance", + "definition": "Probability < 0.05. Almost no chance, remote" }, { - "key": "Y", - "name": "Yes", - "definition": "Vulnerability is listed in KEV." + "key": "VU", + "name": "Very Unlikely", + "definition": "0.05 <= Probability < 0.20. Very unlikely, highly improbable." + }, + { + "key": "U", + "name": "Unlikely", + "definition": "0.20 <= Probability < 0.45. Unlikely, improbable." + }, + { + "key": "REC", + "name": "Roughly Even Chance", + "definition": "0.45 <= Probability < 0.55. Roughly even chance, roughly even odds." + }, + { + "key": "L", + "name": "Likely", + "definition": "0.55 <= Probability < 0.80. Likely, probable." + }, + { + "key": "VL", + "name": "Very Likely", + "definition": "0.80 <= Probability < 0.95. Very likely, highly probable." + }, + { + "key": "AC", + "name": "Almost Certain", + "definition": "0.95 <= Probability. Almost certain, nearly certain." } ] }, "values": { - "N": { - "key": "N", - "name": "No", - "definition": "Vulnerability is not listed in KEV." + "ANC": { + "key": "ANC", + "name": "Almost No Chance", + "definition": "Probability < 0.05. Almost no chance, remote" }, - "Y": { - "key": "Y", - "name": "Yes", - "definition": "Vulnerability is listed in KEV." + "VU": { + "key": "VU", + "name": "Very Unlikely", + "definition": "0.05 <= Probability < 0.20. Very unlikely, highly improbable." + }, + "U": { + "key": "U", + "name": "Unlikely", + "definition": "0.20 <= Probability < 0.45. Unlikely, improbable." + }, + "REC": { + "key": "REC", + "name": "Roughly Even Chance", + "definition": "0.45 <= Probability < 0.55. Roughly even chance, roughly even odds." + }, + "L": { + "key": "L", + "name": "Likely", + "definition": "0.55 <= Probability < 0.80. Likely, probable." + }, + "VL": { + "key": "VL", + "name": "Very Likely", + "definition": "0.80 <= Probability < 0.95. Very likely, highly probable." + }, + "AC": { + "key": "AC", + "name": "Almost Certain", + "definition": "0.95 <= Probability. Almost certain, nearly certain." } } } } }, - "MP": { - "key": "MP", + "P_5A": { + "key": "P_5A", "versions": { "1.0.0": { "version": "1.0.0", "obj": { - "namespace": "cisa", - "key": "MP", + "namespace": "basic", + "key": "P_5A", "version": "1.0.0", - "name": "Mission Prevalence", - "definition": "Prevalence of the mission essential functions", + "name": "Probability Scale in 5 equal levels, ascending", + "definition": "A probability scale with 20% increments", "schemaVersion": "2.0.0", "values": [ { - "key": "M", - "name": "Minimal", - "definition": "Neither Support nor Essential apply. The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions." + "key": "P0_20", + "name": "Less than 20%", + "definition": "Probability < 0.2" }, { - "key": "S", - "name": "Support", - "definition": "The vulnerable component only supports MEFs for two or more entities." + "key": "P20_40", + "name": "20% to 40%", + "definition": "0.2 <= Probability < 0.4" }, { - "key": "E", - "name": "Essential", - "definition": "The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure." + "key": "P40_60", + "name": "40% to 60%", + "definition": "0.4 <= Probability < 0.6" + }, + { + "key": "P60_80", + "name": "60% to 80%", + "definition": "0.6 <= Probability < 0.8" + }, + { + "key": "P80_100", + "name": "Greater than 80%", + "definition": "0.8 <= Probability <= 1.0" } ] }, "values": { - "M": { - "key": "M", - "name": "Minimal", - "definition": "Neither Support nor Essential apply. The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions." - }, - "S": { - "key": "S", - "name": "Support", - "definition": "The vulnerable component only supports MEFs for two or more entities." - }, - "E": { - "key": "E", - "name": "Essential", - "definition": "The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure." + "P0_20": { + "key": "P0_20", + "name": "Less than 20%", + "definition": "Probability < 0.2" + }, + "P20_40": { + "key": "P20_40", + "name": "20% to 40%", + "definition": "0.2 <= Probability < 0.4" + }, + "P40_60": { + "key": "P40_60", + "name": "40% to 60%", + "definition": "0.4 <= Probability < 0.6" + }, + "P60_80": { + "key": "P60_80", + "name": "60% to 80%", + "definition": "0.6 <= Probability < 0.8" + }, + "P80_100": { + "key": "P80_100", + "name": "Greater than 80%", + "definition": "0.8 <= Probability <= 1.0" } } } } }, - "CISA": { - "key": "CISA", + "P_5W": { + "key": "P_5W", "versions": { - "1.1.0": { - "version": "1.1.0", + "1.0.0": { + "version": "1.0.0", "obj": { - "namespace": "cisa", - "key": "CISA", - "version": "1.1.0", - "name": "CISA Levels", - "definition": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", + "namespace": "basic", + "key": "P_5W", + "version": "1.0.0", + "name": "Probability Scale in 5 weighted levels, ascending", + "definition": "A probability scale with higher resolution as probability increases", "schemaVersion": "2.0.0", "values": [ { - "key": "T", - "name": "Track", - "definition": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." + "key": "P0_30", + "name": "Less than 30%", + "definition": "Probability < 0.3" }, { - "key": "T*", - "name": "Track*", - "definition": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." + "key": "P30_55", + "name": "30% to 55%", + "definition": "0.3 <= Probability < 0.55" }, { - "key": "AT", - "name": "Attend", - "definition": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." + "key": "P55_75", + "name": "55% to 75%", + "definition": "0.55 <= Probability < 0.75" }, { - "key": "AC", - "name": "Act", - "definition": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." + "key": "P75_90", + "name": "75% to 90%", + "definition": "0.75 <= Probability < 0.9" + }, + { + "key": "P90_100", + "name": "Greater than 90%", + "definition": "0.9 <= Probability <= 1.0" } ] }, "values": { - "T": { - "key": "T", - "name": "Track", - "definition": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." - }, - "T*": { - "key": "T*", - "name": "Track*", - "definition": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." - }, - "AT": { - "key": "AT", - "name": "Attend", - "definition": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." - }, - "AC": { - "key": "AC", - "name": "Act", - "definition": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." + "P0_30": { + "key": "P0_30", + "name": "Less than 30%", + "definition": "Probability < 0.3" + }, + "P30_55": { + "key": "P30_55", + "name": "30% to 55%", + "definition": "0.3 <= Probability < 0.55" + }, + "P55_75": { + "key": "P55_75", + "name": "55% to 75%", + "definition": "0.55 <= Probability < 0.75" + }, + "P75_90": { + "key": "P75_90", + "name": "75% to 90%", + "definition": "0.75 <= Probability < 0.9" + }, + "P90_100": { + "key": "P90_100", + "name": "Greater than 90%", + "definition": "0.9 <= Probability <= 1.0" } } } } - } - } - }, - "cvss": { - "namespace": "cvss", - "keys": { - "AC": { - "key": "AC", + }, + "P_5X": { + "key": "P_5X", "versions": { "1.0.0": { "version": "1.0.0", "obj": { - "namespace": "cvss", - "key": "AC", + "namespace": "basic", + "key": "P_5X", "version": "1.0.0", - "name": "Access Complexity", - "definition": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", + "name": "Probability Scale in 5 weighted levels, ascending", + "definition": "A probability scale with finer resolution at both extremes", "schemaVersion": "2.0.0", "values": [ { - "key": "H", - "name": "High", - "definition": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)" + "key": "VL", + "name": "Very Low", + "definition": "0% <= Probability < 5%. Highly unlikely." }, { "key": "L", "name": "Low", - "definition": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable." + "definition": "5% <= Probability < 21%. Unlikely." + }, + { + "key": "M", + "name": "Moderate", + "definition": "21% <= Probability < 80%. Somewhat likely." + }, + { + "key": "H", + "name": "High", + "definition": "80% <= Probability < 96%. Highly likely." + }, + { + "key": "VH", + "name": "Very High", + "definition": "96% <= Probability <= 100%. Almost certain." } ] }, "values": { - "H": { - "key": "H", - "name": "High", - "definition": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)" + "VL": { + "key": "VL", + "name": "Very Low", + "definition": "0% <= Probability < 5%. Highly unlikely." }, "L": { "key": "L", "name": "Low", - "definition": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable." + "definition": "5% <= Probability < 21%. Unlikely." + }, + "M": { + "key": "M", + "name": "Moderate", + "definition": "21% <= Probability < 80%. Somewhat likely." + }, + "H": { + "key": "H", + "name": "High", + "definition": "80% <= Probability < 96%. Highly likely." + }, + "VH": { + "key": "VH", + "name": "Very High", + "definition": "96% <= Probability <= 100%. Almost certain." } } - }, - "2.0.0": { - "version": "2.0.0", + } + } + }, + "P_2A": { + "key": "P_2A", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { - "namespace": "cvss", - "key": "AC", - "version": "2.0.0", - "name": "Access Complexity", - "definition": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", + "namespace": "basic", + "key": "P_2A", + "version": "1.0.0", + "name": "Probability Scale in 2 equal levels, ascending", + "definition": "A probability scale that divides between less than 50% and greater than or equal to 50%", "schemaVersion": "2.0.0", "values": [ { - "key": "H", - "name": "High", - "definition": "Specialized access conditions exist." - }, - { - "key": "M", - "name": "Medium", - "definition": "The access conditions are somewhat specialized." + "key": "LT50", + "name": "Less than 50%", + "definition": "0.0 <= Probability < 0.5" }, { - "key": "L", - "name": "Low", - "definition": "Specialized access conditions or extenuating circumstances do not exist." + "key": "GT50", + "name": "Greater than 50%", + "definition": "0.5 <= Probability <= 1.0" } ] }, "values": { - "H": { - "key": "H", - "name": "High", - "definition": "Specialized access conditions exist." - }, - "M": { - "key": "M", - "name": "Medium", - "definition": "The access conditions are somewhat specialized." - }, - "L": { - "key": "L", - "name": "Low", - "definition": "Specialized access conditions or extenuating circumstances do not exist." + "LT50": { + "key": "LT50", + "name": "Less than 50%", + "definition": "0.0 <= Probability < 0.5" + }, + "GT50": { + "key": "GT50", + "name": "Greater than 50%", + "definition": "0.5 <= Probability <= 1.0" } } - }, - "3.0.0": { - "version": "3.0.0", + } + } + }, + "MEDIAN": { + "key": "MEDIAN", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { - "namespace": "cvss", - "key": "AC", - "version": "3.0.0", - "name": "Attack Complexity", - "definition": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", + "namespace": "basic", + "key": "MEDIAN", + "version": "1.0.0", + "name": "Median Split", + "definition": "A median split divides a distribution into two equal parts, with 50% of the values falling below the median and 50% above it.", "schemaVersion": "2.0.0", "values": [ { - "key": "H", - "name": "High", - "definition": "A successful attack depends on conditions beyond the attacker's control." + "key": "B", + "name": "Below Median", + "definition": "Quantile < 0.50. The lower half of the range of possible values." }, { - "key": "L", - "name": "Low", - "definition": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." + "key": "A", + "name": "Above Median", + "definition": "0.50 <= Quantile <= 1.0. The upper half of the range of possible values." } ] }, "values": { - "H": { - "key": "H", - "name": "High", - "definition": "A successful attack depends on conditions beyond the attacker's control." + "B": { + "key": "B", + "name": "Below Median", + "definition": "Quantile < 0.50. The lower half of the range of possible values." }, - "L": { - "key": "L", - "name": "Low", - "definition": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." + "A": { + "key": "A", + "name": "Above Median", + "definition": "0.50 <= Quantile <= 1.0. The upper half of the range of possible values." } } - }, - "3.0.1": { - "version": "3.0.1", - "obj": { - "namespace": "cvss", - "key": "AC", - "version": "3.0.1", - "name": "Attack Complexity", - "definition": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", + } + } + }, + "QUARTILES": { + "key": "QUARTILES", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "basic", + "key": "QUARTILES", + "version": "1.0.0", + "name": "Quartiles", + "definition": "A quartile is one of four equal groups that a population can be divided into according to the distribution of values of a particular variable.", "schemaVersion": "2.0.0", "values": [ { - "key": "H", - "name": "High", - "definition": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + "key": "Q1", + "name": "First Quartile", + "definition": "Quantile < 0.25. The lowest 25% of the range of possible values." }, { - "key": "L", - "name": "Low", - "definition": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + "key": "Q2", + "name": "Second Quartile", + "definition": "0.25 <= Quantile < 0.50. The second lowest 25% of the range of possible values." + }, + { + "key": "Q3", + "name": "Third Quartile", + "definition": "0.50 <= Quantile < 0.75. The second highest 25% of the range of possible values." + }, + { + "key": "Q4", + "name": "Fourth Quartile", + "definition": "0.75 <= Quantile <= 1.0. The highest 25% of the range of possible values." } ] }, "values": { - "H": { - "key": "H", - "name": "High", - "definition": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." - }, - "L": { - "key": "L", - "name": "Low", - "definition": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + "Q1": { + "key": "Q1", + "name": "First Quartile", + "definition": "Quantile < 0.25. The lowest 25% of the range of possible values." + }, + "Q2": { + "key": "Q2", + "name": "Second Quartile", + "definition": "0.25 <= Quantile < 0.50. The second lowest 25% of the range of possible values." + }, + "Q3": { + "key": "Q3", + "name": "Third Quartile", + "definition": "0.50 <= Quantile < 0.75. The second highest 25% of the range of possible values." + }, + "Q4": { + "key": "Q4", + "name": "Fourth Quartile", + "definition": "0.75 <= Quantile <= 1.0. The highest 25% of the range of possible values." } } } } }, - "AT": { - "key": "AT", + "QUINTILES": { + "key": "QUINTILES", "versions": { "1.0.0": { "version": "1.0.0", "obj": { - "namespace": "cvss", - "key": "AT", + "namespace": "basic", + "key": "QUINTILES", "version": "1.0.0", - "name": "Attack Requirements", - "definition": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", + "name": "Quintiles", + "definition": "A quintile is one of five equal groups that a population can be divided into according to the distribution of values of a particular variable.", "schemaVersion": "2.0.0", "values": [ { - "key": "P", - "name": "Present", - "definition": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + "key": "Q1", + "name": "First Quintile", + "definition": "Quantile < 0.20. The lowest 20% of the range of possible values." }, { - "key": "N", - "name": "None", - "definition": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + "key": "Q2", + "name": "Second Quintile", + "definition": "0.20 <= Quantile < 0.40. The second lowest 20% of the range of possible values." + }, + { + "key": "Q3", + "name": "Third Quintile", + "definition": "0.40 <= Quantile < 0.60. The middle 20% of the range of possible values." + }, + { + "key": "Q4", + "name": "Fourth Quintile", + "definition": "0.60 <= Quantile < 0.80. The second highest 20% of the range of possible values." + }, + { + "key": "Q5", + "name": "Fifth Quintile", + "definition": "0.80 <= Quantile <= 1.0. The highest 20% of the range of possible values." } ] }, "values": { - "P": { - "key": "P", - "name": "Present", - "definition": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." - }, - "N": { - "key": "N", - "name": "None", - "definition": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + "Q1": { + "key": "Q1", + "name": "First Quintile", + "definition": "Quantile < 0.20. The lowest 20% of the range of possible values." + }, + "Q2": { + "key": "Q2", + "name": "Second Quintile", + "definition": "0.20 <= Quantile < 0.40. The second lowest 20% of the range of possible values." + }, + "Q3": { + "key": "Q3", + "name": "Third Quintile", + "definition": "0.40 <= Quantile < 0.60. The middle 20% of the range of possible values." + }, + "Q4": { + "key": "Q4", + "name": "Fourth Quintile", + "definition": "0.60 <= Quantile < 0.80. The second highest 20% of the range of possible values." + }, + "Q5": { + "key": "Q5", + "name": "Fifth Quintile", + "definition": "0.80 <= Quantile <= 1.0. The highest 20% of the range of possible values." } } } } }, - "AV": { - "key": "AV", + "IKE": { + "key": "IKE", "versions": { "1.0.0": { "version": "1.0.0", "obj": { - "namespace": "cvss", - "key": "AV", + "namespace": "basic", + "key": "IKE", "version": "1.0.0", - "name": "Access Vector", - "definition": "This metric measures whether or not the vulnerability is exploitable locally or remotely.", + "name": "Do, Schedule, Delegate, Delete", + "definition": "The Eisenhower outcome group.", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Local", - "definition": "The vulnerability is only exploitable locally (i.e., it requires physical access or authenticated login to the target system)" + "key": "D", + "name": "Delete", + "definition": "Delete" }, { - "key": "R", - "name": "Remote", - "definition": "The vulnerability is exploitable remotely." + "key": "G", + "name": "Delegate", + "definition": "Delegate" + }, + { + "key": "S", + "name": "Schedule", + "definition": "Schedule" + }, + { + "key": "O", + "name": "Do", + "definition": "Do" } ] }, "values": { - "L": { - "key": "L", - "name": "Local", - "definition": "The vulnerability is only exploitable locally (i.e., it requires physical access or authenticated login to the target system)" + "D": { + "key": "D", + "name": "Delete", + "definition": "Delete" }, - "R": { - "key": "R", - "name": "Remote", - "definition": "The vulnerability is exploitable remotely." + "G": { + "key": "G", + "name": "Delegate", + "definition": "Delegate" + }, + "S": { + "key": "S", + "name": "Schedule", + "definition": "Schedule" + }, + "O": { + "key": "O", + "name": "Do", + "definition": "Do" } } - }, - "2.0.0": { - "version": "2.0.0", + } + } + }, + "LMH": { + "key": "LMH", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { - "namespace": "cvss", - "key": "AV", - "version": "2.0.0", - "name": "Access Vector", - "definition": "This metric reflects the context by which vulnerability exploitation is possible.", + "namespace": "basic", + "key": "LMH", + "version": "1.0.0", + "name": "LowMediumHigh", + "definition": "A Low/Medium/High decision point / outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "L", - "name": "Local", - "definition": "A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account." + "name": "Low", + "definition": "Low" }, { - "key": "A", - "name": "Adjacent Network", - "definition": "A vulnerability exploitable with adjacent network access requires the attacker to have access to either the broadcast or collision domain of the vulnerable software." + "key": "M", + "name": "Medium", + "definition": "Medium" }, { - "key": "N", - "name": "Network", - "definition": "A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed 'remotely exploitable'." + "key": "H", + "name": "High", + "definition": "High" } ] }, "values": { "L": { "key": "L", - "name": "Local", - "definition": "A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account." + "name": "Low", + "definition": "Low" }, - "A": { - "key": "A", - "name": "Adjacent Network", - "definition": "A vulnerability exploitable with adjacent network access requires the attacker to have access to either the broadcast or collision domain of the vulnerable software." + "M": { + "key": "M", + "name": "Medium", + "definition": "Medium" }, - "N": { - "key": "N", - "name": "Network", - "definition": "A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed 'remotely exploitable'." + "H": { + "key": "H", + "name": "High", + "definition": "High" } } - }, - "3.0.0": { - "version": "3.0.0", + } + } + }, + "MSCW": { + "key": "MSCW", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { - "namespace": "cvss", - "key": "AV", - "version": "3.0.0", - "name": "Attack Vector", - "definition": "This metric reflects the context by which vulnerability exploitation is possible. ", + "namespace": "basic", + "key": "MSCW", + "version": "1.0.0", + "name": "MoSCoW", + "definition": "The MoSCoW (Must, Should, Could, Won't) outcome group.", "schemaVersion": "2.0.0", "values": [ { - "key": "P", - "name": "Physical", - "definition": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." + "key": "W", + "name": "Won't", + "definition": "Won't" }, { - "key": "L", - "name": "Local", - "definition": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." + "key": "C", + "name": "Could", + "definition": "Could" }, { - "key": "A", - "name": "Adjacent", - "definition": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + "key": "S", + "name": "Should", + "definition": "Should" }, { - "key": "N", - "name": "Network", - "definition": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." + "key": "M", + "name": "Must", + "definition": "Must" } ] }, "values": { - "P": { - "key": "P", - "name": "Physical", - "definition": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." + "W": { + "key": "W", + "name": "Won't", + "definition": "Won't" }, - "L": { - "key": "L", - "name": "Local", - "definition": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." + "C": { + "key": "C", + "name": "Could", + "definition": "Could" }, - "A": { - "key": "A", - "name": "Adjacent", - "definition": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + "S": { + "key": "S", + "name": "Should", + "definition": "Should" }, - "N": { - "key": "N", - "name": "Network", - "definition": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." + "M": { + "key": "M", + "name": "Must", + "definition": "Must" } } - }, - "3.0.1": { - "version": "3.0.1", + } + } + }, + "VALUE_COMPLEXITY": { + "key": "VALUE_COMPLEXITY", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { - "namespace": "cvss", - "key": "AV", - "version": "3.0.1", - "name": "Attack Vector", - "definition": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", + "namespace": "basic", + "key": "VALUE_COMPLEXITY", + "version": "1.0.0", + "name": "Value, Complexity", + "definition": "The Value/Complexity outcome group.", "schemaVersion": "2.0.0", "values": [ { - "key": "P", - "name": "Physical", - "definition": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + "key": "D", + "name": "Drop", + "definition": "Drop" }, { - "key": "L", - "name": "Local", - "definition": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + "key": "R", + "name": "Reconsider Later", + "definition": "Reconsider Later" }, { - "key": "A", - "name": "Adjacent", - "definition": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + "key": "E", + "name": "Easy Win", + "definition": "Easy Win" }, { - "key": "N", - "name": "Network", - "definition": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + "key": "F", + "name": "Do First", + "definition": "Do First" } ] }, "values": { - "P": { - "key": "P", - "name": "Physical", - "definition": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + "D": { + "key": "D", + "name": "Drop", + "definition": "Drop" }, - "L": { - "key": "L", - "name": "Local", - "definition": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + "R": { + "key": "R", + "name": "Reconsider Later", + "definition": "Reconsider Later" }, - "A": { - "key": "A", - "name": "Adjacent", - "definition": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + "E": { + "key": "E", + "name": "Easy Win", + "definition": "Easy Win" }, - "N": { - "key": "N", - "name": "Network", - "definition": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + "F": { + "key": "F", + "name": "Do First", + "definition": "Do First" } } } } }, - "Au": { - "key": "Au", + "YN": { + "key": "YN", "versions": { "1.0.0": { "version": "1.0.0", "obj": { - "namespace": "cvss", - "key": "Au", + "namespace": "basic", + "key": "YN", "version": "1.0.0", - "name": "Authentication", - "definition": "This metric measures whether or not an attacker needs to be authenticated to the target system in order to exploit the vulnerability.", + "name": "YesNo", + "definition": "A Yes/No decision point / outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "Not Required", - "definition": "Authentication is not required to access or exploit the vulnerability." + "name": "No", + "definition": "No" }, { - "key": "R", - "name": "Required", - "definition": "Authentication is required to access and exploit the vulnerability." + "key": "Y", + "name": "Yes", + "definition": "Yes" } ] }, "values": { "N": { "key": "N", - "name": "Not Required", - "definition": "Authentication is not required to access or exploit the vulnerability." + "name": "No", + "definition": "No" }, - "R": { - "key": "R", - "name": "Required", - "definition": "Authentication is required to access and exploit the vulnerability." + "Y": { + "key": "Y", + "name": "Yes", + "definition": "Yes" } } - }, - "2.0.0": { - "version": "2.0.0", + } + } + } + } + }, + "cisa": { + "namespace": "cisa", + "keys": { + "KEV": { + "key": "KEV", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { - "namespace": "cvss", - "key": "Au", - "version": "2.0.0", - "name": "Authentication", - "definition": "This metric measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability. This metric does not gauge the strength or complexity of the authentication process, only that an attacker is required to provide credentials before an exploit may occur. The possible values for this metric are listed in Table 3. The fewer authentication instances that are required, the higher the vulnerability score.", + "namespace": "cisa", + "key": "KEV", + "version": "1.0.0", + "name": "In KEV", + "definition": "Denotes whether a vulnerability is in the CISA Known Exploited Vulnerabilities (KEV) list.", "schemaVersion": "2.0.0", "values": [ { - "key": "M", - "name": "Multiple", - "definition": "Exploiting the vulnerability requires that the attacker authenticate two or more times, even if the same credentials are used each time." - }, - { - "key": "S", - "name": "Single", - "definition": "The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface)." + "key": "N", + "name": "No", + "definition": "Vulnerability is not listed in KEV." }, { - "key": "N", - "name": "None", - "definition": "Authentication is not required to exploit the vulnerability." + "key": "Y", + "name": "Yes", + "definition": "Vulnerability is listed in KEV." } ] }, "values": { - "M": { - "key": "M", - "name": "Multiple", - "definition": "Exploiting the vulnerability requires that the attacker authenticate two or more times, even if the same credentials are used each time." - }, - "S": { - "key": "S", - "name": "Single", - "definition": "The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface)." - }, "N": { "key": "N", - "name": "None", - "definition": "Authentication is not required to exploit the vulnerability." + "name": "No", + "definition": "Vulnerability is not listed in KEV." + }, + "Y": { + "key": "Y", + "name": "Yes", + "definition": "Vulnerability is listed in KEV." } } } } }, - "A": { - "key": "A", + "MP": { + "key": "MP", "versions": { "1.0.0": { "version": "1.0.0", "obj": { - "namespace": "cvss", - "key": "A", + "namespace": "cisa", + "key": "MP", "version": "1.0.0", - "name": "Availability Impact", - "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the target system.", + "name": "Mission Prevalence", + "definition": "Prevalence of the mission essential functions", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "definition": "No impact on availability." + "key": "M", + "name": "Minimal", + "definition": "Neither Support nor Essential apply. The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions." }, { - "key": "P", - "name": "Partial", - "definition": "Considerable lag in or interruptions in resource availability. For example, a network-based flood attack that reduces available bandwidth to a web server farm to such an extent that only a small number of connections successfully complete." + "key": "S", + "name": "Support", + "definition": "The vulnerable component only supports MEFs for two or more entities." }, { - "key": "C", - "name": "Complete", - "definition": "Total shutdown of the affected resource. The attacker can render the resource completely unavailable." + "key": "E", + "name": "Essential", + "definition": "The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure." } ] }, "values": { - "N": { - "key": "N", - "name": "None", - "definition": "No impact on availability." + "M": { + "key": "M", + "name": "Minimal", + "definition": "Neither Support nor Essential apply. The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions." }, - "P": { - "key": "P", - "name": "Partial", - "definition": "Considerable lag in or interruptions in resource availability. For example, a network-based flood attack that reduces available bandwidth to a web server farm to such an extent that only a small number of connections successfully complete." + "S": { + "key": "S", + "name": "Support", + "definition": "The vulnerable component only supports MEFs for two or more entities." }, - "C": { - "key": "C", - "name": "Complete", - "definition": "Total shutdown of the affected resource. The attacker can render the resource completely unavailable." + "E": { + "key": "E", + "name": "Essential", + "definition": "The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure." } } - }, - "2.0.0": { - "version": "2.0.0", + } + } + }, + "CISA": { + "key": "CISA", + "versions": { + "1.1.0": { + "version": "1.1.0", "obj": { - "namespace": "cvss", - "key": "A", - "version": "2.0.0", - "name": "Availability Impact", - "definition": "This metric measures the impact to availability of a successfully exploited vulnerability.", + "namespace": "cisa", + "key": "CISA", + "version": "1.1.0", + "name": "CISA Levels", + "definition": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "definition": "There is no impact to the availability of the system." - }, - { - "key": "L", - "name": "Low", - "definition": "There is reduced performance or interruptions in resource availability." + "key": "T", + "name": "Track", + "definition": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." }, { - "key": "H", - "name": "High", - "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "key": "T*", + "name": "Track*", + "definition": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." + }, + { + "key": "AT", + "name": "Attend", + "definition": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." + }, + { + "key": "AC", + "name": "Act", + "definition": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." } ] }, "values": { - "N": { - "key": "N", - "name": "None", - "definition": "There is no impact to the availability of the system." + "T": { + "key": "T", + "name": "Track", + "definition": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines." }, - "L": { - "key": "L", - "name": "Low", - "definition": "There is reduced performance or interruptions in resource availability." + "T*": { + "key": "T*", + "name": "Track*", + "definition": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines." }, - "H": { - "key": "H", - "name": "High", - "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "AT": { + "key": "AT", + "name": "Attend", + "definition": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines." + }, + "AC": { + "key": "AC", + "name": "Act", + "definition": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible." } } } } - }, - "VA": { - "key": "VA", + } + } + }, + "cvss": { + "namespace": "cvss", + "keys": { + "AC": { + "key": "AC", "versions": { - "3.0.0": { - "version": "3.0.0", + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "VA", - "version": "3.0.0", - "name": "Availability Impact to the Vulnerable System", - "definition": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "key": "AC", + "version": "1.0.0", + "name": "Access Complexity", + "definition": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "definition": "There is no impact to availability within the Vulnerable System." + "key": "H", + "name": "High", + "definition": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)" }, { "key": "L", "name": "Low", - "definition": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." - }, - { - "key": "H", - "name": "High", - "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable." } ] }, "values": { - "N": { - "key": "N", - "name": "None", - "definition": "There is no impact to availability within the Vulnerable System." + "H": { + "key": "H", + "name": "High", + "definition": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)" }, "L": { "key": "L", "name": "Low", - "definition": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." - }, - "H": { - "key": "H", - "name": "High", - "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable." } } - } - } - }, - "AR": { - "key": "AR", - "versions": { - "1.0.0": { - "version": "1.0.0", + }, + "2.0.0": { + "version": "2.0.0", "obj": { "namespace": "cvss", - "key": "AR", - "version": "1.0.0", - "name": "Availability Requirement", - "definition": "This metric measures the impact to the availability of a successfully exploited vulnerability.", + "key": "AC", + "version": "2.0.0", + "name": "Access Complexity", + "definition": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "key": "H", + "name": "High", + "definition": "Specialized access conditions exist." }, { "key": "M", "name": "Medium", - "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - { - "key": "H", - "name": "High", - "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "The access conditions are somewhat specialized." }, { - "key": "ND", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "key": "L", + "name": "Low", + "definition": "Specialized access conditions or extenuating circumstances do not exist." } ] }, "values": { - "L": { - "key": "L", - "name": "Low", - "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "H": { + "key": "H", + "name": "High", + "definition": "Specialized access conditions exist." }, "M": { "key": "M", "name": "Medium", - "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - "H": { - "key": "H", - "name": "High", - "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "The access conditions are somewhat specialized." }, - "ND": { - "key": "ND", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "L": { + "key": "L", + "name": "Low", + "definition": "Specialized access conditions or extenuating circumstances do not exist." } } }, - "1.1.0": { - "version": "1.1.0", + "3.0.0": { + "version": "3.0.0", "obj": { "namespace": "cvss", - "key": "AR", - "version": "1.1.0", - "name": "Availability Requirement", - "definition": "This metric measures the impact to the availability of a successfully exploited vulnerability.", + "key": "AC", + "version": "3.0.0", + "name": "Attack Complexity", + "definition": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "schemaVersion": "2.0.0", "values": [ - { - "key": "L", - "name": "Low", - "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - { - "key": "M", - "name": "Medium", - "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, { "key": "H", "name": "High", - "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "A successful attack depends on conditions beyond the attacker's control." }, { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "key": "L", + "name": "Low", + "definition": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." } ] }, "values": { - "L": { - "key": "L", - "name": "Low", - "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - "M": { - "key": "M", - "name": "Medium", - "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, "H": { "key": "H", "name": "High", - "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "A successful attack depends on conditions beyond the attacker's control." }, - "X": { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "L": { + "key": "L", + "name": "Low", + "definition": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." } } }, - "1.1.1": { - "version": "1.1.1", + "3.0.1": { + "version": "3.0.1", "obj": { "namespace": "cvss", - "key": "AR", - "version": "1.1.1", - "name": "Availability Requirement", - "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability.", + "key": "AC", + "version": "3.0.1", + "name": "Attack Complexity", + "definition": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "schemaVersion": "2.0.0", "values": [ - { - "key": "L", - "name": "Low", - "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - { - "key": "M", - "name": "Medium", - "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, { "key": "H", "name": "High", - "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." }, { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "key": "L", + "name": "Low", + "definition": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " } ] }, "values": { - "L": { - "key": "L", - "name": "Low", - "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - "M": { - "key": "M", - "name": "Medium", - "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, "H": { "key": "H", "name": "High", - "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." }, - "X": { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." - } - } - } + "L": { + "key": "L", + "name": "Low", + "definition": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + } + } + } } }, - "AR_NoX": { - "key": "AR_NoX", + "AT": { + "key": "AT", "versions": { - "1.1.1": { - "version": "1.1.1", + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "AR_NoX", - "version": "1.1.1", - "name": "Availability Requirement (without Not Defined)", - "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability. This version does not include the Not Defined (X) option.", + "key": "AT", + "version": "1.0.0", + "name": "Attack Requirements", + "definition": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - { - "key": "M", - "name": "Medium", - "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "key": "P", + "name": "Present", + "definition": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." }, { - "key": "H", - "name": "High", - "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "key": "N", + "name": "None", + "definition": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." } ] }, "values": { - "L": { - "key": "L", - "name": "Low", - "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - "M": { - "key": "M", - "name": "Medium", - "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "P": { + "key": "P", + "name": "Present", + "definition": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." }, - "H": { - "key": "H", - "name": "High", - "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "N": { + "key": "N", + "name": "None", + "definition": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." } } } } }, - "CDP": { - "key": "CDP", + "AV": { + "key": "AV", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "CDP", + "key": "AV", "version": "1.0.0", - "name": "Collateral Damage Potential", - "definition": "This metric measures the potential for a loss in physical equipment, property damage or loss of life or limb.", + "name": "Access Vector", + "definition": "This metric measures whether or not the vulnerability is exploitable locally or remotely.", "schemaVersion": "2.0.0", "values": [ - { - "key": "N", - "name": "None", - "definition": "There is no potential for physical or property damage." - }, { "key": "L", - "name": "Low", - "definition": "A successful exploit of this vulnerability may result in light physical or property damage or loss. The system itself may be damaged or destroyed." - }, - { - "key": "M", - "name": "Medium", - "definition": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." + "name": "Local", + "definition": "The vulnerability is only exploitable locally (i.e., it requires physical access or authenticated login to the target system)" }, { - "key": "H", - "name": "High", - "definition": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." + "key": "R", + "name": "Remote", + "definition": "The vulnerability is exploitable remotely." } ] }, "values": { - "N": { - "key": "N", - "name": "None", - "definition": "There is no potential for physical or property damage." - }, "L": { "key": "L", - "name": "Low", - "definition": "A successful exploit of this vulnerability may result in light physical or property damage or loss. The system itself may be damaged or destroyed." - }, - "M": { - "key": "M", - "name": "Medium", - "definition": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." + "name": "Local", + "definition": "The vulnerability is only exploitable locally (i.e., it requires physical access or authenticated login to the target system)" }, - "H": { - "key": "H", - "name": "High", - "definition": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." + "R": { + "key": "R", + "name": "Remote", + "definition": "The vulnerability is exploitable remotely." } } }, @@ -1066,141 +1186,316 @@ "version": "2.0.0", "obj": { "namespace": "cvss", - "key": "CDP", + "key": "AV", "version": "2.0.0", - "name": "Collateral Damage Potential", - "definition": "This metric measures the potential for loss of life or physical assets.", + "name": "Access Vector", + "definition": "This metric reflects the context by which vulnerability exploitation is possible.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "definition": "There is no potential for loss of life, physical assets, productivity or revenue." - }, - { - "key": "LM", - "name": "Low-Medium", - "definition": "A successful exploit of this vulnerability may result in moderate physical or property damage or loss." - }, - { - "key": "MH", - "name": "Medium-High", - "definition": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." + "key": "L", + "name": "Local", + "definition": "A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account." }, { - "key": "H", - "name": "High", - "definition": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." + "key": "A", + "name": "Adjacent Network", + "definition": "A vulnerability exploitable with adjacent network access requires the attacker to have access to either the broadcast or collision domain of the vulnerable software." }, { - "key": "ND", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "key": "N", + "name": "Network", + "definition": "A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed 'remotely exploitable'." } ] }, "values": { - "N": { - "key": "N", - "name": "None", - "definition": "There is no potential for loss of life, physical assets, productivity or revenue." - }, - "LM": { - "key": "LM", - "name": "Low-Medium", - "definition": "A successful exploit of this vulnerability may result in moderate physical or property damage or loss." - }, - "MH": { - "key": "MH", - "name": "Medium-High", - "definition": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." + "L": { + "key": "L", + "name": "Local", + "definition": "A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account." }, - "H": { - "key": "H", - "name": "High", - "definition": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." + "A": { + "key": "A", + "name": "Adjacent Network", + "definition": "A vulnerability exploitable with adjacent network access requires the attacker to have access to either the broadcast or collision domain of the vulnerable software." }, - "ND": { - "key": "ND", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "N": { + "key": "N", + "name": "Network", + "definition": "A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed 'remotely exploitable'." } } - } - } - }, - "C": { - "key": "C", - "versions": { - "1.0.0": { - "version": "1.0.0", + }, + "3.0.0": { + "version": "3.0.0", "obj": { "namespace": "cvss", - "key": "C", - "version": "1.0.0", - "name": "Confidentiality Impact", - "definition": "This metric measures the impact on confidentiality of a successful exploit of the vulnerability on the target system.", + "key": "AV", + "version": "3.0.0", + "name": "Attack Vector", + "definition": "This metric reflects the context by which vulnerability exploitation is possible. ", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "definition": "No impact on confidentiality." + "key": "P", + "name": "Physical", + "definition": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." }, { - "key": "P", - "name": "Partial", - "definition": "There is considerable informational disclosure. Access to critical system files is possible. There is a loss of important information, but the attacker doesn't have control over what is obtainable or the scope of the loss is constrained." + "key": "L", + "name": "Local", + "definition": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." }, { - "key": "C", - "name": "Complete", - "definition": "A total compromise of critical system information. A complete loss of system protection resulting in all critical system files being revealed. The attacker has sovereign control to read all of the system's data (memory, files, etc)." + "key": "A", + "name": "Adjacent", + "definition": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + }, + { + "key": "N", + "name": "Network", + "definition": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." } ] }, "values": { - "N": { - "key": "N", - "name": "None", - "definition": "No impact on confidentiality." - }, "P": { "key": "P", - "name": "Partial", - "definition": "There is considerable informational disclosure. Access to critical system files is possible. There is a loss of important information, but the attacker doesn't have control over what is obtainable or the scope of the loss is constrained." + "name": "Physical", + "definition": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." }, - "C": { - "key": "C", - "name": "Complete", - "definition": "A total compromise of critical system information. A complete loss of system protection resulting in all critical system files being revealed. The attacker has sovereign control to read all of the system's data (memory, files, etc)." + "L": { + "key": "L", + "name": "Local", + "definition": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." + }, + "A": { + "key": "A", + "name": "Adjacent", + "definition": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + }, + "N": { + "key": "N", + "name": "Network", + "definition": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." } } }, - "2.0.0": { - "version": "2.0.0", + "3.0.1": { + "version": "3.0.1", "obj": { "namespace": "cvss", - "key": "C", - "version": "2.0.0", - "name": "Confidentiality Impact", - "definition": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", + "key": "AV", + "version": "3.0.1", + "name": "Attack Vector", + "definition": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "P", + "name": "Physical", + "definition": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + }, + { + "key": "L", + "name": "Local", + "definition": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + }, + { + "key": "A", + "name": "Adjacent", + "definition": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + }, + { + "key": "N", + "name": "Network", + "definition": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + } + ] + }, + "values": { + "P": { + "key": "P", + "name": "Physical", + "definition": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." + }, + "L": { + "key": "L", + "name": "Local", + "definition": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + }, + "A": { + "key": "A", + "name": "Adjacent", + "definition": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + }, + "N": { + "key": "N", + "name": "Network", + "definition": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + } + } + } + } + }, + "Au": { + "key": "Au", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "Au", + "version": "1.0.0", + "name": "Authentication", + "definition": "This metric measures whether or not an attacker needs to be authenticated to the target system in order to exploit the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Not Required", + "definition": "Authentication is not required to access or exploit the vulnerability." + }, + { + "key": "R", + "name": "Required", + "definition": "Authentication is required to access and exploit the vulnerability." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "Not Required", + "definition": "Authentication is not required to access or exploit the vulnerability." + }, + "R": { + "key": "R", + "name": "Required", + "definition": "Authentication is required to access and exploit the vulnerability." + } + } + }, + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "Au", + "version": "2.0.0", + "name": "Authentication", + "definition": "This metric measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability. This metric does not gauge the strength or complexity of the authentication process, only that an attacker is required to provide credentials before an exploit may occur. The possible values for this metric are listed in Table 3. The fewer authentication instances that are required, the higher the vulnerability score.", "schemaVersion": "2.0.0", "values": [ + { + "key": "M", + "name": "Multiple", + "definition": "Exploiting the vulnerability requires that the attacker authenticate two or more times, even if the same credentials are used each time." + }, + { + "key": "S", + "name": "Single", + "definition": "The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface)." + }, { "key": "N", "name": "None", - "definition": "There is no loss of confidentiality within the impacted component." + "definition": "Authentication is not required to exploit the vulnerability." + } + ] + }, + "values": { + "M": { + "key": "M", + "name": "Multiple", + "definition": "Exploiting the vulnerability requires that the attacker authenticate two or more times, even if the same credentials are used each time." + }, + "S": { + "key": "S", + "name": "Single", + "definition": "The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface)." + }, + "N": { + "key": "N", + "name": "None", + "definition": "Authentication is not required to exploit the vulnerability." + } + } + } + } + }, + "A": { + "key": "A", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "A", + "version": "1.0.0", + "name": "Availability Impact", + "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the target system.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "definition": "No impact on availability." + }, + { + "key": "P", + "name": "Partial", + "definition": "Considerable lag in or interruptions in resource availability. For example, a network-based flood attack that reduces available bandwidth to a web server farm to such an extent that only a small number of connections successfully complete." + }, + { + "key": "C", + "name": "Complete", + "definition": "Total shutdown of the affected resource. The attacker can render the resource completely unavailable." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "None", + "definition": "No impact on availability." + }, + "P": { + "key": "P", + "name": "Partial", + "definition": "Considerable lag in or interruptions in resource availability. For example, a network-based flood attack that reduces available bandwidth to a web server farm to such an extent that only a small number of connections successfully complete." + }, + "C": { + "key": "C", + "name": "Complete", + "definition": "Total shutdown of the affected resource. The attacker can render the resource completely unavailable." + } + } + }, + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "A", + "version": "2.0.0", + "name": "Availability Impact", + "definition": "This metric measures the impact to availability of a successfully exploited vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "definition": "There is no impact to the availability of the system." }, { "key": "L", "name": "Low", - "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is reduced performance or interruptions in resource availability." }, { "key": "H", "name": "High", - "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } ] }, @@ -1208,49 +1503,49 @@ "N": { "key": "N", "name": "None", - "definition": "There is no loss of confidentiality within the impacted component." + "definition": "There is no impact to the availability of the system." }, "L": { "key": "L", "name": "Low", - "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is reduced performance or interruptions in resource availability." }, "H": { "key": "H", "name": "High", - "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } } } } }, - "VC": { - "key": "VC", + "VA": { + "key": "VA", "versions": { "3.0.0": { "version": "3.0.0", "obj": { "namespace": "cvss", - "key": "VC", + "key": "VA", "version": "3.0.0", - "name": "Confidentiality Impact to the Vulnerable System", - "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "name": "Availability Impact to the Vulnerable System", + "definition": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "definition": "There is no loss of confidentiality within the impacted component." + "definition": "There is no impact to availability within the Vulnerable System." }, { "key": "L", "name": "Low", - "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." }, { "key": "H", "name": "High", - "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } ] }, @@ -1258,49 +1553,49 @@ "N": { "key": "N", "name": "None", - "definition": "There is no loss of confidentiality within the impacted component." + "definition": "There is no impact to availability within the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." }, "H": { "key": "H", "name": "High", - "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } } } } }, - "CR": { - "key": "CR", + "AR": { + "key": "AR", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "CR", + "key": "AR", "version": "1.0.0", - "name": "Confidentiality Requirement", - "definition": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", + "name": "Availability Requirement", + "definition": "This metric measures the impact to the availability of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "ND", @@ -1313,17 +1608,17 @@ "L": { "key": "L", "name": "Low", - "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "M": { "key": "M", "name": "Medium", - "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "ND": { "key": "ND", @@ -1336,26 +1631,26 @@ "version": "1.1.0", "obj": { "namespace": "cvss", - "key": "CR", + "key": "AR", "version": "1.1.0", - "name": "Confidentiality Requirement", - "definition": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", + "name": "Availability Requirement", + "definition": "This metric measures the impact to the availability of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "X", @@ -1368,17 +1663,17 @@ "L": { "key": "L", "name": "Low", - "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "M": { "key": "M", "name": "Medium", - "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "X": { "key": "X", @@ -1391,26 +1686,26 @@ "version": "1.1.1", "obj": { "namespace": "cvss", - "key": "CR", + "key": "AR", "version": "1.1.1", - "name": "Confidentiality Requirement", - "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", + "name": "Availability Requirement", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "X", @@ -1423,17 +1718,17 @@ "L": { "key": "L", "name": "Low", - "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "M": { "key": "M", "name": "Medium", - "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "X": { "key": "X", @@ -1444,33 +1739,33 @@ } } }, - "CR_NoX": { - "key": "CR_NoX", + "AR_NoX": { + "key": "AR_NoX", "versions": { "1.1.1": { "version": "1.1.1", "obj": { "namespace": "cvss", - "key": "CR_NoX", + "key": "AR_NoX", "version": "1.1.1", - "name": "Confidentiality Requirement (without Not Defined)", - "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "name": "Availability Requirement (without Not Defined)", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "M", "name": "Medium", - "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } ] }, @@ -1478,284 +1773,324 @@ "L": { "key": "L", "name": "Low", - "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "M": { "key": "M", "name": "Medium", - "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Loss of availability is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } } } } }, - "EQ1": { - "key": "EQ1", + "CDP": { + "key": "CDP", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "EQ1", + "key": "CDP", "version": "1.0.0", - "name": "Equivalence Set 1", - "definition": "AV/PR/UI with 3 levels specified in Table 24", + "name": "Collateral Damage Potential", + "definition": "This metric measures the potential for a loss in physical equipment, property damage or loss of life or limb.", "schemaVersion": "2.0.0", "values": [ + { + "key": "N", + "name": "None", + "definition": "There is no potential for physical or property damage." + }, { "key": "L", "name": "Low", - "definition": "2: AV:P or not(AV:N or PR:N or UI:N)" + "definition": "A successful exploit of this vulnerability may result in light physical or property damage or loss. The system itself may be damaged or destroyed." }, { "key": "M", "name": "Medium", - "definition": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" + "definition": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." }, { "key": "H", "name": "High", - "definition": "0: AV:N and PR:N and UI:N" + "definition": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." } ] }, "values": { + "N": { + "key": "N", + "name": "None", + "definition": "There is no potential for physical or property damage." + }, "L": { "key": "L", "name": "Low", - "definition": "2: AV:P or not(AV:N or PR:N or UI:N)" + "definition": "A successful exploit of this vulnerability may result in light physical or property damage or loss. The system itself may be damaged or destroyed." }, "M": { "key": "M", "name": "Medium", - "definition": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" + "definition": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." }, "H": { "key": "H", "name": "High", - "definition": "0: AV:N and PR:N and UI:N" + "definition": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." } } - } - } - }, - "EQ2": { - "key": "EQ2", - "versions": { - "1.0.0": { - "version": "1.0.0", + }, + "2.0.0": { + "version": "2.0.0", "obj": { "namespace": "cvss", - "key": "EQ2", - "version": "1.0.0", - "name": "Equivalence Set 2", - "definition": "AC/AT with 2 levels specified in Table 25", + "key": "CDP", + "version": "2.0.0", + "name": "Collateral Damage Potential", + "definition": "This metric measures the potential for loss of life or physical assets.", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "definition": "1: not (AC:L and AT:N)" + "key": "N", + "name": "None", + "definition": "There is no potential for loss of life, physical assets, productivity or revenue." + }, + { + "key": "LM", + "name": "Low-Medium", + "definition": "A successful exploit of this vulnerability may result in moderate physical or property damage or loss." + }, + { + "key": "MH", + "name": "Medium-High", + "definition": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." }, { "key": "H", "name": "High", - "definition": "0: AC:L and AT:N" + "definition": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." + }, + { + "key": "ND", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { - "L": { - "key": "L", - "name": "Low", - "definition": "1: not (AC:L and AT:N)" + "N": { + "key": "N", + "name": "None", + "definition": "There is no potential for loss of life, physical assets, productivity or revenue." + }, + "LM": { + "key": "LM", + "name": "Low-Medium", + "definition": "A successful exploit of this vulnerability may result in moderate physical or property damage or loss." + }, + "MH": { + "key": "MH", + "name": "Medium-High", + "definition": "A successful exploit of this vulnerability may result in significant physical or property damage or loss." }, "H": { "key": "H", "name": "High", - "definition": "0: AC:L and AT:N" + "definition": "A successful exploit of this vulnerability may result in catastrophic physical or property damage and loss. The range of effect may be over a wide area." + }, + "ND": { + "key": "ND", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } } } } }, - "EQ3": { - "key": "EQ3", + "C": { + "key": "C", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "EQ3", + "key": "C", "version": "1.0.0", - "name": "Equivalence Set 3", - "definition": "VC/VI/VA with 3 levels specified in Table 26", + "name": "Confidentiality Impact", + "definition": "This metric measures the impact on confidentiality of a successful exploit of the vulnerability on the target system.", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "definition": "2: not (VC:H or VI:H or VA:H)" + "key": "N", + "name": "None", + "definition": "No impact on confidentiality." }, { - "key": "M", - "name": "Medium", - "definition": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" + "key": "P", + "name": "Partial", + "definition": "There is considerable informational disclosure. Access to critical system files is possible. There is a loss of important information, but the attacker doesn't have control over what is obtainable or the scope of the loss is constrained." }, { - "key": "H", - "name": "High", - "definition": "0: VC:H and VI:H" + "key": "C", + "name": "Complete", + "definition": "A total compromise of critical system information. A complete loss of system protection resulting in all critical system files being revealed. The attacker has sovereign control to read all of the system's data (memory, files, etc)." } ] }, "values": { - "L": { - "key": "L", - "name": "Low", - "definition": "2: not (VC:H or VI:H or VA:H)" + "N": { + "key": "N", + "name": "None", + "definition": "No impact on confidentiality." }, - "M": { - "key": "M", - "name": "Medium", - "definition": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" + "P": { + "key": "P", + "name": "Partial", + "definition": "There is considerable informational disclosure. Access to critical system files is possible. There is a loss of important information, but the attacker doesn't have control over what is obtainable or the scope of the loss is constrained." }, - "H": { - "key": "H", - "name": "High", - "definition": "0: VC:H and VI:H" + "C": { + "key": "C", + "name": "Complete", + "definition": "A total compromise of critical system information. A complete loss of system protection resulting in all critical system files being revealed. The attacker has sovereign control to read all of the system's data (memory, files, etc)." } } - } - } - }, - "EQ4": { - "key": "EQ4", - "versions": { - "1.0.0": { - "version": "1.0.0", + }, + "2.0.0": { + "version": "2.0.0", "obj": { "namespace": "cvss", - "key": "EQ4", - "version": "1.0.0", - "name": "Equivalence Set 4", - "definition": "SC/SI/SA with 3 levels specified in Table 27", + "key": "C", + "version": "2.0.0", + "name": "Confidentiality Impact", + "definition": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "definition": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" + "key": "N", + "name": "None", + "definition": "There is no loss of confidentiality within the impacted component." }, { - "key": "M", - "name": "Medium", - "definition": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" + "key": "L", + "name": "Low", + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, { "key": "H", "name": "High", - "definition": "0: MSI:S or MSA:S" + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." } ] }, "values": { + "N": { + "key": "N", + "name": "None", + "definition": "There is no loss of confidentiality within the impacted component." + }, "L": { "key": "L", "name": "Low", - "definition": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" - }, - "M": { - "key": "M", - "name": "Medium", - "definition": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, "H": { "key": "H", "name": "High", - "definition": "0: MSI:S or MSA:S" + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." } } } } }, - "EQ5": { - "key": "EQ5", + "VC": { + "key": "VC", "versions": { - "1.0.0": { - "version": "1.0.0", + "3.0.0": { + "version": "3.0.0", "obj": { "namespace": "cvss", - "key": "EQ5", - "version": "1.0.0", - "name": "Equivalence Set 5", - "definition": "E with 3 levels specified in Table 28", + "key": "VC", + "version": "3.0.0", + "name": "Confidentiality Impact to the Vulnerable System", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "definition": "2: E:U" + "key": "N", + "name": "None", + "definition": "There is no loss of confidentiality within the impacted component." }, { - "key": "M", - "name": "Medium", - "definition": "1: E:P" + "key": "L", + "name": "Low", + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, { "key": "H", "name": "High", - "definition": "0: E:A" + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." } ] }, "values": { + "N": { + "key": "N", + "name": "None", + "definition": "There is no loss of confidentiality within the impacted component." + }, "L": { "key": "L", "name": "Low", - "definition": "2: E:U" - }, - "M": { - "key": "M", - "name": "Medium", - "definition": "1: E:P" + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, "H": { "key": "H", "name": "High", - "definition": "0: E:A" + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." } } } } }, - "EQ6": { - "key": "EQ6", + "CR": { + "key": "CR", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "EQ6", + "key": "CR", "version": "1.0.0", - "name": "Equivalence Set 6", - "definition": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", + "name": "Confidentiality Requirement", + "definition": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "definition": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "definition": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "ND", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -1763,72 +2098,22 @@ "L": { "key": "L", "name": "Low", - "definition": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" - }, - "H": { - "key": "H", - "name": "High", - "definition": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" - } - } - } - } - }, - "E": { - "key": "E", - "versions": { - "1.0.0": { - "version": "1.0.0", - "obj": { - "namespace": "cvss", - "key": "E", - "version": "1.0.0", - "name": "Exploitability", - "definition": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "U", - "name": "Unproven", - "definition": "No exploit code is yet available or an exploit method is entirely theoretical." - }, - { - "key": "P", - "name": "Proof of Concept", - "definition": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." - }, - { - "key": "F", - "name": "Functional", - "definition": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." - }, - { - "key": "H", - "name": "High", - "definition": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." - } - ] - }, - "values": { - "U": { - "key": "U", - "name": "Unproven", - "definition": "No exploit code is yet available or an exploit method is entirely theoretical." - }, - "P": { - "key": "P", - "name": "Proof of Concept", - "definition": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, - "F": { - "key": "F", - "name": "Functional", - "definition": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." + "M": { + "key": "M", + "name": "Medium", + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "definition": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "ND": { + "key": "ND", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -1836,96 +2121,81 @@ "version": "1.1.0", "obj": { "namespace": "cvss", - "key": "E", + "key": "CR", "version": "1.1.0", - "name": "Exploitability", - "definition": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", + "name": "Confidentiality Requirement", + "definition": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "U", - "name": "Unproven", - "definition": "No exploit code is yet available or an exploit method is entirely theoretical." - }, - { - "key": "P", - "name": "Proof of Concept", - "definition": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." + "key": "L", + "name": "Low", + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { - "key": "F", - "name": "Functional", - "definition": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." + "key": "M", + "name": "Medium", + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "definition": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { - "key": "ND", + "key": "X", "name": "Not Defined", "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { - "U": { - "key": "U", - "name": "Unproven", - "definition": "No exploit code is yet available or an exploit method is entirely theoretical." - }, - "P": { - "key": "P", - "name": "Proof of Concept", - "definition": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." + "L": { + "key": "L", + "name": "Low", + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, - "F": { - "key": "F", - "name": "Functional", - "definition": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." + "M": { + "key": "M", + "name": "Medium", + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "definition": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, - "ND": { - "key": "ND", + "X": { + "key": "X", "name": "Not Defined", "definition": "This metric value is not defined. See CVSS documentation for details." } } }, - "1.2.0": { - "version": "1.2.0", + "1.1.1": { + "version": "1.1.1", "obj": { "namespace": "cvss", - "key": "E", - "version": "1.2.0", - "name": "Exploit Code Maturity", - "definition": "measures the likelihood of the vulnerability being attacked, and is typically based on the current state of exploit techniques, exploit code availability, or active, 'in-the-wild' exploitation", + "key": "CR", + "version": "1.1.1", + "name": "Confidentiality Requirement", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", "schemaVersion": "2.0.0", "values": [ { - "key": "U", - "name": "Unproven", - "definition": "No exploit code is available, or an exploit is theoretical." - }, - { - "key": "POC", - "name": "Proof-of-Concept", - "definition": "Proof-of-concept exploit code is available, or an attack demonstration is not practical for most systems. The code or technique is not functional in all situations and may require substantial modification by a skilled attacker." + "key": "L", + "name": "Low", + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { - "key": "F", - "name": "Functional", - "definition": "Functional exploit code is available. The code works in most situations where the vulnerability exists." + "key": "M", + "name": "Medium", + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "definition": "Functional autonomous code exists, or no exploit is required (manual trigger) and details are widely available. Exploit code works in every situation, or is actively being delivered via an autonomous agent (such as a worm or virus). Network-connected systems are likely to encounter scanning or exploitation attempts. Exploit development has reached the level of reliable, widely-available, easy-to-use automated tools." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "X", @@ -1935,25 +2205,20 @@ ] }, "values": { - "U": { - "key": "U", - "name": "Unproven", - "definition": "No exploit code is available, or an exploit is theoretical." - }, - "POC": { - "key": "POC", - "name": "Proof-of-Concept", - "definition": "Proof-of-concept exploit code is available, or an attack demonstration is not practical for most systems. The code or technique is not functional in all situations and may require substantial modification by a skilled attacker." + "L": { + "key": "L", + "name": "Low", + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, - "F": { - "key": "F", - "name": "Functional", - "definition": "Functional exploit code is available. The code works in most situations where the vulnerability exists." + "M": { + "key": "M", + "name": "Medium", + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "definition": "Functional autonomous code exists, or no exploit is required (manual trigger) and details are widely available. Exploit code works in every situation, or is actively being delivered via an autonomous agent (such as a worm or virus). Network-connected systems are likely to encounter scanning or exploitation attempts. Exploit development has reached the level of reliable, widely-available, easy-to-use automated tools." + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "X": { "key": "X", @@ -1961,351 +2226,321 @@ "definition": "This metric value is not defined. See CVSS documentation for details." } } - }, - "2.0.0": { - "version": "2.0.0", + } + } + }, + "CR_NoX": { + "key": "CR_NoX", + "versions": { + "1.1.1": { + "version": "1.1.1", "obj": { "namespace": "cvss", - "key": "E", - "version": "2.0.0", - "name": "Exploit Maturity", - "definition": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation.", + "key": "CR_NoX", + "version": "1.1.1", + "name": "Confidentiality Requirement (without Not Defined)", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { - "key": "U", - "name": "Unreported", - "definition": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" - }, - { - "key": "P", - "name": "Proof-of-Concept", - "definition": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + "key": "L", + "name": "Low", + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { - "key": "A", - "name": "Attacked", - "definition": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + "key": "M", + "name": "Medium", + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "key": "H", + "name": "High", + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } ] }, "values": { - "U": { - "key": "U", - "name": "Unreported", - "definition": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" - }, - "P": { - "key": "P", - "name": "Proof-of-Concept", - "definition": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + "L": { + "key": "L", + "name": "Low", + "definition": "Loss of confidentiality is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, - "A": { - "key": "A", - "name": "Attacked", - "definition": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + "M": { + "key": "M", + "name": "Medium", + "definition": "Loss of confidentiality is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, - "X": { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "H": { + "key": "H", + "name": "High", + "definition": "Loss of confidentiality is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } } } } }, - "E_NoX": { - "key": "E_NoX", + "EQ1": { + "key": "EQ1", "versions": { - "2.0.0": { - "version": "2.0.0", + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "E_NoX", - "version": "2.0.0", - "name": "Exploit Maturity (without Not Defined)", - "definition": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation. This version does not include the Not Defined (X) option.", + "key": "EQ1", + "version": "1.0.0", + "name": "Equivalence Set 1", + "definition": "AV/PR/UI with 3 levels specified in Table 24", "schemaVersion": "2.0.0", "values": [ { - "key": "U", - "name": "Unreported", - "definition": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + "key": "L", + "name": "Low", + "definition": "2: AV:P or not(AV:N or PR:N or UI:N)" }, { - "key": "P", - "name": "Proof-of-Concept", - "definition": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + "key": "M", + "name": "Medium", + "definition": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" }, { - "key": "A", - "name": "Attacked", - "definition": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + "key": "H", + "name": "High", + "definition": "0: AV:N and PR:N and UI:N" } ] }, "values": { - "U": { - "key": "U", - "name": "Unreported", - "definition": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + "L": { + "key": "L", + "name": "Low", + "definition": "2: AV:P or not(AV:N or PR:N or UI:N)" }, - "P": { - "key": "P", - "name": "Proof-of-Concept", - "definition": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + "M": { + "key": "M", + "name": "Medium", + "definition": "1: (AV:N or PR:N or UI:N) and not (AV:N and PR:N and UI:N) and not AV:P" }, - "A": { - "key": "A", - "name": "Attacked", - "definition": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + "H": { + "key": "H", + "name": "High", + "definition": "0: AV:N and PR:N and UI:N" } } } } }, - "IB": { - "key": "IB", + "EQ2": { + "key": "EQ2", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "IB", + "key": "EQ2", "version": "1.0.0", - "name": "Impact Bias", - "definition": "This metric measures the impact bias of the vulnerability.", + "name": "Equivalence Set 2", + "definition": "AC/AT with 2 levels specified in Table 25", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "Normal", - "definition": "Confidentiality Impact, Integrity Impact, and Availability Impact are all assigned the same weight." - }, - { - "key": "C", - "name": "Confidentiality", - "definition": "Confidentiality impact is assigned greater weight than Integrity Impact or Availability Impact." - }, - { - "key": "I", - "name": "Integrity", - "definition": "Integrity Impact is assigned greater weight than Confidentiality Impact or Availability Impact." + "key": "L", + "name": "Low", + "definition": "1: not (AC:L and AT:N)" }, { - "key": "A", - "name": "Availability", - "definition": "Availability Impact is assigned greater weight than Confidentiality Impact or Integrity Impact." + "key": "H", + "name": "High", + "definition": "0: AC:L and AT:N" } ] }, "values": { - "N": { - "key": "N", - "name": "Normal", - "definition": "Confidentiality Impact, Integrity Impact, and Availability Impact are all assigned the same weight." - }, - "C": { - "key": "C", - "name": "Confidentiality", - "definition": "Confidentiality impact is assigned greater weight than Integrity Impact or Availability Impact." - }, - "I": { - "key": "I", - "name": "Integrity", - "definition": "Integrity Impact is assigned greater weight than Confidentiality Impact or Availability Impact." + "L": { + "key": "L", + "name": "Low", + "definition": "1: not (AC:L and AT:N)" }, - "A": { - "key": "A", - "name": "Availability", - "definition": "Availability Impact is assigned greater weight than Confidentiality Impact or Integrity Impact." + "H": { + "key": "H", + "name": "High", + "definition": "0: AC:L and AT:N" } } } } }, - "I": { - "key": "I", + "EQ3": { + "key": "EQ3", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "I", + "key": "EQ3", "version": "1.0.0", - "name": "Integrity Impact", - "definition": "This metric measures the impact on integrity a successful exploit of the vulnerability will have on the target system.", + "name": "Equivalence Set 3", + "definition": "VC/VI/VA with 3 levels specified in Table 26", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "definition": "No impact on integrity." + "key": "L", + "name": "Low", + "definition": "2: not (VC:H or VI:H or VA:H)" }, { - "key": "P", - "name": "Partial", - "definition": "Considerable breach in integrity. Modification of critical system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is constrained. For example, key system or program files may be overwritten or modified, but at random or in a limited context or scope." + "key": "M", + "name": "Medium", + "definition": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" }, { - "key": "C", - "name": "Complete", - "definition": "A total compromise of system integrity. There is a complete loss of system protection resulting in the entire system being compromised. The attacker has sovereign control to modify any system files." + "key": "H", + "name": "High", + "definition": "0: VC:H and VI:H" } ] }, "values": { - "N": { - "key": "N", - "name": "None", - "definition": "No impact on integrity." + "L": { + "key": "L", + "name": "Low", + "definition": "2: not (VC:H or VI:H or VA:H)" }, - "P": { - "key": "P", - "name": "Partial", - "definition": "Considerable breach in integrity. Modification of critical system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is constrained. For example, key system or program files may be overwritten or modified, but at random or in a limited context or scope." + "M": { + "key": "M", + "name": "Medium", + "definition": "1: not (VC:H and VI:H) and (VC:H or VI:H or VA:H)" }, - "C": { - "key": "C", - "name": "Complete", - "definition": "A total compromise of system integrity. There is a complete loss of system protection resulting in the entire system being compromised. The attacker has sovereign control to modify any system files." + "H": { + "key": "H", + "name": "High", + "definition": "0: VC:H and VI:H" } } - }, - "2.0.0": { - "version": "2.0.0", + } + } + }, + "EQ4": { + "key": "EQ4", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "I", - "version": "2.0.0", - "name": "Integrity Impact", - "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "key": "EQ4", + "version": "1.0.0", + "name": "Equivalence Set 4", + "definition": "SC/SI/SA with 3 levels specified in Table 27", "schemaVersion": "2.0.0", "values": [ - { - "key": "N", - "name": "None", - "definition": "There is no impact to the integrity of the system." - }, { "key": "L", "name": "Low", - "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." + "definition": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" }, { - "key": "H", - "name": "High", - "definition": "There is a total loss of integrity, or a complete loss of protection." + "key": "M", + "name": "Medium", + "definition": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" + }, + { + "key": "H", + "name": "High", + "definition": "0: MSI:S or MSA:S" } ] }, "values": { - "N": { - "key": "N", - "name": "None", - "definition": "There is no impact to the integrity of the system." - }, "L": { "key": "L", "name": "Low", - "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." + "definition": "2: not (MSI:S or MSA:S) and not (SC:H or SI:H or SA:H)" + }, + "M": { + "key": "M", + "name": "Medium", + "definition": "1: not (MSI:S or MSA:S) and (SC:H or SI:H or SA:H)" }, "H": { "key": "H", "name": "High", - "definition": "There is a total loss of integrity, or a complete loss of protection." + "definition": "0: MSI:S or MSA:S" } } } } }, - "VI": { - "key": "VI", + "EQ5": { + "key": "EQ5", "versions": { - "3.0.0": { - "version": "3.0.0", + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "VI", - "version": "3.0.0", - "name": "Integrity Impact to the Vulnerable System", - "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "key": "EQ5", + "version": "1.0.0", + "name": "Equivalence Set 5", + "definition": "E with 3 levels specified in Table 28", "schemaVersion": "2.0.0", "values": [ - { - "key": "N", - "name": "None", - "definition": "There is no loss of integrity within the Vulnerable System." - }, { "key": "L", "name": "Low", - "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + "definition": "2: E:U" + }, + { + "key": "M", + "name": "Medium", + "definition": "1: E:P" }, { "key": "H", "name": "High", - "definition": "There is a total loss of integrity, or a complete loss of protection." + "definition": "0: E:A" } ] }, "values": { - "N": { - "key": "N", - "name": "None", - "definition": "There is no loss of integrity within the Vulnerable System." - }, "L": { "key": "L", "name": "Low", - "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + "definition": "2: E:U" + }, + "M": { + "key": "M", + "name": "Medium", + "definition": "1: E:P" }, "H": { "key": "H", "name": "High", - "definition": "There is a total loss of integrity, or a complete loss of protection." + "definition": "0: E:A" } } } } }, - "IR": { - "key": "IR", + "EQ6": { + "key": "EQ6", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "IR", + "key": "EQ6", "version": "1.0.0", - "name": "Integrity Requirement", - "definition": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", + "name": "Equivalence Set 6", + "definition": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", "schemaVersion": "2.0.0", "values": [ { "key": "L", "name": "Low", - "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - { - "key": "M", - "name": "Medium", - "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" }, { "key": "H", "name": "High", - "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - { - "key": "ND", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "definition": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" } ] }, @@ -2313,449 +2548,494 @@ "L": { "key": "L", "name": "Low", - "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - "M": { - "key": "M", - "name": "Medium", - "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "1: not (CR:H and VC:H) and not (IR:H and VI:H) and not (AR:H and VA:H)" }, "H": { "key": "H", "name": "High", - "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - "ND": { - "key": "ND", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "definition": "0: (CR:H and VC:H) or (IR:H and VI:H) or (AR:H and VA:H)" } } - }, - "1.1.0": { - "version": "1.1.0", + } + } + }, + "E": { + "key": "E", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "IR", - "version": "1.1.0", - "name": "Integrity Requirement", - "definition": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", + "key": "E", + "version": "1.0.0", + "name": "Exploitability", + "definition": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "key": "U", + "name": "Unproven", + "definition": "No exploit code is yet available or an exploit method is entirely theoretical." }, { - "key": "M", - "name": "Medium", - "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "key": "P", + "name": "Proof of Concept", + "definition": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." }, { - "key": "H", - "name": "High", - "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "key": "F", + "name": "Functional", + "definition": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." }, { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "key": "H", + "name": "High", + "definition": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." } ] }, "values": { - "L": { - "key": "L", - "name": "Low", - "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "U": { + "key": "U", + "name": "Unproven", + "definition": "No exploit code is yet available or an exploit method is entirely theoretical." }, - "M": { - "key": "M", - "name": "Medium", - "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "P": { + "key": "P", + "name": "Proof of Concept", + "definition": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." + }, + "F": { + "key": "F", + "name": "Functional", + "definition": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." }, "H": { "key": "H", "name": "High", - "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." - }, - "X": { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "definition": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." } } }, - "1.1.1": { - "version": "1.1.1", + "1.1.0": { + "version": "1.1.0", "obj": { "namespace": "cvss", - "key": "IR", - "version": "1.1.1", - "name": "Integrity Requirement", - "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", + "key": "E", + "version": "1.1.0", + "name": "Exploitability", + "definition": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "key": "U", + "name": "Unproven", + "definition": "No exploit code is yet available or an exploit method is entirely theoretical." }, { - "key": "M", - "name": "Medium", - "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "key": "P", + "name": "Proof of Concept", + "definition": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." + }, + { + "key": "F", + "name": "Functional", + "definition": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." }, { "key": "H", "name": "High", - "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." }, { - "key": "X", + "key": "ND", "name": "Not Defined", "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { - "L": { - "key": "L", - "name": "Low", - "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "U": { + "key": "U", + "name": "Unproven", + "definition": "No exploit code is yet available or an exploit method is entirely theoretical." }, - "M": { - "key": "M", - "name": "Medium", - "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "P": { + "key": "P", + "name": "Proof of Concept", + "definition": "Proof of concept exploit code or an attack demonstration that is not practically applicable to deployed systems is available. The code or technique is not functional in all situations and may require substantial hand tuning by a skilled attacker for use against deployed systems." + }, + "F": { + "key": "F", + "name": "Functional", + "definition": "Functional exploit code is available. The code works in most situations where the vulnerability is exploitable." }, "H": { "key": "H", "name": "High", - "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Either the vulnerability is exploitable by functional mobile autonomous code or no exploit is required (manual trigger) and the details for the manual technique are widely available. The code works in every situation where the vulnerability is exploitable and/or is actively being delivered via a mobile autonomous agent (a worm or virus)." }, - "X": { - "key": "X", + "ND": { + "key": "ND", "name": "Not Defined", "definition": "This metric value is not defined. See CVSS documentation for details." } } - } - } - }, - "IR_NoX": { - "key": "IR_NoX", - "versions": { - "1.1.1": { - "version": "1.1.1", + }, + "1.2.0": { + "version": "1.2.0", "obj": { "namespace": "cvss", - "key": "IR_NoX", - "version": "1.1.1", - "name": "Integrity Requirement (without Not Defined)", - "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", + "key": "E", + "version": "1.2.0", + "name": "Exploit Code Maturity", + "definition": "measures the likelihood of the vulnerability being attacked, and is typically based on the current state of exploit techniques, exploit code availability, or active, 'in-the-wild' exploitation", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "key": "U", + "name": "Unproven", + "definition": "No exploit code is available, or an exploit is theoretical." }, { - "key": "M", - "name": "Medium", - "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "key": "POC", + "name": "Proof-of-Concept", + "definition": "Proof-of-concept exploit code is available, or an attack demonstration is not practical for most systems. The code or technique is not functional in all situations and may require substantial modification by a skilled attacker." + }, + { + "key": "F", + "name": "Functional", + "definition": "Functional exploit code is available. The code works in most situations where the vulnerability exists." }, { "key": "H", "name": "High", - "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Functional autonomous code exists, or no exploit is required (manual trigger) and details are widely available. Exploit code works in every situation, or is actively being delivered via an autonomous agent (such as a worm or virus). Network-connected systems are likely to encounter scanning or exploitation attempts. Exploit development has reached the level of reliable, widely-available, easy-to-use automated tools." + }, + { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { - "L": { - "key": "L", - "name": "Low", - "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "U": { + "key": "U", + "name": "Unproven", + "definition": "No exploit code is available, or an exploit is theoretical." }, - "M": { - "key": "M", - "name": "Medium", - "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "POC": { + "key": "POC", + "name": "Proof-of-Concept", + "definition": "Proof-of-concept exploit code is available, or an attack demonstration is not practical for most systems. The code or technique is not functional in all situations and may require substantial modification by a skilled attacker." + }, + "F": { + "key": "F", + "name": "Functional", + "definition": "Functional exploit code is available. The code works in most situations where the vulnerability exists." }, "H": { "key": "H", "name": "High", - "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + "definition": "Functional autonomous code exists, or no exploit is required (manual trigger) and details are widely available. Exploit code works in every situation, or is actively being delivered via an autonomous agent (such as a worm or virus). Network-connected systems are likely to encounter scanning or exploitation attempts. Exploit development has reached the level of reliable, widely-available, easy-to-use automated tools." + }, + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." + } + } + }, + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "E", + "version": "2.0.0", + "name": "Exploit Maturity", + "definition": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "U", + "name": "Unreported", + "definition": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + }, + { + "key": "P", + "name": "Proof-of-Concept", + "definition": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + }, + { + "key": "A", + "name": "Attacked", + "definition": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + }, + { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "U": { + "key": "U", + "name": "Unreported", + "definition": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" + }, + "P": { + "key": "P", + "name": "Proof-of-Concept", + "definition": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" + }, + "A": { + "key": "A", + "name": "Attacked", + "definition": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" + }, + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } } } } }, - "SA": { - "key": "SA", + "E_NoX": { + "key": "E_NoX", "versions": { - "1.0.0": { - "version": "1.0.0", + "2.0.0": { + "version": "2.0.0", "obj": { "namespace": "cvss", - "key": "SA", - "version": "1.0.0", - "name": "Availability Impact to the Subsequent System", - "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", + "key": "E_NoX", + "version": "2.0.0", + "name": "Exploit Maturity (without Not Defined)", + "definition": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "definition": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "key": "U", + "name": "Unreported", + "definition": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" }, { - "key": "L", - "name": "Low", - "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "key": "P", + "name": "Proof-of-Concept", + "definition": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" }, { - "key": "H", - "name": "High", - "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "key": "A", + "name": "Attacked", + "definition": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" } ] }, "values": { - "N": { - "key": "N", - "name": "None", - "definition": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "U": { + "key": "U", + "name": "Unreported", + "definition": "Based on available threat intelligence each of the following must apply: No knowledge of publicly available proof-of-concept exploit code No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., neither the “POC” nor “Attacked” values apply)" }, - "L": { - "key": "L", - "name": "Low", - "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "P": { + "key": "P", + "name": "Proof-of-Concept", + "definition": "Based on available threat intelligence each of the following must apply: Proof-of-concept exploit code is publicly available No knowledge of reported attempts to exploit this vulnerability No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability (i.e., the “Attacked” value does not apply)" }, - "H": { - "key": "H", - "name": "High", - "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "A": { + "key": "A", + "name": "Attacked", + "definition": "Based on available threat intelligence either of the following must apply: Attacks targeting this vulnerability (attempted or successful) have been reported Solutions to simplify attempts to exploit the vulnerability are publicly or privately available (such as exploit toolkits)" } } } } }, - "MSA": { - "key": "MSA", + "IB": { + "key": "IB", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MSA", + "key": "IB", "version": "1.0.0", - "name": "Modified Availability Impact to the Subsequent System", - "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", + "name": "Impact Bias", + "definition": "This metric measures the impact bias of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "None", - "definition": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "name": "Normal", + "definition": "Confidentiality Impact, Integrity Impact, and Availability Impact are all assigned the same weight." }, { - "key": "L", - "name": "Low", - "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "key": "C", + "name": "Confidentiality", + "definition": "Confidentiality impact is assigned greater weight than Integrity Impact or Availability Impact." }, { - "key": "H", - "name": "High", - "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "key": "I", + "name": "Integrity", + "definition": "Integrity Impact is assigned greater weight than Confidentiality Impact or Availability Impact." }, { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "key": "A", + "name": "Availability", + "definition": "Availability Impact is assigned greater weight than Confidentiality Impact or Integrity Impact." } ] }, "values": { "N": { "key": "N", - "name": "None", - "definition": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "name": "Normal", + "definition": "Confidentiality Impact, Integrity Impact, and Availability Impact are all assigned the same weight." }, - "L": { - "key": "L", - "name": "Low", - "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "C": { + "key": "C", + "name": "Confidentiality", + "definition": "Confidentiality impact is assigned greater weight than Integrity Impact or Availability Impact." }, - "H": { - "key": "H", - "name": "High", - "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "I": { + "key": "I", + "name": "Integrity", + "definition": "Integrity Impact is assigned greater weight than Confidentiality Impact or Availability Impact." }, - "X": { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "A": { + "key": "A", + "name": "Availability", + "definition": "Availability Impact is assigned greater weight than Confidentiality Impact or Integrity Impact." } } - }, - "1.0.1": { - "version": "1.0.1", + } + } + }, + "I": { + "key": "I", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MSA", - "version": "1.0.1", - "name": "Modified Availability Impact to the Subsequent System", - "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", + "key": "I", + "version": "1.0.0", + "name": "Integrity Impact", + "definition": "This metric measures the impact on integrity a successful exploit of the vulnerability will have on the target system.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "Negligible", - "definition": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "name": "None", + "definition": "No impact on integrity." }, { - "key": "L", - "name": "Low", - "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "key": "P", + "name": "Partial", + "definition": "Considerable breach in integrity. Modification of critical system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is constrained. For example, key system or program files may be overwritten or modified, but at random or in a limited context or scope." }, { - "key": "H", - "name": "High", - "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." - }, - { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." - }, - { - "key": "S", - "name": "Safety", - "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "key": "C", + "name": "Complete", + "definition": "A total compromise of system integrity. There is a complete loss of system protection resulting in the entire system being compromised. The attacker has sovereign control to modify any system files." } ] }, "values": { "N": { "key": "N", - "name": "Negligible", - "definition": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." - }, - "L": { - "key": "L", - "name": "Low", - "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." - }, - "H": { - "key": "H", - "name": "High", - "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "name": "None", + "definition": "No impact on integrity." }, - "X": { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "P": { + "key": "P", + "name": "Partial", + "definition": "Considerable breach in integrity. Modification of critical system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is constrained. For example, key system or program files may be overwritten or modified, but at random or in a limited context or scope." }, - "S": { - "key": "S", - "name": "Safety", - "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "C": { + "key": "C", + "name": "Complete", + "definition": "A total compromise of system integrity. There is a complete loss of system protection resulting in the entire system being compromised. The attacker has sovereign control to modify any system files." } } - } - } - }, - "MSA_NoX": { - "key": "MSA_NoX", - "versions": { - "1.0.1": { - "version": "1.0.1", + }, + "2.0.0": { + "version": "2.0.0", "obj": { "namespace": "cvss", - "key": "MSA_NoX", - "version": "1.0.1", - "name": "Modified Availability Impact to the Subsequent System (without Not Defined)", - "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System. This version does not include the Not Defined (X) option.", + "key": "I", + "version": "2.0.0", + "name": "Integrity Impact", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "Negligible", - "definition": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "name": "None", + "definition": "There is no impact to the integrity of the system." }, { "key": "L", "name": "Low", - "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." }, { "key": "H", "name": "High", - "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." - }, - { - "key": "S", - "name": "Safety", - "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "definition": "There is a total loss of integrity, or a complete loss of protection." } ] }, "values": { "N": { "key": "N", - "name": "Negligible", - "definition": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." + "name": "None", + "definition": "There is no impact to the integrity of the system." }, "L": { "key": "L", "name": "Low", - "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." }, "H": { "key": "H", "name": "High", - "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." - }, - "S": { - "key": "S", - "name": "Safety", - "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "definition": "There is a total loss of integrity, or a complete loss of protection." } } } } }, - "SI": { - "key": "SI", + "VI": { + "key": "VI", "versions": { - "1.0.0": { - "version": "1.0.0", + "3.0.0": { + "version": "3.0.0", "obj": { "namespace": "cvss", - "key": "SI", - "version": "1.0.0", - "name": "Integrity Impact to the Subsequent System", - "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", + "key": "VI", + "version": "3.0.0", + "name": "Integrity Impact to the Vulnerable System", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "definition": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "definition": "There is no loss of integrity within the Vulnerable System." }, { "key": "L", "name": "Low", - "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." }, { "key": "H", "name": "High", - "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "There is a total loss of integrity, or a complete loss of protection." } ] }, @@ -2763,339 +3043,269 @@ "N": { "key": "N", "name": "None", - "definition": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." + "definition": "There is no loss of integrity within the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." }, "H": { "key": "H", "name": "High", - "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "There is a total loss of integrity, or a complete loss of protection." } } } } }, - "MSI": { - "key": "MSI", + "IR": { + "key": "IR", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MSI", + "key": "IR", "version": "1.0.0", - "name": "Modified Integrity Impact to the Subsequent System", - "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", + "name": "Integrity Requirement", + "definition": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ - { - "key": "N", - "name": "None", - "definition": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." - }, { "key": "L", "name": "Low", - "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { - "key": "X", + "key": "ND", "name": "Not Defined", "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { - "N": { - "key": "N", - "name": "None", - "definition": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." - }, "L": { "key": "L", "name": "Low", - "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "M": { + "key": "M", + "name": "Medium", + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, - "X": { - "key": "X", + "ND": { + "key": "ND", "name": "Not Defined", "definition": "This metric value is not defined. See CVSS documentation for details." } } }, - "1.0.1": { - "version": "1.0.1", + "1.1.0": { + "version": "1.1.0", "obj": { "namespace": "cvss", - "key": "MSI", - "version": "1.0.1", - "name": "Modified Integrity Impact to the Subsequent System", - "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", + "key": "IR", + "version": "1.1.0", + "name": "Integrity Requirement", + "definition": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ - { - "key": "N", - "name": "Negligible", - "definition": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." - }, { "key": "L", "name": "Low", - "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "X", "name": "Not Defined", "definition": "This metric value is not defined. See CVSS documentation for details." - }, - { - "key": "S", - "name": "Safety", - "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] }, "values": { - "N": { - "key": "N", - "name": "Negligible", - "definition": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." - }, "L": { "key": "L", "name": "Low", - "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "M": { + "key": "M", + "name": "Medium", + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "H": { "key": "H", "name": "High", - "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, "X": { "key": "X", "name": "Not Defined", "definition": "This metric value is not defined. See CVSS documentation for details." - }, - "S": { - "key": "S", - "name": "Safety", - "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } } - } - } - }, - "MSI_NoX": { - "key": "MSI_NoX", - "versions": { - "1.0.1": { - "version": "1.0.1", + }, + "1.1.1": { + "version": "1.1.1", "obj": { "namespace": "cvss", - "key": "MSI_NoX", - "version": "1.0.1", - "name": "Modified Integrity Impact to the Subsequent System (without Not Defined)", - "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest. This version does not include the Not Defined (X) option.", + "key": "IR", + "version": "1.1.1", + "name": "Integrity Requirement", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", "schemaVersion": "2.0.0", "values": [ - { - "key": "N", - "name": "Negligible", - "definition": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." - }, { "key": "L", "name": "Low", - "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + { + "key": "M", + "name": "Medium", + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { "key": "H", "name": "High", - "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { - "key": "S", - "name": "Safety", - "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { - "N": { - "key": "N", - "name": "Negligible", - "definition": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." - }, "L": { "key": "L", "name": "Low", - "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, - "H": { + "M": { + "key": "M", + "name": "Medium", + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "H": { "key": "H", "name": "High", - "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, - "S": { - "key": "S", - "name": "Safety", - "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } } } } }, - "PR": { - "key": "PR", + "IR_NoX": { + "key": "IR_NoX", "versions": { - "1.0.0": { - "version": "1.0.0", + "1.1.1": { + "version": "1.1.1", "obj": { "namespace": "cvss", - "key": "PR", - "version": "1.0.0", - "name": "Privileges Required", - "definition": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", + "key": "IR_NoX", + "version": "1.1.1", + "name": "Integrity Requirement (without Not Defined)", + "definition": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ - { - "key": "H", - "name": "High", - "definition": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." - }, { "key": "L", "name": "Low", - "definition": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, { - "key": "N", - "name": "None", - "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." - } - ] - }, - "values": { - "H": { - "key": "H", - "name": "High", - "definition": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." - }, - "L": { - "key": "L", - "name": "Low", - "definition": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." - }, - "N": { - "key": "N", - "name": "None", - "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." - } - } - }, - "1.0.1": { - "version": "1.0.1", - "obj": { - "namespace": "cvss", - "key": "PR", - "version": "1.0.1", - "name": "Privileges Required", - "definition": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", - "schemaVersion": "2.0.0", - "values": [ + "key": "M", + "name": "Medium", + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, { "key": "H", "name": "High", - "definition": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." - }, - { - "key": "L", - "name": "Low", - "definition": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." - }, - { - "key": "N", - "name": "None", - "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } ] }, "values": { - "H": { - "key": "H", - "name": "High", - "definition": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." - }, "L": { "key": "L", "name": "Low", - "definition": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + "definition": "Loss of integrity is likely to have only a limited adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." }, - "N": { - "key": "N", - "name": "None", - "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "M": { + "key": "M", + "name": "Medium", + "definition": "Loss of integrity is likely to have a serious adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." + }, + "H": { + "key": "H", + "name": "High", + "definition": "Loss of integrity is likely to have a catastrophic adverse effect on the organization or individuals associated with the organization (e.g., employees, customers)." } } } } }, - "QS": { - "key": "QS", + "SA": { + "key": "SA", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "QS", + "key": "SA", "version": "1.0.0", - "name": "CVSS Qualitative Severity Rating Scale", - "definition": "The CVSS Qualitative Severity Rating Scale provides a categorical representation of a CVSS Score.", + "name": "Availability Impact to the Subsequent System", + "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "definition": "No severity rating (0.0)" + "definition": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "definition": "Low (0.1 - 3.9)" - }, - { - "key": "M", - "name": "Medium", - "definition": "Medium (4.0 - 6.9)" + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { "key": "H", "name": "High", - "definition": "High (7.0 - 8.9)" - }, - { - "key": "C", - "name": "Critical", - "definition": "Critical (9.0 - 10.0)" + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } ] }, @@ -3103,284 +3313,284 @@ "N": { "key": "N", "name": "None", - "definition": "No severity rating (0.0)" + "definition": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "definition": "Low (0.1 - 3.9)" - }, - "M": { - "key": "M", - "name": "Medium", - "definition": "Medium (4.0 - 6.9)" + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, "H": { "key": "H", "name": "High", - "definition": "High (7.0 - 8.9)" - }, - "C": { - "key": "C", - "name": "Critical", - "definition": "Critical (9.0 - 10.0)" + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." } } } } }, - "RL": { - "key": "RL", + "MSA": { + "key": "MSA", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "RL", + "key": "MSA", "version": "1.0.0", - "name": "Remediation Level", - "definition": "This metric measures the remediation status of a vulnerability.", + "name": "Modified Availability Impact to the Subsequent System", + "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "schemaVersion": "2.0.0", "values": [ { - "key": "OF", - "name": "Official Fix", - "definition": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." + "key": "N", + "name": "None", + "definition": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { - "key": "TF", - "name": "Temporary Fix", - "definition": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + "key": "L", + "name": "Low", + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { - "key": "W", - "name": "Workaround", - "definition": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + "key": "H", + "name": "High", + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, { - "key": "U", - "name": "Unavailable", - "definition": "There is either no solution available or it is impossible to apply." + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { - "OF": { - "key": "OF", - "name": "Official Fix", - "definition": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." + "N": { + "key": "N", + "name": "None", + "definition": "There is no impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, - "TF": { - "key": "TF", - "name": "Temporary Fix", - "definition": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + "L": { + "key": "L", + "name": "Low", + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, - "W": { - "key": "W", - "name": "Workaround", - "definition": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + "H": { + "key": "H", + "name": "High", + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, - "U": { - "key": "U", - "name": "Unavailable", - "definition": "There is either no solution available or it is impossible to apply." + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, - "1.1.0": { - "version": "1.1.0", + "1.0.1": { + "version": "1.0.1", "obj": { "namespace": "cvss", - "key": "RL", - "version": "1.1.0", - "name": "Remediation Level", - "definition": "This metric measures the remediation status of a vulnerability.", + "key": "MSA", + "version": "1.0.1", + "name": "Modified Availability Impact to the Subsequent System", + "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "schemaVersion": "2.0.0", "values": [ { - "key": "OF", - "name": "Official Fix", - "definition": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." - }, - { - "key": "TF", - "name": "Temporary Fix", - "definition": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + "key": "N", + "name": "Negligible", + "definition": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { - "key": "W", - "name": "Workaround", - "definition": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + "key": "L", + "name": "Low", + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { - "key": "U", - "name": "Unavailable", - "definition": "There is either no solution available or it is impossible to apply." + "key": "H", + "name": "High", + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, { "key": "X", "name": "Not Defined", "definition": "This metric value is not defined. See CVSS documentation for details." - } - ] - }, - "values": { - "OF": { - "key": "OF", - "name": "Official Fix", - "definition": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." - }, - "TF": { - "key": "TF", - "name": "Temporary Fix", - "definition": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + }, + { + "key": "S", + "name": "Safety", + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." + } + ] + }, + "values": { + "N": { + "key": "N", + "name": "Negligible", + "definition": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, - "W": { - "key": "W", - "name": "Workaround", - "definition": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + "L": { + "key": "L", + "name": "Low", + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, - "U": { - "key": "U", - "name": "Unavailable", - "definition": "There is either no solution available or it is impossible to apply." + "H": { + "key": "H", + "name": "High", + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." }, "X": { "key": "X", "name": "Not Defined", "definition": "This metric value is not defined. See CVSS documentation for details." + }, + "S": { + "key": "S", + "name": "Safety", + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } } } } }, - "RC": { - "key": "RC", + "MSA_NoX": { + "key": "MSA_NoX", "versions": { - "1.0.0": { - "version": "1.0.0", + "1.0.1": { + "version": "1.0.1", "obj": { "namespace": "cvss", - "key": "RC", - "version": "1.0.0", - "name": "Report Confidence", - "definition": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", + "key": "MSA_NoX", + "version": "1.0.1", + "name": "Modified Availability Impact to the Subsequent System (without Not Defined)", + "definition": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { - "key": "UC", - "name": "Unconfirmed", - "definition": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." + "key": "N", + "name": "Negligible", + "definition": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, { - "key": "UR", - "name": "Uncorroborated", - "definition": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + "key": "L", + "name": "Low", + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, { - "key": "C", - "name": "Confirmed", - "definition": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." + "key": "H", + "name": "High", + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + { + "key": "S", + "name": "Safety", + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] }, "values": { - "UC": { - "key": "UC", - "name": "Unconfirmed", - "definition": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." + "N": { + "key": "N", + "name": "Negligible", + "definition": "There is negligible impact to availability within the Subsequent System or all availability impact is constrained to the Vulnerable System." }, - "UR": { - "key": "UR", - "name": "Uncorroborated", - "definition": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + "L": { + "key": "L", + "name": "Low", + "definition": "Performance is reduced or there are interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users." }, - "C": { - "key": "C", - "name": "Confirmed", - "definition": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." + "H": { + "key": "H", + "name": "High", + "definition": "There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the Subsequent System; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + "S": { + "key": "S", + "name": "Safety", + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } } - }, - "1.1.0": { - "version": "1.1.0", + } + } + }, + "SI": { + "key": "SI", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "RC", - "version": "1.1.0", - "name": "Report Confidence", - "definition": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", + "key": "SI", + "version": "1.0.0", + "name": "Integrity Impact to the Subsequent System", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "schemaVersion": "2.0.0", "values": [ { - "key": "UC", - "name": "Unconfirmed", - "definition": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." - }, - { - "key": "UR", - "name": "Uncorroborated", - "definition": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + "key": "N", + "name": "None", + "definition": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { - "key": "C", - "name": "Confirmed", - "definition": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." + "key": "L", + "name": "Low", + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, { - "key": "ND", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "key": "H", + "name": "High", + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." } ] }, "values": { - "UC": { - "key": "UC", - "name": "Unconfirmed", - "definition": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." - }, - "UR": { - "key": "UR", - "name": "Uncorroborated", - "definition": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." + "N": { + "key": "N", + "name": "None", + "definition": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, - "C": { - "key": "C", - "name": "Confirmed", - "definition": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." + "L": { + "key": "L", + "name": "Low", + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, - "ND": { - "key": "ND", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "H": { + "key": "H", + "name": "High", + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." } } - }, - "2.0.0": { - "version": "2.0.0", + } + } + }, + "MSI": { + "key": "MSI", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "RC", - "version": "2.0.0", - "name": "Report Confidence", - "definition": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", + "key": "MSI", + "version": "1.0.0", + "name": "Modified Integrity Impact to the Subsequent System", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "schemaVersion": "2.0.0", "values": [ { - "key": "U", - "name": "Unknown", - "definition": "There are reports of impacts that indicate a vulnerability is present. The reports indicate that the cause of the vulnerability is unknown, or reports may differ on the cause or impacts of the vulnerability. Reporters are uncertain of the true nature of the vulnerability, and there is little confidence in the validity of the reports or whether a static Base score can be applied given the differences described." + "key": "N", + "name": "None", + "definition": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { - "key": "R", - "name": "Reasonable", - "definition": "Significant details are published, but researchers either do not have full confidence in the root cause, or do not have access to source code to fully confirm all of the interactions that may lead to the result. Reasonable confidence exists, however, that the bug is reproducible and at least one impact is able to be verified (proof-of-concept exploits may provide this)." + "key": "L", + "name": "Low", + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, { - "key": "C", - "name": "Confirmed", - "definition": "Detailed reports exist, or functional reproduction is possible (functional exploits may provide this). Source code is available to independently verify the assertions of the research, or the author or vendor of the affected code has confirmed the presence of the vulnerability." + "key": "H", + "name": "High", + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." }, { "key": "X", @@ -3390,20 +3600,20 @@ ] }, "values": { - "U": { - "key": "U", - "name": "Unknown", - "definition": "There are reports of impacts that indicate a vulnerability is present. The reports indicate that the cause of the vulnerability is unknown, or reports may differ on the cause or impacts of the vulnerability. Reporters are uncertain of the true nature of the vulnerability, and there is little confidence in the validity of the reports or whether a static Base score can be applied given the differences described." + "N": { + "key": "N", + "name": "None", + "definition": "There is no loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, - "R": { - "key": "R", - "name": "Reasonable", - "definition": "Significant details are published, but researchers either do not have full confidence in the root cause, or do not have access to source code to fully confirm all of the interactions that may lead to the result. Reasonable confidence exists, however, that the bug is reproducible and at least one impact is able to be verified (proof-of-concept exploits may provide this)." + "L": { + "key": "L", + "name": "Low", + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, - "C": { - "key": "C", - "name": "Confirmed", - "definition": "Detailed reports exist, or functional reproduction is possible (functional exploits may provide this). Source code is available to independently verify the assertions of the research, or the author or vendor of the affected code has confirmed the presence of the vulnerability." + "H": { + "key": "H", + "name": "High", + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." }, "X": { "key": "X", @@ -3411,76 +3621,106 @@ "definition": "This metric value is not defined. See CVSS documentation for details." } } - } - } - }, - "S": { - "key": "S", - "versions": { - "1.0.0": { - "version": "1.0.0", + }, + "1.0.1": { + "version": "1.0.1", "obj": { "namespace": "cvss", - "key": "S", - "version": "1.0.0", - "name": "Scope", - "definition": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", + "key": "MSI", + "version": "1.0.1", + "name": "Modified Integrity Impact to the Subsequent System", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "schemaVersion": "2.0.0", "values": [ { - "key": "U", - "name": "Unchanged", - "definition": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + "key": "N", + "name": "Negligible", + "definition": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { - "key": "C", - "name": "Changed", - "definition": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + "key": "L", + "name": "Low", + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + }, + { + "key": "H", + "name": "High", + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + }, + { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." + }, + { + "key": "S", + "name": "Safety", + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] }, "values": { - "U": { - "key": "U", - "name": "Unchanged", - "definition": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + "N": { + "key": "N", + "name": "Negligible", + "definition": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, - "C": { - "key": "C", - "name": "Changed", - "definition": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + "L": { + "key": "L", + "name": "Low", + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." + }, + "H": { + "key": "H", + "name": "High", + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + }, + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." + }, + "S": { + "key": "S", + "name": "Safety", + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } } } } }, - "SC": { - "key": "SC", + "MSI_NoX": { + "key": "MSI_NoX", "versions": { - "1.0.0": { - "version": "1.0.0", + "1.0.1": { + "version": "1.0.1", "obj": { "namespace": "cvss", - "key": "SC", - "version": "1.0.0", - "name": "Confidentiality Impact to the Subsequent System", - "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "key": "MSI_NoX", + "version": "1.0.1", + "name": "Modified Integrity Impact to the Subsequent System (without Not Defined)", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest. This version does not include the Not Defined (X) option.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "Negligible", - "definition": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "definition": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, { "key": "L", "name": "Low", - "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, { "key": "H", "name": "High", - "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + }, + { + "key": "S", + "name": "Safety", + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } ] }, @@ -3488,449 +3728,444 @@ "N": { "key": "N", "name": "Negligible", - "definition": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "definition": "There is negligible loss of integrity within the Subsequent System or all integrity impact is constrained to the Vulnerable System." }, "L": { "key": "L", "name": "Low", - "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Subsequent System." }, "H": { "key": "H", "name": "High", - "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "definition": "There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the Subsequent System. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the Subsequent System." + }, + "S": { + "key": "S", + "name": "Safety", + "definition": "The Safety metric value measures the impact regarding the Safety of a human actor or participant that can be predictably injured as a result of the vulnerability being exploited." } } } } }, - "AU": { - "key": "AU", + "PR": { + "key": "PR", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "AU", + "key": "PR", "version": "1.0.0", - "name": "Automatable", - "definition": "The \"Automatable\" metric captures the answer to the question \"Can an attacker automate exploitation events for this vulnerability across multiple targets?\" based on steps 1-4 of the kill chain.", + "name": "Privileges Required", + "definition": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "No", - "definition": "Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + "key": "H", + "name": "High", + "definition": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." }, { - "key": "Y", - "name": "Yes", - "definition": "Attackers can reliably automate all 4 steps of the kill chain. These steps are reconnaissance, weaponization, delivery, and exploitation (e.g., the vulnerability is \"wormable\")." + "key": "L", + "name": "Low", + "definition": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." }, { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "key": "N", + "name": "None", + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." } ] }, "values": { - "N": { - "key": "N", - "name": "No", - "definition": "Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + "H": { + "key": "H", + "name": "High", + "definition": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." }, - "Y": { - "key": "Y", - "name": "Yes", - "definition": "Attackers can reliably automate all 4 steps of the kill chain. These steps are reconnaissance, weaponization, delivery, and exploitation (e.g., the vulnerability is \"wormable\")." + "L": { + "key": "L", + "name": "Low", + "definition": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." }, - "X": { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "N": { + "key": "N", + "name": "None", + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." } } - } - } - }, - "U": { - "key": "U", - "versions": { - "1.0.0": { - "version": "1.0.0", + }, + "1.0.1": { + "version": "1.0.1", "obj": { "namespace": "cvss", - "key": "U", - "version": "1.0.0", - "name": "Provider Urgency", - "definition": "Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional \"pass-through\" Supplemental Metric called Provider Urgency is available.", + "key": "PR", + "version": "1.0.1", + "name": "Privileges Required", + "definition": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "schemaVersion": "2.0.0", "values": [ { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." - }, - { - "key": "C", - "name": "Clear", - "definition": "Provider has assessed the impact of this vulnerability as having no urgency (Informational)." - }, - { - "key": "G", - "name": "Green", - "definition": "Provider has assessed the impact of this vulnerability as having a reduced urgency." + "key": "H", + "name": "High", + "definition": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." }, { - "key": "A", - "name": "Amber", - "definition": "Provider has assessed the impact of this vulnerability as having a moderate urgency." + "key": "L", + "name": "Low", + "definition": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." }, { - "key": "R", - "name": "Red", - "definition": "Provider has assessed the impact of this vulnerability as having the highest urgency." + "key": "N", + "name": "None", + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." } ] }, "values": { - "X": { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." - }, - "C": { - "key": "C", - "name": "Clear", - "definition": "Provider has assessed the impact of this vulnerability as having no urgency (Informational)." - }, - "G": { - "key": "G", - "name": "Green", - "definition": "Provider has assessed the impact of this vulnerability as having a reduced urgency." + "H": { + "key": "H", + "name": "High", + "definition": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." }, - "A": { - "key": "A", - "name": "Amber", - "definition": "Provider has assessed the impact of this vulnerability as having a moderate urgency." + "L": { + "key": "L", + "name": "Low", + "definition": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." }, - "R": { - "key": "R", - "name": "Red", - "definition": "Provider has assessed the impact of this vulnerability as having the highest urgency." + "N": { + "key": "N", + "name": "None", + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." } } } } }, - "R": { - "key": "R", + "QS": { + "key": "QS", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "R", + "key": "QS", "version": "1.0.0", - "name": "Recovery", - "definition": "The Recovery metric describes the resilience of a system to recover services, in terms of performance and availability, after an attack has been performed.", + "name": "CVSS Qualitative Severity Rating Scale", + "definition": "The CVSS Qualitative Severity Rating Scale provides a categorical representation of a CVSS Score.", "schemaVersion": "2.0.0", "values": [ { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." - }, - { - "key": "A", - "name": "Automatic", - "definition": "The system recovers services automatically after an attack has been performed." + "key": "N", + "name": "None", + "definition": "No severity rating (0.0)" }, { - "key": "U", - "name": "User", - "definition": "The system requires manual intervention by the user to recover services, after an attack has been performed." + "key": "L", + "name": "Low", + "definition": "Low (0.1 - 3.9)" }, { - "key": "I", - "name": "Irrecoverable", - "definition": "The system services are irrecoverable by the user, after an attack has been performed." + "key": "M", + "name": "Medium", + "definition": "Medium (4.0 - 6.9)" + }, + { + "key": "H", + "name": "High", + "definition": "High (7.0 - 8.9)" + }, + { + "key": "C", + "name": "Critical", + "definition": "Critical (9.0 - 10.0)" } ] }, "values": { - "X": { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "N": { + "key": "N", + "name": "None", + "definition": "No severity rating (0.0)" }, - "A": { - "key": "A", - "name": "Automatic", - "definition": "The system recovers services automatically after an attack has been performed." + "L": { + "key": "L", + "name": "Low", + "definition": "Low (0.1 - 3.9)" }, - "U": { - "key": "U", - "name": "User", - "definition": "The system requires manual intervention by the user to recover services, after an attack has been performed." + "M": { + "key": "M", + "name": "Medium", + "definition": "Medium (4.0 - 6.9)" }, - "I": { - "key": "I", - "name": "Irrecoverable", - "definition": "The system services are irrecoverable by the user, after an attack has been performed." + "H": { + "key": "H", + "name": "High", + "definition": "High (7.0 - 8.9)" + }, + "C": { + "key": "C", + "name": "Critical", + "definition": "Critical (9.0 - 10.0)" } } } } }, - "SF": { - "key": "SF", + "RL": { + "key": "RL", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "SF", + "key": "RL", "version": "1.0.0", - "name": "Safety", - "definition": "The Safety decision point is a measure of the potential for harm to humans or the environment.", + "name": "Remediation Level", + "definition": "This metric measures the remediation status of a vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "key": "OF", + "name": "Official Fix", + "definition": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." }, { - "key": "P", - "name": "Present", - "definition": "Consequences of the vulnerability meet definition of IEC 61508 consequence categories of \"marginal,\" \"critical,\" or \"catastrophic.\"" + "key": "TF", + "name": "Temporary Fix", + "definition": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." }, { - "key": "N", - "name": "Negligible", - "definition": "Consequences of the vulnerability meet definition of IEC 61508 consequence category \"negligible.\"" + "key": "W", + "name": "Workaround", + "definition": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + }, + { + "key": "U", + "name": "Unavailable", + "definition": "There is either no solution available or it is impossible to apply." } ] }, "values": { - "X": { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "OF": { + "key": "OF", + "name": "Official Fix", + "definition": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." }, - "P": { - "key": "P", - "name": "Present", - "definition": "Consequences of the vulnerability meet definition of IEC 61508 consequence categories of \"marginal,\" \"critical,\" or \"catastrophic.\"" + "TF": { + "key": "TF", + "name": "Temporary Fix", + "definition": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." }, - "N": { - "key": "N", - "name": "Negligible", - "definition": "Consequences of the vulnerability meet definition of IEC 61508 consequence category \"negligible.\"" + "W": { + "key": "W", + "name": "Workaround", + "definition": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + }, + "U": { + "key": "U", + "name": "Unavailable", + "definition": "There is either no solution available or it is impossible to apply." } } - } - } - }, - "V": { - "key": "V", - "versions": { - "1.0.0": { - "version": "1.0.0", + }, + "1.1.0": { + "version": "1.1.0", "obj": { "namespace": "cvss", - "key": "V", - "version": "1.0.0", - "name": "Value Density", - "definition": "Value Density describes the resources that the attacker will gain control over with a single exploitation event. It has two possible values, diffuse and concentrated.", + "key": "RL", + "version": "1.1.0", + "name": "Remediation Level", + "definition": "This metric measures the remediation status of a vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "key": "OF", + "name": "Official Fix", + "definition": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." }, { - "key": "D", - "name": "Diffuse", - "definition": "The vulnerable system has limited resources. That is, the resources that the attacker will gain control over with a single exploitation event are relatively small." + "key": "TF", + "name": "Temporary Fix", + "definition": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." }, { - "key": "C", - "name": "Concentrated", - "definition": "The vulnerable system is rich in resources. Heuristically, such systems are often the direct responsibility of \"system operators\" rather than users." + "key": "W", + "name": "Workaround", + "definition": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + }, + { + "key": "U", + "name": "Unavailable", + "definition": "There is either no solution available or it is impossible to apply." + }, + { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { + "OF": { + "key": "OF", + "name": "Official Fix", + "definition": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available." + }, + "TF": { + "key": "TF", + "name": "Temporary Fix", + "definition": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround." + }, + "W": { + "key": "W", + "name": "Workaround", + "definition": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set." + }, + "U": { + "key": "U", + "name": "Unavailable", + "definition": "There is either no solution available or it is impossible to apply." + }, "X": { "key": "X", "name": "Not Defined", "definition": "This metric value is not defined. See CVSS documentation for details." - }, - "D": { - "key": "D", - "name": "Diffuse", - "definition": "The vulnerable system has limited resources. That is, the resources that the attacker will gain control over with a single exploitation event are relatively small." - }, - "C": { - "key": "C", - "name": "Concentrated", - "definition": "The vulnerable system is rich in resources. Heuristically, such systems are often the direct responsibility of \"system operators\" rather than users." } } } } }, - "RE": { - "key": "RE", + "RC": { + "key": "RC", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "RE", + "key": "RC", "version": "1.0.0", - "name": "Vulnerability Response Effort", - "definition": "The intention of the Vulnerability Response Effort metric is to provide supplemental information on how difficult it is for consumers to provide an initial response to the impact of vulnerabilities for deployed products and services in their infrastructure. The consumer can then take this additional information on effort required into consideration when applying mitigations and/or scheduling remediation.", + "name": "Report Confidence", + "definition": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "schemaVersion": "2.0.0", "values": [ { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." - }, - { - "key": "L", - "name": "Low", - "definition": "The effort required to respond to a vulnerability is low/trivial." + "key": "UC", + "name": "Unconfirmed", + "definition": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." }, { - "key": "M", - "name": "Moderate", - "definition": "The actions required to respond to a vulnerability require some effort on behalf of the consumer and could cause minimal service impact to implement." + "key": "UR", + "name": "Uncorroborated", + "definition": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." }, { - "key": "H", - "name": "High", - "definition": "The actions required to respond to a vulnerability are significant and/or difficult, and may possibly lead to an extended, scheduled service impact. This would need to be considered for scheduling purposes including honoring any embargo on deployment of the selected response. Alternatively, response to the vulnerability in the field is not possible remotely. The only resolution to the vulnerability involves physical replacement (e.g. units deployed would have to be recalled for a depot level repair or replacement)." + "key": "C", + "name": "Confirmed", + "definition": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." } ] }, "values": { - "X": { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." - }, - "L": { - "key": "L", - "name": "Low", - "definition": "The effort required to respond to a vulnerability is low/trivial." + "UC": { + "key": "UC", + "name": "Unconfirmed", + "definition": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." }, - "M": { - "key": "M", - "name": "Moderate", - "definition": "The actions required to respond to a vulnerability require some effort on behalf of the consumer and could cause minimal service impact to implement." + "UR": { + "key": "UR", + "name": "Uncorroborated", + "definition": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." }, - "H": { - "key": "H", - "name": "High", - "definition": "The actions required to respond to a vulnerability are significant and/or difficult, and may possibly lead to an extended, scheduled service impact. This would need to be considered for scheduling purposes including honoring any embargo on deployment of the selected response. Alternatively, response to the vulnerability in the field is not possible remotely. The only resolution to the vulnerability involves physical replacement (e.g. units deployed would have to be recalled for a depot level repair or replacement)." + "C": { + "key": "C", + "name": "Confirmed", + "definition": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." } } - } - } - }, - "TD": { - "key": "TD", - "versions": { - "1.0.0": { - "version": "1.0.0", + }, + "1.1.0": { + "version": "1.1.0", "obj": { "namespace": "cvss", - "key": "TD", - "version": "1.0.0", - "name": "Target Distribution", - "definition": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", + "key": "RC", + "version": "1.1.0", + "name": "Report Confidence", + "definition": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "definition": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." + "key": "UC", + "name": "Unconfirmed", + "definition": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." }, { - "key": "L", - "name": "Low", - "definition": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + "key": "UR", + "name": "Uncorroborated", + "definition": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." }, { - "key": "M", - "name": "Medium", - "definition": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + "key": "C", + "name": "Confirmed", + "definition": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." }, { - "key": "H", - "name": "High", - "definition": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + "key": "ND", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { - "N": { - "key": "N", - "name": "None", - "definition": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." + "UC": { + "key": "UC", + "name": "Unconfirmed", + "definition": "A single unconfirmed source or possibly several conflicting reports. There is little confidence in the validity of the report." }, - "L": { - "key": "L", - "name": "Low", - "definition": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + "UR": { + "key": "UR", + "name": "Uncorroborated", + "definition": "Multiple non-official sources; possibily including independent security companies or research organizations. At this point there may be conflicting technical details or some other lingering ambiguity." }, - "M": { - "key": "M", - "name": "Medium", - "definition": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + "C": { + "key": "C", + "name": "Confirmed", + "definition": "Vendor or author of the affected technology has acknowledged that the vulnerability exists. This value may also be set when existence of a vulnerability is confirmed with absolute confidence through some other event, such as publication of functional proof of concept exploit code or widespread exploitation." }, - "H": { - "key": "H", - "name": "High", - "definition": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + "ND": { + "key": "ND", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, - "1.1.0": { - "version": "1.1.0", + "2.0.0": { + "version": "2.0.0", "obj": { "namespace": "cvss", - "key": "TD", - "version": "1.1.0", - "name": "Target Distribution", - "definition": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", + "key": "RC", + "version": "2.0.0", + "name": "Report Confidence", + "definition": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "definition": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." - }, - { - "key": "L", - "name": "Low", - "definition": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + "key": "U", + "name": "Unknown", + "definition": "There are reports of impacts that indicate a vulnerability is present. The reports indicate that the cause of the vulnerability is unknown, or reports may differ on the cause or impacts of the vulnerability. Reporters are uncertain of the true nature of the vulnerability, and there is little confidence in the validity of the reports or whether a static Base score can be applied given the differences described." }, { - "key": "M", - "name": "Medium", - "definition": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + "key": "R", + "name": "Reasonable", + "definition": "Significant details are published, but researchers either do not have full confidence in the root cause, or do not have access to source code to fully confirm all of the interactions that may lead to the result. Reasonable confidence exists, however, that the bug is reproducible and at least one impact is able to be verified (proof-of-concept exploits may provide this)." }, { - "key": "H", - "name": "High", - "definition": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + "key": "C", + "name": "Confirmed", + "definition": "Detailed reports exist, or functional reproduction is possible (functional exploits may provide this). Source code is available to independently verify the assertions of the research, or the author or vendor of the affected code has confirmed the presence of the vulnerability." }, { "key": "X", @@ -3940,25 +4175,20 @@ ] }, "values": { - "N": { - "key": "N", - "name": "None", - "definition": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." - }, - "L": { - "key": "L", - "name": "Low", - "definition": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." + "U": { + "key": "U", + "name": "Unknown", + "definition": "There are reports of impacts that indicate a vulnerability is present. The reports indicate that the cause of the vulnerability is unknown, or reports may differ on the cause or impacts of the vulnerability. Reporters are uncertain of the true nature of the vulnerability, and there is little confidence in the validity of the reports or whether a static Base score can be applied given the differences described." }, - "M": { - "key": "M", - "name": "Medium", - "definition": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + "R": { + "key": "R", + "name": "Reasonable", + "definition": "Significant details are published, but researchers either do not have full confidence in the root cause, or do not have access to source code to fully confirm all of the interactions that may lead to the result. Reasonable confidence exists, however, that the bug is reproducible and at least one impact is able to be verified (proof-of-concept exploits may provide this)." }, - "H": { - "key": "H", - "name": "High", - "definition": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." + "C": { + "key": "C", + "name": "Confirmed", + "definition": "Detailed reports exist, or functional reproduction is possible (functional exploits may provide this). Source code is available to independently verify the assertions of the research, or the author or vendor of the affected code has confirmed the presence of the vulnerability." }, "X": { "key": "X", @@ -3969,473 +4199,523 @@ } } }, - "UI": { - "key": "UI", + "S": { + "key": "S", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "UI", + "key": "S", "version": "1.0.0", - "name": "User Interaction", - "definition": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", + "name": "Scope", + "definition": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", "schemaVersion": "2.0.0", "values": [ { - "key": "R", - "name": "Required", - "definition": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + "key": "U", + "name": "Unchanged", + "definition": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." }, { - "key": "N", - "name": "None", - "definition": "The vulnerable system can be exploited without interaction from any user." + "key": "C", + "name": "Changed", + "definition": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." } ] }, "values": { - "R": { - "key": "R", - "name": "Required", - "definition": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + "U": { + "key": "U", + "name": "Unchanged", + "definition": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." }, - "N": { - "key": "N", - "name": "None", - "definition": "The vulnerable system can be exploited without interaction from any user." + "C": { + "key": "C", + "name": "Changed", + "definition": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." } } - }, - "2.0.0": { - "version": "2.0.0", + } + } + }, + "SC": { + "key": "SC", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "UI", - "version": "2.0.0", - "name": "User Interaction", - "definition": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", + "key": "SC", + "version": "1.0.0", + "name": "Confidentiality Impact to the Subsequent System", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "schemaVersion": "2.0.0", "values": [ { - "key": "A", - "name": "Active", - "definition": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." + "key": "N", + "name": "Negligible", + "definition": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, { - "key": "P", - "name": "Passive", - "definition": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." + "key": "L", + "name": "Low", + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, { - "key": "N", - "name": "None", - "definition": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + "key": "H", + "name": "High", + "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." } ] }, "values": { - "A": { - "key": "A", - "name": "Active", - "definition": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." - }, - "P": { - "key": "P", - "name": "Passive", - "definition": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." - }, "N": { "key": "N", - "name": "None", - "definition": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." + "name": "Negligible", + "definition": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + }, + "L": { + "key": "L", + "name": "Low", + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + }, + "H": { + "key": "H", + "name": "High", + "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." } } } } }, - "CVSS": { - "key": "CVSS", + "AU": { + "key": "AU", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "CVSS", + "key": "AU", "version": "1.0.0", - "name": "CVSS Qualitative Severity Rating Scale", - "definition": "The CVSS Qualitative Severity Rating Scale group.", + "name": "Automatable", + "definition": "The \"Automatable\" metric captures the answer to the question \"Can an attacker automate exploitation events for this vulnerability across multiple targets?\" based on steps 1-4 of the kill chain.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "None", - "definition": "None (0.0)" + "name": "No", + "definition": "Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." }, { - "key": "L", - "name": "Low", - "definition": "Low (0.1-3.9)" - }, - { - "key": "M", - "name": "Medium", - "definition": "Medium (4.0-6.9)" - }, - { - "key": "H", - "name": "High", - "definition": "High (7.0-8.9)" + "key": "Y", + "name": "Yes", + "definition": "Attackers can reliably automate all 4 steps of the kill chain. These steps are reconnaissance, weaponization, delivery, and exploitation (e.g., the vulnerability is \"wormable\")." }, { - "key": "C", - "name": "Critical", - "definition": "Critical (9.0-10.0)" + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { "N": { "key": "N", - "name": "None", - "definition": "None (0.0)" - }, - "L": { - "key": "L", - "name": "Low", - "definition": "Low (0.1-3.9)" - }, - "M": { - "key": "M", - "name": "Medium", - "definition": "Medium (4.0-6.9)" + "name": "No", + "definition": "Attackers cannot reliably automate all 4 steps of the kill chain for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." }, - "H": { - "key": "H", - "name": "High", - "definition": "High (7.0-8.9)" + "Y": { + "key": "Y", + "name": "Yes", + "definition": "Attackers can reliably automate all 4 steps of the kill chain. These steps are reconnaissance, weaponization, delivery, and exploitation (e.g., the vulnerability is \"wormable\")." }, - "C": { - "key": "C", - "name": "Critical", - "definition": "Critical (9.0-10.0)" + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } } } } }, - "MAV": { - "key": "MAV", + "U": { + "key": "U", "versions": { - "3.0.0": { - "version": "3.0.0", + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MAV", - "version": "3.0.0", - "name": "Modified Attack Vector", - "definition": "This metric reflects the context by which vulnerability exploitation is possible. ", + "key": "U", + "version": "1.0.0", + "name": "Provider Urgency", + "definition": "Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional \"pass-through\" Supplemental Metric called Provider Urgency is available.", "schemaVersion": "2.0.0", "values": [ { - "key": "P", - "name": "Physical", - "definition": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." }, { - "key": "L", - "name": "Local", - "definition": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." + "key": "C", + "name": "Clear", + "definition": "Provider has assessed the impact of this vulnerability as having no urgency (Informational)." }, { - "key": "A", - "name": "Adjacent", - "definition": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + "key": "G", + "name": "Green", + "definition": "Provider has assessed the impact of this vulnerability as having a reduced urgency." }, { - "key": "N", - "name": "Network", - "definition": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." + "key": "A", + "name": "Amber", + "definition": "Provider has assessed the impact of this vulnerability as having a moderate urgency." }, { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "key": "R", + "name": "Red", + "definition": "Provider has assessed the impact of this vulnerability as having the highest urgency." } ] }, "values": { - "P": { - "key": "P", - "name": "Physical", - "definition": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." }, - "L": { - "key": "L", - "name": "Local", - "definition": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." + "C": { + "key": "C", + "name": "Clear", + "definition": "Provider has assessed the impact of this vulnerability as having no urgency (Informational)." + }, + "G": { + "key": "G", + "name": "Green", + "definition": "Provider has assessed the impact of this vulnerability as having a reduced urgency." }, "A": { "key": "A", - "name": "Adjacent", - "definition": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." - }, - "N": { - "key": "N", - "name": "Network", - "definition": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." + "name": "Amber", + "definition": "Provider has assessed the impact of this vulnerability as having a moderate urgency." }, - "X": { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "R": { + "key": "R", + "name": "Red", + "definition": "Provider has assessed the impact of this vulnerability as having the highest urgency." } } - }, - "3.0.1": { - "version": "3.0.1", + } + } + }, + "R": { + "key": "R", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MAV", - "version": "3.0.1", - "name": "Modified Attack Vector", - "definition": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", + "key": "R", + "version": "1.0.0", + "name": "Recovery", + "definition": "The Recovery metric describes the resilience of a system to recover services, in terms of performance and availability, after an attack has been performed.", "schemaVersion": "2.0.0", "values": [ { - "key": "P", - "name": "Physical", - "definition": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." - }, - { - "key": "L", - "name": "Local", - "definition": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." }, { "key": "A", - "name": "Adjacent", - "definition": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + "name": "Automatic", + "definition": "The system recovers services automatically after an attack has been performed." }, { - "key": "N", - "name": "Network", - "definition": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + "key": "U", + "name": "User", + "definition": "The system requires manual intervention by the user to recover services, after an attack has been performed." }, { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "key": "I", + "name": "Irrecoverable", + "definition": "The system services are irrecoverable by the user, after an attack has been performed." } ] }, "values": { - "P": { - "key": "P", - "name": "Physical", - "definition": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." - }, - "L": { - "key": "L", - "name": "Local", - "definition": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." }, "A": { "key": "A", - "name": "Adjacent", - "definition": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + "name": "Automatic", + "definition": "The system recovers services automatically after an attack has been performed." }, - "N": { - "key": "N", - "name": "Network", - "definition": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." + "U": { + "key": "U", + "name": "User", + "definition": "The system requires manual intervention by the user to recover services, after an attack has been performed." }, - "X": { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "I": { + "key": "I", + "name": "Irrecoverable", + "definition": "The system services are irrecoverable by the user, after an attack has been performed." } } } } }, - "MAC": { - "key": "MAC", + "SF": { + "key": "SF", "versions": { - "3.0.0": { - "version": "3.0.0", + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MAC", - "version": "3.0.0", - "name": "Modified Attack Complexity", - "definition": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", + "key": "SF", + "version": "1.0.0", + "name": "Safety", + "definition": "The Safety decision point is a measure of the potential for harm to humans or the environment.", "schemaVersion": "2.0.0", "values": [ { - "key": "H", - "name": "High", - "definition": "A successful attack depends on conditions beyond the attacker's control." + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." }, { - "key": "L", - "name": "Low", - "definition": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." + "key": "P", + "name": "Present", + "definition": "Consequences of the vulnerability meet definition of IEC 61508 consequence categories of \"marginal,\" \"critical,\" or \"catastrophic.\"" }, { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "key": "N", + "name": "Negligible", + "definition": "Consequences of the vulnerability meet definition of IEC 61508 consequence category \"negligible.\"" } ] }, "values": { - "H": { - "key": "H", - "name": "High", - "definition": "A successful attack depends on conditions beyond the attacker's control." - }, - "L": { - "key": "L", - "name": "Low", - "definition": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." - }, "X": { "key": "X", "name": "Not Defined", "definition": "This metric value is not defined. See CVSS documentation for details." + }, + "P": { + "key": "P", + "name": "Present", + "definition": "Consequences of the vulnerability meet definition of IEC 61508 consequence categories of \"marginal,\" \"critical,\" or \"catastrophic.\"" + }, + "N": { + "key": "N", + "name": "Negligible", + "definition": "Consequences of the vulnerability meet definition of IEC 61508 consequence category \"negligible.\"" } } - }, - "3.0.1": { - "version": "3.0.1", + } + } + }, + "V": { + "key": "V", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MAC", - "version": "3.0.1", - "name": "Modified Attack Complexity", - "definition": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", + "key": "V", + "version": "1.0.0", + "name": "Value Density", + "definition": "Value Density describes the resources that the attacker will gain control over with a single exploitation event. It has two possible values, diffuse and concentrated.", "schemaVersion": "2.0.0", "values": [ { - "key": "H", - "name": "High", - "definition": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." }, { - "key": "L", - "name": "Low", - "definition": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + "key": "D", + "name": "Diffuse", + "definition": "The vulnerable system has limited resources. That is, the resources that the attacker will gain control over with a single exploitation event are relatively small." }, + { + "key": "C", + "name": "Concentrated", + "definition": "The vulnerable system is rich in resources. Heuristically, such systems are often the direct responsibility of \"system operators\" rather than users." + } + ] + }, + "values": { + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." + }, + "D": { + "key": "D", + "name": "Diffuse", + "definition": "The vulnerable system has limited resources. That is, the resources that the attacker will gain control over with a single exploitation event are relatively small." + }, + "C": { + "key": "C", + "name": "Concentrated", + "definition": "The vulnerable system is rich in resources. Heuristically, such systems are often the direct responsibility of \"system operators\" rather than users." + } + } + } + } + }, + "RE": { + "key": "RE", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "RE", + "version": "1.0.0", + "name": "Vulnerability Response Effort", + "definition": "The intention of the Vulnerability Response Effort metric is to provide supplemental information on how difficult it is for consumers to provide an initial response to the impact of vulnerabilities for deployed products and services in their infrastructure. The consumer can then take this additional information on effort required into consideration when applying mitigations and/or scheduling remediation.", + "schemaVersion": "2.0.0", + "values": [ { "key": "X", "name": "Not Defined", "definition": "This metric value is not defined. See CVSS documentation for details." + }, + { + "key": "L", + "name": "Low", + "definition": "The effort required to respond to a vulnerability is low/trivial." + }, + { + "key": "M", + "name": "Moderate", + "definition": "The actions required to respond to a vulnerability require some effort on behalf of the consumer and could cause minimal service impact to implement." + }, + { + "key": "H", + "name": "High", + "definition": "The actions required to respond to a vulnerability are significant and/or difficult, and may possibly lead to an extended, scheduled service impact. This would need to be considered for scheduling purposes including honoring any embargo on deployment of the selected response. Alternatively, response to the vulnerability in the field is not possible remotely. The only resolution to the vulnerability involves physical replacement (e.g. units deployed would have to be recalled for a depot level repair or replacement)." } ] }, "values": { - "H": { - "key": "H", - "name": "High", - "definition": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." }, "L": { "key": "L", "name": "Low", - "definition": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " + "definition": "The effort required to respond to a vulnerability is low/trivial." }, - "X": { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "M": { + "key": "M", + "name": "Moderate", + "definition": "The actions required to respond to a vulnerability require some effort on behalf of the consumer and could cause minimal service impact to implement." + }, + "H": { + "key": "H", + "name": "High", + "definition": "The actions required to respond to a vulnerability are significant and/or difficult, and may possibly lead to an extended, scheduled service impact. This would need to be considered for scheduling purposes including honoring any embargo on deployment of the selected response. Alternatively, response to the vulnerability in the field is not possible remotely. The only resolution to the vulnerability involves physical replacement (e.g. units deployed would have to be recalled for a depot level repair or replacement)." } } } } }, - "MPR": { - "key": "MPR", + "TD": { + "key": "TD", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MPR", + "key": "TD", "version": "1.0.0", - "name": "Modified Privileges Required", - "definition": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", + "name": "Target Distribution", + "definition": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "H", - "name": "High", - "definition": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." + "key": "N", + "name": "None", + "definition": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." }, { "key": "L", "name": "Low", - "definition": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." + "definition": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." }, { - "key": "N", - "name": "None", - "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "key": "M", + "name": "Medium", + "definition": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." }, { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "key": "H", + "name": "High", + "definition": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." } ] }, "values": { - "H": { - "key": "H", - "name": "High", - "definition": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." + "N": { + "key": "N", + "name": "None", + "definition": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." }, "L": { "key": "L", "name": "Low", - "definition": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." + "definition": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." }, - "N": { - "key": "N", - "name": "None", - "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "M": { + "key": "M", + "name": "Medium", + "definition": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." }, - "X": { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "H": { + "key": "H", + "name": "High", + "definition": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." } } }, - "1.0.1": { - "version": "1.0.1", + "1.1.0": { + "version": "1.1.0", "obj": { "namespace": "cvss", - "key": "MPR", - "version": "1.0.1", - "name": "Modified Privileges Required", - "definition": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", + "key": "TD", + "version": "1.1.0", + "name": "Target Distribution", + "definition": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "H", - "name": "High", - "definition": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + "key": "N", + "name": "None", + "definition": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." }, { "key": "L", "name": "Low", - "definition": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + "definition": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." }, { - "key": "N", - "name": "None", - "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "key": "M", + "name": "Medium", + "definition": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + }, + { + "key": "H", + "name": "High", + "definition": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." }, { "key": "X", @@ -4445,20 +4725,25 @@ ] }, "values": { - "H": { - "key": "H", - "name": "High", - "definition": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." + "N": { + "key": "N", + "name": "None", + "definition": "No target systems exist, or targets are so highly specialized that they only exist in a laboratory setting. Effectively 0% of the environment is at risk." }, "L": { "key": "L", "name": "Low", - "definition": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." + "definition": "Targets exist inside the environment, but on a small scale. Between 1% - 15% of the total environment is at risk." }, - "N": { - "key": "N", - "name": "None", - "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." + "M": { + "key": "M", + "name": "Medium", + "definition": "Targets exist inside the environment, but on a medium scale. Between 16% - 49% of the total environment is at risk." + }, + "H": { + "key": "H", + "name": "High", + "definition": "Targets exist inside the environment on a considerable scale. Between 50% - 100% of the total environment is considered at risk." }, "X": { "key": "X", @@ -4469,16 +4754,16 @@ } } }, - "MUI": { - "key": "MUI", + "UI": { + "key": "UI", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MUI", + "key": "UI", "version": "1.0.0", - "name": "Modified User Interaction", + "name": "User Interaction", "definition": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", "schemaVersion": "2.0.0", "values": [ @@ -4491,11 +4776,6 @@ "key": "N", "name": "None", "definition": "The vulnerable system can be exploited without interaction from any user." - }, - { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -4509,11 +4789,6 @@ "key": "N", "name": "None", "definition": "The vulnerable system can be exploited without interaction from any user." - }, - "X": { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." } } }, @@ -4521,9 +4796,9 @@ "version": "2.0.0", "obj": { "namespace": "cvss", - "key": "MUI", + "key": "UI", "version": "2.0.0", - "name": "Modified User Interaction", + "name": "User Interaction", "definition": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "schemaVersion": "2.0.0", "values": [ @@ -4541,11 +4816,6 @@ "key": "N", "name": "None", "definition": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." - }, - { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -4564,93 +4834,113 @@ "key": "N", "name": "None", "definition": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." - }, - "X": { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." } } } } }, - "MS": { - "key": "MS", + "CVSS": { + "key": "CVSS", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MS", + "key": "CVSS", "version": "1.0.0", - "name": "Modified Scope", - "definition": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", + "name": "CVSS Qualitative Severity Rating Scale", + "definition": "The CVSS Qualitative Severity Rating Scale group.", "schemaVersion": "2.0.0", "values": [ { - "key": "U", - "name": "Unchanged", - "definition": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + "key": "N", + "name": "None", + "definition": "None (0.0)" }, { - "key": "C", - "name": "Changed", - "definition": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + "key": "L", + "name": "Low", + "definition": "Low (0.1-3.9)" }, { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "key": "M", + "name": "Medium", + "definition": "Medium (4.0-6.9)" + }, + { + "key": "H", + "name": "High", + "definition": "High (7.0-8.9)" + }, + { + "key": "C", + "name": "Critical", + "definition": "Critical (9.0-10.0)" } ] }, "values": { - "U": { - "key": "U", - "name": "Unchanged", - "definition": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + "N": { + "key": "N", + "name": "None", + "definition": "None (0.0)" + }, + "L": { + "key": "L", + "name": "Low", + "definition": "Low (0.1-3.9)" + }, + "M": { + "key": "M", + "name": "Medium", + "definition": "Medium (4.0-6.9)" + }, + "H": { + "key": "H", + "name": "High", + "definition": "High (7.0-8.9)" }, "C": { "key": "C", - "name": "Changed", - "definition": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." - }, - "X": { - "key": "X", - "name": "Not Defined", - "definition": "This metric value is not defined. See CVSS documentation for details." + "name": "Critical", + "definition": "Critical (9.0-10.0)" } } } } }, - "MC": { - "key": "MC", + "MAV": { + "key": "MAV", "versions": { - "2.0.0": { - "version": "2.0.0", + "3.0.0": { + "version": "3.0.0", "obj": { "namespace": "cvss", - "key": "MC", - "version": "2.0.0", - "name": "Modified Confidentiality Impact", - "definition": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", + "key": "MAV", + "version": "3.0.0", + "name": "Modified Attack Vector", + "definition": "This metric reflects the context by which vulnerability exploitation is possible. ", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "definition": "There is no loss of confidentiality within the impacted component." + "key": "P", + "name": "Physical", + "definition": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." }, { "key": "L", - "name": "Low", - "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "name": "Local", + "definition": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." }, { - "key": "H", - "name": "High", - "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "key": "A", + "name": "Adjacent", + "definition": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + }, + { + "key": "N", + "name": "Network", + "definition": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." }, { "key": "X", @@ -4660,20 +4950,25 @@ ] }, "values": { - "N": { - "key": "N", - "name": "None", - "definition": "There is no loss of confidentiality within the impacted component." + "P": { + "key": "P", + "name": "Physical", + "definition": "A vulnerability exploitable with Physical access requires the attacker to physically touch or manipulate the vulnerable component. Physical interaction may be brief (e.g. evil maid attack [1]) or persistent." }, "L": { "key": "L", - "name": "Low", - "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "name": "Local", + "definition": "A vulnerability exploitable with Local access means that the vulnerable component is not bound to the network stack, and the attacker's path is via read/write/execute capabilities. In some cases, the attacker may be logged in locally in order to exploit the vulnerability, otherwise, she may rely on User Interaction to execute a malicious file." }, - "H": { - "key": "H", - "name": "High", - "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "A": { + "key": "A", + "name": "Adjacent", + "definition": "A vulnerability exploitable with adjacent network access means the vulnerable component is bound to the network stack, however the attack is limited to the same shared physical (e.g. Bluetooth, IEEE 802.11), or logical (e.g. local IP subnet) network, and cannot be performed across an OSI layer 3 boundary (e.g. a router)." + }, + "N": { + "key": "N", + "name": "Network", + "definition": "A vulnerability exploitable with network access means the vulnerable component is bound to the network stack and the attacker's path is through OSI layer 3 (the network layer). Such a vulnerability is often termed 'remotely exploitable' and can be thought of as an attack being exploitable one or more network hops away (e.g. across layer 3 boundaries from routers)." }, "X": { "key": "X", @@ -4681,36 +4976,36 @@ "definition": "This metric value is not defined. See CVSS documentation for details." } } - } - } - }, - "MI": { - "key": "MI", - "versions": { - "2.0.0": { - "version": "2.0.0", + }, + "3.0.1": { + "version": "3.0.1", "obj": { "namespace": "cvss", - "key": "MI", - "version": "2.0.0", - "name": "Modified Integrity Impact", - "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "key": "MAV", + "version": "3.0.1", + "name": "Modified Attack Vector", + "definition": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "definition": "There is no impact to the integrity of the system." + "key": "P", + "name": "Physical", + "definition": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." }, { "key": "L", - "name": "Low", - "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." + "name": "Local", + "definition": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." }, { - "key": "H", - "name": "High", - "definition": "There is a total loss of integrity, or a complete loss of protection." + "key": "A", + "name": "Adjacent", + "definition": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + }, + { + "key": "N", + "name": "Network", + "definition": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." }, { "key": "X", @@ -4720,20 +5015,25 @@ ] }, "values": { - "N": { - "key": "N", - "name": "None", - "definition": "There is no impact to the integrity of the system." + "P": { + "key": "P", + "name": "Physical", + "definition": "The attack requires the attacker to physically touch or manipulate the vulnerable system. Physical interaction may be brief (e.g., evil maid attack1) or persistent." }, "L": { "key": "L", - "name": "Low", - "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." + "name": "Local", + "definition": "The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document)." }, - "H": { - "key": "H", - "name": "High", - "definition": "There is a total loss of integrity, or a complete loss of protection." + "A": { + "key": "A", + "name": "Adjacent", + "definition": "The vulnerable system is bound to a protocol stack, but the attack is limited at the protocol level to a logically adjacent topology. This can mean an attack must be launched from the same shared proximity (e.g., Bluetooth, NFC, or IEEE 802.11) or logical network (e.g., local IP subnet), or from within a secure or otherwise limited administrative domain (e.g., MPLS, secure VPN within an administrative network zone)." + }, + "N": { + "key": "N", + "name": "Network", + "definition": "The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers)." }, "X": { "key": "X", @@ -4744,33 +5044,28 @@ } } }, - "MA": { - "key": "MA", + "MAC": { + "key": "MAC", "versions": { - "2.0.0": { - "version": "2.0.0", + "3.0.0": { + "version": "3.0.0", "obj": { "namespace": "cvss", - "key": "MA", - "version": "2.0.0", - "name": "Modified Availability Impact", - "definition": "This metric measures the impact to availability of a successfully exploited vulnerability.", + "key": "MAC", + "version": "3.0.0", + "name": "Modified Attack Complexity", + "definition": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "definition": "There is no impact to the availability of the system." + "key": "H", + "name": "High", + "definition": "A successful attack depends on conditions beyond the attacker's control." }, { "key": "L", "name": "Low", - "definition": "There is reduced performance or interruptions in resource availability." - }, - { - "key": "H", - "name": "High", - "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." }, { "key": "X", @@ -4780,20 +5075,15 @@ ] }, "values": { - "N": { - "key": "N", - "name": "None", - "definition": "There is no impact to the availability of the system." + "H": { + "key": "H", + "name": "High", + "definition": "A successful attack depends on conditions beyond the attacker's control." }, "L": { "key": "L", "name": "Low", - "definition": "There is reduced performance or interruptions in resource availability." - }, - "H": { - "key": "H", - "name": "High", - "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component." }, "X": { "key": "X", @@ -4801,31 +5091,26 @@ "definition": "This metric value is not defined. See CVSS documentation for details." } } - } - } - }, - "MAT": { - "key": "MAT", - "versions": { - "1.0.0": { - "version": "1.0.0", + }, + "3.0.1": { + "version": "3.0.1", "obj": { "namespace": "cvss", - "key": "MAT", - "version": "1.0.0", - "name": "Modified Attack Requirements", - "definition": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", + "key": "MAC", + "version": "3.0.1", + "name": "Modified Attack Complexity", + "definition": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "schemaVersion": "2.0.0", "values": [ { - "key": "P", - "name": "Present", - "definition": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + "key": "H", + "name": "High", + "definition": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." }, { - "key": "N", - "name": "None", - "definition": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + "key": "L", + "name": "Low", + "definition": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " }, { "key": "X", @@ -4835,15 +5120,15 @@ ] }, "values": { - "P": { - "key": "P", - "name": "Present", - "definition": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + "H": { + "key": "H", + "name": "High", + "definition": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place." }, - "N": { - "key": "N", - "name": "None", - "definition": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." + "L": { + "key": "L", + "name": "Low", + "definition": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. " }, "X": { "key": "X", @@ -4854,33 +5139,33 @@ } } }, - "MVC": { - "key": "MVC", + "MPR": { + "key": "MPR", "versions": { - "3.0.0": { - "version": "3.0.0", + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MVC", - "version": "3.0.0", - "name": "Modified Confidentiality Impact to the Vulnerable System", - "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", + "key": "MPR", + "version": "1.0.0", + "name": "Modified Privileges Required", + "definition": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "definition": "There is no loss of confidentiality within the impacted component." + "key": "H", + "name": "High", + "definition": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." }, { "key": "L", "name": "Low", - "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." }, { - "key": "H", - "name": "High", - "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "key": "N", + "name": "None", + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." }, { "key": "X", @@ -4890,20 +5175,20 @@ ] }, "values": { - "N": { - "key": "N", - "name": "None", - "definition": "There is no loss of confidentiality within the impacted component." + "H": { + "key": "H", + "name": "High", + "definition": "The attacker is authorized with (i.e. requires) privileges that provide significant (e.g. administrative) control over the vulnerable component that could affect component-wide settings and files." }, "L": { "key": "L", "name": "Low", - "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." + "definition": "The attacker is authorized with (i.e. requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources." }, - "H": { - "key": "H", - "name": "High", - "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + "N": { + "key": "N", + "name": "None", + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." }, "X": { "key": "X", @@ -4911,36 +5196,31 @@ "definition": "This metric value is not defined. See CVSS documentation for details." } } - } - } - }, - "MVI": { - "key": "MVI", - "versions": { - "3.0.0": { - "version": "3.0.0", + }, + "1.0.1": { + "version": "1.0.1", "obj": { "namespace": "cvss", - "key": "MVI", - "version": "3.0.0", - "name": "Modified Integrity Impact to the Vulnerable System", - "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", + "key": "MPR", + "version": "1.0.1", + "name": "Modified Privileges Required", + "definition": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "definition": "There is no loss of integrity within the Vulnerable System." + "key": "H", + "name": "High", + "definition": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." }, { "key": "L", "name": "Low", - "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + "definition": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." }, { - "key": "H", - "name": "High", - "definition": "There is a total loss of integrity, or a complete loss of protection." + "key": "N", + "name": "None", + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." }, { "key": "X", @@ -4950,20 +5230,20 @@ ] }, "values": { - "N": { - "key": "N", - "name": "None", - "definition": "There is no loss of integrity within the Vulnerable System." + "H": { + "key": "H", + "name": "High", + "definition": "The attacker is authorized with (i.e., requires) privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files." }, "L": { "key": "L", "name": "Low", - "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." + "definition": "The attacker is authorized with (i.e., requires) privileges that provide basic capabilities that are typically limited to settings and resources owned by a single low-privileged user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources." }, - "H": { - "key": "H", - "name": "High", - "definition": "There is a total loss of integrity, or a complete loss of protection." + "N": { + "key": "N", + "name": "None", + "definition": "The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files to carry out an attack." }, "X": { "key": "X", @@ -4974,33 +5254,28 @@ } } }, - "MVA": { - "key": "MVA", + "MUI": { + "key": "MUI", "versions": { - "3.0.0": { - "version": "3.0.0", + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "cvss", - "key": "MVA", - "version": "3.0.0", - "name": "Modified Availability Impact to the Vulnerable System", - "definition": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", + "key": "MUI", + "version": "1.0.0", + "name": "Modified User Interaction", + "definition": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "None", - "definition": "There is no impact to availability within the Vulnerable System." - }, - { - "key": "L", - "name": "Low", - "definition": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." + "key": "R", + "name": "Required", + "definition": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." }, { - "key": "H", - "name": "High", - "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "key": "N", + "name": "None", + "definition": "The vulnerable system can be exploited without interaction from any user." }, { "key": "X", @@ -5010,20 +5285,15 @@ ] }, "values": { + "R": { + "key": "R", + "name": "Required", + "definition": "Successful exploitation of this vulnerability requires a user to take some action before the vulnerability can be exploited." + }, "N": { "key": "N", "name": "None", - "definition": "There is no impact to availability within the Vulnerable System." - }, - "L": { - "key": "L", - "name": "Low", - "definition": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." - }, - "H": { - "key": "H", - "name": "High", - "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + "definition": "The vulnerable system can be exploited without interaction from any user." }, "X": { "key": "X", @@ -5031,36 +5301,31 @@ "definition": "This metric value is not defined. See CVSS documentation for details." } } - } - } - }, - "MSC": { - "key": "MSC", - "versions": { - "1.0.0": { - "version": "1.0.0", + }, + "2.0.0": { + "version": "2.0.0", "obj": { "namespace": "cvss", - "key": "MSC", - "version": "1.0.0", - "name": "Modified Confidentiality Impact to the Subsequent System", - "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + "key": "MUI", + "version": "2.0.0", + "name": "Modified User Interaction", + "definition": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "Negligible", - "definition": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "key": "A", + "name": "Active", + "definition": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." }, { - "key": "L", - "name": "Low", - "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "key": "P", + "name": "Passive", + "definition": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." }, { - "key": "H", - "name": "High", - "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "key": "N", + "name": "None", + "definition": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." }, { "key": "X", @@ -5070,20 +5335,20 @@ ] }, "values": { - "N": { - "key": "N", - "name": "Negligible", - "definition": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "A": { + "key": "A", + "name": "Active", + "definition": "Successful exploitation of this vulnerability requires a targeted user to perform specific, conscious interactions with the vulnerable system and the attacker’s payload, or the user’s interactions would actively subvert protection mechanisms which would lead to exploitation of the vulnerability." }, - "L": { - "key": "L", - "name": "Low", - "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "P": { + "key": "P", + "name": "Passive", + "definition": "Successful exploitation of this vulnerability requires limited interaction by the targeted user with the vulnerable system and the attacker’s payload. These interactions would be considered involuntary and do not require that the user actively subvert protections built into the vulnerable system." }, - "H": { - "key": "H", - "name": "High", - "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "N": { + "key": "N", + "name": "None", + "definition": "The vulnerable system can be exploited without interaction from any human user, other than the attacker." }, "X": { "key": "X", @@ -5091,31 +5356,86 @@ "definition": "This metric value is not defined. See CVSS documentation for details." } } - }, - "1.0.1": { - "version": "1.0.1", - "obj": { - "namespace": "cvss", - "key": "MSC", - "version": "1.0.1", - "name": "Modified Confidentiality Impact to the Subsequent System", - "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", + } + } + }, + "MS": { + "key": "MS", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "cvss", + "key": "MS", + "version": "1.0.0", + "name": "Modified Scope", + "definition": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "U", + "name": "Unchanged", + "definition": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + }, + { + "key": "C", + "name": "Changed", + "definition": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + }, + { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." + } + ] + }, + "values": { + "U": { + "key": "U", + "name": "Unchanged", + "definition": "An exploited vulnerability can only affect resources managed by the same authority. In this case the vulnerable component and the impacted component are the same." + }, + "C": { + "key": "C", + "name": "Changed", + "definition": "An exploited vulnerability can affect resources beyond the authorization privileges intended by the vulnerable component. In this case the vulnerable component and the impacted component are different." + }, + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." + } + } + } + } + }, + "MC": { + "key": "MC", + "versions": { + "2.0.0": { + "version": "2.0.0", + "obj": { + "namespace": "cvss", + "key": "MC", + "version": "2.0.0", + "name": "Modified Confidentiality Impact", + "definition": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "Negligible", - "definition": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "name": "None", + "definition": "There is no loss of confidentiality within the impacted component." }, { "key": "L", "name": "Low", - "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, { "key": "H", "name": "High", - "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." }, { "key": "X", @@ -5127,18 +5447,18 @@ "values": { "N": { "key": "N", - "name": "Negligible", - "definition": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + "name": "None", + "definition": "There is no loss of confidentiality within the impacted component." }, "L": { "key": "L", "name": "Low", - "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, "H": { "key": "H", "name": "High", - "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." }, "X": { "key": "X", @@ -5148,159 +5468,209 @@ } } } - } - } - }, - "ssvc": { - "namespace": "ssvc", - "keys": { - "V": { - "key": "V", + }, + "MI": { + "key": "MI", "versions": { - "1.0.0": { - "version": "1.0.0", + "2.0.0": { + "version": "2.0.0", "obj": { - "namespace": "ssvc", - "key": "V", - "version": "1.0.0", - "name": "Virulence", - "definition": "The speed at which the vulnerability can be exploited.", + "namespace": "cvss", + "key": "MI", + "version": "2.0.0", + "name": "Modified Integrity Impact", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "S", - "name": "Slow", - "definition": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + "key": "N", + "name": "None", + "definition": "There is no impact to the integrity of the system." }, { - "key": "R", - "name": "Rapid", - "definition": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote code execution or command injection, the default response should be rapid." + "key": "L", + "name": "Low", + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." + }, + { + "key": "H", + "name": "High", + "definition": "There is a total loss of integrity, or a complete loss of protection." + }, + { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { - "S": { - "key": "S", - "name": "Slow", - "definition": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." + "N": { + "key": "N", + "name": "None", + "definition": "There is no impact to the integrity of the system." }, - "R": { - "key": "R", - "name": "Rapid", - "definition": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote code execution or command injection, the default response should be rapid." + "L": { + "key": "L", + "name": "Low", + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is constrained. The data modification does not have a direct, serious impact on the impacted component." + }, + "H": { + "key": "H", + "name": "High", + "definition": "There is a total loss of integrity, or a complete loss of protection." + }, + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } } } } }, - "A": { - "key": "A", + "MA": { + "key": "MA", "versions": { "2.0.0": { "version": "2.0.0", "obj": { - "namespace": "ssvc", - "key": "A", + "namespace": "cvss", + "key": "MA", "version": "2.0.0", - "name": "Automatable", - "definition": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "name": "Modified Availability Impact", + "definition": "This metric measures the impact to availability of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "No", - "definition": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + "name": "None", + "definition": "There is no impact to the availability of the system." }, { - "key": "Y", - "name": "Yes", - "definition": "Attackers can reliably automate steps 1-4 of the kill chain." + "key": "L", + "name": "Low", + "definition": "There is reduced performance or interruptions in resource availability." + }, + { + "key": "H", + "name": "High", + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { "N": { "key": "N", - "name": "No", - "definition": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + "name": "None", + "definition": "There is no impact to the availability of the system." }, - "Y": { - "key": "Y", - "name": "Yes", - "definition": "Attackers can reliably automate steps 1-4 of the kill chain." + "L": { + "key": "L", + "name": "Low", + "definition": "There is reduced performance or interruptions in resource availability." + }, + "H": { + "key": "H", + "name": "High", + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } } } } }, - "CS": { - "key": "CS", + "MAT": { + "key": "MAT", "versions": { "1.0.0": { "version": "1.0.0", "obj": { - "namespace": "ssvc", - "key": "CS", + "namespace": "cvss", + "key": "MAT", "version": "1.0.0", - "name": "Critical Software", - "definition": "Denotes whether a system meets a critical software definition.", + "name": "Modified Attack Requirements", + "definition": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "schemaVersion": "2.0.0", "values": [ + { + "key": "P", + "name": "Present", + "definition": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + }, { "key": "N", - "name": "No", - "definition": "System does not meet a critical software definition." + "name": "None", + "definition": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." }, { - "key": "Y", - "name": "Yes", - "definition": "System meets a critical software definition." + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { + "P": { + "key": "P", + "name": "Present", + "definition": "The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack." + }, "N": { "key": "N", - "name": "No", - "definition": "System does not meet a critical software definition." + "name": "None", + "definition": "The successful attack does not depend on the deployment and execution conditions of the vulnerable system. The attacker can expect to be able to reach the vulnerability and execute the exploit under all or most instances of the vulnerability." }, - "Y": { - "key": "Y", - "name": "Yes", - "definition": "System meets a critical software definition." + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } } } } }, - "E": { - "key": "E", + "MVC": { + "key": "MVC", "versions": { - "1.0.0": { - "version": "1.0.0", + "3.0.0": { + "version": "3.0.0", "obj": { - "namespace": "ssvc", - "key": "E", - "version": "1.0.0", - "name": "Exploitation", - "definition": "The present state of exploitation of the vulnerability.", + "namespace": "cvss", + "key": "MVC", + "version": "3.0.0", + "name": "Modified Confidentiality Impact to the Vulnerable System", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "definition": "There is no loss of confidentiality within the impacted component." }, { - "key": "P", - "name": "PoC", - "definition": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation." + "key": "L", + "name": "Low", + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, { - "key": "A", - "name": "Active", - "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "key": "H", + "name": "High", + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + }, + { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -5308,44 +5678,59 @@ "N": { "key": "N", "name": "None", - "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "definition": "There is no loss of confidentiality within the impacted component." }, - "P": { - "key": "P", - "name": "PoC", - "definition": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation." + "L": { + "key": "L", + "name": "Low", + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is constrained. The information disclosure does not cause a direct, serious loss to the impacted component." }, - "A": { - "key": "A", - "name": "Active", - "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "H": { + "key": "H", + "name": "High", + "definition": "There is total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server." + }, + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } } - }, - "1.1.0": { - "version": "1.1.0", + } + } + }, + "MVI": { + "key": "MVI", + "versions": { + "3.0.0": { + "version": "3.0.0", "obj": { - "namespace": "ssvc", - "key": "E", - "version": "1.1.0", - "name": "Exploitation", - "definition": "The present state of exploitation of the vulnerability.", + "namespace": "cvss", + "key": "MVI", + "version": "3.0.0", + "name": "Modified Integrity Impact to the Vulnerable System", + "definition": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "definition": "There is no loss of integrity within the Vulnerable System." }, { - "key": "P", - "name": "Public PoC", - "definition": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + "key": "L", + "name": "Low", + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." }, { - "key": "A", - "name": "Active", - "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "key": "H", + "name": "High", + "definition": "There is a total loss of integrity, or a complete loss of protection." + }, + { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, @@ -5353,699 +5738,719 @@ "N": { "key": "N", "name": "None", - "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + "definition": "There is no loss of integrity within the Vulnerable System." }, - "P": { - "key": "P", - "name": "Public PoC", - "definition": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + "L": { + "key": "L", + "name": "Low", + "definition": "Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact to the Vulnerable System." }, - "A": { - "key": "A", - "name": "Active", - "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + "H": { + "key": "H", + "name": "High", + "definition": "There is a total loss of integrity, or a complete loss of protection." + }, + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } } } } }, - "HVA": { - "key": "HVA", + "MVA": { + "key": "MVA", "versions": { - "1.0.0": { - "version": "1.0.0", + "3.0.0": { + "version": "3.0.0", "obj": { - "namespace": "ssvc", - "key": "HVA", - "version": "1.0.0", - "name": "High Value Asset", - "definition": "Denotes whether a system meets a high value asset definition.", + "namespace": "cvss", + "key": "MVA", + "version": "3.0.0", + "name": "Modified Availability Impact to the Vulnerable System", + "definition": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "No", - "definition": "System does not meet a high value asset definition." + "name": "None", + "definition": "There is no impact to availability within the Vulnerable System." }, - { - "key": "Y", - "name": "Yes", - "definition": "System meets a high value asset definition." - } - ] - }, - "values": { - "N": { - "key": "N", - "name": "No", - "definition": "System does not meet a high value asset definition." - }, - "Y": { - "key": "Y", - "name": "Yes", - "definition": "System meets a high value asset definition." - } - } - } - } - }, - "MWI": { - "key": "MWI", - "versions": { - "1.0.0": { - "version": "1.0.0", - "obj": { - "namespace": "ssvc", - "key": "MWI", - "version": "1.0.0", - "name": "Mission and Well-Being Impact", - "definition": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", - "schemaVersion": "2.0.0", - "values": [ { "key": "L", "name": "Low", - "definition": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" - }, - { - "key": "M", - "name": "Medium", - "definition": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" + "definition": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." }, { "key": "H", "name": "High", - "definition": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { + "N": { + "key": "N", + "name": "None", + "definition": "There is no impact to availability within the Vulnerable System." + }, "L": { "key": "L", "name": "Low", - "definition": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" - }, - "M": { - "key": "M", - "name": "Medium", - "definition": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" + "definition": "There is reduced performance or interruptions in resource availability. Even if repeated exploitation of the vulnerability is possible, the attacker does not have the ability to completely deny service to legitimate users. The resources in the Vulnerable System are either partially available all of the time, or fully available only some of the time, but overall there is no direct, serious consequence to the Vulnerable System." }, "H": { "key": "H", "name": "High", - "definition": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" + "definition": "There is total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed)." + }, + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } } } } }, - "HI": { - "key": "HI", + "MSC": { + "key": "MSC", "versions": { - "2.0.0": { - "version": "2.0.0", + "1.0.0": { + "version": "1.0.0", "obj": { - "namespace": "ssvc", - "key": "HI", - "version": "2.0.0", - "name": "Human Impact", - "definition": "Human Impact is a combination of Safety and Mission impacts.", + "namespace": "cvss", + "key": "MSC", + "version": "1.0.0", + "name": "Modified Confidentiality Impact to the Subsequent System", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "definition": "Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)" + "key": "N", + "name": "Negligible", + "definition": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, { - "key": "M", - "name": "Medium", - "definition": "(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))" + "key": "L", + "name": "Low", + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, { "key": "H", "name": "High", - "definition": "(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)" + "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." }, { - "key": "VH", - "name": "Very High", - "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { + "N": { + "key": "N", + "name": "Negligible", + "definition": "There is no loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + }, "L": { "key": "L", "name": "Low", - "definition": "Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)" - }, - "M": { - "key": "M", - "name": "Medium", - "definition": "(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))" + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, "H": { "key": "H", "name": "High", - "definition": "(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)" + "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." }, - "VH": { - "key": "VH", - "name": "Very High", - "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } } }, - "2.0.1": { - "version": "2.0.1", + "1.0.1": { + "version": "1.0.1", "obj": { - "namespace": "ssvc", - "key": "HI", - "version": "2.0.1", - "name": "Human Impact", - "definition": "Human Impact is a combination of Safety and Mission impacts.", + "namespace": "cvss", + "key": "MSC", + "version": "1.0.1", + "name": "Modified Confidentiality Impact to the Subsequent System", + "definition": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "definition": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" + "key": "N", + "name": "Negligible", + "definition": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." }, { - "key": "M", - "name": "Medium", - "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + "key": "L", + "name": "Low", + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, { "key": "H", "name": "High", - "definition": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." }, { - "key": "VH", - "name": "Very High", - "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } ] }, "values": { + "N": { + "key": "N", + "name": "Negligible", + "definition": "There is negligible loss of confidentiality within the Subsequent System or all confidentiality impact is constrained to the Vulnerable System." + }, "L": { "key": "L", "name": "Low", - "definition": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" - }, - "M": { - "key": "M", - "name": "Medium", - "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + "definition": "There is some loss of confidentiality. Access to some restricted information is obtained, but the attacker does not have control over what information is obtained, or the amount or kind of loss is limited. The information disclosure does not cause a direct, serious loss to the Subsequent System." }, "H": { "key": "H", "name": "High", - "definition": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + "definition": "There is a total loss of confidentiality, resulting in all resources within the Subsequent System being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact." }, - "VH": { - "key": "VH", - "name": "Very High", - "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "X": { + "key": "X", + "name": "Not Defined", + "definition": "This metric value is not defined. See CVSS documentation for details." } } - }, - "2.0.2": { - "version": "2.0.2", + } + } + } + } + }, + "ssvc": { + "namespace": "ssvc", + "keys": { + "V": { + "key": "V", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "HI", - "version": "2.0.2", - "name": "Human Impact", - "definition": "Human Impact is a combination of Safety and Mission impacts.", + "key": "V", + "version": "1.0.0", + "name": "Virulence", + "definition": "The speed at which the vulnerability can be exploited.", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "definition": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" - }, - { - "key": "M", - "name": "Medium", - "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" - }, - { - "key": "H", - "name": "High", - "definition": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + "key": "S", + "name": "Slow", + "definition": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." }, { - "key": "VH", - "name": "Very High", - "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "key": "R", + "name": "Rapid", + "definition": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote code execution or command injection, the default response should be rapid." } ] }, "values": { - "L": { - "key": "L", - "name": "Low", - "definition": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" - }, - "M": { - "key": "M", - "name": "Medium", - "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" - }, - "H": { - "key": "H", - "name": "High", - "definition": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + "S": { + "key": "S", + "name": "Slow", + "definition": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation." }, - "VH": { - "key": "VH", - "name": "Very High", - "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + "R": { + "key": "R", + "name": "Rapid", + "definition": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote code execution or command injection, the default response should be rapid." } } } } }, - "MI": { - "key": "MI", + "A": { + "key": "A", "versions": { - "1.0.0": { - "version": "1.0.0", + "2.0.0": { + "version": "2.0.0", "obj": { "namespace": "ssvc", - "key": "MI", - "version": "1.0.0", - "name": "Mission Impact", - "definition": "Impact on Mission Essential Functions of the Organization", + "key": "A", + "version": "2.0.0", + "name": "Automatable", + "definition": "Can an attacker reliably automate creating exploitation events for this vulnerability?", "schemaVersion": "2.0.0", "values": [ { "key": "N", - "name": "None", - "definition": "Little to no impact" - }, - { - "key": "NED", - "name": "Non-Essential Degraded", - "definition": "Degradation of non-essential functions; chronic degradation would eventually harm essential functions" - }, - { - "key": "MSC", - "name": "MEF Support Crippled", - "definition": "Activities that directly support essential functions are crippled; essential functions continue for a time" - }, - { - "key": "MEF", - "name": "MEF Failure", - "definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + "name": "No", + "definition": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." }, { - "key": "MF", - "name": "Mission Failure", - "definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + "key": "Y", + "name": "Yes", + "definition": "Attackers can reliably automate steps 1-4 of the kill chain." } ] }, "values": { "N": { "key": "N", - "name": "None", - "definition": "Little to no impact" - }, - "NED": { - "key": "NED", - "name": "Non-Essential Degraded", - "definition": "Degradation of non-essential functions; chronic degradation would eventually harm essential functions" - }, - "MSC": { - "key": "MSC", - "name": "MEF Support Crippled", - "definition": "Activities that directly support essential functions are crippled; essential functions continue for a time" - }, - "MEF": { - "key": "MEF", - "name": "MEF Failure", - "definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + "name": "No", + "definition": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." }, - "MF": { - "key": "MF", - "name": "Mission Failure", - "definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + "Y": { + "key": "Y", + "name": "Yes", + "definition": "Attackers can reliably automate steps 1-4 of the kill chain." } } - }, - "2.0.0": { - "version": "2.0.0", + } + } + }, + "CS": { + "key": "CS", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "MI", - "version": "2.0.0", - "name": "Mission Impact", - "definition": "Impact on Mission Essential Functions of the Organization", + "key": "CS", + "version": "1.0.0", + "name": "Critical Software", + "definition": "Denotes whether a system meets a critical software definition.", "schemaVersion": "2.0.0", "values": [ { - "key": "D", - "name": "Degraded", - "definition": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" - }, - { - "key": "MSC", - "name": "MEF Support Crippled", - "definition": "Activities that directly support essential functions are crippled; essential functions continue for a time" - }, - { - "key": "MEF", - "name": "MEF Failure", - "definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + "key": "N", + "name": "No", + "definition": "System does not meet a critical software definition." }, { - "key": "MF", - "name": "Mission Failure", - "definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + "key": "Y", + "name": "Yes", + "definition": "System meets a critical software definition." } ] }, "values": { - "D": { - "key": "D", - "name": "Degraded", - "definition": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" - }, - "MSC": { - "key": "MSC", - "name": "MEF Support Crippled", - "definition": "Activities that directly support essential functions are crippled; essential functions continue for a time" - }, - "MEF": { - "key": "MEF", - "name": "MEF Failure", - "definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + "N": { + "key": "N", + "name": "No", + "definition": "System does not meet a critical software definition." }, - "MF": { - "key": "MF", - "name": "Mission Failure", - "definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + "Y": { + "key": "Y", + "name": "Yes", + "definition": "System meets a critical software definition." } } } } }, - "PWI": { - "key": "PWI", + "E": { + "key": "E", "versions": { - "1.1.0": { - "version": "1.1.0", + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "PWI", - "version": "1.1.0", - "name": "Public Well-Being Impact", - "definition": "A coarse-grained representation of impact to public well-being.", + "key": "E", + "version": "1.0.0", + "name": "Exploitation", + "definition": "The present state of exploitation of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "M", - "name": "Minimal", - "definition": "The effect is below the threshold for all aspects described in material. " + "key": "N", + "name": "None", + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, { - "key": "MA", - "name": "Material", - "definition": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. " + "key": "P", + "name": "PoC", + "definition": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation." }, { - "key": "I", - "name": "Irreversible", - "definition": "Any one or more of these conditions hold. Physical harm: One or both of the following are true: (a) Multiple fatalities are likely.(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) are imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse. Psychological: N/A " + "key": "A", + "name": "Active", + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } ] }, "values": { - "M": { - "key": "M", - "name": "Minimal", - "definition": "The effect is below the threshold for all aspects described in material. " + "N": { + "key": "N", + "name": "None", + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, - "MA": { - "key": "MA", - "name": "Material", - "definition": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. " + "P": { + "key": "P", + "name": "PoC", + "definition": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation." }, - "I": { - "key": "I", - "name": "Irreversible", - "definition": "Any one or more of these conditions hold. Physical harm: One or both of the following are true: (a) Multiple fatalities are likely.(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) are imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse. Psychological: N/A " + "A": { + "key": "A", + "name": "Active", + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } } - } - } - }, - "PSI": { - "key": "PSI", - "versions": { - "2.0.0": { - "version": "2.0.0", + }, + "1.1.0": { + "version": "1.1.0", "obj": { "namespace": "ssvc", - "key": "PSI", - "version": "2.0.0", - "name": "Public Safety Impact", - "definition": "A coarse-grained representation of impact to public safety.", + "key": "E", + "version": "1.1.0", + "name": "Exploitation", + "definition": "The present state of exploitation of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "M", - "name": "Minimal", - "definition": "Safety Impact:(None OR Minor)" + "key": "N", + "name": "None", + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, { - "key": "S", - "name": "Significant", - "definition": "Safety Impact:(Major OR Hazardous OR Catastrophic)" + "key": "P", + "name": "Public PoC", + "definition": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + }, + { + "key": "A", + "name": "Active", + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } ] }, "values": { - "M": { - "key": "M", - "name": "Minimal", - "definition": "Safety Impact:(None OR Minor)" + "N": { + "key": "N", + "name": "None", + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." }, - "S": { - "key": "S", - "name": "Significant", - "definition": "Safety Impact:(Major OR Hazardous OR Catastrophic)" + "P": { + "key": "P", + "name": "Public PoC", + "definition": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + }, + "A": { + "key": "A", + "name": "Active", + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." } } - }, - "2.0.1": { - "version": "2.0.1", + } + } + }, + "HVA": { + "key": "HVA", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "PSI", - "version": "2.0.1", - "name": "Public Safety Impact", - "definition": "A coarse-grained representation of impact to public safety.", + "key": "HVA", + "version": "1.0.0", + "name": "High Value Asset", + "definition": "Denotes whether a system meets a high value asset definition.", "schemaVersion": "2.0.0", "values": [ { - "key": "M", - "name": "Minimal", - "definition": "Safety Impact:Negligible" + "key": "N", + "name": "No", + "definition": "System does not meet a high value asset definition." }, { - "key": "S", - "name": "Significant", - "definition": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + "key": "Y", + "name": "Yes", + "definition": "System meets a high value asset definition." } ] }, "values": { - "M": { - "key": "M", - "name": "Minimal", - "definition": "Safety Impact:Negligible" + "N": { + "key": "N", + "name": "No", + "definition": "System does not meet a high value asset definition." }, - "S": { - "key": "S", - "name": "Significant", - "definition": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + "Y": { + "key": "Y", + "name": "Yes", + "definition": "System meets a high value asset definition." } } } } }, - "PVA": { - "key": "PVA", + "MWI": { + "key": "MWI", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "PVA", + "key": "MWI", "version": "1.0.0", - "name": "Public Value Added", - "definition": "How much value would a publication from the coordinator benefit the broader community?", + "name": "Mission and Well-Being Impact", + "definition": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", "schemaVersion": "2.0.0", "values": [ { "key": "L", - "name": "Limited", - "definition": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." + "name": "Low", + "definition": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" }, { - "key": "A", - "name": "Ampliative", - "definition": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." + "key": "M", + "name": "Medium", + "definition": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" }, { - "key": "P", - "name": "Precedence", - "definition": "The publication would be the first publicly available, or be coincident with the first publicly available." + "key": "H", + "name": "High", + "definition": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" } ] }, "values": { "L": { "key": "L", - "name": "Limited", - "definition": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." + "name": "Low", + "definition": "Mission Prevalence:Minimal AND Public Well-Being Impact:Minimal" }, - "A": { - "key": "A", - "name": "Ampliative", - "definition": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." + "M": { + "key": "M", + "name": "Medium", + "definition": "Mission Prevalence:Support AND Public Well-Being Impact:(Minimal OR Material)" }, - "P": { - "key": "P", - "name": "Precedence", - "definition": "The publication would be the first publicly available, or be coincident with the first publicly available." + "H": { + "key": "H", + "name": "High", + "definition": "Mission Prevalence:Essential OR Public Well-Being Impact:(Irreversible)" } } } } }, - "RC": { - "key": "RC", + "HI": { + "key": "HI", "versions": { - "1.0.0": { - "version": "1.0.0", + "2.0.0": { + "version": "2.0.0", "obj": { "namespace": "ssvc", - "key": "RC", - "version": "1.0.0", - "name": "Report Credibility", - "definition": "Is the report credible?", + "key": "HI", + "version": "2.0.0", + "name": "Human Impact", + "definition": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", "values": [ { - "key": "NC", - "name": "Not Credible", - "definition": "The report is not credible." + "key": "L", + "name": "Low", + "definition": "Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)" }, { - "key": "C", - "name": "Credible", - "definition": "The report is credible." - } + "key": "M", + "name": "Medium", + "definition": "(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))" + }, + { + "key": "H", + "name": "High", + "definition": "(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)" + }, + { + "key": "VH", + "name": "Very High", + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + } ] }, "values": { - "NC": { - "key": "NC", - "name": "Not Credible", - "definition": "The report is not credible." + "L": { + "key": "L", + "name": "Low", + "definition": "Safety Impact:(None OR Minor) AND Mission Impact:(None OR Degraded OR Crippled)" }, - "C": { - "key": "C", - "name": "Credible", - "definition": "The report is credible." + "M": { + "key": "M", + "name": "Medium", + "definition": "(Safety Impact:(None OR Minor) AND Mission Impact:MEF Failure) OR (Safety Impact:Major AND Mission Impact:(None OR Degraded OR Crippled))" + }, + "H": { + "key": "H", + "name": "High", + "definition": "(Safety Impact:Hazardous AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Major AND Mission Impact:MEF Failure)" + }, + "VH": { + "key": "VH", + "name": "Very High", + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } } - } - } - }, - "RP": { - "key": "RP", - "versions": { - "1.0.0": { - "version": "1.0.0", + }, + "2.0.1": { + "version": "2.0.1", "obj": { "namespace": "ssvc", - "key": "RP", - "version": "1.0.0", - "name": "Report Public", - "definition": "Is a viable report of the details of the vulnerability already publicly available?", + "key": "HI", + "version": "2.0.1", + "name": "Human Impact", + "definition": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", "values": [ { - "key": "Y", - "name": "Yes", - "definition": "A public report of the vulnerability exists." + "key": "L", + "name": "Low", + "definition": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" }, { - "key": "N", - "name": "No", - "definition": "No public report of the vulnerability exists." + "key": "M", + "name": "Medium", + "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + }, + { + "key": "H", + "name": "High", + "definition": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + { + "key": "VH", + "name": "Very High", + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } ] }, "values": { - "Y": { - "key": "Y", - "name": "Yes", - "definition": "A public report of the vulnerability exists." + "L": { + "key": "L", + "name": "Low", + "definition": "Safety Impact:(Negligible) AND Mission Impact:(None OR Degraded OR Crippled)" }, - "N": { - "key": "N", - "name": "No", - "definition": "No public report of the vulnerability exists." + "M": { + "key": "M", + "name": "Medium", + "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(None OR Degraded OR Crippled))" + }, + "H": { + "key": "H", + "name": "High", + "definition": "(Safety Impact:Critical AND Mission Impact:(None OR Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + "VH": { + "key": "VH", + "name": "Very High", + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + } + } + }, + "2.0.2": { + "version": "2.0.2", + "obj": { + "namespace": "ssvc", + "key": "HI", + "version": "2.0.2", + "name": "Human Impact", + "definition": "Human Impact is a combination of Safety and Mission impacts.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Low", + "definition": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" + }, + { + "key": "M", + "name": "Medium", + "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" + }, + { + "key": "H", + "name": "High", + "definition": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + { + "key": "VH", + "name": "Very High", + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" + } + ] + }, + "values": { + "L": { + "key": "L", + "name": "Low", + "definition": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" + }, + "M": { + "key": "M", + "name": "Medium", + "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" + }, + "H": { + "key": "H", + "name": "High", + "definition": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + "VH": { + "key": "VH", + "name": "Very High", + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } } } } }, - "SI": { - "key": "SI", + "MI": { + "key": "MI", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "SI", + "key": "MI", "version": "1.0.0", - "name": "Safety Impact", - "definition": "The safety impact of the vulnerability.", + "name": "Mission Impact", + "definition": "Impact on Mission Essential Functions of the Organization", "schemaVersion": "2.0.0", "values": [ { "key": "N", "name": "None", - "definition": "The effect is below the threshold for all aspects described in Minor." + "definition": "Little to no impact" }, { - "key": "M", - "name": "Minor", - "definition": "Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + "key": "NED", + "name": "Non-Essential Degraded", + "definition": "Degradation of non-essential functions; chronic degradation would eventually harm essential functions" }, { - "key": "J", - "name": "Major", - "definition": "Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + "key": "MSC", + "name": "MEF Support Crippled", + "definition": "Activities that directly support essential functions are crippled; essential functions continue for a time" }, { - "key": "H", - "name": "Hazardous", - "definition": "Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A." + "key": "MEF", + "name": "MEF Failure", + "definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" }, { - "key": "C", - "name": "Catastrophic", - "definition": "Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A." + "key": "MF", + "name": "Mission Failure", + "definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" } ] }, @@ -6053,27 +6458,27 @@ "N": { "key": "N", "name": "None", - "definition": "The effect is below the threshold for all aspects described in Minor." + "definition": "Little to no impact" }, - "M": { - "key": "M", - "name": "Minor", - "definition": "Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + "NED": { + "key": "NED", + "name": "Non-Essential Degraded", + "definition": "Degradation of non-essential functions; chronic degradation would eventually harm essential functions" }, - "J": { - "key": "J", - "name": "Major", - "definition": "Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + "MSC": { + "key": "MSC", + "name": "MEF Support Crippled", + "definition": "Activities that directly support essential functions are crippled; essential functions continue for a time" }, - "H": { - "key": "H", - "name": "Hazardous", - "definition": "Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A." + "MEF": { + "key": "MEF", + "name": "MEF Failure", + "definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" }, - "C": { - "key": "C", - "name": "Catastrophic", - "definition": "Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A." + "MF": { + "key": "MF", + "name": "Mission Failure", + "definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" } } }, @@ -6081,544 +6486,654 @@ "version": "2.0.0", "obj": { "namespace": "ssvc", - "key": "SI", + "key": "MI", "version": "2.0.0", - "name": "Safety Impact", - "definition": "The safety impact of the vulnerability. (based on IEC 61508)", + "name": "Mission Impact", + "definition": "Impact on Mission Essential Functions of the Organization", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "Negligible", - "definition": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + "key": "D", + "name": "Degraded", + "definition": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" }, { - "key": "M", - "name": "Marginal", - "definition": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + "key": "MSC", + "name": "MEF Support Crippled", + "definition": "Activities that directly support essential functions are crippled; essential functions continue for a time" }, { - "key": "R", - "name": "Critical", - "definition": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." + "key": "MEF", + "name": "MEF Failure", + "definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" }, { - "key": "C", - "name": "Catastrophic", - "definition": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." + "key": "MF", + "name": "Mission Failure", + "definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" } ] }, "values": { - "N": { - "key": "N", - "name": "Negligible", - "definition": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + "D": { + "key": "D", + "name": "Degraded", + "definition": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions" }, + "MSC": { + "key": "MSC", + "name": "MEF Support Crippled", + "definition": "Activities that directly support essential functions are crippled; essential functions continue for a time" + }, + "MEF": { + "key": "MEF", + "name": "MEF Failure", + "definition": "Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time" + }, + "MF": { + "key": "MF", + "name": "Mission Failure", + "definition": "Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails" + } + } + } + } + }, + "PWI": { + "key": "PWI", + "versions": { + "1.1.0": { + "version": "1.1.0", + "obj": { + "namespace": "ssvc", + "key": "PWI", + "version": "1.1.0", + "name": "Public Well-Being Impact", + "definition": "A coarse-grained representation of impact to public well-being.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "M", + "name": "Minimal", + "definition": "The effect is below the threshold for all aspects described in material. " + }, + { + "key": "MA", + "name": "Material", + "definition": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. " + }, + { + "key": "I", + "name": "Irreversible", + "definition": "Any one or more of these conditions hold. Physical harm: One or both of the following are true: (a) Multiple fatalities are likely.(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) are imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse. Psychological: N/A " + } + ] + }, + "values": { "M": { "key": "M", - "name": "Marginal", - "definition": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + "name": "Minimal", + "definition": "The effect is below the threshold for all aspects described in material. " }, - "R": { - "key": "R", - "name": "Critical", - "definition": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." + "MA": { + "key": "MA", + "name": "Material", + "definition": "Any one or more of these conditions hold. Physical harm: Does one or more of the following: (a) Causes physical distress or injury to system users. (b) Introduces occupational safety hazards. (c) Reduces and/or results in failure of cyber-physical system safety margins. Environment: Major externalities (property damage, environmental damage, etc.) are imposed on other parties. Financial: Financial losses likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to necessitate counseling or therapy, impact populations of people. " }, - "C": { - "key": "C", - "name": "Catastrophic", - "definition": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." + "I": { + "key": "I", + "name": "Irreversible", + "definition": "Any one or more of these conditions hold. Physical harm: One or both of the following are true: (a) Multiple fatalities are likely.(b) The cyber-physical system, of which the vulnerable componen is a part, is likely lost or destroyed. Environment: Extreme or serious externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) are imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software are destabilized and potentially collapse. Psychological: N/A " } } } } }, - "SC": { - "key": "SC", + "PSI": { + "key": "PSI", "versions": { - "1.0.0": { - "version": "1.0.0", + "2.0.0": { + "version": "2.0.0", "obj": { "namespace": "ssvc", - "key": "SC", - "version": "1.0.0", - "name": "Supplier Cardinality", - "definition": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", + "key": "PSI", + "version": "2.0.0", + "name": "Public Safety Impact", + "definition": "A coarse-grained representation of impact to public safety.", "schemaVersion": "2.0.0", "values": [ { - "key": "O", - "name": "One", - "definition": "There is only one supplier of the vulnerable component." + "key": "M", + "name": "Minimal", + "definition": "Safety Impact:(None OR Minor)" + }, + { + "key": "S", + "name": "Significant", + "definition": "Safety Impact:(Major OR Hazardous OR Catastrophic)" + } + ] + }, + "values": { + "M": { + "key": "M", + "name": "Minimal", + "definition": "Safety Impact:(None OR Minor)" + }, + "S": { + "key": "S", + "name": "Significant", + "definition": "Safety Impact:(Major OR Hazardous OR Catastrophic)" + } + } + }, + "2.0.1": { + "version": "2.0.1", + "obj": { + "namespace": "ssvc", + "key": "PSI", + "version": "2.0.1", + "name": "Public Safety Impact", + "definition": "A coarse-grained representation of impact to public safety.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "M", + "name": "Minimal", + "definition": "Safety Impact:Negligible" }, { - "key": "M", - "name": "Multiple", - "definition": "There are multiple suppliers of the vulnerable component." + "key": "S", + "name": "Significant", + "definition": "Safety Impact:(Marginal OR Critical OR Catastrophic)" } ] }, "values": { - "O": { - "key": "O", - "name": "One", - "definition": "There is only one supplier of the vulnerable component." - }, "M": { "key": "M", - "name": "Multiple", - "definition": "There are multiple suppliers of the vulnerable component." + "name": "Minimal", + "definition": "Safety Impact:Negligible" + }, + "S": { + "key": "S", + "name": "Significant", + "definition": "Safety Impact:(Marginal OR Critical OR Catastrophic)" } } } } }, - "SCON": { - "key": "SCON", + "PVA": { + "key": "PVA", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "SCON", + "key": "PVA", "version": "1.0.0", - "name": "Supplier Contacted", - "definition": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", + "name": "Public Value Added", + "definition": "How much value would a publication from the coordinator benefit the broader community?", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "No", - "definition": "The supplier has not been contacted." + "key": "L", + "name": "Limited", + "definition": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." }, { - "key": "Y", - "name": "Yes", - "definition": "The supplier has been contacted." + "key": "A", + "name": "Ampliative", + "definition": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." + }, + { + "key": "P", + "name": "Precedence", + "definition": "The publication would be the first publicly available, or be coincident with the first publicly available." } ] }, "values": { - "N": { - "key": "N", - "name": "No", - "definition": "The supplier has not been contacted." + "L": { + "key": "L", + "name": "Limited", + "definition": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." }, - "Y": { - "key": "Y", - "name": "Yes", - "definition": "The supplier has been contacted." + "A": { + "key": "A", + "name": "Ampliative", + "definition": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." + }, + "P": { + "key": "P", + "name": "Precedence", + "definition": "The publication would be the first publicly available, or be coincident with the first publicly available." } } } } }, - "SE": { - "key": "SE", + "RC": { + "key": "RC", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "SE", + "key": "RC", "version": "1.0.0", - "name": "Supplier Engagement", - "definition": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", + "name": "Report Credibility", + "definition": "Is the report credible?", "schemaVersion": "2.0.0", "values": [ { - "key": "A", - "name": "Active", - "definition": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." + "key": "NC", + "name": "Not Credible", + "definition": "The report is not credible." }, { - "key": "U", - "name": "Unresponsive", - "definition": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." + "key": "C", + "name": "Credible", + "definition": "The report is credible." } ] }, "values": { - "A": { - "key": "A", - "name": "Active", - "definition": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." + "NC": { + "key": "NC", + "name": "Not Credible", + "definition": "The report is not credible." }, - "U": { - "key": "U", - "name": "Unresponsive", - "definition": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." + "C": { + "key": "C", + "name": "Credible", + "definition": "The report is credible." } } } } }, - "SINV": { - "key": "SINV", + "RP": { + "key": "RP", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "SINV", + "key": "RP", "version": "1.0.0", - "name": "Supplier Involvement", - "definition": "What is the state of the supplier’s work on addressing the vulnerability?", + "name": "Report Public", + "definition": "Is a viable report of the details of the vulnerability already publicly available?", "schemaVersion": "2.0.0", "values": [ { - "key": "FR", - "name": "Fix Ready", - "definition": "The supplier has provided a patch or fix." - }, - { - "key": "C", - "name": "Cooperative", - "definition": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." + "key": "Y", + "name": "Yes", + "definition": "A public report of the vulnerability exists." }, { - "key": "UU", - "name": "Uncooperative/Unresponsive", - "definition": "The supplier has not responded, declined to generate a remediation, or no longer exists." + "key": "N", + "name": "No", + "definition": "No public report of the vulnerability exists." } ] }, "values": { - "FR": { - "key": "FR", - "name": "Fix Ready", - "definition": "The supplier has provided a patch or fix." - }, - "C": { - "key": "C", - "name": "Cooperative", - "definition": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." + "Y": { + "key": "Y", + "name": "Yes", + "definition": "A public report of the vulnerability exists." }, - "UU": { - "key": "UU", - "name": "Uncooperative/Unresponsive", - "definition": "The supplier has not responded, declined to generate a remediation, or no longer exists." + "N": { + "key": "N", + "name": "No", + "definition": "No public report of the vulnerability exists." } } } } }, - "EXP": { - "key": "EXP", + "SI": { + "key": "SI", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "EXP", + "key": "SI", "version": "1.0.0", - "name": "System Exposure", - "definition": "The Accessible Attack Surface of the Affected System or Service", + "name": "Safety Impact", + "definition": "The safety impact of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "S", - "name": "Small", - "definition": "Local service or program; highly controlled network" + "key": "N", + "name": "None", + "definition": "The effect is below the threshold for all aspects described in Minor." }, { - "key": "C", - "name": "Controlled", - "definition": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + "key": "M", + "name": "Minor", + "definition": "Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." }, { - "key": "U", - "name": "Unavoidable", - "definition": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + "key": "J", + "name": "Major", + "definition": "Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + }, + { + "key": "H", + "name": "Hazardous", + "definition": "Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A." + }, + { + "key": "C", + "name": "Catastrophic", + "definition": "Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A." } ] }, "values": { - "S": { - "key": "S", - "name": "Small", - "definition": "Local service or program; highly controlled network" + "N": { + "key": "N", + "name": "None", + "definition": "The effect is below the threshold for all aspects described in Minor." + }, + "M": { + "key": "M", + "name": "Minor", + "definition": "Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + }, + "J": { + "key": "J", + "name": "Major", + "definition": "Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + }, + "H": { + "key": "H", + "name": "Hazardous", + "definition": "Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A." }, "C": { "key": "C", - "name": "Controlled", - "definition": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." - }, - "U": { - "key": "U", - "name": "Unavoidable", - "definition": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + "name": "Catastrophic", + "definition": "Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A." } } }, - "1.0.1": { - "version": "1.0.1", + "2.0.0": { + "version": "2.0.0", "obj": { "namespace": "ssvc", - "key": "EXP", - "version": "1.0.1", - "name": "System Exposure", - "definition": "The Accessible Attack Surface of the Affected System or Service", + "key": "SI", + "version": "2.0.0", + "name": "Safety Impact", + "definition": "The safety impact of the vulnerability. (based on IEC 61508)", "schemaVersion": "2.0.0", "values": [ { - "key": "S", - "name": "Small", - "definition": "Local service or program; highly controlled network" + "key": "N", + "name": "Negligible", + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." }, { - "key": "C", - "name": "Controlled", - "definition": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + "key": "M", + "name": "Marginal", + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." }, { - "key": "O", - "name": "Open", - "definition": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + "key": "R", + "name": "Critical", + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." + }, + { + "key": "C", + "name": "Catastrophic", + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." } ] }, "values": { - "S": { - "key": "S", - "name": "Small", - "definition": "Local service or program; highly controlled network" + "N": { + "key": "N", + "name": "Negligible", + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Minor injuries at worst (IEC 61508 Negligible).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard.
- *System resiliency*: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation.
- *Environment*: Minor externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses, which are not readily absorbable, to multiple persons.
- *Psychological*: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + }, + "M": { + "key": "M", + "name": "Marginal", + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Major injuries to one or more persons (IEC 61508 Marginal).
- *Operator resiliency*: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard.
- *System resiliency*: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation.
- *Environment*: Major externalities (property damage, environmental damage, etc.) imposed on other parties.
- *Financial*: Financial losses that likely lead to bankruptcy of multiple persons.
- *Psychological*: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people." + }, + "R": { + "key": "R", + "name": "Critical", + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Loss of life (IEC 61508 Critical).
- *Operator resiliency*: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly.
- *System resiliency*: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact.
- *Environment*: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties.
- *Financial*: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state.
- *Psychological*: N/A." }, "C": { "key": "C", - "name": "Controlled", - "definition": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." - }, - "O": { - "key": "O", - "name": "Open", - "definition": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + "name": "Catastrophic", + "definition": "Any one or more of these conditions hold.

- *Physical harm*: Multiple loss of life (IEC 61508 Catastrophic).
- *Operator resiliency*: Operator incapacitated (includes fatality or otherwise incapacitated).
- *System resiliency*: Total loss of whole cyber-physical system, of which the software is a part.
- *Environment*: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties.
- *Financial*: Social systems (elections, financial grid, etc.) supported by the software collapse.
- *Psychological*: N/A." } } } } }, - "TI": { - "key": "TI", + "SC": { + "key": "SC", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "TI", + "key": "SC", "version": "1.0.0", - "name": "Technical Impact", - "definition": "The technical impact of the vulnerability.", + "name": "Supplier Cardinality", + "definition": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", "schemaVersion": "2.0.0", "values": [ { - "key": "P", - "name": "Partial", - "definition": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." + "key": "O", + "name": "One", + "definition": "There is only one supplier of the vulnerable component." }, { - "key": "T", - "name": "Total", - "definition": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." + "key": "M", + "name": "Multiple", + "definition": "There are multiple suppliers of the vulnerable component." } ] }, "values": { - "P": { - "key": "P", - "name": "Partial", - "definition": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." + "O": { + "key": "O", + "name": "One", + "definition": "There is only one supplier of the vulnerable component." }, - "T": { - "key": "T", - "name": "Total", - "definition": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." + "M": { + "key": "M", + "name": "Multiple", + "definition": "There are multiple suppliers of the vulnerable component." } } } } }, - "U": { - "key": "U", + "SCON": { + "key": "SCON", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "U", + "key": "SCON", "version": "1.0.0", - "name": "Utility", - "definition": "The Usefulness of the Exploit to the Adversary", + "name": "Supplier Contacted", + "definition": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Laborious", - "definition": "Virulence:Slow and Value Density:Diffuse" - }, - { - "key": "E", - "name": "Efficient", - "definition": "Virulence:Rapid and Value Density:Diffuse OR Virulence:Slow and Value Density:Concentrated" + "key": "N", + "name": "No", + "definition": "The supplier has not been contacted." }, { - "key": "S", - "name": "Super Effective", - "definition": "Virulence:Rapid and Value Density:Concentrated" + "key": "Y", + "name": "Yes", + "definition": "The supplier has been contacted." } ] }, "values": { - "L": { - "key": "L", - "name": "Laborious", - "definition": "Virulence:Slow and Value Density:Diffuse" - }, - "E": { - "key": "E", - "name": "Efficient", - "definition": "Virulence:Rapid and Value Density:Diffuse OR Virulence:Slow and Value Density:Concentrated" + "N": { + "key": "N", + "name": "No", + "definition": "The supplier has not been contacted." }, - "S": { - "key": "S", - "name": "Super Effective", - "definition": "Virulence:Rapid and Value Density:Concentrated" + "Y": { + "key": "Y", + "name": "Yes", + "definition": "The supplier has been contacted." } } - }, - "1.0.1": { - "version": "1.0.1", + } + } + }, + "SE": { + "key": "SE", + "versions": { + "1.0.0": { + "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "U", - "version": "1.0.1", - "name": "Utility", - "definition": "The Usefulness of the Exploit to the Adversary", + "key": "SE", + "version": "1.0.0", + "name": "Supplier Engagement", + "definition": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Laborious", - "definition": "Automatable:No AND Value Density:Diffuse" - }, - { - "key": "E", - "name": "Efficient", - "definition": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + "key": "A", + "name": "Active", + "definition": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." }, { - "key": "S", - "name": "Super Effective", - "definition": "Automatable:Yes AND Value Density:Concentrated" + "key": "U", + "name": "Unresponsive", + "definition": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." } ] }, "values": { - "L": { - "key": "L", - "name": "Laborious", - "definition": "Automatable:No AND Value Density:Diffuse" - }, - "E": { - "key": "E", - "name": "Efficient", - "definition": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + "A": { + "key": "A", + "name": "Active", + "definition": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." }, - "S": { - "key": "S", - "name": "Super Effective", - "definition": "Automatable:Yes AND Value Density:Concentrated" + "U": { + "key": "U", + "name": "Unresponsive", + "definition": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." } } } } }, - "VD": { - "key": "VD", + "SINV": { + "key": "SINV", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "VD", + "key": "SINV", "version": "1.0.0", - "name": "Value Density", - "definition": "The concentration of value in the target", + "name": "Supplier Involvement", + "definition": "What is the state of the supplier’s work on addressing the vulnerability?", "schemaVersion": "2.0.0", "values": [ { - "key": "D", - "name": "Diffuse", - "definition": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." + "key": "FR", + "name": "Fix Ready", + "definition": "The supplier has provided a patch or fix." }, { "key": "C", - "name": "Concentrated", - "definition": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." + "name": "Cooperative", + "definition": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." + }, + { + "key": "UU", + "name": "Uncooperative/Unresponsive", + "definition": "The supplier has not responded, declined to generate a remediation, or no longer exists." } ] }, "values": { - "D": { - "key": "D", - "name": "Diffuse", - "definition": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." + "FR": { + "key": "FR", + "name": "Fix Ready", + "definition": "The supplier has provided a patch or fix." }, "C": { "key": "C", - "name": "Concentrated", - "definition": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." + "name": "Cooperative", + "definition": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." + }, + "UU": { + "key": "UU", + "name": "Uncooperative/Unresponsive", + "definition": "The supplier has not responded, declined to generate a remediation, or no longer exists." } } } } }, - "COORDINATE": { - "key": "COORDINATE", + "EXP": { + "key": "EXP", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "COORDINATE", + "key": "EXP", "version": "1.0.0", - "name": "Decline, Track, Coordinate", - "definition": "The coordinate outcome group.", + "name": "System Exposure", + "definition": "The Accessible Attack Surface of the Affected System or Service", "schemaVersion": "2.0.0", "values": [ { - "key": "D", - "name": "Decline", - "definition": "Decline" + "key": "S", + "name": "Small", + "definition": "Local service or program; highly controlled network" }, { - "key": "T", - "name": "Track", - "definition": "Track" + "key": "C", + "name": "Controlled", + "definition": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." }, { - "key": "C", - "name": "Coordinate", - "definition": "Coordinate" + "key": "U", + "name": "Unavoidable", + "definition": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" } ] }, "values": { - "D": { - "key": "D", - "name": "Decline", - "definition": "Decline" - }, - "T": { - "key": "T", - "name": "Track", - "definition": "Track" + "S": { + "key": "S", + "name": "Small", + "definition": "Local service or program; highly controlled network" }, "C": { "key": "C", - "name": "Coordinate", - "definition": "Coordinate" + "name": "Controlled", + "definition": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + }, + "U": { + "key": "U", + "name": "Unavoidable", + "definition": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" } } }, @@ -6626,419 +7141,414 @@ "version": "1.0.1", "obj": { "namespace": "ssvc", - "key": "COORDINATE", + "key": "EXP", "version": "1.0.1", - "name": "Decline, Track, Coordinate", - "definition": "The coordinate outcome group.", + "name": "System Exposure", + "definition": "The Accessible Attack Surface of the Affected System or Service", "schemaVersion": "2.0.0", "values": [ { - "key": "D", - "name": "Decline", - "definition": "Do not act on the report." + "key": "S", + "name": "Small", + "definition": "Local service or program; highly controlled network" }, { - "key": "T", - "name": "Track", - "definition": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." + "key": "C", + "name": "Controlled", + "definition": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." }, { - "key": "C", - "name": "Coordinate", - "definition": "Take action on the report." + "key": "O", + "name": "Open", + "definition": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" } ] }, "values": { - "D": { - "key": "D", - "name": "Decline", - "definition": "Do not act on the report." - }, - "T": { - "key": "T", - "name": "Track", - "definition": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." + "S": { + "key": "S", + "name": "Small", + "definition": "Local service or program; highly controlled network" }, "C": { "key": "C", - "name": "Coordinate", - "definition": "Take action on the report." + "name": "Controlled", + "definition": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + }, + "O": { + "key": "O", + "name": "Open", + "definition": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" } } } } }, - "DSOI": { - "key": "DSOI", + "TI": { + "key": "TI", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "DSOI", + "key": "TI", "version": "1.0.0", - "name": "Defer, Scheduled, Out-of-Cycle, Immediate", - "definition": "The original SSVC outcome group.", + "name": "Technical Impact", + "definition": "The technical impact of the vulnerability.", "schemaVersion": "2.0.0", "values": [ { - "key": "D", - "name": "Defer", - "definition": "Defer" - }, - { - "key": "S", - "name": "Scheduled", - "definition": "Scheduled" - }, - { - "key": "O", - "name": "Out-of-Cycle", - "definition": "Out-of-Cycle" + "key": "P", + "name": "Partial", + "definition": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." }, { - "key": "I", - "name": "Immediate", - "definition": "Immediate" + "key": "T", + "name": "Total", + "definition": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." } ] }, "values": { - "D": { - "key": "D", - "name": "Defer", - "definition": "Defer" - }, - "S": { - "key": "S", - "name": "Scheduled", - "definition": "Scheduled" - }, - "O": { - "key": "O", - "name": "Out-of-Cycle", - "definition": "Out-of-Cycle" + "P": { + "key": "P", + "name": "Partial", + "definition": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control." }, - "I": { - "key": "I", - "name": "Immediate", - "definition": "Immediate" + "T": { + "key": "T", + "name": "Total", + "definition": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." } } } } }, - "PUBLISH": { - "key": "PUBLISH", + "U": { + "key": "U", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "PUBLISH", + "key": "U", "version": "1.0.0", - "name": "Publish, Do Not Publish", - "definition": "The publish outcome group.", + "name": "Utility", + "definition": "The Usefulness of the Exploit to the Adversary", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "Do Not Publish", - "definition": "Do Not Publish" + "key": "L", + "name": "Laborious", + "definition": "Virulence:Slow and Value Density:Diffuse" }, { - "key": "P", - "name": "Publish", - "definition": "Publish" + "key": "E", + "name": "Efficient", + "definition": "Virulence:Rapid and Value Density:Diffuse OR Virulence:Slow and Value Density:Concentrated" + }, + { + "key": "S", + "name": "Super Effective", + "definition": "Virulence:Rapid and Value Density:Concentrated" } ] }, "values": { - "N": { - "key": "N", - "name": "Do Not Publish", - "definition": "Do Not Publish" + "L": { + "key": "L", + "name": "Laborious", + "definition": "Virulence:Slow and Value Density:Diffuse" }, - "P": { - "key": "P", - "name": "Publish", - "definition": "Publish" + "E": { + "key": "E", + "name": "Efficient", + "definition": "Virulence:Rapid and Value Density:Diffuse OR Virulence:Slow and Value Density:Concentrated" + }, + "S": { + "key": "S", + "name": "Super Effective", + "definition": "Virulence:Rapid and Value Density:Concentrated" } } - } - } - } - } - }, - "basic": { - "namespace": "basic", - "keys": { - "IKE": { - "key": "IKE", - "versions": { - "1.0.0": { - "version": "1.0.0", + }, + "1.0.1": { + "version": "1.0.1", "obj": { - "namespace": "basic", - "key": "IKE", - "version": "1.0.0", - "name": "Do, Schedule, Delegate, Delete", - "definition": "The Eisenhower outcome group.", + "namespace": "ssvc", + "key": "U", + "version": "1.0.1", + "name": "Utility", + "definition": "The Usefulness of the Exploit to the Adversary", "schemaVersion": "2.0.0", "values": [ { - "key": "D", - "name": "Delete", - "definition": "Delete" + "key": "L", + "name": "Laborious", + "definition": "Automatable:No AND Value Density:Diffuse" }, { - "key": "G", - "name": "Delegate", - "definition": "Delegate" + "key": "E", + "name": "Efficient", + "definition": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" }, { "key": "S", - "name": "Schedule", - "definition": "Schedule" - }, - { - "key": "O", - "name": "Do", - "definition": "Do" + "name": "Super Effective", + "definition": "Automatable:Yes AND Value Density:Concentrated" } ] }, "values": { - "D": { - "key": "D", - "name": "Delete", - "definition": "Delete" + "L": { + "key": "L", + "name": "Laborious", + "definition": "Automatable:No AND Value Density:Diffuse" }, - "G": { - "key": "G", - "name": "Delegate", - "definition": "Delegate" + "E": { + "key": "E", + "name": "Efficient", + "definition": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" }, "S": { "key": "S", - "name": "Schedule", - "definition": "Schedule" + "name": "Super Effective", + "definition": "Automatable:Yes AND Value Density:Concentrated" + } + } + } + } + }, + "VD": { + "key": "VD", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "VD", + "version": "1.0.0", + "name": "Value Density", + "definition": "The concentration of value in the target", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Diffuse", + "definition": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." + }, + { + "key": "C", + "name": "Concentrated", + "definition": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." + } + ] + }, + "values": { + "D": { + "key": "D", + "name": "Diffuse", + "definition": "The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small." }, - "O": { - "key": "O", - "name": "Do", - "definition": "Do" + "C": { + "key": "C", + "name": "Concentrated", + "definition": "The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users." } } } } }, - "MSCW": { - "key": "MSCW", + "COORDINATE": { + "key": "COORDINATE", "versions": { "1.0.0": { "version": "1.0.0", "obj": { - "namespace": "basic", - "key": "MSCW", + "namespace": "ssvc", + "key": "COORDINATE", "version": "1.0.0", - "name": "MoSCoW", - "definition": "The MoSCoW (Must, Should, Could, Won't) outcome group.", + "name": "Decline, Track, Coordinate", + "definition": "The coordinate outcome group.", "schemaVersion": "2.0.0", "values": [ { - "key": "W", - "name": "Won't", - "definition": "Won't" - }, - { - "key": "C", - "name": "Could", - "definition": "Could" + "key": "D", + "name": "Decline", + "definition": "Decline" }, { - "key": "S", - "name": "Should", - "definition": "Should" + "key": "T", + "name": "Track", + "definition": "Track" }, { - "key": "M", - "name": "Must", - "definition": "Must" + "key": "C", + "name": "Coordinate", + "definition": "Coordinate" } ] }, "values": { - "W": { - "key": "W", - "name": "Won't", - "definition": "Won't" + "D": { + "key": "D", + "name": "Decline", + "definition": "Decline" + }, + "T": { + "key": "T", + "name": "Track", + "definition": "Track" }, "C": { "key": "C", - "name": "Could", - "definition": "Could" - }, - "S": { - "key": "S", - "name": "Should", - "definition": "Should" - }, - "M": { - "key": "M", - "name": "Must", - "definition": "Must" + "name": "Coordinate", + "definition": "Coordinate" } } - } - } - }, - "VALUE_COMPLEXITY": { - "key": "VALUE_COMPLEXITY", - "versions": { - "1.0.0": { - "version": "1.0.0", + }, + "1.0.1": { + "version": "1.0.1", "obj": { - "namespace": "basic", - "key": "VALUE_COMPLEXITY", - "version": "1.0.0", - "name": "Value, Complexity", - "definition": "The Value/Complexity outcome group.", + "namespace": "ssvc", + "key": "COORDINATE", + "version": "1.0.1", + "name": "Decline, Track, Coordinate", + "definition": "The coordinate outcome group.", "schemaVersion": "2.0.0", "values": [ { "key": "D", - "name": "Drop", - "definition": "Drop" - }, - { - "key": "R", - "name": "Reconsider Later", - "definition": "Reconsider Later" + "name": "Decline", + "definition": "Do not act on the report." }, { - "key": "E", - "name": "Easy Win", - "definition": "Easy Win" + "key": "T", + "name": "Track", + "definition": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." }, { - "key": "F", - "name": "Do First", - "definition": "Do First" + "key": "C", + "name": "Coordinate", + "definition": "Take action on the report." } ] }, "values": { "D": { "key": "D", - "name": "Drop", - "definition": "Drop" - }, - "R": { - "key": "R", - "name": "Reconsider Later", - "definition": "Reconsider Later" + "name": "Decline", + "definition": "Do not act on the report." }, - "E": { - "key": "E", - "name": "Easy Win", - "definition": "Easy Win" + "T": { + "key": "T", + "name": "Track", + "definition": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." }, - "F": { - "key": "F", - "name": "Do First", - "definition": "Do First" + "C": { + "key": "C", + "name": "Coordinate", + "definition": "Take action on the report." } } } } }, - "YN": { - "key": "YN", + "DSOI": { + "key": "DSOI", "versions": { "1.0.0": { "version": "1.0.0", "obj": { - "namespace": "basic", - "key": "YN", + "namespace": "ssvc", + "key": "DSOI", "version": "1.0.0", - "name": "YesNo", - "definition": "A Yes/No decision point / outcome group.", + "name": "Defer, Scheduled, Out-of-Cycle, Immediate", + "definition": "The original SSVC outcome group.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "No", - "definition": "No" + "key": "D", + "name": "Defer", + "definition": "Defer" }, { - "key": "Y", - "name": "Yes", - "definition": "Yes" + "key": "S", + "name": "Scheduled", + "definition": "Scheduled" + }, + { + "key": "O", + "name": "Out-of-Cycle", + "definition": "Out-of-Cycle" + }, + { + "key": "I", + "name": "Immediate", + "definition": "Immediate" } ] }, "values": { - "N": { - "key": "N", - "name": "No", - "definition": "No" + "D": { + "key": "D", + "name": "Defer", + "definition": "Defer" }, - "Y": { - "key": "Y", - "name": "Yes", - "definition": "Yes" + "S": { + "key": "S", + "name": "Scheduled", + "definition": "Scheduled" + }, + "O": { + "key": "O", + "name": "Out-of-Cycle", + "definition": "Out-of-Cycle" + }, + "I": { + "key": "I", + "name": "Immediate", + "definition": "Immediate" } } } } }, - "LMH": { - "key": "LMH", + "PUBLISH": { + "key": "PUBLISH", "versions": { "1.0.0": { "version": "1.0.0", "obj": { - "namespace": "basic", - "key": "LMH", + "namespace": "ssvc", + "key": "PUBLISH", "version": "1.0.0", - "name": "LowMediumHigh", - "definition": "A Low/Medium/High decision point / outcome group.", + "name": "Publish, Do Not Publish", + "definition": "The publish outcome group.", "schemaVersion": "2.0.0", "values": [ { - "key": "L", - "name": "Low", - "definition": "Low" - }, - { - "key": "M", - "name": "Medium", - "definition": "Medium" + "key": "N", + "name": "Do Not Publish", + "definition": "Do Not Publish" }, { - "key": "H", - "name": "High", - "definition": "High" + "key": "P", + "name": "Publish", + "definition": "Publish" } ] }, "values": { - "L": { - "key": "L", - "name": "Low", - "definition": "Low" - }, - "M": { - "key": "M", - "name": "Medium", - "definition": "Medium" + "N": { + "key": "N", + "name": "Do Not Publish", + "definition": "Do Not Publish" }, - "H": { - "key": "H", - "name": "High", - "definition": "High" + "P": { + "key": "P", + "name": "Publish", + "definition": "Publish" } } } diff --git a/src/ssvc/decision_points/basic/__init__.py b/src/ssvc/decision_points/basic/__init__.py new file mode 100644 index 00000000..4b5013cf --- /dev/null +++ b/src/ssvc/decision_points/basic/__init__.py @@ -0,0 +1,21 @@ +""" +Provides SSVC decision points in the `basic` namespace. +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 diff --git a/src/ssvc/decision_points/basic/base.py b/src/ssvc/decision_points/basic/base.py new file mode 100644 index 00000000..437e14cf --- /dev/null +++ b/src/ssvc/decision_points/basic/base.py @@ -0,0 +1,32 @@ +#!/usr/bin/env python +""" +Provides a base class for decision points in the SSVC 'basic' namespace. +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from pydantic import BaseModel + +from ssvc.decision_points.base import DecisionPoint +from ssvc.namespaces import NameSpace + + +class BasicDecisionPoint(DecisionPoint,BaseModel): + namespace:str = NameSpace.BASIC + diff --git a/src/ssvc/decision_points/basic/probability/__init__.py b/src/ssvc/decision_points/basic/probability/__init__.py new file mode 100644 index 00000000..f9b5489a --- /dev/null +++ b/src/ssvc/decision_points/basic/probability/__init__.py @@ -0,0 +1,21 @@ + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +"""Provides basic probability bin decision points.""" \ No newline at end of file diff --git a/src/ssvc/decision_points/basic/probability/cis_wep.py b/src/ssvc/decision_points/basic/probability/cis_wep.py new file mode 100644 index 00000000..5886d5ea --- /dev/null +++ b/src/ssvc/decision_points/basic/probability/cis_wep.py @@ -0,0 +1,95 @@ +#!/usr/bin/env python +""" +Provides probability-based decision points for SSVC +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.base import DecisionPointValue +from ssvc.decision_points.basic.base import BasicDecisionPoint +from ssvc.decision_points.helpers import print_versions_and_diffs + +# based on https://www.cisecurity.org/ms-isac/services/words-of-estimative-probability-analytic-confidences-and-structured-analytic-techniques +ALMOST_NO_CHANCE = DecisionPointValue( + name="Almost No Chance", + key="ANC", + definition="Probability < 0.05. Almost no chance, remote", +) + +VERY_UNLIKELY = DecisionPointValue( + name="Very Unlikely", + key="VU", + definition="0.05 <= Probability < 0.20. Very unlikely, highly improbable.", +) + +UNLIKELY = DecisionPointValue( + name="Unlikely", + key="U", + definition="0.20 <= Probability < 0.45. Unlikely, improbable.", +) + +ROUGHLY_EVEN_CHANCE = DecisionPointValue( + name="Roughly Even Chance", + key="REC", + definition="0.45 <= Probability < 0.55. Roughly even chance, roughly even odds.", +) + +LIKELY = DecisionPointValue( + name="Likely", + key="L", + definition="0.55 <= Probability < 0.80. Likely, probable.", +) + +VERY_LIKELY = DecisionPointValue( + name="Very Likely", + key="VL", + definition="0.80 <= Probability < 0.95. Very likely, highly probable.", +) + +ALMOST_CERTAIN = DecisionPointValue( + name="Almost Certain", + key="AC", + definition="0.95 <= Probability. Almost certain, nearly certain.", +) + +CIS_CTI_WEP = BasicDecisionPoint( + key="CIS_WEP", + version="1.0.0", + name="CIS-CTI Words of Estimative Probability", + definition="A scale for expressing the likelihood of an event or outcome.", + values=( + ALMOST_NO_CHANCE, + VERY_UNLIKELY, + UNLIKELY, + ROUGHLY_EVEN_CHANCE, + LIKELY, + VERY_LIKELY, + ALMOST_CERTAIN, + ), +) + +VERSIONS =[CIS_CTI_WEP,] +LATEST = VERSIONS[-1] + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == '__main__': + main() diff --git a/src/ssvc/decision_points/basic/probability/five_equal.py b/src/ssvc/decision_points/basic/probability/five_equal.py new file mode 100644 index 00000000..5d70717b --- /dev/null +++ b/src/ssvc/decision_points/basic/probability/five_equal.py @@ -0,0 +1,75 @@ +#!/usr/bin/env python +""" +Provides a 5-level ascending probability scale decision point for SSVC +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +from ssvc.decision_points.base import DecisionPointValue +from ssvc.decision_points.basic.base import BasicDecisionPoint +from ssvc.decision_points.helpers import print_versions_and_diffs + +P0_20 = DecisionPointValue( + name="Less than 20%", + key="P0_20", + definition="Probability < 0.2", +) +P20_40 = DecisionPointValue( + name="20% to 40%", + key="P20_40", + definition="0.2 <= Probability < 0.4", +) +P40_60 = DecisionPointValue( + name="40% to 60%", + key="P40_60", + definition="0.4 <= Probability < 0.6", +) +P60_80 = DecisionPointValue( + name="60% to 80%", + key="P60_80", + definition="0.6 <= Probability < 0.8", +) +P80_100 = DecisionPointValue( + name="Greater than 80%", + key="P80_100", + definition="0.8 <= Probability <= 1.0", +) + +P5A = BasicDecisionPoint( + key="P_5A", + version="1.0.0", + name="Probability Scale in 5 equal levels, ascending", + definition="A probability scale with 20% increments", + values=( + P0_20, + P20_40, + P40_60, + P60_80, + P80_100, + ), +) + +VERSIONS = [P5A] +LATEST_VERSION = VERSIONS[-1] + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == '__main__': + main() diff --git a/src/ssvc/decision_points/basic/probability/five_weighted.py b/src/ssvc/decision_points/basic/probability/five_weighted.py new file mode 100644 index 00000000..84a44cc3 --- /dev/null +++ b/src/ssvc/decision_points/basic/probability/five_weighted.py @@ -0,0 +1,75 @@ +#!/usr/bin/env python +""" +Provides a 5-level ascending probability scale decision point for SSVC +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +from ssvc.decision_points.base import DecisionPointValue +from ssvc.decision_points.basic.base import BasicDecisionPoint +from ssvc.decision_points.helpers import print_versions_and_diffs + +P0_30 = DecisionPointValue( + name="Less than 30%", + key="P0_30", + definition="Probability < 0.3", +) +P30_55 = DecisionPointValue( + name="30% to 55%", + key="P30_55", + definition="0.3 <= Probability < 0.55", +) +P55_75 = DecisionPointValue( + name="55% to 75%", + key="P55_75", + definition="0.55 <= Probability < 0.75", +) +P75_90 = DecisionPointValue( + name="75% to 90%", + key="P75_90", + definition="0.75 <= Probability < 0.9", +) +P90_100 = DecisionPointValue( + name="Greater than 90%", + key="P90_100", + definition="0.9 <= Probability <= 1.0", +) + +P5W = BasicDecisionPoint( + key="P_5W", + version="1.0.0", + name="Probability Scale in 5 weighted levels, ascending", + definition="A probability scale with higher resolution as probability increases", + values=( + P0_30, + P30_55, + P55_75, + P75_90, + P90_100, + ), +) + +VERSIONS = [P5W] +LATEST_VERSION = VERSIONS[-1] + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == '__main__': + main() diff --git a/src/ssvc/decision_points/basic/probability/nist5.py b/src/ssvc/decision_points/basic/probability/nist5.py new file mode 100644 index 00000000..c223c32f --- /dev/null +++ b/src/ssvc/decision_points/basic/probability/nist5.py @@ -0,0 +1,78 @@ +#!/usr/bin/env python +""" +Provides a 5-level ascending probability scale decision point for SSVC +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +from ssvc.decision_points.base import DecisionPointValue +from ssvc.decision_points.basic.base import BasicDecisionPoint +from ssvc.decision_points.helpers import print_versions_and_diffs + +# These ranges are based on NIST SP 800-30 Rev. 1 Appendix G + +VERY_HIGH = DecisionPointValue( + name="Very High", + key="VH", + definition="96% <= Probability <= 100%. Almost certain.", +) +HIGH = DecisionPointValue( + name="High", + key="H", + definition="80% <= Probability < 96%. Highly likely.", +) +MODERATE = DecisionPointValue( + name="Moderate", + key="M", + definition="21% <= Probability < 80%. Somewhat likely.", +) +LOW = DecisionPointValue( + name="Low", + key="L", + definition="5% <= Probability < 21%. Unlikely.", +) +VERY_LOW = DecisionPointValue( + name="Very Low", + key="VL", + definition="0% <= Probability < 5%. Highly unlikely.", +) + + +P5X = BasicDecisionPoint( + key="P_5X", + version="1.0.0", + name="Probability Scale in 5 weighted levels, ascending", + definition="A probability scale with finer resolution at both extremes", + values=( + VERY_LOW, + LOW, + MODERATE, + HIGH, + VERY_HIGH, + ), +) + +VERSIONS = [P5X] +LATEST_VERSION = VERSIONS[-1] + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == '__main__': + main() diff --git a/src/ssvc/decision_points/basic/probability/two_equal.py b/src/ssvc/decision_points/basic/probability/two_equal.py new file mode 100644 index 00000000..cd867886 --- /dev/null +++ b/src/ssvc/decision_points/basic/probability/two_equal.py @@ -0,0 +1,57 @@ +#!/usr/bin/env python +""" +Provides a 2-level ascending probability scale decision point for SSVC +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 +from ssvc.decision_points.base import DecisionPointValue +from ssvc.decision_points.basic.base import BasicDecisionPoint +from ssvc.decision_points.helpers import print_versions_and_diffs + +P0_50 = DecisionPointValue( + name="Less than 50%", + key="LT50", + definition="0.0 <= Probability < 0.5", +) +P50_100 = DecisionPointValue( + name="Greater than 50%", + key="GT50", + definition="0.5 <= Probability <= 1.0", +) + +P2A = BasicDecisionPoint( + key="P_2A", + version="1.0.0", + name="Probability Scale in 2 equal levels, ascending", + definition="A probability scale that divides between less than 50% and greater than or equal to 50%", + values=( + P0_50, + P50_100, + ), +) + +VERSIONS = [P2A] +LATEST_VERSION = VERSIONS[-1] + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == '__main__': + main() diff --git a/src/ssvc/decision_points/basic/quantiles/__init__.py b/src/ssvc/decision_points/basic/quantiles/__init__.py new file mode 100644 index 00000000..32978ec6 --- /dev/null +++ b/src/ssvc/decision_points/basic/quantiles/__init__.py @@ -0,0 +1,21 @@ + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +"""Provides basic quantile bin decision points.""" \ No newline at end of file diff --git a/src/ssvc/decision_points/basic/quantiles/median.py b/src/ssvc/decision_points/basic/quantiles/median.py new file mode 100644 index 00000000..1a0c3f4b --- /dev/null +++ b/src/ssvc/decision_points/basic/quantiles/median.py @@ -0,0 +1,60 @@ +#!/usr/bin/env python +""" +Provides median-based decision points for SSVC +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.base import DecisionPointValue +from ssvc.decision_points.basic.base import BasicDecisionPoint +from ssvc.decision_points.helpers import print_versions_and_diffs + +BELOW = DecisionPointValue( + name="Below Median", + key="B", + definition="Quantile < 0.50. The lower half of the range of possible values.", +) +ABOVE = DecisionPointValue( + name="Above Median", + key="A", + definition="0.50 <= Quantile <= 1.0. The upper half of the range of possible values.", +) + + +MEDIAN = BasicDecisionPoint( + name="Median Split", + definition="A median split divides a distribution into two equal parts, with 50% of the values falling below the median and 50% above it.", + key="MEDIAN", + version="1.0.0", + values=( + BELOW, + ABOVE, + ), +) + +VERSIONS = [MEDIAN] +LATEST = VERSIONS[-1] + +def main(): + print_versions_and_diffs(VERSIONS) + pass + + +if __name__ == '__main__': + main() diff --git a/src/ssvc/decision_points/basic/quantiles/quartiles.py b/src/ssvc/decision_points/basic/quantiles/quartiles.py new file mode 100644 index 00000000..3b67c884 --- /dev/null +++ b/src/ssvc/decision_points/basic/quantiles/quartiles.py @@ -0,0 +1,71 @@ +#!/usr/bin/env python +""" +Provides quartile-based decision points for SSVC +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.base import DecisionPointValue +from ssvc.decision_points.basic.base import BasicDecisionPoint +from ssvc.decision_points.helpers import print_versions_and_diffs + +FIRST_QUARTILE = DecisionPointValue( + name="First Quartile", + key="Q1", + definition="Quantile < 0.25. The lowest 25% of the range of possible values.", +) +SECOND_QUARTILE = DecisionPointValue( + name="Second Quartile", + key="Q2", + definition="0.25 <= Quantile < 0.50. The second lowest 25% of the range of possible values.", +) +THIRD_QUARTILE = DecisionPointValue( + name="Third Quartile", + key="Q3", + definition="0.50 <= Quantile < 0.75. The second highest 25% of the range of possible values.", +) +FOURTH_QUARTILE = DecisionPointValue( + name="Fourth Quartile", + key="Q4", + definition="0.75 <= Quantile <= 1.0. The highest 25% of the range of possible values.", +) + +QUARTILES = BasicDecisionPoint( + name="Quartiles", + definition="A quartile is one of four equal groups that a population can be divided into according to the distribution of values of a particular variable.", + key="QUARTILES", + version="1.0.0", + values=( + FIRST_QUARTILE, + SECOND_QUARTILE, + THIRD_QUARTILE, + FOURTH_QUARTILE, + ), +) + +VERSIONS = [QUARTILES] +LATEST = VERSIONS[-1] + +def main(): + print_versions_and_diffs(VERSIONS) + pass + + +if __name__ == '__main__': + main() diff --git a/src/ssvc/decision_points/basic/quantiles/quintiles.py b/src/ssvc/decision_points/basic/quantiles/quintiles.py new file mode 100644 index 00000000..eed14cbf --- /dev/null +++ b/src/ssvc/decision_points/basic/quantiles/quintiles.py @@ -0,0 +1,77 @@ +#!/usr/bin/env python +""" +Provides quintile-based decision points for SSVC +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.base import DecisionPointValue +from ssvc.decision_points.basic.base import BasicDecisionPoint +from ssvc.decision_points.helpers import print_versions_and_diffs + +FIRST_QUINTILE= DecisionPointValue( + name="First Quintile", + key="Q1", + definition="Quantile < 0.20. The lowest 20% of the range of possible values.", +) +SECOND_QUINTILE= DecisionPointValue( + name="Second Quintile", + key="Q2", + definition="0.20 <= Quantile < 0.40. The second lowest 20% of the range of possible values.", +) +THIRD_QUINTILE= DecisionPointValue( + name="Third Quintile", + key="Q3", + definition="0.40 <= Quantile < 0.60. The middle 20% of the range of possible values.", +) +FOURTH_QUINTILE= DecisionPointValue( + name="Fourth Quintile", + key="Q4", + definition="0.60 <= Quantile < 0.80. The second highest 20% of the range of possible values.", +) +FIFTH_QUINTILE= DecisionPointValue( + name="Fifth Quintile", + key="Q5", + definition="0.80 <= Quantile <= 1.0. The highest 20% of the range of possible values.", +) + +QUINTILES = BasicDecisionPoint( + name="Quintiles", + definition="A quintile is one of five equal groups that a population can be divided into according to the distribution of values of a particular variable.", + key="QUINTILES", + version="1.0.0", + values=( + FIRST_QUINTILE, + SECOND_QUINTILE, + THIRD_QUINTILE, + FOURTH_QUINTILE, + FIFTH_QUINTILE, + ), +) + +VERSIONS = [QUINTILES] +LATEST = VERSIONS[-1] + +def main(): + print_versions_and_diffs(VERSIONS) + pass + + +if __name__ == '__main__': + main() diff --git a/src/ssvc/outcomes/basic/__init__.py b/src/ssvc/outcomes/basic/__init__.py index 482460e8..1444ae29 100644 --- a/src/ssvc/outcomes/basic/__init__.py +++ b/src/ssvc/outcomes/basic/__init__.py @@ -21,6 +21,7 @@ """ from .ike import LATEST as EISENHOWER +from .lmh import LATEST as LMH from .mscw import LATEST as MSCW from .value_complexity import LATEST as VALUE_COMPLEXITY from .yn import LATEST as YES_NO From c8f107e6abf5749fd43a6d96c12aed10bf75484f Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 28 Aug 2025 14:17:36 -0400 Subject: [PATCH 362/468] add "near boundary" decision point This can be used in situations where a quantized binned value might be close to a boundary condition, as part of a small decision table that could augment a decision based on that binning. --- src/ssvc/api/response_models/__init__.py | 13 ++++- src/ssvc/api/routers/namespaces.py | 7 ++- src/ssvc/decision_points/base.py | 4 +- src/ssvc/decision_points/basic/__init__.py | 1 + src/ssvc/decision_points/basic/base.py | 5 +- .../decision_points/basic/near_boundary.py | 58 +++++++++++++++++++ .../basic/probability/__init__.py | 3 +- .../basic/probability/cis_wep.py | 7 ++- .../basic/probability/five_equal.py | 3 +- .../basic/probability/five_weighted.py | 3 +- .../basic/probability/nist5.py | 3 +- .../basic/probability/two_equal.py | 3 +- .../basic/quantiles/__init__.py | 3 +- .../decision_points/basic/quantiles/median.py | 3 +- .../basic/quantiles/quartiles.py | 3 +- .../basic/quantiles/quintiles.py | 13 +++-- src/ssvc/selection.py | 4 +- src/test/api/response_models/__init__.py | 3 +- 18 files changed, 111 insertions(+), 28 deletions(-) create mode 100644 src/ssvc/decision_points/basic/near_boundary.py diff --git a/src/ssvc/api/response_models/__init__.py b/src/ssvc/api/response_models/__init__.py index d6de6b3f..e6415ed7 100644 --- a/src/ssvc/api/response_models/__init__.py +++ b/src/ssvc/api/response_models/__init__.py @@ -21,9 +21,16 @@ from pydantic import RootModel, model_validator -from ssvc.api.response_models._type_defs import (DecisionPointDictType, DecisionPointValuesListType, - DecisionTableDictType, KeyDictType, NamespaceDictType, StringsListType, - TypesDictType, VersionDictType) +from ssvc.api.response_models._type_defs import ( + DecisionPointDictType, + DecisionPointValuesListType, + DecisionTableDictType, + KeyDictType, + NamespaceDictType, + StringsListType, + TypesDictType, + VersionDictType, +) from ssvc.decision_points.base import DecisionPoint, DecisionPointValue from ssvc.decision_tables.base import DecisionTable diff --git a/src/ssvc/api/routers/namespaces.py b/src/ssvc/api/routers/namespaces.py index 59eb40a5..4ceec5e6 100644 --- a/src/ssvc/api/routers/namespaces.py +++ b/src/ssvc/api/routers/namespaces.py @@ -22,7 +22,12 @@ from fastapi import APIRouter from ssvc.api.helpers import _404_on_none -from ssvc.api.response_models import (ListOfStringsResponse, NamespaceDictResponse, NamespaceDictType, StringsListType) +from ssvc.api.response_models import ( + ListOfStringsResponse, + NamespaceDictResponse, + NamespaceDictType, + StringsListType, +) from ssvc.registry.base import get_registry, lookup_objtype router = APIRouter( diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index 26429be6..935515f9 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -157,7 +157,9 @@ def value_summaries(self) -> list[str]: def main(): - print("Please use doctools.py for schema generation and unit tests for verification") + print( + "Please use doctools.py for schema generation and unit tests for verification" + ) if __name__ == "__main__": diff --git a/src/ssvc/decision_points/basic/__init__.py b/src/ssvc/decision_points/basic/__init__.py index 4b5013cf..ebc4cbfc 100644 --- a/src/ssvc/decision_points/basic/__init__.py +++ b/src/ssvc/decision_points/basic/__init__.py @@ -1,6 +1,7 @@ """ Provides SSVC decision points in the `basic` namespace. """ + # Copyright (c) 2025 Carnegie Mellon University. # NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE # ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. diff --git a/src/ssvc/decision_points/basic/base.py b/src/ssvc/decision_points/basic/base.py index 437e14cf..57a87e32 100644 --- a/src/ssvc/decision_points/basic/base.py +++ b/src/ssvc/decision_points/basic/base.py @@ -27,6 +27,5 @@ from ssvc.namespaces import NameSpace -class BasicDecisionPoint(DecisionPoint,BaseModel): - namespace:str = NameSpace.BASIC - +class BasicDecisionPoint(DecisionPoint, BaseModel): + namespace: str = NameSpace.BASIC diff --git a/src/ssvc/decision_points/basic/near_boundary.py b/src/ssvc/decision_points/basic/near_boundary.py new file mode 100644 index 00000000..e69d352e --- /dev/null +++ b/src/ssvc/decision_points/basic/near_boundary.py @@ -0,0 +1,58 @@ +#!/usr/bin/env python +""" +Provides a boolean decision point that can be used to indicate if another value is near a boundary condition. +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.base import DecisionPointValue +from ssvc.decision_points.basic.base import BasicDecisionPoint +from ssvc.decision_points.helpers import print_versions_and_diffs + +NEAR_BOUNDARY = DecisionPointValue( + name="Near Boundary", + key="NB", + definition="The value is near a boundary condition", +) +NOT_NEAR_BOUNDARY = DecisionPointValue( + name="Not Near Boundary", + key="NN", + definition="The value is not near a boundary condition", +) +BOUNDARY_PROXIMITY = BasicDecisionPoint( + name="Boundary Proximity", + key="BP", + definition="Indicates whether another value is near a boundary condition, indicating that special consideration may be needed.", + version="1.0.0", + values=( + NOT_NEAR_BOUNDARY, + NEAR_BOUNDARY, + ), +) + +VERSIONS = (BOUNDARY_PROXIMITY,) +LATEST = VERSIONS[-1] + + +def main(): + print_versions_and_diffs(VERSIONS) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/decision_points/basic/probability/__init__.py b/src/ssvc/decision_points/basic/probability/__init__.py index f9b5489a..26276cf3 100644 --- a/src/ssvc/decision_points/basic/probability/__init__.py +++ b/src/ssvc/decision_points/basic/probability/__init__.py @@ -1,4 +1,3 @@ - # Copyright (c) 2025 Carnegie Mellon University. # NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE # ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. @@ -18,4 +17,4 @@ # subject to its own license. # DM24-0278 -"""Provides basic probability bin decision points.""" \ No newline at end of file +"""Provides basic probability bin decision points.""" diff --git a/src/ssvc/decision_points/basic/probability/cis_wep.py b/src/ssvc/decision_points/basic/probability/cis_wep.py index 5886d5ea..47afab41 100644 --- a/src/ssvc/decision_points/basic/probability/cis_wep.py +++ b/src/ssvc/decision_points/basic/probability/cis_wep.py @@ -84,12 +84,15 @@ ), ) -VERSIONS =[CIS_CTI_WEP,] +VERSIONS = [ + CIS_CTI_WEP, +] LATEST = VERSIONS[-1] + def main(): print_versions_and_diffs(VERSIONS) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/src/ssvc/decision_points/basic/probability/five_equal.py b/src/ssvc/decision_points/basic/probability/five_equal.py index 5d70717b..e6d3c52a 100644 --- a/src/ssvc/decision_points/basic/probability/five_equal.py +++ b/src/ssvc/decision_points/basic/probability/five_equal.py @@ -67,9 +67,10 @@ VERSIONS = [P5A] LATEST_VERSION = VERSIONS[-1] + def main(): print_versions_and_diffs(VERSIONS) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/src/ssvc/decision_points/basic/probability/five_weighted.py b/src/ssvc/decision_points/basic/probability/five_weighted.py index 84a44cc3..926d68bc 100644 --- a/src/ssvc/decision_points/basic/probability/five_weighted.py +++ b/src/ssvc/decision_points/basic/probability/five_weighted.py @@ -67,9 +67,10 @@ VERSIONS = [P5W] LATEST_VERSION = VERSIONS[-1] + def main(): print_versions_and_diffs(VERSIONS) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/src/ssvc/decision_points/basic/probability/nist5.py b/src/ssvc/decision_points/basic/probability/nist5.py index c223c32f..dbc3573b 100644 --- a/src/ssvc/decision_points/basic/probability/nist5.py +++ b/src/ssvc/decision_points/basic/probability/nist5.py @@ -70,9 +70,10 @@ VERSIONS = [P5X] LATEST_VERSION = VERSIONS[-1] + def main(): print_versions_and_diffs(VERSIONS) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/src/ssvc/decision_points/basic/probability/two_equal.py b/src/ssvc/decision_points/basic/probability/two_equal.py index cd867886..89e988cd 100644 --- a/src/ssvc/decision_points/basic/probability/two_equal.py +++ b/src/ssvc/decision_points/basic/probability/two_equal.py @@ -49,9 +49,10 @@ VERSIONS = [P2A] LATEST_VERSION = VERSIONS[-1] + def main(): print_versions_and_diffs(VERSIONS) -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/src/ssvc/decision_points/basic/quantiles/__init__.py b/src/ssvc/decision_points/basic/quantiles/__init__.py index 32978ec6..d5494b4d 100644 --- a/src/ssvc/decision_points/basic/quantiles/__init__.py +++ b/src/ssvc/decision_points/basic/quantiles/__init__.py @@ -1,4 +1,3 @@ - # Copyright (c) 2025 Carnegie Mellon University. # NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE # ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. @@ -18,4 +17,4 @@ # subject to its own license. # DM24-0278 -"""Provides basic quantile bin decision points.""" \ No newline at end of file +"""Provides basic quantile bin decision points.""" diff --git a/src/ssvc/decision_points/basic/quantiles/median.py b/src/ssvc/decision_points/basic/quantiles/median.py index 1a0c3f4b..ce382e0b 100644 --- a/src/ssvc/decision_points/basic/quantiles/median.py +++ b/src/ssvc/decision_points/basic/quantiles/median.py @@ -51,10 +51,11 @@ VERSIONS = [MEDIAN] LATEST = VERSIONS[-1] + def main(): print_versions_and_diffs(VERSIONS) pass -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/src/ssvc/decision_points/basic/quantiles/quartiles.py b/src/ssvc/decision_points/basic/quantiles/quartiles.py index 3b67c884..dd55b481 100644 --- a/src/ssvc/decision_points/basic/quantiles/quartiles.py +++ b/src/ssvc/decision_points/basic/quantiles/quartiles.py @@ -62,10 +62,11 @@ VERSIONS = [QUARTILES] LATEST = VERSIONS[-1] + def main(): print_versions_and_diffs(VERSIONS) pass -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/src/ssvc/decision_points/basic/quantiles/quintiles.py b/src/ssvc/decision_points/basic/quantiles/quintiles.py index eed14cbf..39b47608 100644 --- a/src/ssvc/decision_points/basic/quantiles/quintiles.py +++ b/src/ssvc/decision_points/basic/quantiles/quintiles.py @@ -25,27 +25,27 @@ from ssvc.decision_points.basic.base import BasicDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -FIRST_QUINTILE= DecisionPointValue( +FIRST_QUINTILE = DecisionPointValue( name="First Quintile", key="Q1", definition="Quantile < 0.20. The lowest 20% of the range of possible values.", ) -SECOND_QUINTILE= DecisionPointValue( +SECOND_QUINTILE = DecisionPointValue( name="Second Quintile", key="Q2", definition="0.20 <= Quantile < 0.40. The second lowest 20% of the range of possible values.", ) -THIRD_QUINTILE= DecisionPointValue( +THIRD_QUINTILE = DecisionPointValue( name="Third Quintile", key="Q3", definition="0.40 <= Quantile < 0.60. The middle 20% of the range of possible values.", ) -FOURTH_QUINTILE= DecisionPointValue( +FOURTH_QUINTILE = DecisionPointValue( name="Fourth Quintile", key="Q4", definition="0.60 <= Quantile < 0.80. The second highest 20% of the range of possible values.", ) -FIFTH_QUINTILE= DecisionPointValue( +FIFTH_QUINTILE = DecisionPointValue( name="Fifth Quintile", key="Q5", definition="0.80 <= Quantile <= 1.0. The highest 20% of the range of possible values.", @@ -68,10 +68,11 @@ VERSIONS = [QUINTILES] LATEST = VERSIONS[-1] + def main(): print_versions_and_diffs(VERSIONS) pass -if __name__ == '__main__': +if __name__ == "__main__": main() diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index 440834eb..dcf21ed2 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -360,7 +360,9 @@ def model_json_schema(cls, **kwargs): def main() -> None: - print("Please use doctools.py for schema generation and unit tests for verification") + print( + "Please use doctools.py for schema generation and unit tests for verification" + ) if __name__ == "__main__": diff --git a/src/test/api/response_models/__init__.py b/src/test/api/response_models/__init__.py index f18e5308..49ba3463 100644 --- a/src/test/api/response_models/__init__.py +++ b/src/test/api/response_models/__init__.py @@ -25,9 +25,10 @@ # subject to its own license. # DM24-0278 + def main(): pass -if __name__ == '__main__': +if __name__ == "__main__": main() From 944de8950ca64fdfad7bdda3128b5657d6559306 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 28 Aug 2025 14:17:54 -0400 Subject: [PATCH 363/468] add "near boundary" decision point This can be used in situations where a quantized binned value might be close to a boundary condition, as part of a small decision table that could augment a decision based on that binning. --- .../basic/boundary_proximity_1_0_0.json | 20 ++++++++++ data/json/ssvc_object_registry.json | 40 +++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 data/json/decision_points/basic/boundary_proximity_1_0_0.json diff --git a/data/json/decision_points/basic/boundary_proximity_1_0_0.json b/data/json/decision_points/basic/boundary_proximity_1_0_0.json new file mode 100644 index 00000000..4262d458 --- /dev/null +++ b/data/json/decision_points/basic/boundary_proximity_1_0_0.json @@ -0,0 +1,20 @@ +{ + "namespace": "basic", + "key": "BP", + "version": "1.0.0", + "name": "Boundary Proximity", + "definition": "Indicates whether another value is near a boundary condition, indicating that special consideration may be needed.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "NN", + "name": "Not Near Boundary", + "definition": "The value is not near a boundary condition" + }, + { + "key": "NB", + "name": "Near Boundary", + "definition": "The value is near a boundary condition" + } + ] +} diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index a51bf86f..411e1016 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -9,6 +9,46 @@ "basic": { "namespace": "basic", "keys": { + "BP": { + "key": "BP", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "basic", + "key": "BP", + "version": "1.0.0", + "name": "Boundary Proximity", + "definition": "Indicates whether another value is near a boundary condition, indicating that special consideration may be needed.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "NN", + "name": "Not Near Boundary", + "definition": "The value is not near a boundary condition" + }, + { + "key": "NB", + "name": "Near Boundary", + "definition": "The value is near a boundary condition" + } + ] + }, + "values": { + "NN": { + "key": "NN", + "name": "Not Near Boundary", + "definition": "The value is not near a boundary condition" + }, + "NB": { + "key": "NB", + "name": "Near Boundary", + "definition": "The value is near a boundary condition" + } + } + } + } + }, "CIS_WEP": { "key": "CIS_WEP", "versions": { From 12ed6e82a80b23bb02c5f8f75560b9dff108e09a Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 28 Aug 2025 14:32:06 -0400 Subject: [PATCH 364/468] reverse extraneous changes `black` got a little ambitious on me --- src/ssvc/api/response_models/__init__.py | 13 +++---------- src/ssvc/api/routers/namespaces.py | 7 +------ src/ssvc/selection.py | 4 +--- src/test/api/response_models/__init__.py | 3 +-- 4 files changed, 6 insertions(+), 21 deletions(-) diff --git a/src/ssvc/api/response_models/__init__.py b/src/ssvc/api/response_models/__init__.py index e6415ed7..d6de6b3f 100644 --- a/src/ssvc/api/response_models/__init__.py +++ b/src/ssvc/api/response_models/__init__.py @@ -21,16 +21,9 @@ from pydantic import RootModel, model_validator -from ssvc.api.response_models._type_defs import ( - DecisionPointDictType, - DecisionPointValuesListType, - DecisionTableDictType, - KeyDictType, - NamespaceDictType, - StringsListType, - TypesDictType, - VersionDictType, -) +from ssvc.api.response_models._type_defs import (DecisionPointDictType, DecisionPointValuesListType, + DecisionTableDictType, KeyDictType, NamespaceDictType, StringsListType, + TypesDictType, VersionDictType) from ssvc.decision_points.base import DecisionPoint, DecisionPointValue from ssvc.decision_tables.base import DecisionTable diff --git a/src/ssvc/api/routers/namespaces.py b/src/ssvc/api/routers/namespaces.py index 4ceec5e6..59eb40a5 100644 --- a/src/ssvc/api/routers/namespaces.py +++ b/src/ssvc/api/routers/namespaces.py @@ -22,12 +22,7 @@ from fastapi import APIRouter from ssvc.api.helpers import _404_on_none -from ssvc.api.response_models import ( - ListOfStringsResponse, - NamespaceDictResponse, - NamespaceDictType, - StringsListType, -) +from ssvc.api.response_models import (ListOfStringsResponse, NamespaceDictResponse, NamespaceDictType, StringsListType) from ssvc.registry.base import get_registry, lookup_objtype router = APIRouter( diff --git a/src/ssvc/selection.py b/src/ssvc/selection.py index dcf21ed2..440834eb 100644 --- a/src/ssvc/selection.py +++ b/src/ssvc/selection.py @@ -360,9 +360,7 @@ def model_json_schema(cls, **kwargs): def main() -> None: - print( - "Please use doctools.py for schema generation and unit tests for verification" - ) + print("Please use doctools.py for schema generation and unit tests for verification") if __name__ == "__main__": diff --git a/src/test/api/response_models/__init__.py b/src/test/api/response_models/__init__.py index 49ba3463..f18e5308 100644 --- a/src/test/api/response_models/__init__.py +++ b/src/test/api/response_models/__init__.py @@ -25,10 +25,9 @@ # subject to its own license. # DM24-0278 - def main(): pass -if __name__ == "__main__": +if __name__ == '__main__': main() From eca3ebe1b28eaafe08b87619a317640b93aa7c3c Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 28 Aug 2025 15:09:41 -0400 Subject: [PATCH 365/468] add "just below" and "just above" to "near boundary" --- .../basic/boundary_proximity_1_0_0.json | 11 ++++++--- data/json/ssvc_object_registry.json | 24 +++++++++++++------ .../decision_points/basic/near_boundary.py | 17 +++++++++---- .../basic/probability/five_equal.py | 2 +- .../basic/probability/five_weighted.py | 2 +- .../basic/probability/nist5.py | 2 +- .../basic/probability/two_equal.py | 2 +- 7 files changed, 41 insertions(+), 19 deletions(-) diff --git a/data/json/decision_points/basic/boundary_proximity_1_0_0.json b/data/json/decision_points/basic/boundary_proximity_1_0_0.json index 4262d458..6ac74b82 100644 --- a/data/json/decision_points/basic/boundary_proximity_1_0_0.json +++ b/data/json/decision_points/basic/boundary_proximity_1_0_0.json @@ -12,9 +12,14 @@ "definition": "The value is not near a boundary condition" }, { - "key": "NB", - "name": "Near Boundary", - "definition": "The value is near a boundary condition" + "key": "JA", + "name": "Just Above Boundary", + "definition": "The value is just above a boundary condition" + }, + { + "key": "JB", + "name": "Just Below Boundary", + "definition": "The value is just below a boundary condition" } ] } diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index 411e1016..453d2a19 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -28,9 +28,14 @@ "definition": "The value is not near a boundary condition" }, { - "key": "NB", - "name": "Near Boundary", - "definition": "The value is near a boundary condition" + "key": "JA", + "name": "Just Above Boundary", + "definition": "The value is just above a boundary condition" + }, + { + "key": "JB", + "name": "Just Below Boundary", + "definition": "The value is just below a boundary condition" } ] }, @@ -40,10 +45,15 @@ "name": "Not Near Boundary", "definition": "The value is not near a boundary condition" }, - "NB": { - "key": "NB", - "name": "Near Boundary", - "definition": "The value is near a boundary condition" + "JA": { + "key": "JA", + "name": "Just Above Boundary", + "definition": "The value is just above a boundary condition" + }, + "JB": { + "key": "JB", + "name": "Just Below Boundary", + "definition": "The value is just below a boundary condition" } } } diff --git a/src/ssvc/decision_points/basic/near_boundary.py b/src/ssvc/decision_points/basic/near_boundary.py index e69d352e..2fc5a28b 100644 --- a/src/ssvc/decision_points/basic/near_boundary.py +++ b/src/ssvc/decision_points/basic/near_boundary.py @@ -25,11 +25,17 @@ from ssvc.decision_points.basic.base import BasicDecisionPoint from ssvc.decision_points.helpers import print_versions_and_diffs -NEAR_BOUNDARY = DecisionPointValue( - name="Near Boundary", - key="NB", - definition="The value is near a boundary condition", +JUST_BELOW_BOUNDARY = DecisionPointValue( + name="Just Below Boundary", + key="JB", + definition="The value is just below a boundary condition", ) +JUST_ABOVE_BOUNDARY = DecisionPointValue( + name="Just Above Boundary", + key="JA", + definition="The value is just above a boundary condition", +) + NOT_NEAR_BOUNDARY = DecisionPointValue( name="Not Near Boundary", key="NN", @@ -42,7 +48,8 @@ version="1.0.0", values=( NOT_NEAR_BOUNDARY, - NEAR_BOUNDARY, + JUST_ABOVE_BOUNDARY, + JUST_BELOW_BOUNDARY, ), ) diff --git a/src/ssvc/decision_points/basic/probability/five_equal.py b/src/ssvc/decision_points/basic/probability/five_equal.py index e6d3c52a..f2017422 100644 --- a/src/ssvc/decision_points/basic/probability/five_equal.py +++ b/src/ssvc/decision_points/basic/probability/five_equal.py @@ -65,7 +65,7 @@ ) VERSIONS = [P5A] -LATEST_VERSION = VERSIONS[-1] +LATEST = VERSIONS[-1] def main(): diff --git a/src/ssvc/decision_points/basic/probability/five_weighted.py b/src/ssvc/decision_points/basic/probability/five_weighted.py index 926d68bc..54488f09 100644 --- a/src/ssvc/decision_points/basic/probability/five_weighted.py +++ b/src/ssvc/decision_points/basic/probability/five_weighted.py @@ -65,7 +65,7 @@ ) VERSIONS = [P5W] -LATEST_VERSION = VERSIONS[-1] +LATEST = VERSIONS[-1] def main(): diff --git a/src/ssvc/decision_points/basic/probability/nist5.py b/src/ssvc/decision_points/basic/probability/nist5.py index dbc3573b..0249d700 100644 --- a/src/ssvc/decision_points/basic/probability/nist5.py +++ b/src/ssvc/decision_points/basic/probability/nist5.py @@ -68,7 +68,7 @@ ) VERSIONS = [P5X] -LATEST_VERSION = VERSIONS[-1] +LATEST = VERSIONS[-1] def main(): diff --git a/src/ssvc/decision_points/basic/probability/two_equal.py b/src/ssvc/decision_points/basic/probability/two_equal.py index 89e988cd..e5c5309e 100644 --- a/src/ssvc/decision_points/basic/probability/two_equal.py +++ b/src/ssvc/decision_points/basic/probability/two_equal.py @@ -47,7 +47,7 @@ ) VERSIONS = [P2A] -LATEST_VERSION = VERSIONS[-1] +LATEST = VERSIONS[-1] def main(): From f2aae3d2dcb54b155d99f934275fde7ac6142878 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Thu, 28 Aug 2025 15:57:35 -0400 Subject: [PATCH 366/468] first draft of epss example docs --- ..._in_5_weighted_levels_ascending_1_0_0.json | 2 +- data/json/ssvc_object_registry.json | 3620 ++++++++--------- docs/howto/using_epss/epss_percentiles.md | 158 + docs/howto/using_epss/epss_probability.md | 174 + docs/howto/using_epss/index.md | 30 + mkdocs.yml | 4 + .../basic/probability/__init__.py | 8 + .../basic/probability/nist5.py | 2 +- .../basic/quantiles/__init__.py | 6 + src/ssvc/decision_points/example/__init__.py | 20 + src/ssvc/decision_points/example/base.py | 30 + src/ssvc/decision_tables/example/__init__.py | 21 + src/ssvc/decision_tables/example/base.py | 32 + .../example/epss_percentile.py | 271 ++ .../decision_tables/example/epss_quartile.py | 93 + 15 files changed, 2659 insertions(+), 1812 deletions(-) create mode 100644 docs/howto/using_epss/epss_percentiles.md create mode 100644 docs/howto/using_epss/epss_probability.md create mode 100644 docs/howto/using_epss/index.md create mode 100644 src/ssvc/decision_points/example/__init__.py create mode 100644 src/ssvc/decision_points/example/base.py create mode 100644 src/ssvc/decision_tables/example/__init__.py create mode 100644 src/ssvc/decision_tables/example/base.py create mode 100644 src/ssvc/decision_tables/example/epss_percentile.py create mode 100644 src/ssvc/decision_tables/example/epss_quartile.py diff --git a/data/json/decision_points/basic/probability_scale_in_5_weighted_levels_ascending_1_0_0.json b/data/json/decision_points/basic/probability_scale_in_5_weighted_levels_ascending_1_0_0.json index b9e5803a..2b5df7aa 100644 --- a/data/json/decision_points/basic/probability_scale_in_5_weighted_levels_ascending_1_0_0.json +++ b/data/json/decision_points/basic/probability_scale_in_5_weighted_levels_ascending_1_0_0.json @@ -3,7 +3,7 @@ "key": "P_5X", "version": "1.0.0", "name": "Probability Scale in 5 weighted levels, ascending", - "definition": "A probability scale with finer resolution at both extremes", + "definition": "A probability scale with finer resolution at both extremes, based on NIST SP 800-30 Rev. 1 Appendix G", "schemaVersion": "2.0.0", "values": [ { diff --git a/data/json/ssvc_object_registry.json b/data/json/ssvc_object_registry.json index 453d2a19..151e6dd2 100644 --- a/data/json/ssvc_object_registry.json +++ b/data/json/ssvc_object_registry.json @@ -299,7 +299,7 @@ "key": "P_5X", "version": "1.0.0", "name": "Probability Scale in 5 weighted levels, ascending", - "definition": "A probability scale with finer resolution at both extremes", + "definition": "A probability scale with finer resolution at both extremes, based on NIST SP 800-30 Rev. 1 Appendix G", "schemaVersion": "2.0.0", "values": [ { @@ -19194,44 +19194,19 @@ "ssvc": { "namespace": "ssvc", "keys": { - "DT_COORD_PUBLISH": { - "key": "DT_COORD_PUBLISH", + "DT_DP": { + "key": "DT_DP", "versions": { "1.0.0": { "version": "1.0.0", "obj": { "namespace": "ssvc", - "key": "DT_COORD_PUBLISH", + "key": "DT_DP", "version": "1.0.0", - "name": "Coordinator Publish Decision Table", - "definition": "This decision table is used to determine the priority of a coordinator publish.", + "name": "Deployer Patch Application Priority", + "definition": "Decision table for evaluating deployer's patch application priority in SSVC", "schemaVersion": "2.0.0", "decision_points": { - "ssvc:SINV:1.0.0": { - "namespace": "ssvc", - "key": "SINV", - "version": "1.0.0", - "name": "Supplier Involvement", - "definition": "What is the state of the supplier’s work on addressing the vulnerability?", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "FR", - "name": "Fix Ready", - "definition": "The supplier has provided a patch or fix." - }, - { - "key": "C", - "name": "Cooperative", - "definition": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." - }, - { - "key": "UU", - "name": "Uncooperative/Unresponsive", - "definition": "The supplier has not responded, declined to generate a remediation, or no longer exists." - } - ] - }, "ssvc:E:1.1.0": { "namespace": "ssvc", "key": "E", @@ -19257,904 +19232,1094 @@ } ] }, - "ssvc:PVA:1.0.0": { + "ssvc:EXP:1.0.1": { "namespace": "ssvc", - "key": "PVA", - "version": "1.0.0", - "name": "Public Value Added", - "definition": "How much value would a publication from the coordinator benefit the broader community?", + "key": "EXP", + "version": "1.0.1", + "name": "System Exposure", + "definition": "The Accessible Attack Surface of the Affected System or Service", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "S", + "name": "Small", + "definition": "Local service or program; highly controlled network" + }, + { + "key": "C", + "name": "Controlled", + "definition": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." + }, + { + "key": "O", + "name": "Open", + "definition": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" + } + ] + }, + "ssvc:A:2.0.0": { + "namespace": "ssvc", + "key": "A", + "version": "2.0.0", + "name": "Automatable", + "definition": "Can an attacker reliably automate creating exploitation events for this vulnerability?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "definition": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." + }, + { + "key": "Y", + "name": "Yes", + "definition": "Attackers can reliably automate steps 1-4 of the kill chain." + } + ] + }, + "ssvc:HI:2.0.2": { + "namespace": "ssvc", + "key": "HI", + "version": "2.0.2", + "name": "Human Impact", + "definition": "Human Impact is a combination of Safety and Mission impacts.", "schemaVersion": "2.0.0", "values": [ { "key": "L", - "name": "Limited", - "definition": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." + "name": "Low", + "definition": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" }, { - "key": "A", - "name": "Ampliative", - "definition": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." + "key": "M", + "name": "Medium", + "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" }, { - "key": "P", - "name": "Precedence", - "definition": "The publication would be the first publicly available, or be coincident with the first publicly available." + "key": "H", + "name": "High", + "definition": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" + }, + { + "key": "VH", + "name": "Very High", + "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" } ] }, - "ssvc:PUBLISH:1.0.0": { + "ssvc:DSOI:1.0.0": { "namespace": "ssvc", - "key": "PUBLISH", + "key": "DSOI", "version": "1.0.0", - "name": "Publish, Do Not Publish", - "definition": "The publish outcome group.", + "name": "Defer, Scheduled, Out-of-Cycle, Immediate", + "definition": "The original SSVC outcome group.", "schemaVersion": "2.0.0", "values": [ { - "key": "N", - "name": "Do Not Publish", - "definition": "Do Not Publish" + "key": "D", + "name": "Defer", + "definition": "Defer" }, { - "key": "P", - "name": "Publish", - "definition": "Publish" + "key": "S", + "name": "Scheduled", + "definition": "Scheduled" + }, + { + "key": "O", + "name": "Out-of-Cycle", + "definition": "Out-of-Cycle" + }, + { + "key": "I", + "name": "Immediate", + "definition": "Immediate" } ] } }, - "outcome": "ssvc:PUBLISH:1.0.0", + "outcome": "ssvc:DSOI:1.0.0", "mapping": [ { - "ssvc:SINV:1.0.0": "FR", "ssvc:E:1.1.0": "N", - "ssvc:PVA:1.0.0": "L", - "ssvc:PUBLISH:1.0.0": "N" + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "D" }, { - "ssvc:SINV:1.0.0": "C", "ssvc:E:1.1.0": "N", - "ssvc:PVA:1.0.0": "L", - "ssvc:PUBLISH:1.0.0": "N" + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "D" }, { - "ssvc:SINV:1.0.0": "FR", - "ssvc:E:1.1.0": "P", - "ssvc:PVA:1.0.0": "L", - "ssvc:PUBLISH:1.0.0": "N" + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "FR", "ssvc:E:1.1.0": "N", - "ssvc:PVA:1.0.0": "A", - "ssvc:PUBLISH:1.0.0": "N" + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "UU", "ssvc:E:1.1.0": "N", - "ssvc:PVA:1.0.0": "L", - "ssvc:PUBLISH:1.0.0": "N" + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "D" }, { - "ssvc:SINV:1.0.0": "C", - "ssvc:E:1.1.0": "P", - "ssvc:PVA:1.0.0": "L", - "ssvc:PUBLISH:1.0.0": "N" + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "FR", - "ssvc:E:1.1.0": "A", - "ssvc:PVA:1.0.0": "L", - "ssvc:PUBLISH:1.0.0": "N" + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "C", "ssvc:E:1.1.0": "N", - "ssvc:PVA:1.0.0": "A", - "ssvc:PUBLISH:1.0.0": "N" + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "FR", - "ssvc:E:1.1.0": "P", - "ssvc:PVA:1.0.0": "A", - "ssvc:PUBLISH:1.0.0": "N" + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "D" }, { - "ssvc:SINV:1.0.0": "FR", "ssvc:E:1.1.0": "N", - "ssvc:PVA:1.0.0": "P", - "ssvc:PUBLISH:1.0.0": "P" + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "UU", - "ssvc:E:1.1.0": "P", - "ssvc:PVA:1.0.0": "L", - "ssvc:PUBLISH:1.0.0": "N" + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "C", - "ssvc:E:1.1.0": "A", - "ssvc:PVA:1.0.0": "L", - "ssvc:PUBLISH:1.0.0": "N" + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "UU", "ssvc:E:1.1.0": "N", - "ssvc:PVA:1.0.0": "A", - "ssvc:PUBLISH:1.0.0": "N" + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "C", - "ssvc:E:1.1.0": "P", - "ssvc:PVA:1.0.0": "A", - "ssvc:PUBLISH:1.0.0": "N" + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "FR", - "ssvc:E:1.1.0": "A", - "ssvc:PVA:1.0.0": "A", - "ssvc:PUBLISH:1.0.0": "P" + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "C", "ssvc:E:1.1.0": "N", - "ssvc:PVA:1.0.0": "P", - "ssvc:PUBLISH:1.0.0": "P" + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "FR", - "ssvc:E:1.1.0": "P", - "ssvc:PVA:1.0.0": "P", - "ssvc:PUBLISH:1.0.0": "P" + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "D" }, { - "ssvc:SINV:1.0.0": "UU", - "ssvc:E:1.1.0": "A", - "ssvc:PVA:1.0.0": "L", - "ssvc:PUBLISH:1.0.0": "P" + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "UU", - "ssvc:E:1.1.0": "P", - "ssvc:PVA:1.0.0": "A", - "ssvc:PUBLISH:1.0.0": "P" + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "C", - "ssvc:E:1.1.0": "A", - "ssvc:PVA:1.0.0": "A", - "ssvc:PUBLISH:1.0.0": "P" + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "UU", "ssvc:E:1.1.0": "N", - "ssvc:PVA:1.0.0": "P", - "ssvc:PUBLISH:1.0.0": "P" + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "C", - "ssvc:E:1.1.0": "P", - "ssvc:PVA:1.0.0": "P", - "ssvc:PUBLISH:1.0.0": "P" + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "FR", - "ssvc:E:1.1.0": "A", - "ssvc:PVA:1.0.0": "P", - "ssvc:PUBLISH:1.0.0": "P" + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "UU", - "ssvc:E:1.1.0": "A", - "ssvc:PVA:1.0.0": "A", - "ssvc:PUBLISH:1.0.0": "P" + "ssvc:E:1.1.0": "N", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:SINV:1.0.0": "UU", "ssvc:E:1.1.0": "P", - "ssvc:PVA:1.0.0": "P", - "ssvc:PUBLISH:1.0.0": "P" + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "D" }, { - "ssvc:SINV:1.0.0": "C", - "ssvc:E:1.1.0": "A", - "ssvc:PVA:1.0.0": "P", - "ssvc:PUBLISH:1.0.0": "P" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:SINV:1.0.0": "UU", - "ssvc:E:1.1.0": "A", - "ssvc:PVA:1.0.0": "P", - "ssvc:PUBLISH:1.0.0": "P" - } - ] - } - } - } - }, - "DT_COORD_TRIAGE": { - "key": "DT_COORD_TRIAGE", - "versions": { - "1.0.0": { - "version": "1.0.0", - "obj": { - "namespace": "ssvc", - "key": "DT_COORD_TRIAGE", - "version": "1.0.0", - "name": "Coordinator Triage", - "definition": "Decision table for coordinator triage", - "schemaVersion": "2.0.0", - "decision_points": { - "ssvc:RP:1.0.0": { - "namespace": "ssvc", - "key": "RP", - "version": "1.0.0", - "name": "Report Public", - "definition": "Is a viable report of the details of the vulnerability already publicly available?", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "Y", - "name": "Yes", - "definition": "A public report of the vulnerability exists." - }, - { - "key": "N", - "name": "No", - "definition": "No public report of the vulnerability exists." - } - ] + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" }, - "ssvc:SCON:1.0.0": { - "namespace": "ssvc", - "key": "SCON", - "version": "1.0.0", - "name": "Supplier Contacted", - "definition": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "N", - "name": "No", - "definition": "The supplier has not been contacted." - }, - { - "key": "Y", - "name": "Yes", - "definition": "The supplier has been contacted." - } - ] + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "S" }, - "ssvc:RC:1.0.0": { - "namespace": "ssvc", - "key": "RC", - "version": "1.0.0", - "name": "Report Credibility", - "definition": "Is the report credible?", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "NC", - "name": "Not Credible", - "definition": "The report is not credible." - }, - { - "key": "C", - "name": "Credible", - "definition": "The report is credible." - } - ] + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "S" }, - "ssvc:SC:1.0.0": { - "namespace": "ssvc", - "key": "SC", - "version": "1.0.0", - "name": "Supplier Cardinality", - "definition": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "O", - "name": "One", - "definition": "There is only one supplier of the vulnerable component." - }, - { - "key": "M", - "name": "Multiple", - "definition": "There are multiple suppliers of the vulnerable component." - } - ] + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" }, - "ssvc:SE:1.0.0": { - "namespace": "ssvc", - "key": "SE", - "version": "1.0.0", - "name": "Supplier Engagement", - "definition": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "A", - "name": "Active", - "definition": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." - }, - { - "key": "U", - "name": "Unresponsive", - "definition": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." - } - ] + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" }, - "ssvc:U:1.0.1": { - "namespace": "ssvc", - "key": "U", - "version": "1.0.1", - "name": "Utility", - "definition": "The Usefulness of the Exploit to the Adversary", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "L", - "name": "Laborious", - "definition": "Automatable:No AND Value Density:Diffuse" - }, - { - "key": "E", - "name": "Efficient", - "definition": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" - }, - { - "key": "S", - "name": "Super Effective", - "definition": "Automatable:Yes AND Value Density:Concentrated" - } - ] - }, - "ssvc:PSI:2.0.1": { - "namespace": "ssvc", - "key": "PSI", - "version": "2.0.1", - "name": "Public Safety Impact", - "definition": "A coarse-grained representation of impact to public safety.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "M", - "name": "Minimal", - "definition": "Safety Impact:Negligible" - }, - { - "key": "S", - "name": "Significant", - "definition": "Safety Impact:(Marginal OR Critical OR Catastrophic)" - } - ] + { + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "S" }, - "ssvc:COORDINATE:1.0.1": { - "namespace": "ssvc", - "key": "COORDINATE", - "version": "1.0.1", - "name": "Decline, Track, Coordinate", - "definition": "The coordinate outcome group.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "D", - "name": "Decline", - "definition": "Do not act on the report." - }, - { - "key": "T", - "name": "Track", - "definition": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." - }, - { - "key": "C", - "name": "Coordinate", - "definition": "Take action on the report." - } - ] - } - }, - "outcome": "ssvc:COORDINATE:1.0.1", - "mapping": [ { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "D" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "P", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "S", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "C", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "S" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "N", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "I" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "L", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "M", + "ssvc:DSOI:1.0.0": "O" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "H", + "ssvc:DSOI:1.0.0": "I" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:E:1.1.0": "A", + "ssvc:EXP:1.0.1": "O", + "ssvc:A:2.0.0": "Y", + "ssvc:HI:2.0.2": "VH", + "ssvc:DSOI:1.0.0": "I" + } + ] + } + } + } + }, + "DT_COORD_PUBLISH": { + "key": "DT_COORD_PUBLISH", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "DT_COORD_PUBLISH", + "version": "1.0.0", + "name": "Coordinator Publish Decision Table", + "definition": "This decision table is used to determine the priority of a coordinator publish.", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:SINV:1.0.0": { + "namespace": "ssvc", + "key": "SINV", + "version": "1.0.0", + "name": "Supplier Involvement", + "definition": "What is the state of the supplier’s work on addressing the vulnerability?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "FR", + "name": "Fix Ready", + "definition": "The supplier has provided a patch or fix." + }, + { + "key": "C", + "name": "Cooperative", + "definition": "The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time." + }, + { + "key": "UU", + "name": "Uncooperative/Unresponsive", + "definition": "The supplier has not responded, declined to generate a remediation, or no longer exists." + } + ] + }, + "ssvc:E:1.1.0": { + "namespace": "ssvc", + "key": "E", + "version": "1.1.0", + "name": "Exploitation", + "definition": "The present state of exploitation of the vulnerability.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "None", + "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." + }, + { + "key": "P", + "name": "Public PoC", + "definition": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." + }, + { + "key": "A", + "name": "Active", + "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." + } + ] + }, + "ssvc:PVA:1.0.0": { + "namespace": "ssvc", + "key": "PVA", + "version": "1.0.0", + "name": "Public Value Added", + "definition": "How much value would a publication from the coordinator benefit the broader community?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Limited", + "definition": "Minimal value added to the existing public information because existing information is already high quality and in multiple outlets." + }, + { + "key": "A", + "name": "Ampliative", + "definition": "Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc." + }, + { + "key": "P", + "name": "Precedence", + "definition": "The publication would be the first publicly available, or be coincident with the first publicly available." + } + ] }, + "ssvc:PUBLISH:1.0.0": { + "namespace": "ssvc", + "key": "PUBLISH", + "version": "1.0.0", + "name": "Publish, Do Not Publish", + "definition": "The publish outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "Do Not Publish", + "definition": "Do Not Publish" + }, + { + "key": "P", + "name": "Publish", + "definition": "Publish" + } + ] + } + }, + "outcome": "ssvc:PUBLISH:1.0.0", + "mapping": [ { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" }, { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "N" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "L", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "N", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "FR", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "A", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "P", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "C", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + }, + { + "ssvc:SINV:1.0.0": "UU", + "ssvc:E:1.1.0": "A", + "ssvc:PVA:1.0.0": "P", + "ssvc:PUBLISH:1.0.0": "P" + } + ] + } + } + } + }, + "DT_COORD_TRIAGE": { + "key": "DT_COORD_TRIAGE", + "versions": { + "1.0.0": { + "version": "1.0.0", + "obj": { + "namespace": "ssvc", + "key": "DT_COORD_TRIAGE", + "version": "1.0.0", + "name": "Coordinator Triage", + "definition": "Decision table for coordinator triage", + "schemaVersion": "2.0.0", + "decision_points": { + "ssvc:RP:1.0.0": { + "namespace": "ssvc", + "key": "RP", + "version": "1.0.0", + "name": "Report Public", + "definition": "Is a viable report of the details of the vulnerability already publicly available?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "Y", + "name": "Yes", + "definition": "A public report of the vulnerability exists." + }, + { + "key": "N", + "name": "No", + "definition": "No public report of the vulnerability exists." + } + ] + }, + "ssvc:SCON:1.0.0": { + "namespace": "ssvc", + "key": "SCON", + "version": "1.0.0", + "name": "Supplier Contacted", + "definition": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "N", + "name": "No", + "definition": "The supplier has not been contacted." + }, + { + "key": "Y", + "name": "Yes", + "definition": "The supplier has been contacted." + } + ] + }, + "ssvc:RC:1.0.0": { + "namespace": "ssvc", + "key": "RC", + "version": "1.0.0", + "name": "Report Credibility", + "definition": "Is the report credible?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "NC", + "name": "Not Credible", + "definition": "The report is not credible." + }, + { + "key": "C", + "name": "Credible", + "definition": "The report is credible." + } + ] + }, + "ssvc:SC:1.0.0": { + "namespace": "ssvc", + "key": "SC", + "version": "1.0.0", + "name": "Supplier Cardinality", + "definition": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "O", + "name": "One", + "definition": "There is only one supplier of the vulnerable component." + }, + { + "key": "M", + "name": "Multiple", + "definition": "There are multiple suppliers of the vulnerable component." + } + ] + }, + "ssvc:SE:1.0.0": { + "namespace": "ssvc", + "key": "SE", + "version": "1.0.0", + "name": "Supplier Engagement", + "definition": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "A", + "name": "Active", + "definition": "The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort." + }, + { + "key": "U", + "name": "Unresponsive", + "definition": "The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort." + } + ] + }, + "ssvc:U:1.0.1": { + "namespace": "ssvc", + "key": "U", + "version": "1.0.1", + "name": "Utility", + "definition": "The Usefulness of the Exploit to the Adversary", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "L", + "name": "Laborious", + "definition": "Automatable:No AND Value Density:Diffuse" + }, + { + "key": "E", + "name": "Efficient", + "definition": "(Automatable:Yes AND Value Density:Diffuse) OR (Automatable:No AND Value Density:Concentrated)" + }, + { + "key": "S", + "name": "Super Effective", + "definition": "Automatable:Yes AND Value Density:Concentrated" + } + ] }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" + "ssvc:PSI:2.0.1": { + "namespace": "ssvc", + "key": "PSI", + "version": "2.0.1", + "name": "Public Safety Impact", + "definition": "A coarse-grained representation of impact to public safety.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "M", + "name": "Minimal", + "definition": "Safety Impact:Negligible" + }, + { + "key": "S", + "name": "Significant", + "definition": "Safety Impact:(Marginal OR Critical OR Catastrophic)" + } + ] }, + "ssvc:COORDINATE:1.0.1": { + "namespace": "ssvc", + "key": "COORDINATE", + "version": "1.0.1", + "name": "Decline, Track, Coordinate", + "definition": "The coordinate outcome group.", + "schemaVersion": "2.0.0", + "values": [ + { + "key": "D", + "name": "Decline", + "definition": "Do not act on the report." + }, + { + "key": "T", + "name": "Track", + "definition": "Receive information about the vulnerability and monitor for status changes but do not take any overt actions." + }, + { + "key": "C", + "name": "Coordinate", + "definition": "Take action on the report." + } + ] + } + }, + "outcome": "ssvc:COORDINATE:1.0.1", + "mapping": [ { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, @@ -20164,7 +20329,7 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, @@ -20174,188 +20339,48 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "N", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20364,36 +20389,16 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "T" - }, { "ssvc:RP:1.0.0": "N", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" @@ -20402,98 +20407,98 @@ "ssvc:RP:1.0.0": "N", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" @@ -20502,8 +20507,8 @@ "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" @@ -20512,36 +20517,36 @@ "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", + "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", @@ -20552,70 +20557,60 @@ "ssvc:RP:1.0.0": "N", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20625,7 +20620,7 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20635,8 +20630,8 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -20645,7 +20640,7 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20655,7 +20650,7 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20665,7 +20660,7 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20675,7 +20670,7 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20685,7 +20680,7 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20695,7 +20690,7 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20705,7 +20700,7 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20715,7 +20710,7 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20725,8 +20720,8 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -20735,7 +20730,7 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20745,7 +20740,7 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20755,7 +20750,7 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20765,7 +20760,7 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20775,7 +20770,7 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20785,7 +20780,7 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20795,7 +20790,7 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20805,7 +20800,7 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20815,7 +20810,7 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20825,7 +20820,7 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20835,7 +20830,7 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20845,7 +20840,7 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -20855,8 +20850,8 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -20865,167 +20860,167 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", + "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -21035,8 +21030,8 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -21045,8 +21040,8 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -21055,8 +21050,8 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -21065,7 +21060,7 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -21075,7 +21070,7 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -21085,8 +21080,8 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -21095,8 +21090,8 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -21105,7 +21100,7 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -21115,7 +21110,7 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -21125,8 +21120,8 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -21135,7 +21130,7 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -21145,7 +21140,7 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -21155,7 +21150,7 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -21165,7 +21160,7 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -21175,7 +21170,7 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -21185,8 +21180,8 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -21195,7 +21190,7 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -21205,7 +21200,7 @@ "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -21215,187 +21210,67 @@ "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" - }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" - }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "D" - }, - { - "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "C" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "C" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "O", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "C" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "T" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "N", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "L", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" - }, - { - "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "E", - "ssvc:PSI:2.0.1": "S", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", "ssvc:COORDINATE:1.0.1": "D" }, { @@ -21404,9 +21279,9 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -21414,9 +21289,9 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", @@ -21424,9 +21299,9 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -21434,9 +21309,9 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -21444,9 +21319,9 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "T" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", @@ -21454,7 +21329,7 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, @@ -21464,7 +21339,7 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", "ssvc:COORDINATE:1.0.1": "D" }, @@ -21474,9 +21349,9 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -21484,9 +21359,9 @@ "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", @@ -21494,744 +21369,869 @@ "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "L", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", - "ssvc:PSI:2.0.1": "M", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "A", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "Y", "ssvc:RC:1.0.0": "NC", - "ssvc:SC:1.0.0": "M", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:RP:1.0.0": "N", + "ssvc:RP:1.0.0": "Y", "ssvc:SCON:1.0.0": "N", "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", + "ssvc:SC:1.0.0": "O", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "Y", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", "ssvc:SC:1.0.0": "M", "ssvc:SE:1.0.0": "U", - "ssvc:U:1.0.1": "S", + "ssvc:U:1.0.1": "E", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" + "ssvc:COORDINATE:1.0.1": "D" }, { "ssvc:RP:1.0.0": "N", - "ssvc:SCON:1.0.0": "Y", - "ssvc:RC:1.0.0": "C", - "ssvc:SC:1.0.0": "M", - "ssvc:SE:1.0.0": "U", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", "ssvc:U:1.0.1": "S", "ssvc:PSI:2.0.1": "S", - "ssvc:COORDINATE:1.0.1": "C" - } - ] - } - } - } - }, - "DT_DP": { - "key": "DT_DP", - "versions": { - "1.0.0": { - "version": "1.0.0", - "obj": { - "namespace": "ssvc", - "key": "DT_DP", - "version": "1.0.0", - "name": "Deployer Patch Application Priority", - "definition": "Decision table for evaluating deployer's patch application priority in SSVC", - "schemaVersion": "2.0.0", - "decision_points": { - "ssvc:E:1.1.0": { - "namespace": "ssvc", - "key": "E", - "version": "1.1.0", - "name": "Exploitation", - "definition": "The present state of exploitation of the vulnerability.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "N", - "name": "None", - "definition": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." - }, - { - "key": "P", - "name": "Public PoC", - "definition": "One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation." - }, - { - "key": "A", - "name": "Active", - "definition": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." - } - ] - }, - "ssvc:EXP:1.0.1": { - "namespace": "ssvc", - "key": "EXP", - "version": "1.0.1", - "name": "System Exposure", - "definition": "The Accessible Attack Surface of the Affected System or Service", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "S", - "name": "Small", - "definition": "Local service or program; highly controlled network" - }, - { - "key": "C", - "name": "Controlled", - "definition": "Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small." - }, - { - "key": "O", - "name": "Open", - "definition": "Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers)" - } - ] + "ssvc:COORDINATE:1.0.1": "D" }, - "ssvc:A:2.0.0": { - "namespace": "ssvc", - "key": "A", - "version": "2.0.0", - "name": "Automatable", - "definition": "Can an attacker reliably automate creating exploitation events for this vulnerability?", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "N", - "name": "No", - "definition": "Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation." - }, - { - "key": "Y", - "name": "Yes", - "definition": "Attackers can reliably automate steps 1-4 of the kill chain." - } - ] + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, - "ssvc:HI:2.0.2": { - "namespace": "ssvc", - "key": "HI", - "version": "2.0.2", - "name": "Human Impact", - "definition": "Human Impact is a combination of Safety and Mission impacts.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "L", - "name": "Low", - "definition": "Safety Impact:(Negligible) AND Mission Impact:(Degraded OR Crippled)" - }, - { - "key": "M", - "name": "Medium", - "definition": "(Safety Impact:Negligible AND Mission Impact:MEF Failure) OR (Safety Impact:Marginal AND Mission Impact:(Degraded OR Crippled))" - }, - { - "key": "H", - "name": "High", - "definition": "(Safety Impact:Critical AND Mission Impact:(Degraded OR Crippled)) OR (Safety Impact:Marginal AND Mission Impact:MEF Failure)" - }, - { - "key": "VH", - "name": "Very High", - "definition": "Safety Impact:Catastrophic OR Mission Impact:Mission Failure" - } - ] + { + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, - "ssvc:DSOI:1.0.0": { - "namespace": "ssvc", - "key": "DSOI", - "version": "1.0.0", - "name": "Defer, Scheduled, Out-of-Cycle, Immediate", - "definition": "The original SSVC outcome group.", - "schemaVersion": "2.0.0", - "values": [ - { - "key": "D", - "name": "Defer", - "definition": "Defer" - }, - { - "key": "S", - "name": "Scheduled", - "definition": "Scheduled" - }, - { - "key": "O", - "name": "Out-of-Cycle", - "definition": "Out-of-Cycle" - }, - { - "key": "I", - "name": "Immediate", - "definition": "Immediate" - } - ] - } - }, - "outcome": "ssvc:DSOI:1.0.0", - "mapping": [ { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "D" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "D" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "D" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "D" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "D" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "N", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "D" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "D" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" + }, + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "P", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "L", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, - { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + { + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "S", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "T" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "D" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "C", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "S" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "M", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "E", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "A", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "N", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "I" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "O", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "L", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "NC", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "M", - "ssvc:DSOI:1.0.0": "O" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "N", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "H", - "ssvc:DSOI:1.0.0": "I" + "ssvc:RP:1.0.0": "Y", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" }, { - "ssvc:E:1.1.0": "A", - "ssvc:EXP:1.0.1": "O", - "ssvc:A:2.0.0": "Y", - "ssvc:HI:2.0.2": "VH", - "ssvc:DSOI:1.0.0": "I" + "ssvc:RP:1.0.0": "N", + "ssvc:SCON:1.0.0": "Y", + "ssvc:RC:1.0.0": "C", + "ssvc:SC:1.0.0": "M", + "ssvc:SE:1.0.0": "U", + "ssvc:U:1.0.1": "S", + "ssvc:PSI:2.0.1": "S", + "ssvc:COORDINATE:1.0.1": "C" } ] } diff --git a/docs/howto/using_epss/epss_percentiles.md b/docs/howto/using_epss/epss_percentiles.md new file mode 100644 index 00000000..93575358 --- /dev/null +++ b/docs/howto/using_epss/epss_percentiles.md @@ -0,0 +1,158 @@ +# EPSS Quantile Binning as an SSVC Amplifier + +!!! tip inline end "" + + !!! tip "Obtain SSVC Data" + + If you are using the [SSVC Deployer Decision Model](../deployer_tree.md), you might already know that + the [CISA Vulnrichment program](https://github.com/cisagov/vulnrichment) + provides some SSVC data that is made + available via the [CVE Services API](https://cveawg.mitre.org/api-docs/). + + !!! tip "Obtain EPSS Data" + + You can get EPSS data from the [EPSS website](https://www.first.org/epss/) + or use their [API](https://www.first.org/epss/api) to fetch scores programmatically. + +In [another how-to](epss_probability.md), we showed how to use EPSS +probability scores as one of a few different inputs to inform the +SSVC [Exploitation](../../reference/decision_points/exploitation.md) decision point. +This approach can be a useful approach to refine or augment the _input_ to an existing SSVC decision model. + +In this how-to, we'll explore a different approach that uses EPSS percentiles +as an amplifier to adjust the _output_ of an existing SSVC decision model. + +## Starting Out with the SSVC Deployer Decision Model + +Let's start with the assumption that you're already using the +[SSVC Deployer Decision Model](../deployer_tree.md) and have a basic understanding of SSVC. +But then after reading +[Probability, Percentiles, and Binning - How to understand and interpret EPSS Scores](https://www.first.org/epss/articles/prob_percentile_bins), +you realize that you would like to use EPSS percentiles to amplify the output of your existing decision model. + +!!! question "Why use percentiles instead of raw probabilities?" + + Percentiles provide a relative ranking of vulnerabilities based on their EPSS scores. + This can be particularly useful when you want to prioritize vulnerabilities in the context of the entire vulnerability landscape. + By using percentiles, you can identify which vulnerabilities are more likely to be exploited _compared to others_. + The [EPSS SIG blog](https://www.first.org/epss/articles/prob_percentile_bins) discusses some of the tradeoffs involved in using percentiles versus raw probabilities. + + That said, we are using percentiles for this how-to simply because we already + we showed how to use probabilities in [another how-to](epss_probability.md). + Either approach can be valid depending on your specific needs and context. + +One straightforward way to use EPSS is to create bins based on the EPSS score +and use these bins as amplifiers in your SSVC decision-making process. + +!!! tip "See Also" + + See the sidebar in [this how-to](epss_probability.md) for a discussion of the tradeoffs involved in binning. + +## Binning Percentiles + +SSVC provides several basic decision points that bin percentiles into discrete quantiles. +Expand the example below to see the currently available options. + +??? example "Exploring Decision Points for Binning Percentiles" + + ```python exec="true" idprefix="" + from ssvc.doc_helpers import example_block + from ssvc.decision_points.basic.quantiles import DECISION_POINTS as _DPS + + for dp in _DPS.values(): + print(example_block(dp)) + ``` + +Now, your primary concern is to ensure that you are addressing the +vulnerabilities that are most likely to be exploited. +In conversations with your organization's risk owners, you determine that +they'd like to apply a policy that is consistent with the following: + +- If the EPSS percentile is significantly higher than the median, the vulnerability + should be prioritized two levels higher than the default SSVC recommendation. +- If the EPSS percentile is above the median but not significantly so, the vulnerability + should be prioritized one level higher than the default SSVC recommendation. +- If the EPSS percentile is significantly lower than the median, the vulnerability + should be deprioritized lower than the default SSVC recommendation. + +You can achieve this with the `quartiles` decision point: + +```python exec="true" idprefix="" +from ssvc.decision_points.basic.quantiles.quartiles import LATEST as QUARTILES +from ssvc.doc_helpers import example_block + +print(example_block(QUARTILES)) +``` + +!!! warning inline end "We're not saying this is a good rule set!" + + The rules given here are just an example to illustrate how you might use EPSS percentiles + as an amplifier in your decision-making process. + We are not suggesting that this is a good idea or that you should follow these rules. + In fact, these rules are rather aggressive and could result in fully _half_ of all + vulnerabilities being prioritized _higher_ than they would without the EPSS data. + Your organization's risk owners should determine the appropriate policy for your context, + but we would recommend something considerably less aggressive than this example. + +You decide to apply the following rules: + +```python exec="true" idprefix="" +from ssvc.decision_tables.example.epss_quartile import update_map_doc + +print(update_map_doc()) +``` + + +## Building the Decision Table + +Given the rules outlined above, you build a new Decision Table that takes the +default outcome from the +[SSVC Deployer Decision Model](../deployer_tree.md) and applies the EPSS quartile +information to amplify it. The resulting decision table looks like this: + +```python exec="true" idprefix="" +from ssvc.decision_tables.example.epss_quartile import EXAMPLE as DT +from ssvc.decision_tables.helpers import dt2df_md + +print(dt2df_md(DT)) +``` + +A diagram of the decision model is shown below. + +???+ example "Example Decision Table Diagram" + + ```python exec="true" idprefix="" + from ssvc.decision_tables.example.epss_quartile import EXAMPLE as DT + from ssvc.decision_tables.helpers import mapping2mermaid, mermaid_title_from_dt + + rows = DT.mapping + title = mermaid_title_from_dt(DT) + print(mapping2mermaid(rows, title=title)) + ``` + +And here is a JSON object representation of the decision table for programmatic use: + +??? example "Example Decision Table JSON" + + The JSON representation of the decision table is shown below. + + ```python exec="true" idprefix="" + from ssvc.decision_tables.example.epss_quartile import EXAMPLE as DT + + print("```json") + print(DT.model_dump_json(indent=2)) + print("```") + ``` + +Now you can use this decision table in your SSVC implementation to adjust +the prioritization of vulnerabilities based on their EPSS percentiles. + +## Conclusion + +In this how-to, we've demonstrated how to use EPSS percentiles as an amplifier +to adjust the output of an existing SSVC decision model. +While the example provided is considerably more aggressive than we would recommend +in practice, it illustrates one way to incorporate EPSS data into an established SSVC-based +vulnerability management strategy. +By incorporating statistical insights from EPSS, you can prioritize +vulnerabilities more effectively based on their likelihood of exploitation. diff --git a/docs/howto/using_epss/epss_probability.md b/docs/howto/using_epss/epss_probability.md new file mode 100644 index 00000000..03361381 --- /dev/null +++ b/docs/howto/using_epss/epss_probability.md @@ -0,0 +1,174 @@ +# Combining EPSS with other Exploitation-Related Decision Points + + +SSVC users might want to combine exploitation-related information from multiple +sources into a single decision point for use downstream in a decision table +such as the SSVC [Deployer Decision Model](../deployer_tree.md). + +One such source is the EPSS probability score. + +!!! question "What is the EPSS Probability Score?" + + The EPSS probability score is a number between 0 and 1 that indicates the likelihood of + a vulnerability being exploited in the wild within the next 30 days. + + +## Other Exploitation-Related Information Sources + +However, EPSS is not the only source of exploitation-related information. +The +[CISA Known Exploited Vulnerabilities (KEV) catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) +is another important source. +Additional exploitation-related information can be found in the +[CVSS Exploit Maturity](https://www.first.org/cvss/specification-document#Exploit-Maturity-E) +vector element. + +We have implemented SSVC Decision Points to reflect both CISA KEV and CVSS Exploit Maturity: + +```python exec="true" idprefix="" +from ssvc.doc_helpers import example_block +from ssvc.decision_points.cvss.exploit_maturity import LATEST as CVSS_E +from ssvc.decision_points.cisa.in_kev import LATEST as CISA_KEV + +for dp in [CISA_KEV, CVSS_E]: + print(example_block(dp)) +``` + +!!! note inline end "EPSS on Probability Binning" + + In a [blog post](https://www.first.org/epss/articles/prob_percentile_bins) on the + [EPSS website](https://www.first.org/epss), the EPSS SIG discusses the challenges of + binning probabilities. + + !!! quote "EPSS SIG on Binning" + + However, there are a number of problems with binning. Bins are, by construction, subjective transformations of, in this case, a cardinal probability scale. And because the bins are subjectively defined, there is room for disagreement and misalignment across different users. There is no universal "right" answer to what the cut off should be between a high, and medium, or medium and low. + + Moreover, arbitrary cutoffs force two scores, which may be separated by the tiniest of a value, to be labeled and then handled differently, despite there being no practical difference between them. For example, if two bins are set and the cutoff is set at 0.5, two vulnerabilities with probabilities of 0.499 and 0.501 would be treated just the same as two vulnerabilities with probabilities of 0.001 and 0.999. This kind of range compression is unavoidable and so any benefits from this kind of mental shortcut must be weighed against the information loss inevitable with binning. + + For these reasons, EPSS does not currently bin EPSS scores using labels. + + From a data _provider_ perspective, this makes sense. + Avoiding information loss early in the information pipeline is a good idea. + However, from a data _consumer_ perspective, and especially when one is making + a choice between a finite number of options (as in SSVC), binning can be a useful + tool to reduce the complexity of the decision space. + +## Binning Probabilities + +We have also provided a few basic SSVC Decision Points to capture probability-based +information in different ways. +Because SSVC is based on categorical decision points, we need to bin the +continuous probability scores into discrete categories. +However, as the EPSS SIG points out (see sidebar), there are _always_ tradeoffs +involved in binning. +That's why we provide several different options for binning probabilities so that +SSVC users can choose one that best fits their needs (or create their own if +none of the provided options is suitable). +Expand the example below to see the currently available options. + +??? example "Exploring Decision Points for Binning Probabilities" + + We provide a few different decision points based on probability bins. + You might look these over and choose one that fits your needs. + + ```python exec="true" idprefix="" + from ssvc.doc_helpers import example_block + from ssvc.decision_points.basic.probability import DECISION_POINTS as _DPS + + for dp in _DPS.values(): + print(example_block(dp)) + ``` + +For this example, let's say you decide to use the _Probability Scale in 5 weighted levels, ascending_ +decision point: + +```python exec="true" idprefix="" +from ssvc.doc_helpers import example_block +from ssvc.decision_points.basic.probability.five_weighted import LATEST as DP + +print(example_block(DP)) +``` + +With our exploitation and probability binning decision points in hand, +we can now consider how to combine them in a decision table to get +a more nuanced view of exploitation risk. + +## Designing an Exploitation-focused Decision Table + +Let's say you decide to create a new Decision Table that combines the +EPSS probability information with the other exploitation-related decision +points to determine a more informed outcome using the SSVC [Exploitation](../../reference/decision_points/exploitation.md) decision point. + +As a reminder, the SSVC [Exploitation](../../reference/decision_points/exploitation.md) decision point has the following values: + +```python exec="true" idprefix="" +from ssvc.doc_helpers import example_block +from ssvc.decision_points.ssvc.exploitation import LATEST as EXP + +for dp in [EXP]: + print(example_block(dp)) +``` + +In conversations with your organization's risk owners, you determine that you +should focus your vulnerability management efforts on the vulnerabilities +that are either already being actively exploited or are very likely to be exploited soon. + +You decide to apply the following rules: + +| Rule | Description | +|------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Prioritize vuls in KEV as Active | If the vulnerability is in the CISA KEV, set the SSVC [Exploitation](../../reference/decision_points/exploitation.md) value to *Active*. | +| Treat very high EPSS probabilities as already Active | If the EPSS probability is >90%, set SSVC [Exploitation](../../reference/decision_points/exploitation.md) value to *Active*. | +| Amplify high EPSS probabilities | If the EPSS probability is 75-90%, bump the SSVC [Exploitation](../../reference/decision_points/exploitation.md) value up one category across the board. | +| Assume Public PoCs are Active when EPSS probability is more likely than not. | If the EPSS probability is 55-75%, bump SSVC [Exploitation](../../reference/decision_points/exploitation.md) = *Public PoC* to *Active* | +| Default: Use CVSS Exploit Maturity | By default, use the [CVSS Exploit Maturity](../../reference/decision_points/cvss/exploit_maturity.md) value to set the SSVC [Exploitation](../../reference/decision_points/exploitation.md) value, unless one of the other rules apply. | + +After constructing the decision table according to these rules, you end up with the following table of values: + +```python exec="true" idprefix="" +from ssvc.decision_tables.example.epss_percentile import EXAMPLE as DT +from ssvc.decision_tables.helpers import dt2df_md + +print(dt2df_md(DT)) +``` + +A diagram of the decision model is shown below. + +???+ example "Example Decision Table Diagram" + + The diagram below shows the decision model for this example. + Each path through the diagram corresponds to a row in the table above. + + ```python exec="true" idprefix="" + from ssvc.decision_tables.example.epss_percentile import EXAMPLE as DT + from ssvc.decision_tables.helpers import mapping2mermaid, mermaid_title_from_dt + + rows = DT.mapping + title = mermaid_title_from_dt(DT) + print(mapping2mermaid(rows, title=title)) + ``` + +And here is a JSON object representation of the decision table for programmatic use: + +??? example "Example Decision Table JSON" + + The JSON representation of the decision table is shown below. + + ```python exec="true" idprefix="" + from ssvc.decision_tables.example.epss_percentile import EXAMPLE as DT + print("```json") + print(DT.model_dump_json(indent=2)) + print("```") + ``` + +Now you've created a clear way to combine EPSS probability scores with other +exploitation-related information to inform your SSVC decisions downstream. + +## Conclusion + +In this How-To, we've explored how to combine EPSS probability scores with other +exploitation-related information in an SSVC decision table. +By thoughtfully designing decision points and tables, you can create a more nuanced +and effective vulnerability management strategy that prioritizes risks based on +the likelihood of exploitation. \ No newline at end of file diff --git a/docs/howto/using_epss/index.md b/docs/howto/using_epss/index.md new file mode 100644 index 00000000..7141703e --- /dev/null +++ b/docs/howto/using_epss/index.md @@ -0,0 +1,30 @@ +# EPSS → SSVC Intro + +!!! quote inline end "The [FIRST EPSS SIG](https://www.first.org/epss) Explains [EPSS](https://www.first.org/epss/model)" + + EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days + +The [Exploit Prediction Scoring System](https://www.first.org/epss) ([EPSS](https://www.first.org/epss)) is a statistical model that estimates the likelihood of a vulnerability being exploited in the wild. EPSS can be a valuable input when assessing the exploitation risk associated with vulnerabilities. EPSS provides two key metrics: + +- **EPSS Score**: A score between 0 and 1 indicating the probability of exploitation. +- **EPSS Percentile**: A ranking that indicates how the EPSS score compares to other vulnerabilities. + +In the following pages, we'll demonstrate a few different ways to incorporate EPSS data into your SSVC decision models. + +
+ +- :material-dice-multiple: [Using EPSS Probability Scores as an Input to SSVC Decisions](epss_probability.md) + + --- + + How to use EPSS probability scores to augment other data sources to + inform the SSVC Exploitation decision point. + + +- :material-percent: [Using EPSS Percentiles to Amplify SSVC Decisions](epss_percentiles.md) + + --- + + How to use EPSS percentiles to amplify the output of an existing SSVC decision model. + +
diff --git a/mkdocs.yml b/mkdocs.yml index 0831f25d..4824a4ce 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -32,6 +32,10 @@ nav: - Qualitative Severity: 'howto/cvss_v4/qualitative.md' - Customizing SSVC: 'howto/tree_customization.md' - Acuity Ramp: 'howto/acuity_ramp.md' + - Using EPSS with SSVC: + - 'howto/using_epss/index.md' + - EPSS Probability as input to Exploitation: 'howto/using_epss/epss_probability.md' + - EPSS Percentiles as an Amplifier: 'howto/using_epss/epss_percentiles.md' - SSVC Tools: - Docker Containers: 'howto/tools/containers.md' - Understanding SSVC: diff --git a/src/ssvc/decision_points/basic/probability/__init__.py b/src/ssvc/decision_points/basic/probability/__init__.py index 26276cf3..9dae2bf1 100644 --- a/src/ssvc/decision_points/basic/probability/__init__.py +++ b/src/ssvc/decision_points/basic/probability/__init__.py @@ -18,3 +18,11 @@ # DM24-0278 """Provides basic probability bin decision points.""" + +from .cis_wep import LATEST as CIS_WEP +from .five_equal import LATEST as FIVE_EQUAL +from .five_weighted import LATEST as FIVE_WEIGHTED +from .nist5 import LATEST as NIST_5 +from .two_equal import LATEST as TWO_EQUAL + +DECISION_POINTS = {dp.id:dp for dp in (TWO_EQUAL,FIVE_EQUAL,FIVE_WEIGHTED,NIST_5,CIS_WEP)} \ No newline at end of file diff --git a/src/ssvc/decision_points/basic/probability/nist5.py b/src/ssvc/decision_points/basic/probability/nist5.py index 0249d700..159825c8 100644 --- a/src/ssvc/decision_points/basic/probability/nist5.py +++ b/src/ssvc/decision_points/basic/probability/nist5.py @@ -57,7 +57,7 @@ key="P_5X", version="1.0.0", name="Probability Scale in 5 weighted levels, ascending", - definition="A probability scale with finer resolution at both extremes", + definition="A probability scale with finer resolution at both extremes, based on NIST SP 800-30 Rev. 1 Appendix G", values=( VERY_LOW, LOW, diff --git a/src/ssvc/decision_points/basic/quantiles/__init__.py b/src/ssvc/decision_points/basic/quantiles/__init__.py index d5494b4d..33c37cdc 100644 --- a/src/ssvc/decision_points/basic/quantiles/__init__.py +++ b/src/ssvc/decision_points/basic/quantiles/__init__.py @@ -18,3 +18,9 @@ # DM24-0278 """Provides basic quantile bin decision points.""" + +from .median import LATEST as MEDIAN +from .quartiles import LATEST as QUARTILES +from .quintiles import LATEST as QUINTILES + +DECISION_POINTS = {dp.id: dp for dp in (MEDIAN, QUARTILES, QUINTILES)} \ No newline at end of file diff --git a/src/ssvc/decision_points/example/__init__.py b/src/ssvc/decision_points/example/__init__.py new file mode 100644 index 00000000..48bbe577 --- /dev/null +++ b/src/ssvc/decision_points/example/__init__.py @@ -0,0 +1,20 @@ +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +"""Provides an example decision point module for SSVC""" diff --git a/src/ssvc/decision_points/example/base.py b/src/ssvc/decision_points/example/base.py new file mode 100644 index 00000000..72930186 --- /dev/null +++ b/src/ssvc/decision_points/example/base.py @@ -0,0 +1,30 @@ +#!/usr/bin/env python +""" +Provides the base class for example decision points +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.base import DecisionPoint +from ssvc.namespaces import NameSpace + + +class ExampleDecisionPoint(DecisionPoint): + namespace: str = NameSpace.EXAMPLE + registered: bool = False diff --git a/src/ssvc/decision_tables/example/__init__.py b/src/ssvc/decision_tables/example/__init__.py new file mode 100644 index 00000000..5aca7de6 --- /dev/null +++ b/src/ssvc/decision_tables/example/__init__.py @@ -0,0 +1,21 @@ + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +"""Provides example decision tables for SSVC.""" \ No newline at end of file diff --git a/src/ssvc/decision_tables/example/base.py b/src/ssvc/decision_tables/example/base.py new file mode 100644 index 00000000..60af34a4 --- /dev/null +++ b/src/ssvc/decision_tables/example/base.py @@ -0,0 +1,32 @@ +#!/usr/bin/env python +""" +Provides a base class for example SSVC decision tables. +""" + + +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_tables.base import DecisionTable +from ssvc.namespaces import NameSpace + + +class ExampleDecisionTable(DecisionTable): + namespace:str = NameSpace.EXAMPLE + registered:bool = False \ No newline at end of file diff --git a/src/ssvc/decision_tables/example/epss_percentile.py b/src/ssvc/decision_tables/example/epss_percentile.py new file mode 100644 index 00000000..a998e590 --- /dev/null +++ b/src/ssvc/decision_tables/example/epss_percentile.py @@ -0,0 +1,271 @@ +#!/usr/bin/env python +""" +Provides an example decision table using EPSS probability as a decision point. +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.basic.probability.five_weighted import ( + P5W as FIVE_WEIGHTED, +) +from ssvc.decision_points.cisa.in_kev import IN_KEV_1 as IN_KEV +from ssvc.decision_points.cvss.exploit_maturity import ( + EXPLOIT_MATURITY_2_NoX as EXPLOIT_MATURITY, +) +from ssvc.decision_points.ssvc.exploitation import ( + EXPLOITATION_1_1_0 as EXPLOITATION, +) +from ssvc.decision_tables.example.base import ExampleDecisionTable + +EXAMPLE = ExampleDecisionTable( + key="EXP", + version="1.0.0", + name="Exploitation Data Integration Example", + definition="An example decision table that uses multiple exploitation-related decision points, including EPSS probability", + decision_points={ + dp.id: dp + for dp in (EXPLOIT_MATURITY, IN_KEV, FIVE_WEIGHTED, EXPLOITATION) + }, + outcome=EXPLOITATION.id, + mapping=[ + { + "cvss:E_NoX:2.0.0": "U", + "cisa:KEV:1.0.0": "N", + "basic:P_5W:1.0.0": "P0_30", + "ssvc:E:1.1.0": "N", + }, + { + "cvss:E_NoX:2.0.0": "P", + "cisa:KEV:1.0.0": "N", + "basic:P_5W:1.0.0": "P0_30", + "ssvc:E:1.1.0": "P", + }, + { + "cvss:E_NoX:2.0.0": "U", + "cisa:KEV:1.0.0": "Y", + "basic:P_5W:1.0.0": "P0_30", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "U", + "cisa:KEV:1.0.0": "N", + "basic:P_5W:1.0.0": "P30_55", + "ssvc:E:1.1.0": "N", + }, + { + "cvss:E_NoX:2.0.0": "A", + "cisa:KEV:1.0.0": "N", + "basic:P_5W:1.0.0": "P0_30", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "P", + "cisa:KEV:1.0.0": "Y", + "basic:P_5W:1.0.0": "P0_30", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "P", + "cisa:KEV:1.0.0": "N", + "basic:P_5W:1.0.0": "P30_55", + "ssvc:E:1.1.0": "P", + }, + { + "cvss:E_NoX:2.0.0": "U", + "cisa:KEV:1.0.0": "Y", + "basic:P_5W:1.0.0": "P30_55", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "U", + "cisa:KEV:1.0.0": "N", + "basic:P_5W:1.0.0": "P55_75", + "ssvc:E:1.1.0": "N", + }, + { + "cvss:E_NoX:2.0.0": "A", + "cisa:KEV:1.0.0": "Y", + "basic:P_5W:1.0.0": "P0_30", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "A", + "cisa:KEV:1.0.0": "N", + "basic:P_5W:1.0.0": "P30_55", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "P", + "cisa:KEV:1.0.0": "Y", + "basic:P_5W:1.0.0": "P30_55", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "P", + "cisa:KEV:1.0.0": "N", + "basic:P_5W:1.0.0": "P55_75", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "U", + "cisa:KEV:1.0.0": "Y", + "basic:P_5W:1.0.0": "P55_75", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "U", + "cisa:KEV:1.0.0": "N", + "basic:P_5W:1.0.0": "P75_90", + "ssvc:E:1.1.0": "P", + }, + { + "cvss:E_NoX:2.0.0": "A", + "cisa:KEV:1.0.0": "Y", + "basic:P_5W:1.0.0": "P30_55", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "A", + "cisa:KEV:1.0.0": "N", + "basic:P_5W:1.0.0": "P55_75", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "P", + "cisa:KEV:1.0.0": "Y", + "basic:P_5W:1.0.0": "P55_75", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "P", + "cisa:KEV:1.0.0": "N", + "basic:P_5W:1.0.0": "P75_90", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "U", + "cisa:KEV:1.0.0": "Y", + "basic:P_5W:1.0.0": "P75_90", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "U", + "cisa:KEV:1.0.0": "N", + "basic:P_5W:1.0.0": "P90_100", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "A", + "cisa:KEV:1.0.0": "Y", + "basic:P_5W:1.0.0": "P55_75", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "A", + "cisa:KEV:1.0.0": "N", + "basic:P_5W:1.0.0": "P75_90", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "P", + "cisa:KEV:1.0.0": "Y", + "basic:P_5W:1.0.0": "P75_90", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "P", + "cisa:KEV:1.0.0": "N", + "basic:P_5W:1.0.0": "P90_100", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "U", + "cisa:KEV:1.0.0": "Y", + "basic:P_5W:1.0.0": "P90_100", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "A", + "cisa:KEV:1.0.0": "Y", + "basic:P_5W:1.0.0": "P75_90", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "A", + "cisa:KEV:1.0.0": "N", + "basic:P_5W:1.0.0": "P90_100", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "P", + "cisa:KEV:1.0.0": "Y", + "basic:P_5W:1.0.0": "P90_100", + "ssvc:E:1.1.0": "A", + }, + { + "cvss:E_NoX:2.0.0": "A", + "cisa:KEV:1.0.0": "Y", + "basic:P_5W:1.0.0": "P90_100", + "ssvc:E:1.1.0": "A", + }, + ], +) + + +def fix_mapping(): + for row in EXAMPLE.mapping: + # set the defaults based on CVSS + if row["cvss:E_NoX:2.0.0"] == "U": + row["ssvc:E:1.1.0"] = "N" + elif row["cvss:E_NoX:2.0.0"] == "P": + row["ssvc:E:1.1.0"] = "P" + elif row["cvss:E_NoX:2.0.0"] == "A": + row["ssvc:E:1.1.0"] = "A" + + # now override based on IN_KEV + if row["cisa:KEV:1.0.0"] == "Y": + row["ssvc:E:1.1.0"] = "A" + + # now update based on EPSS percentile + if row["basic:P_5W:1.0.0"] == "P90_100": + # force everything to A + row["ssvc:E:1.1.0"] = "A" + elif row["basic:P_5W:1.0.0"] == "P75_90": + # bump N to P, P to A + if row["ssvc:E:1.1.0"] == "P": + row["ssvc:E:1.1.0"] = "A" + elif row["ssvc:E:1.1.0"] == "N": + row["ssvc:E:1.1.0"] = "P" + elif row["basic:P_5W:1.0.0"] == "P55_75": + # just bump P to A + if row["ssvc:E:1.1.0"] == "P": + row["ssvc:E:1.1.0"] = "A" + + +fix_mapping() + + +def main(): + print(EXAMPLE.model_dump_json(indent=2)) + + print(EXAMPLE.mapping) + + +if __name__ == "__main__": + main() diff --git a/src/ssvc/decision_tables/example/epss_quartile.py b/src/ssvc/decision_tables/example/epss_quartile.py new file mode 100644 index 00000000..08119d5a --- /dev/null +++ b/src/ssvc/decision_tables/example/epss_quartile.py @@ -0,0 +1,93 @@ +#!/usr/bin/env python +""" +Provides an example decision table using EPSS quartiles for probability. +""" +# Copyright (c) 2025 Carnegie Mellon University. +# NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE +# ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. +# CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, +# EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT +# NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR +# MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE +# OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE +# ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM +# PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. +# Licensed under a MIT (SEI)-style license, please see LICENSE or contact +# permission@sei.cmu.edu for full terms. +# [DISTRIBUTION STATEMENT A] This material has been approved for +# public release and unlimited distribution. Please see Copyright notice +# for non-US Government use and distribution. +# This Software includes and/or makes use of Third-Party Software each +# subject to its own license. +# DM24-0278 + +from ssvc.decision_points.basic.quantiles.quartiles import ( + LATEST as QUARTILES_LATEST, +) +from ssvc.decision_points.example.base import ExampleDecisionPoint +from ssvc.decision_tables.example.base import ExampleDecisionTable +from ssvc.decision_tables.ssvc.deployer_dt import DEPLOYER_1 + +outcome_in = DEPLOYER_1.decision_points[DEPLOYER_1.outcome] + + +outcome_out = ExampleDecisionPoint( + key=outcome_in.key, + version=outcome_in.version, + name=outcome_in.name, + definition=outcome_in.definition, + values=outcome_in.values, +) + +EXAMPLE = ExampleDecisionTable( + name="Example EPSS Quartile Decision Table", + definition="An example decision table using EPSS quartiles to adjust the SSVC Deployer Table outcome.", + key="EPSS_QRT", + decision_points={ + dp.id: dp for dp in (QUARTILES_LATEST, outcome_in, outcome_out) + }, + outcome=outcome_out.id, +) + +UPDATE_MAP = { + "Q1": {"D": "D", "S": "D", "O": "S", "I": "O"}, + "Q2": {"D": "D", "S": "S", "O": "O", "I": "I"}, + "Q3": {"D": "S", "S": "O", "O": "I", "I": "I"}, + "Q4": {"D": "O", "S": "I", "O": "I", "I": "I"}, +} + + +def update_map_doc(): + s = {"Q1": "-1", "Q2": "0", "Q3": "+1", "Q4": "+2"} + + lines = [ + "| EPSS Quartile | Amplification Factor | Deployer Outcome Change |", + "|:--------------|:-------------------:|:-----------------------|", + ] + for quartile, mapping in UPDATE_MAP.items(): + line = f"| {quartile} | {s[quartile]} | " + parts = [] + for outcome_in, outcome_out in mapping.items(): + parts.append(f"{outcome_in} → {outcome_out}") + line += ", ".join(parts) + line += " |" + lines.append(line) + return "\n".join(lines) + + +def fix_mapping(dt: ExampleDecisionTable): + for row in dt.mapping: + row[outcome_out.id] = UPDATE_MAP[row.get("basic:QUARTILES:1.0.0")][ + row.get(outcome_in.id) + ] + + +fix_mapping(EXAMPLE) + + +def main(): + print(EXAMPLE.model_dump_json(indent=2)) + + +if __name__ == "__main__": + main() From 435660ae0ebe3a333ffe8a05ab3edefaeb7ee9f6 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Fri, 29 Aug 2025 16:45:49 -0400 Subject: [PATCH 367/468] markdownlint --fix --- docs/howto/using_epss/epss_percentiles.md | 21 ++++++++++----------- docs/howto/using_epss/epss_probability.md | 20 +++++++++----------- docs/howto/using_epss/index.md | 5 ++--- 3 files changed, 21 insertions(+), 25 deletions(-) diff --git a/docs/howto/using_epss/epss_percentiles.md b/docs/howto/using_epss/epss_percentiles.md index 93575358..3537b9c9 100644 --- a/docs/howto/using_epss/epss_percentiles.md +++ b/docs/howto/using_epss/epss_percentiles.md @@ -14,13 +14,13 @@ You can get EPSS data from the [EPSS website](https://www.first.org/epss/) or use their [API](https://www.first.org/epss/api) to fetch scores programmatically. -In [another how-to](epss_probability.md), we showed how to use EPSS -probability scores as one of a few different inputs to inform the +In [another how-to](epss_probability.md), we showed how to use EPSS +probability scores as one of a few different inputs to inform the SSVC [Exploitation](../../reference/decision_points/exploitation.md) decision point. -This approach can be a useful approach to refine or augment the _input_ to an existing SSVC decision model. +This approach can be a useful approach to refine or augment the *input* to an existing SSVC decision model. In this how-to, we'll explore a different approach that uses EPSS percentiles -as an amplifier to adjust the _output_ of an existing SSVC decision model. +as an amplifier to adjust the *output* of an existing SSVC decision model. ## Starting Out with the SSVC Deployer Decision Model @@ -41,7 +41,7 @@ you realize that you would like to use EPSS percentiles to amplify the output of we showed how to use probabilities in [another how-to](epss_probability.md). Either approach can be valid depending on your specific needs and context. -One straightforward way to use EPSS is to create bins based on the EPSS score +One straightforward way to use EPSS is to create bins based on the EPSS score and use these bins as amplifiers in your SSVC decision-making process. !!! tip "See Also" @@ -63,9 +63,9 @@ Expand the example below to see the currently available options. print(example_block(dp)) ``` -Now, your primary concern is to ensure that you are addressing the +Now, your primary concern is to ensure that you are addressing the vulnerabilities that are most likely to be exploited. -In conversations with your organization's risk owners, you determine that +In conversations with your organization's risk owners, you determine that they'd like to apply a policy that is consistent with the following: - If the EPSS percentile is significantly higher than the median, the vulnerability @@ -102,11 +102,10 @@ from ssvc.decision_tables.example.epss_quartile import update_map_doc print(update_map_doc()) ``` - ## Building the Decision Table -Given the rules outlined above, you build a new Decision Table that takes the -default outcome from the +Given the rules outlined above, you build a new Decision Table that takes the +default outcome from the [SSVC Deployer Decision Model](../deployer_tree.md) and applies the EPSS quartile information to amplify it. The resulting decision table looks like this: @@ -152,7 +151,7 @@ the prioritization of vulnerabilities based on their EPSS percentiles. In this how-to, we've demonstrated how to use EPSS percentiles as an amplifier to adjust the output of an existing SSVC decision model. While the example provided is considerably more aggressive than we would recommend -in practice, it illustrates one way to incorporate EPSS data into an established SSVC-based +in practice, it illustrates one way to incorporate EPSS data into an established SSVC-based vulnerability management strategy. By incorporating statistical insights from EPSS, you can prioritize vulnerabilities more effectively based on their likelihood of exploitation. diff --git a/docs/howto/using_epss/epss_probability.md b/docs/howto/using_epss/epss_probability.md index 03361381..7903be3b 100644 --- a/docs/howto/using_epss/epss_probability.md +++ b/docs/howto/using_epss/epss_probability.md @@ -1,8 +1,7 @@ # Combining EPSS with other Exploitation-Related Decision Points - SSVC users might want to combine exploitation-related information from multiple -sources into a single decision point for use downstream in a decision table +sources into a single decision point for use downstream in a decision table such as the SSVC [Deployer Decision Model](../deployer_tree.md). One such source is the EPSS probability score. @@ -12,11 +11,10 @@ One such source is the EPSS probability score. The EPSS probability score is a number between 0 and 1 that indicates the likelihood of a vulnerability being exploited in the wild within the next 30 days. - ## Other Exploitation-Related Information Sources However, EPSS is not the only source of exploitation-related information. -The +The [CISA Known Exploited Vulnerabilities (KEV) catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) is another important source. Additional exploitation-related information can be found in the @@ -35,7 +33,7 @@ for dp in [CISA_KEV, CVSS_E]: ``` !!! note inline end "EPSS on Probability Binning" - + In a [blog post](https://www.first.org/epss/articles/prob_percentile_bins) on the [EPSS website](https://www.first.org/epss), the EPSS SIG discusses the challenges of binning probabilities. @@ -60,10 +58,10 @@ We have also provided a few basic SSVC Decision Points to capture probability-ba information in different ways. Because SSVC is based on categorical decision points, we need to bin the continuous probability scores into discrete categories. -However, as the EPSS SIG points out (see sidebar), there are _always_ tradeoffs +However, as the EPSS SIG points out (see sidebar), there are *always* tradeoffs involved in binning. That's why we provide several different options for binning probabilities so that -SSVC users can choose one that best fits their needs (or create their own if +SSVC users can choose one that best fits their needs (or create their own if none of the provided options is suitable). Expand the example below to see the currently available options. @@ -80,7 +78,7 @@ Expand the example below to see the currently available options. print(example_block(dp)) ``` -For this example, let's say you decide to use the _Probability Scale in 5 weighted levels, ascending_ +For this example, let's say you decide to use the *Probability Scale in 5 weighted levels, ascending* decision point: ```python exec="true" idprefix="" @@ -96,8 +94,8 @@ a more nuanced view of exploitation risk. ## Designing an Exploitation-focused Decision Table -Let's say you decide to create a new Decision Table that combines the -EPSS probability information with the other exploitation-related decision +Let's say you decide to create a new Decision Table that combines the +EPSS probability information with the other exploitation-related decision points to determine a more informed outcome using the SSVC [Exploitation](../../reference/decision_points/exploitation.md) decision point. As a reminder, the SSVC [Exploitation](../../reference/decision_points/exploitation.md) decision point has the following values: @@ -171,4 +169,4 @@ In this How-To, we've explored how to combine EPSS probability scores with other exploitation-related information in an SSVC decision table. By thoughtfully designing decision points and tables, you can create a more nuanced and effective vulnerability management strategy that prioritizes risks based on -the likelihood of exploitation. \ No newline at end of file +the likelihood of exploitation. diff --git a/docs/howto/using_epss/index.md b/docs/howto/using_epss/index.md index 7141703e..073b36cd 100644 --- a/docs/howto/using_epss/index.md +++ b/docs/howto/using_epss/index.md @@ -17,14 +17,13 @@ In the following pages, we'll demonstrate a few different ways to incorporate EP --- - How to use EPSS probability scores to augment other data sources to + How to use EPSS probability scores to augment other data sources to inform the SSVC Exploitation decision point. - - :material-percent: [Using EPSS Percentiles to Amplify SSVC Decisions](epss_percentiles.md) --- - + How to use EPSS percentiles to amplify the output of an existing SSVC decision model.
From 65b3bffb9b579e9f9f3398b2d8c94305ca3e0c99 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 8 Sep 2025 09:56:50 -0400 Subject: [PATCH 368/468] allow base namespaces to have fragments (e.g., `ssvc#example`) This was the intent all along, we just hadn't been testing for it so we missed that while it passed the pattern, it did not pass the validator on the namespace class. --- src/ssvc/namespaces.py | 10 +++++++++- src/test/test_namespaces.py | 3 ++- src/test/test_namespaces_pattern.py | 2 ++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 9eecc653..128ee648 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -79,13 +79,21 @@ def validate(cls, value: str) -> str: """ valid = NS_PATTERN.match(value) + ext_sep = "/" + frag_sep = "#" + if valid: # pattern matches, so we can proceed with further checks # partition always returns three parts: the part before the separator, the separator itself, and the part after the separator - (base_ns, _, extension) = value.partition("/") + (base_ns, _, extension) = value.partition(ext_sep) # and we don't care about the extension beyond the pattern match above # so base_ns is either the full value or the part before the first slash + # but base_ns might have a fragment + # so we need to split that off if present + if "#" in base_ns: + (base_ns, _, fragment) = base_ns.partition(frag_sep) + if base_ns in cls.__members__.values(): # base_ns is a registered namespaces return value diff --git a/src/test/test_namespaces.py b/src/test/test_namespaces.py index d506fcaf..1469d813 100644 --- a/src/test/test_namespaces.py +++ b/src/test/test_namespaces.py @@ -18,7 +18,6 @@ # DM24-0278 import unittest -import re from ssvc.namespaces import NameSpace from ssvc.utils.patterns import NS_PATTERN @@ -88,6 +87,8 @@ def test_namespace_validator(self): "x_example.test#bar", "x_example.test#baz", "x_example.test#quux", + "ssvc", + "ssvc#test", ]: self.assertEqual(ns, NameSpace.validate(ns)) diff --git a/src/test/test_namespaces_pattern.py b/src/test/test_namespaces_pattern.py index ff7b72d2..f8a9e884 100644 --- a/src/test/test_namespaces_pattern.py +++ b/src/test/test_namespaces_pattern.py @@ -40,6 +40,8 @@ def setUp(self): "cisa", "custom", # not in enum, but valid for the pattern "abc", # not in enum, but valid for the pattern + "ssvc#reference-arch-1", # valid namespace with hash + "x_example.test#test", "x_example.test#test/", "x_example.test#test//.org.example#bar", "ssvc/de-DE/.org.example#reference-arch-1", # valid BCP-47 tag, reverse domain notation, hash From df4e6cffceb692e5ccac03d4562ea9d92adc3dae Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Mon, 8 Sep 2025 10:30:46 -0400 Subject: [PATCH 369/468] add links to EPSS at https://www.first.org/epss --- docs/howto/using_epss/epss_percentiles.md | 3 ++- docs/howto/using_epss/epss_probability.md | 3 ++- docs/howto/using_epss/index.md | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/howto/using_epss/epss_percentiles.md b/docs/howto/using_epss/epss_percentiles.md index 3537b9c9..b85a0cd1 100644 --- a/docs/howto/using_epss/epss_percentiles.md +++ b/docs/howto/using_epss/epss_percentiles.md @@ -14,7 +14,8 @@ You can get EPSS data from the [EPSS website](https://www.first.org/epss/) or use their [API](https://www.first.org/epss/api) to fetch scores programmatically. -In [another how-to](epss_probability.md), we showed how to use EPSS +In [another how-to](epss_probability.md), we showed how to use the [Exploit Prediction Scoring System](https://www.first.org/epss/) +([EPSS](https://www.first.org/epss)) probability scores as one of a few different inputs to inform the SSVC [Exploitation](../../reference/decision_points/exploitation.md) decision point. This approach can be a useful approach to refine or augment the *input* to an existing SSVC decision model. diff --git a/docs/howto/using_epss/epss_probability.md b/docs/howto/using_epss/epss_probability.md index 7903be3b..38935d4b 100644 --- a/docs/howto/using_epss/epss_probability.md +++ b/docs/howto/using_epss/epss_probability.md @@ -4,7 +4,8 @@ SSVC users might want to combine exploitation-related information from multiple sources into a single decision point for use downstream in a decision table such as the SSVC [Deployer Decision Model](../deployer_tree.md). -One such source is the EPSS probability score. +One such source is the [Exploit Prediction Scoring System](https://www.first.org/epss/) +([EPSS](https://www.first.org/epss)) probability score. !!! question "What is the EPSS Probability Score?" diff --git a/docs/howto/using_epss/index.md b/docs/howto/using_epss/index.md index 073b36cd..dff9ef57 100644 --- a/docs/howto/using_epss/index.md +++ b/docs/howto/using_epss/index.md @@ -7,7 +7,7 @@ The [Exploit Prediction Scoring System](https://www.first.org/epss) ([EPSS](https://www.first.org/epss)) is a statistical model that estimates the likelihood of a vulnerability being exploited in the wild. EPSS can be a valuable input when assessing the exploitation risk associated with vulnerabilities. EPSS provides two key metrics: - **EPSS Score**: A score between 0 and 1 indicating the probability of exploitation. -- **EPSS Percentile**: A ranking that indicates how the EPSS score compares to other vulnerabilities. +- **EPSS Percentile**: A ranking percentile that indicates how the EPSS score compares to other vulnerabilities. In the following pages, we'll demonstrate a few different ways to incorporate EPSS data into your SSVC decision models. From 45c5bdc72113f4b34747474f0dfd1d09b3a66c52 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 15:13:38 +0000 Subject: [PATCH 370/468] Bump actions/setup-python from 5 to 6 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/deploy_site.yml | 2 +- .github/workflows/link_checker.yml | 2 +- .github/workflows/python-app.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy_site.yml b/.github/workflows/deploy_site.yml index 071254bc..a1365b76 100644 --- a/.github/workflows/deploy_site.yml +++ b/.github/workflows/deploy_site.yml @@ -35,7 +35,7 @@ jobs: uses: actions/checkout@v5 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: '3.12' diff --git a/.github/workflows/link_checker.yml b/.github/workflows/link_checker.yml index 7814efb9..e80c55dc 100644 --- a/.github/workflows/link_checker.yml +++ b/.github/workflows/link_checker.yml @@ -23,7 +23,7 @@ jobs: uses: actions/checkout@v5 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: '3.12' diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index 30475627..29d921f8 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -22,7 +22,7 @@ jobs: with: fetch-tags: true - name: Set up Python 3.12 - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.12" - name: Install dependencies From efd8d88459cd3d15419ba874084816a74eee32eb Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 9 Sep 2025 14:31:56 -0400 Subject: [PATCH 371/468] add `invalid` and `x_invalid` as RESERVED namespaces. --- src/ssvc/namespaces.py | 20 +++++++++++++++----- src/test/test_namespaces.py | 6 +++++- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/src/ssvc/namespaces.py b/src/ssvc/namespaces.py index 128ee648..46ae11bd 100644 --- a/src/ssvc/namespaces.py +++ b/src/ssvc/namespaces.py @@ -28,6 +28,14 @@ from ssvc.utils.defaults import MAX_NS_LENGTH, MIN_NS_LENGTH, X_PFX from ssvc.utils.patterns import NS_PATTERN +EXT_SEP = "/" +FRAG_SEP = "#" + +# The following namespace strings are RESERVED and cannot be used +# as the base of a namespace (i.e., before any fragment or extension), +# even if they otherwise meet the pattern requirements. +RESERVED_NS = ("invalid", "x_invalid") + class NameSpace(StrEnum): f"""Define the official namespaces for SSVC. @@ -79,20 +87,22 @@ def validate(cls, value: str) -> str: """ valid = NS_PATTERN.match(value) - ext_sep = "/" - frag_sep = "#" - if valid: # pattern matches, so we can proceed with further checks # partition always returns three parts: the part before the separator, the separator itself, and the part after the separator - (base_ns, _, extension) = value.partition(ext_sep) + (base_ns, _, extension) = value.partition(EXT_SEP) # and we don't care about the extension beyond the pattern match above # so base_ns is either the full value or the part before the first slash # but base_ns might have a fragment # so we need to split that off if present + # because partition always returns three parts, we can ignore the second and third parts here if "#" in base_ns: - (base_ns, _, fragment) = base_ns.partition(frag_sep) + (base_ns, _, _) = base_ns.partition(FRAG_SEP) + + # reject reserved namespaces + if base_ns in RESERVED_NS: + raise ValueError(f"Invalid namespace: '{value}' is reserved.") if base_ns in cls.__members__.values(): # base_ns is a registered namespaces diff --git a/src/test/test_namespaces.py b/src/test/test_namespaces.py index 1469d813..11ef6d78 100644 --- a/src/test/test_namespaces.py +++ b/src/test/test_namespaces.py @@ -19,7 +19,7 @@ import unittest -from ssvc.namespaces import NameSpace +from ssvc.namespaces import NameSpace, RESERVED_NS from ssvc.utils.patterns import NS_PATTERN @@ -81,6 +81,10 @@ def test_namespace_validator(self): with self.assertRaises(ValueError): NameSpace.validate(ns) + for ns in RESERVED_NS: + with self.assertRaises(ValueError): + NameSpace.validate(ns) + for ns in [ "x_example.test#test", "x_example.test#foo", From 55ce12bc099747ea832f8c68d2c68ed1712c1f20 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 9 Sep 2025 14:44:19 -0400 Subject: [PATCH 372/468] fix #907 add reserved ns warning to docs --- docs/reference/code/namespaces.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index 87397326..7672082b 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -39,7 +39,7 @@ title: Base Namespace Structure flowchart LR subgraph base_ns[Base Namespace] - direction LR + direction TB subgraph unregistered[Unregistered Namespace] direction LR xpfx[x_] @@ -50,6 +50,8 @@ subgraph base_ns[Base Namespace] subgraph registered[Registered Namespace] direction LR base_registered[Registered Base Namespace] + base_fragment[Fragment] + base_registered --> base_fragment end registered ~~~|OR| unregistered end @@ -69,6 +71,14 @@ end print(f"- {ns.value}") ``` +!!! warning "Reserved Namespace Strings" + + The strings `invalid` and `x_invalid` are reserved and must not be used as + registered or unregistered namespaces, respectively. Attempting to create an + object using either of these strings will result in an error in the Python + implementation of SSVC. + + #### Registered Namespace Registered namespaces are those that are explicitly defined in the SSVC project. From f229a41c50e7a96c8a5c1acf7cdae94edd8002b8 Mon Sep 17 00:00:00 2001 From: "Allen D. Householder" Date: Tue, 9 Sep 2025 15:14:27 -0400 Subject: [PATCH 373/468] resolves #908 - add explanation of `example`, `test`, and similar reserved namespaces --- docs/reference/code/namespaces.md | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/docs/reference/code/namespaces.md b/docs/reference/code/namespaces.md index 7672082b..4183f6d7 100644 --- a/docs/reference/code/namespaces.md +++ b/docs/reference/code/namespaces.md @@ -57,6 +57,24 @@ subgraph base_ns[Base Namespace] end ``` +!!! warning "Reserved Namespace Strings" + + The SSVC project has _reserved_ the following namespace strings: + + - `example` and `x_example`are _reserved_ for use in documentation or as + examples where a registered namespace is needed. + No production use of the `example` or `x_example` namespace is intended. + + - `test` and `x_test` are _reserved_ for use as a registered + namespace for use in testing of current or new SSVC related code. + No production use of the `test` namespace is intended. + + - `invalid` and `x_invalid` are _reserved_ and must not be used as + registered or unregistered namespaces, respectively. Attempting to create an + object using either of these strings will result in an error in the Python + implementation of SSVC. + + !!! info inline end "Current Registered Namespaces" The SSVC project currently has a set of registered namespaces that are @@ -71,12 +89,6 @@ end print(f"- {ns.value}") ``` -!!! warning "Reserved Namespace Strings" - - The strings `invalid` and `x_invalid` are reserved and must not be used as - registered or unregistered namespaces, respectively. Attempting to create an - object using either of these strings will result in an error in the Python - implementation of SSVC. #### Registered Namespace From bb54d4baa4940ac3adffe70162f741dd2c2f62e8 Mon Sep 17 00:00:00 2001 From: Vijay Sarvepalli Date: Tue, 9 Sep 2025 15:26:35 -0400 Subject: [PATCH 374/468] Updates to SSVC-Calculator and SSVC-Explorer --- docs/ssvc-calc/css.css | 6 +- docs/ssvc-calc/findex.html | 147 +- docs/ssvc-calc/index.md | 11 +- docs/ssvc-calc/ssvc.js | 902 ++++++-- docs/ssvc-calc/ssvc_object_registry.json | 1 + docs/ssvc-explorer/findex.html | 129 ++ docs/ssvc-explorer/index.md | 22 + docs/ssvc-explorer/simple.js | 2536 ++++++++++++++++++++++ docs/tutorials/index.md | 6 + src/ssvc/information_gain.py | 81 + 10 files changed, 3577 insertions(+), 264 deletions(-) create mode 120000 docs/ssvc-calc/ssvc_object_registry.json create mode 100644 docs/ssvc-explorer/findex.html create mode 100644 docs/ssvc-explorer/index.md create mode 100644 docs/ssvc-explorer/simple.js create mode 100644 src/ssvc/information_gain.py diff --git a/docs/ssvc-calc/css.css b/docs/ssvc-calc/css.css index 833e01bd..f147c57b 100644 --- a/docs/ssvc-calc/css.css +++ b/docs/ssvc-calc/css.css @@ -1,4 +1,4 @@ -/* css version 2.2.9 */ +/* css version 2.2.10 */ #helper { background-color: rgba(255,255,255,0.95); border: 1px solid grey; @@ -464,3 +464,7 @@ pre { textPath { cursor: pointer; } +.blackbody .swal2-popup { + background: #222; + color: #eee; +} diff --git a/docs/ssvc-calc/findex.html b/docs/ssvc-calc/findex.html index 4bdeaf63..c695dcf1 100644 --- a/docs/ssvc-calc/findex.html +++ b/docs/ssvc-calc/findex.html @@ -52,9 +52,10 @@ + -